CIS/TCOM 551 Computer and Network Security ... - CIS home page

slurpslapoutΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 27 μέρες)

54 εμφανίσεις

CIS/TCOM 551

Computer and Network Security

Slide Set 2

Carl A. Gunter

Spring 2004

Introduction to Security


Goals


Availability


Integrity


Confidentiality


Targets


Hardware


Software


Data


Controls


Physical security


Limited interface


Identification and
authorization


Encryption


Analysis of costs
and benefits

Progress and Risk


Risk = (Probability of failure) * (Size of loss)


Safety
-
critical considerations


Dutch port authority


RER train


Software in automobiles


Intelligent highways

Progress and Risk, cont.


Security
-
critical considerations


Credit card purchases on the web


Voting on the web


Banking on the web


Mobile agents and active networks


Safety and security considerations


Military systems, eg. Star Wars


Actuators on public networks

Security Requirements


Banking


Government


Public Telecommunications Carriers


Corporate / Private Networks


Electronic Commerce

Ref: Computer Communications Security, W. Ford, 94.

Banking


Electronic Funds Transfer (EFT)


Prosecution of fraud problematic


Financial system overall at risk


Automated Teller Machine (ATM)

Automatic Teller Machines


Goals


Availability:

Provide automated teller
operations 24x7 in convenient locations


Integrity:

Authorized users only,
transactional guarantees


Confidentiality:

Private communication with
branches or center


Vulnerabilities and controls


Risk analysis and liabilities

Government


National security of course, but also


“Unclassified but sensitive information”
must not be disclosed


Example: social security web page


Electronic signatures approved for
government contractors

Public Telecom Carriers


Operations, Administration,
Maintenance, and Provisioning (OAM&P)


Availability is a key concern


Significant insider risks

Corporate Private Networks


Completely private networks are
becoming a thing of the past because of
telecommuting.


Protection of proprietary information
of course, but also concerns like privacy
in the health care industry.


Foreign government threat?

Electronic Commerce


Electronic Data Interchange (EDI)


Electronic contracts need to be binding


ABA Resolution:
“recognize that information in
electronic form, where appropriate, may be
considered to satisfy legal requirements regarding a
writing or signature to the same extent as
information on paper or in other conventional forms,
when appropriate security techniques, practices, and
procedures have been adopted.”

Goals of Security

DATA

Integrity

DATA

Availability

DATA

Confidentiality

Ref: Pfleeger.

Safety and Security


Many things in common and some major
differences.


Some similarities aid understanding of
both.


System vs. Environment.


Accident, breach.


Hazard, vulnerability.

System vs. Environment (Safety)

Environment

System

System vs. Environment (Security)

System

Environment

Accident and Security Breach


Accident


Loss of life


Injury


Damage to property


Security Breach


Secret is revealed


Service is disabled


Data is altered


Messages are fabricated

Accident Definition


An
accident

is an undesired and
unplanned (but not necessarily
unexpected) event that results in (at
least) a specified level of harm.


Define
breach

similarly.


A security
threat

is a possible form of
breach

Hazards and Vulnerabilities


Hazard


No fire alarms


No fire extinguishers


Rags close to furnace


Vulnerability


Password too short


Secret sent in plaintext over public
network


Files not write protected

Hazard Definition


A
hazard

is a state or set of conditions
of a system that, together with other
conditions in the environment of the
system, will lead inevitably to an
accident.


Define security
vulnerability

similarly.

Other Terms


Asset
: object of value.


Exposure
: threat to an asset.


Attack
: effort by an agent to exploit a
vulnerability and create a breach.

Major Threats


Interruption


Interception


Modification


Fabrication

Major Assets


Hardware


Software


Data

Threats to Hardware


Interruption: crash, performance
degradation


Interception: theft


Modification: tapping


Fabrication: spoofed devices

Threats to Software Code


Interruption: deletion


Interception: theft


Modification


Trojan horse


Logic bomb


Virus


Back door


Information leak


Fabrication: spoofing software distribution on
the web

Threats to Software Processes


Interruption: bad inputs


Interception: attacks on agents


Modification: of exploited data


Fabrication: service spoofing (man
-
in
-
the
-
middle)

Threats to Data


Interruption: deletion, perceived
integrity violation


Interception: eavesdropping, snooping
memory


Modification: alteration of important
information


Fabrication: spoofing web pages

Principles of Security


Easiest Penetration
: An intruder must
be expected to use any available means
of penetration.


Adequate Protection
: Computer items
must be protected only until they lose
their value. They must be protected to
a degree consistent with their value.


Effectiveness
: Controls must be used
to be effective. They must be
efficient, easy to use, and appropriate.

Controls


Physical security


Limited interface


Identification and authorization


Encryption

Breakdown of S/W Controls


Program controls


as exercised by the programmer


as dictated by the programming language
or programming environment


Operating system controls


Development process controls

Security Models


Multi
-
layer security


Graham
-
Denning model

Ref: Pfleeger.

Military Security


Familiar hierarchy of
sensitivities
,
partitioned in to
compartments
.

Compartments


Each piece of information is coded with
its security level and one or more
compartments

Classification and Clearance


<rank; compartments>


Each piece of information, or
object
, o is
classified

by its rank and compartments. C(o)
= classification of o


Each actor, or
subject
, s is given a
clearance

by rank and compartments. C(s) = clearance
of s


Dominance <r;c>


<r’;c’> iff r


r’ and c is a
subset of c’.


C(o)


C(s) if the classification of o is
dominated by the clearance of s.

Guarantees


A subject s is only able to access an
object o if


the rank of s is higher than that of o, and


s is cleared for
all

of the compartments of
o.


The first is called a
hierarchical

requirement, the second a
non
-
hierarchical

requirement.

Top Secret

Secret

Confidential

Restricted

Unclassified

A

B

C

D

x

y

z

w

v

Graham
-
Denning Model

Subject executing command is x.

Transferable rights are denoted r*.

Non
-
transferable rights are denoted r.

A[x,s]