1 / 22

CSCE 489/689 (Software Security) Fall 2018

Security Basics. CSCE 489/689 (Software Security) Fall 2018. Philip Ritchey Department of Computer Science and Engineering. If you remember nothing else…. Remember these: There is No Security without Physical Security The Goals of Security: Confidentiality, Integrity, Availability

vowell
Télécharger la présentation

CSCE 489/689 (Software Security) Fall 2018

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Basics CSCE 489/689 (Software Security) Fall 2018 Philip RitcheyDepartment of Computer Science and Engineering

  2. If you remember nothing else… Remember these: • There is No Security without Physical Security • The Goals of Security: Confidentiality, Integrity, Availability • “Threat” is what could happen. “Attack” is what does happen. • Design Principles: Simplicity and Restriction

  3. http://blog.securitymetrics.com/2014/10/physical-security-threat.htmlhttp://blog.securitymetrics.com/2014/10/physical-security-threat.html

  4. The Basics: Fundamental Concepts C: Confidentiality I: Integrity A: Availability https://www.thesecurityawarenesscompany.com/2015/05/14/the-cia-triad/

  5. Confidentiality The concealment of information or resources. • Applies to content and existence • Supported by access control mechanisms • Cryptography • File permissions • Whitelists / Blacklists • Enforcement relies on system services (e.g. kernel) • Assumptions and Trust

  6. Integrity The trustworthiness of data or resources. • Data integrity and origin integrity • Origin  “authentication” • Impacts credibility • Prevention mechanisms and detection mechanisms • Prevention: block unauthorized changes to the data (2 kinds) • Detection: report loss of trustworthiness of data’s integrity • Correctness and trustworthiness • Origin, transmission, storage

  7. Availability The ability to use the information or resource desired. • An unavailable system is at least as bad as no system at all • Reliability • Example: compromised secondary, unavailable primary • DenialofService (DoS, DDoS) • Attempts to block availability • Difficult to detect and distinguish • The slashdot/digg/reddit effect

  8. Examples • Confidentiality — An employee should not come to know the salary of another employee • Integrity — An employee should not be able to modify their own salary • Availability — Paychecks should be printed and delivered on time

  9. The Basics: Threats and Attacks • Threat: potential violation of security • Attacks: actions that cause violations of security. • Attackers: those who execute attacks. • Assets: the objects of attack. • 4 classes of threat: • Disclosure: unauthorized access to information • Deception: acceptance of false data • Disruption: interruption or prevention of correct operation • Usurpation: unauthorized control of some part of a system

  10. Garden Variety Threats • Snooping • Modification or Alteration • Masquerading or Spoofing • Repudiation of Origin • Denial of Receipt • Delay • Denial of Service Cause and Result are important, Intention is not.

  11. Unauthorized access to information Packet sniffers and wiretappers Illicit copying of files and programs Snooping B A Attacker

  12. Stop the flow of the message Delay and optionally modify the message Release the message again Modification B A Attacker

  13. Unauthorized assumption of other’s identity Generate and distribute objects under this identity Spoofing B A Attacker: from A

  14. Destroy hardware (cutting fiber) or software Modify software in a subtle way (alias commands) Corrupt packets in transit Blatant denial of service (DoS): Crashing the server Overwhelm the server (use up its resource) A B Delay and Denial of Service

  15. Intruder takes over identity of user (masquerading) logoff! fine! Man-In-The-Middle • Passive tapping • Listen to communication without altering contents. • Active wire tapping • Modify data being transmitted • Example: user attacker server logon! X

  16. Impact of Attacks Theft of confidential information Unauthorized use of Network bandwidth Computing resource Spread of false information Disruption of legitimate services All attacks can be related and are dangerous!

  17. The Basics: Design Principles • Simplicity • Less to go wrong • Fewer possible inconsistencies • Easy to understand • Restriction • Minimize access • Inhibit communication

  18. The Basics: Design Principles • Least privilege: Every program and every user of the system should operate using the least set of privileges necessary to complete the job. • Fail-safe defaults: Base access decisions on permission rather than exclusion. • Economy of mechanism: Keep the design as simple and small as possible. • Complete mediation: Every access to every object must be checked for authority. • Separation of privilege: Where feasible, a protection mechanism that requires two keys to unlock it is more robust and flexible than one that allows access to the presenter of only a single key.

  19. The Basics: Design Principles • Open design: The design should not be secret. • Least common mechanism: Minimize the amount of mechanism common to more than one user and depended on by all users. • Psychological acceptability: It is essential that the human interface be designed for ease of use, so that users routinely and automatically apply the protection mechanisms correctly. • Work factor: Compare the cost of circumventing the mechanism with the resources of a potential attacker. • Compromise recording: It is sometimes suggested that mechanisms that reliably record that a compromise of information has occurred can be used in place of more elaborate mechanisms that completely prevent loss.

  20. Summary • No Security without Physical Security • The Security Triad: Confidentiality, Integrity, Availability • Also: Anonymity, Authenticity, Assurance, Authorization, Accounting, Auditing • Threats, Attacks, Attackers, Assets • Threat Classes: Disclosure, Deception, Disruption, Usurpation • Common Threats: Snooping, Spoofing, Modification, Denial of Service, MitM • Security Principles: Simplicity and Restriction • Economy of Mechanism, Fail-safe Defaults, Complete Mediation, Open Design, Separation of Privilege, Least Privilege, Least Common Mechanism, Psychological Acceptability

  21. Thanks and Gig ‘em! WHOOP!

More Related