Computer Security

Hugo Andrés López

Summary

Distributed System Security

• Distributed systems• – computers connected by a network

• • Communications (network) security• – addresses security of the communications links

• • Computer security• – addresses security of the end systems

• • Application security• – relies on both to provide services securely to end• users

• • Security Management• – Not just the system but also the people!

Computer Security

• OBJECTIVE:– Protect accessible resources in spite of malicious

intent and behaviour that involves information and communication technologies

• CAVEAT:– This course: an overview of techniques but beware

that most computer attacks involve some form of social engineering and user psychology

Why Computer Security is different?

Are security bugs different from ordinary bugs?

“On balance I claim that they are, not for a technical but for a social reason.

Consider a paradigmatic “ordinary” bug, such as library that wrongly calculates the square root of 2 while apparently doing everything else right. After certain amount of hilarity the community response would be either to use a different library, or, more likely, to avoid taking the square root of 2.

If a security bug is found in a system there is a community of people who make their personal priority to make the wrong behavior happen, typically in other people’s computers.”

Roger Needham

Dramatis Personae…

• Users/agents and all that:– In Computer Security and in Networks we often have some casting of characters:

• Alice and Bob are the good users who wants to communicate or do some other things

• Eve, Charlie wants to disrupt it– Dramatis personae is a comfortable simplification but it should be clear that it is

a simplification

• CAVEAT:– we should not attribute human form to computer processes. The word “user” is

often used for a human being or a process acting on behalf (maybe) of a human being, or a process acting on behalf of a process, acting on behalf on a process…

• Terminology Principal– Some entity on a network or on a system that ask for some security relevant

services

ISO 7498-2 Standard

• definitions of security terminology,• descriptions for security services and

mechanisms,• defines where in OSI reference model

security services may be provided,• introduces security management concepts.

Security life-cycle

• Model is as follows:– define security policy,– analyse security threats (according to policy),– define security services to meet threats,– define security mechanisms to provide services,– provide on-going management of security.

Threats, services and mechanisms

• security threat– a possible means by which a security policy may be

breached (e.g. loss of integrity or confidentiality).

• security service– a measure which can be put in place to address a

threat (e.g. provision of confidentiality).

• security mechanism– a means to provide a service (e.g. encryption, digital

signature).

Security domains and policies

• In a secure system, the rules governing security behaviour should be made explicit in the form of a security policy.

• Security policy– the set of criteria for the provision of security

services

• Security domain– the scope of a single security policy

Generic security policy

• ISO 7498-2 generic authorisation policy:– ‘Information may not be given to, accessed by, nor

permitted to be inferred by, nor may any resource be used by, those not appropriately authorised.’

• Possible basis for more detailed policy.• N.B. does not cover availability (e.g. denial of service) issues.

Security Policy Types

• identity-based– access to and use of resources determined on the

basis of the identities of users and resources,

• rule-based– resource access controlled by global rules imposed

on all users, e.g. using security labels.

Security threats

• Threat– person, thing, event or idea which poses some danger to an

asset (in terms of confidentiality, integrity, availability or legitimate use).

• Attack– realisation of a threat.

• Safeguards– measures (e.g. controls, procedures) to protect against threats.

• Vulnerabilities– weaknesses in safeguards.

Risk

• Risk– measure of the cost of a vulnerability– takes into account probability of a successful

attack

• Risk analysis– determines whether expenditure on (new/better)

safeguards is warranted.

• Quality of Protection?– A missing concept in ISO

“Total Security will only be achieved when we are all dead”

Classroom thought

Fundamental Threats

• Integrity violation– USA Today, falsified reports of missile attacks on

Israel, 7/2002

• Denial of service– Yahoo, 2/2000, 1Gbps

• Information Leakage– Prince Charles mobile phone calls, 1993

• Illegitimate use– Vladimir Levin, Citibank, $3.7M, 1995

Enabling threats

• Realisation of any of these threats can lead directly to a realisation of a fundamental threat:– Masquerade,– Bypassing controls,– Authorisation violation,– Trojan horse,– Trapdoor.

Security Services classification

• Authentication– including entity authentication and origin authentication,

• Access control,• Data confidentiality,• Data integrity,• Non-repudiation.

Authentication

• Entity authentication provides checking of a claimed identity at a point in time.– Typically used at start of a connection.– Addresses masquerade and replay threats.

• Origin authentication provides verification of source of data.– Does not protect against replay or delay.

• Password Authentication, Challenge-Response Protocols, OTPs…

Access control

• Provides protection against unauthorised use of resource, including:– use of a communications resource,– reading, writing or deletion of an information

resource,– execution of a processing resource.

• Remote users• RBAC, White – Blacklisting …

Data Confidentiality

• Protection against unauthorised disclosure of information.

• Four types:– Connection confidentiality (e-banking),– Connectionless confidentiality (p2p networks),– Selective field confidentiality (e-voting),– Traffic flow confidentiality.

• Ex: Internet banking session– Encrypting routers as part of Swift funds transfer

network

Data Integrity

• Provides protection against active threats to the validity of data.

• Five types:– Connection integrity with recovery,– Connection integrity without recovery,– Selective field connection integrity,– Connectionless integrity,– Selective field connectionless integrity.

• Think of SQL injection and you’ll get an idea

Non-repudiation

• Protects against a sender of data denying that data was sent (non-repudiation of origin).

• Protects against a receiver of data denying that data was received (non-repudiation of delivery).

• I.e.: Signed letter with a recorded delivery

Security mechanisms

• They exist with a single purpose: Provide and Support Security services.

• Classes– Specific security mechanisms.– Pervasive security mechanisms (not specific from

a particular service)

Specific Security Mechanisms

• Cyphering,• digital signature,• access control mechanisms,• data integrity mechanisms,• authentication exchanges,• traffic padding,• routing control,• Notarisation (Trusted 3rd Parties).

Pervasive Security Mechanisms

• trusted functionality,• security labels,• event detection,• security audit trail,• security recovery.

Examples on Pervasive Mechanisms

• Event detection– Includes detection of

• attempted security violations,• legitimate security-related activity.

– Can be used to trigger event reporting (alarms), event logging, automated recovery.

• Security audit trail– Log of past security-related events.– Permits detection and investigation of past security breaches.

• Security recovery– Includes mechanisms to handle requests to recover from security

failures.– May include immediate abort of operations, temporary invalidation of

an entity, addition of entity to a blacklist.

Focus of Security Services?

Where to focus security controls?

• The focus may be on data – operations – users • Data– e.g. integrity requirements may refer to rules on Format and

content of data items (internal consistency).– account balance is an integer

• Operations that may be performed on a data item– credit, debit, transfer, …

• Users who are allowed to access a data item– account holder and bank clerk have access to account

Security Controls: Protection

• Thanks:– To you, your groups and your performance.

To Fabio Massacci:For making wonderful slides I can reuse now.