1 / 28

Sicurezza Informatica

Sicurezza Informatica. Prof. Stefano Bistarelli bista@dipmat.unipg.it http://www.sci.unich.it/ ~bista /. Chapter 1: Introduction. Outline. Security ( confidentiality, integrity, availability ) to protect from threats !!

parkerw
Télécharger la présentation

Sicurezza Informatica

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Sicurezza Informatica Prof. Stefano Bistarelli bista@dipmat.unipg.it http://www.sci.unich.it/~bista/

  2. Chapter 1: Introduction Prof. Stefano Bistarelli - Sicurezza Informatica

  3. Outline • Security (confidentiality, integrity, availability) to protect from threats!! • Security policies identify threats and and define requirements (assumptions) • Security mechanisms are methods to detect/prevent/recover threats • Which security countermeasure we want to apply? • Security Risk analysis!! Prof. Stefano Bistarelli - Sicurezza Informatica

  4. Sicurezza Informatica • abilità di un sistema di proteggere informazioni, risorse ed il sistema stesso, rispetto alle nozioni di • Confidentialità (confidentiality) • Integrità (integrity) e Autenticazione (authentication) • Disponibilità (availability) • Controllo degli Accessi (control access) • Non ripudio (no-repudiaton) • Privatezza (privacy) Prof. Stefano Bistarelli - Sicurezza Informatica

  5. Alice, Bob, e … Trudy • “Hello-world” nel mondo della sicurezza • Bob e Alice hanno la necessità di comunicare tra loro in modo sicuro • Trudy, “intruder” è in grado di intercettare e modificare i messaggi Figure 7.1 goes here Prof. Stefano Bistarelli - Sicurezza Informatica

  6. Main goals • Confidentialità (confidentiality) • Assicurare che le informazioni non siano accessibili ad utenti non autorizzati • Integrità (integrity) • Assicurare che le informazioni non siano alterabili da persona non autorizzate (in maniera invisibile agli utenti autorizzati) • Autenticazione (athentication) • Assicurare che gli utenti siano effettivamente chi dichiarano di essere • Disponibilità (availability) • Assicurare che un sistema sia operativo e funzionale in ogni momento (non deny-of-service) Prof. Stefano Bistarelli - Sicurezza Informatica

  7. Additional goals • Controllo degli accessi (access control) • Assicurare che gli utenti abbiano accesso a tutte le risorse ed a tutti i servizi cui sono autorizzati e solo a questi • Non ripudio (non-repudiation) • Assicurare che il mittente di un messaggio non possa negare il fatto di aver spedito il messaggio • Privatezza (privacy) • Assicurare che gli utenti possano controllare quali informazioni su di lui vengono raccolte, come vengono usate, chi le usa, chi le mantiene, e per quale scopo vengono usate Prof. Stefano Bistarelli - Sicurezza Informatica

  8. Security is not safety!! Prof. Stefano Bistarelli - Sicurezza Informatica

  9. Security “is not” Safety • Reliability (affidabilità) • “non sbaglia!” • Availability (disponibilità) • “non da crash!” • Maintainability (manutenibilità) • “E’ facilmente gestibile” • Safety (sicurezza) • “non muore nessuno usandolo” Prof. Stefano Bistarelli - Sicurezza Informatica

  10. Basic Components • Confidentiality, Integrity, Availability • Interpretation ALWAYS depends from the context!! Prof. Stefano Bistarelli - Sicurezza Informatica

  11. Confidentiality • Keeping data (and resources) hidden • Military and commercial motivations! • Mechanisms: • Access control (cryptography) • System dependent mechanism • (safer when working … but may fail!!) • Assumptions and trust of the mechanisms!! • Confidentiality of content vs existence of data!! • For resource hiding: firewalls!! Prof. Stefano Bistarelli - Sicurezza Informatica

  12. Integrity • Preventing improper/unauthorized changes • Trustworthiness of data • Data integrity (integrity) • Origin integrity (authentication) • Mechanisms: • Prevention • To change data • To change data in an unauthorized way • Difficult!! • Detection • Only detection • Provide explanation Prof. Stefano Bistarelli - Sicurezza Informatica

  13. Availability • Enabling access to data and resources • Availability vs reliability ?? • (disponibilità vs affidabilità) • Threats: • Manipulate the use of the data/resource • Can be captured • Denial of Service • Difficult to capture!! Prof. Stefano Bistarelli - Sicurezza Informatica

  14. Attack Vs Threat • A threat is a “potential” violation of security • The violation need not actually occur • The fact that the violation might occur makes it a threat • It is important to guard against threats and be prepared for the actual violation • The actual violation of security is called an attack Prof. Stefano Bistarelli - Sicurezza Informatica

  15. Classes of Threats • Threat= potential violation of security. • Classes: • Disclosure (unauthorized access to information) • Deception (acceptance of false data) • Disruption (DoS) • Usurpation (unauthorized control of (part of) a system) Prof. Stefano Bistarelli - Sicurezza Informatica

  16. Threats in comunications .. Prof. Stefano Bistarelli - Sicurezza Informatica

  17. Classes of Threats, ex: • Snooping/sniffing • disclosure of data • Modification/Alteration • Deception of data • Disruption/usurpation of systems • Spoofing/masquerading (impersonation) • Deception/usurpation • Notice that “delegation”= authorized masquerading • Repudiation of origin/send/receipt • Inibition of service • Delay • denial of service Prof. Stefano Bistarelli - Sicurezza Informatica

  18. Policies and Mechanisms • Policy says what is, and is not, allowed • This defines “security” for the site/system/etc. • Assumption: definition of the set of secure/insecure states! • Composition of policies (ex: for cooperation among sites) • If policies conflict, discrepancies may create security vulnerabilities • Mechanisms are methods/tools/procedure to enforce policies Prof. Stefano Bistarelli - Sicurezza Informatica

  19. Mechanism for • Prevention • Prevent attackers from violating security policy • Detection • Detect attackers’ violation of security policy • Recovery • 1: Stop attack, assess and repair damage • 2: Continue to function correctly even if attack succeeds • Retaliation as a form of recovery  Prof. Stefano Bistarelli - Sicurezza Informatica

  20. Trust and Assumptions • A policy correctly describe the required security for a site? The mechanism can enforce the policy needs? • Security rests on assumptions! • Ex: per aprire una porta occorre la chiave (assunzione) • Se c’e’ scassinatore, assunzione non valida! • A meno che lo scassinatore apra solo le porte dietro richiesta del proprietario! • Trust verso scassinatore! • Policies assumptions • Unambiguously partition system states (secure/non secure) • Correctly capture security requirements • Mechanisms Assumed to enforce policy • if mechanisms work correctly Prof. Stefano Bistarelli - Sicurezza Informatica

  21. Types of Mechanisms • Let P be the set of all the reachable states • Let Q be a set of secure states identified by a policy: Q P • Let the set of states that an enforcement mechanism restricts a system to be R • The enforcement mechanism is • Secure if R Q • Precise if R= Q • Broad if there are some states in R that are not in Q Prof. Stefano Bistarelli - Sicurezza Informatica

  22. Types of Mechanisms broad precise secure set R set Q (secure states) Prof. Stefano Bistarelli - Sicurezza Informatica

  23. Assurance • Assurance • how well the system meets its requirements? • how much you can trust the system to do what it is supposed to do. • It does not say what the system is to do; • rather, it only covers how well the system does it. Prof. Stefano Bistarelli - Sicurezza Informatica

  24. Assurance • To reach assurance: • Detailed Specification • Design of the HW and SW and show that does not violate specification • Implementation that satisfy the design • Proof that the implementation produce the desidered behavior (difficult!) • Test (easier) Prof. Stefano Bistarelli - Sicurezza Informatica

  25. Operational Issues • Cost-Benefit Analysis • Is it cheaper to prevent or recover? • Risk Analysis • Should we protect something? • How much should we protect this thing? • Laws and Customs • Are desired security measures illegal? • Will people do them? Prof. Stefano Bistarelli - Sicurezza Informatica

  26. Human Issues • People are THE security problem!! • Organizational Problems • Power without responsibility (and viceversa) • Security officer make therule, system administrator is responsible … • No Financial benefits  • Untrained users! • Password revealed • Outsiders and insiders • Social engineering Prof. Stefano Bistarelli - Sicurezza Informatica

  27. Key Points • Policy defines security, and mechanisms enforce security • Confidentiality • Integrity • Availability • Trust and knowing assumptions • Importance of assurance • The human factor Prof. Stefano Bistarelli - Sicurezza Informatica

  28. Discussion: Prof. Stefano Bistarelli - Sicurezza Informatica

More Related