CMSC 414 Computer and Network Security
E N D
Presentation Transcript
CMSC 414Computer and Network Security Jonathan Katz
Administrative • Me • TA • Contact information, office hours, listed on course webpage
Course webpage http://www.cs.umd.edu/~jkatz/security/f09 • Syllabus • Subject to change… • Assigned readings and videos • Will try to post by Friday for the following week • Read in advance and come prepared to discuss • Additional (optional) readings • Homeworks distributed from the course webpage • Check frequently for announcements
Class readings • Material posted on the course webpage is fair game for the exams, even if not covered in class • Material covered in class is fair game for the exams, even if not listed on the webpage
Textbook • No required text • Several good texts out there • Will list on the course webpage • Will supplement lectures with other readings (distributed on class webpage)
Course requirements • Homeworks • 3-5 programming assignments • Possibly 1-2 written assignments • I expect students have access to a computer/laptop capable of running a hypervisor • VM player for Windows/linux (free download) • VMware Fusion for MACs ($49.99 for academic license), other free options may be available • Occasional in-class exercises
Labs (tentative) • Crypto • Building a secure protocol • Buffer overflow • Web security
Piazza http://piazza.com • For your benefit • Questions about lecture/readings • Homework questions • News items • I encourage you to post links to news of interest!
Class participation • Please!
Syllabus I • Introduction… • A broad perspective on security • Cryptography • The basics (take CMSC 456 or read my book for more) • If you took 456 with me, you can skip • Cryptography is not the whole solution… • …but it is an important part of the solution • Along the way, we will see why cryptography can’t solve all security problems
Syllabus II • Network security I • Identity, PKI • Authentication and key exchange protocols • Password and biometric authentication • Anonymity and pseudonymity • Privacy
Syllabus II • System security • General principles • Security policies • Access control • OS security • “Trusted computing” • Programming language security • Buffer overflows, input validation errors • Viruses/worms • Web security
Syllabus IV • Privacy/anonymity • Database security • Anonymous communication • Privacy in social networks • Network security in the real world • Some real-world protocols (IPSec/SSL) • Security of network infrastructure (routing, DNS, TCP/IP, DDos attacks, …)
Introduction and overview • What is computer/network security? Why is it important? • Course philosophy and goals • A broad perspective on “computer security”
Computer security is important… • Several high-profile hacks in past years • Number of vulnerabilities/attacks increasing • Cyberwarfare • Increasing gov’t and academic interest • Just read the news…
Cybercrime • e.g., botnets • Washington Post, “Invasion of the Computer Snatchers” (2006): • High-school dropout • Breaks into 2000 computers in 6 hours (while sleeping) • $6,800 per month; 2 minutes of work per day • $2B industry (annual)
Thoughts • Why is the problem so difficult? • What can be done about it?
“Security” • Most of computer science is concerned with achieving desired behavior • Security is concerned with preventing undesired behavior • Different way of thinking! • An enemy/opponent/hacker/adversary who is actively and maliciously trying to circumvent any protective measures you put in place
One illustration of the difference • Software testing determines whether a given program implements a desired functionality • Test I/O characteristics • Q/A • How do you test whether a program does not allow for undesired functionality? • Penetration testing helps, but only up to a point
Why is computer security so hard? • Computer networks are “systems of systems” • Your system may be secure, then the environment changes • Too many things dependent on a small number of systems • Society is unwilling to trade off features for security • Ease of attacks • Cheap • Distributed, automated • Anonymous • Insider threats • Security not built in from the beginning • Humans in the loop… • Computers ubiquitous…
Computers are everywhere… • …and can always be attacked • Electronic banking, social networks, e-voting • iPods, iPhones, PDAs, RFID transponders • Automobiles • Appliances, TVs • (Implantable) medical devices • Cameras, picture frames(!) • See http://www.securityfocus.com/news/11499
A naïve view password
forgot password? In reality… • Where does security end? password
One good attack • Use public records to figure out someone’s password, or to get it from tech support • E.g., hacked email account of Sarah Palin • The password-recovery mechanism is part of the system! • The password-recovery mechanism may be the most vulnerable point to attack
Computer security is not just about computers • What is “the system”? • Physical security • Social engineering • Bribes for passwords • Phishing • “External” means of getting information • Legal records, trash cans • User education… • Security is a process, not a product…(!)
Security is interdisciplinary • Draws on all areas of CS • Theory (especially cryptography) • Networking • Programming languages/compilers • Operating systems • Databases • AI/learning theory • Computer architecture / hardware • HCI, psychology
Security mindset • Learn to think with a “security mindset” in general • What is “the system”? • How could this system be attacked? • What is the weakest point of attack? • How could this system be defended? • What threats am I trying to address? • How effective will a given countermeasure be? • What is the trade-off between security, cost, and usability?
An example: airline security • Ask: what is the cost (economic and otherwise) of current airline security? • Ask: do existing rules (e.g., banning liquids) make sense? • Ask: are the tradeoffs worth it? • (Why do we not apply the same rules to train travel?) • (Would spending money elsewhere be more effective?) • Ask: how would you get on a plane if you were on the no-fly list? • (I will not give you the answer – you can find it online) • This is a thought experiment only!
Computer security is not just about “security” • Prevention… • Detection, response, audit • How do you know when you are being attacked? • How quickly can you stop the attack? • Attribution: can you identify the attacker(s)? • Can you prevent the attack from recurring? • Recovery • Can be much more important than prevention • Economics, insurance, risk management… • Security is a process, not a product…
A naïve view • Achieve “absolute” security
In reality… • Absolute security is easy to achieve! • How…? • Absolute security is impossible to achieve! • Why…? • Good security is about risk management
Security as a trade-off • The goal is not (usually) “to make the system as secure as possible”… • …but instead, “to make the system as secure as possible within certain constraints” (cost, usability, convenience) • Military vs. personal networks • Must understand the existing constraints • E.g., passwords…
Cost-benefit analysis • Important to evaluate what level of security is necessary/appropriate • Cost of mounting a particular attack vs. value of attack to an adversary • Cost of damages from an attack vs. cost of defending against the attack • Likelihood of a particular attack • Sometimes the best security is to make sure you are not the easiest target for an attacker…
“More” security not always better • “No point in putting a higher post in the ground when the enemy can go around it” • Need to identify the weakest link • Security of a system is only as good as the security at its weakest point… • Security is not a “magic bullet” • Security is a process, not a product
Summary • “The system” is not just a computer or a network • Prevention is not the only goal • Cost-benefit analysis • Detection, response, recovery • Nevertheless…in this course, we will focus on computer security, and primarily on prevention • If you want to be a security expert, you need to keep the rest in mind
Philosophy of this course • We are not going to be able to cover everything • We are not going to be able to even mention everything • Main goals • A sampling of many different aspects of security • The security “mindset” • Become familiar with basic acronyms (RSA, SSL, PGP, etc.), and “buzzwords” (phishing, …) • Become an educated security consumer • Try to keep it interesting with real-world examples and “hacking” projects
Course goals • You will not be a security expert after this class (after this class, you should realize why it would be dangerous to think you are) • But you should have a better appreciation of the threats, and how to address some of them
“Trusting trust” • Consider a compiler that embeds a trapdoor into anything it compiles • How to catch? • Read source code? (What if replaced?) • Re-compile compiler? • What if the compiler embeds the trojan code whenever it compiles a compiler? • (That’s nasty…)
Change compiler source S compiler(S) { if (match(S, "login-pattern")) { compile (login-backdoor) return } if (match(S, "compiler-pattern")) { compile (compiler-backdoor) return } .... /* compile as usual */ }
“Trusting trust” • Whom do you trust? • Does one really need to be this paranoid?? • Probably not • Sometimes, yes • Shows that security is complex…and essentially impossible • Comes back to risk/benefit trade-off
Assigned readings • Thompson’s article • “Inside the Twisted Mind of the Security Professional” • “We are All Security Customers” • “Information Security and Externalities” • Chapter 1 of “Security Engineering”
