Course Overview
description
Transcript of Course Overview
Course Overview
Anupam DattaCMU
Fall 2009
18739A: Foundations of Security and Privacy
Course Staff
Instructor: Anupam Datta Office: CIC 2118 Email: [email protected] Office hours: Tue 4-5PM, Thur
5-6PM
TA: Arunesh Sinha Office: CIC 2127C Email: [email protected] Office hours: MF 1-2PM
A Real-World Interaction (Protocol) Depositing a check at a bank
1.Alice receives check from Bob2.Alice hands over check to teller Tyra3.Tyra sends check to Bob’s bank4.Bob’s bank verifies Bob’s signature5.Money transferred from Bob’s account to Alice’s
account3
Questions for the class What are the desired security properties?
Authentication : Bob must have written out the check for Alice Integrity: The check has not been modified by anyone other than Bob Non-repudiation: Bob cannot deny that he wrote a check if in fact he
did Authorization: Is Bob authorized to withdraw $X in funds? Privacy: Bob’s bank should not share Bob’s financial information with
other companies
What can an adversary do to try to break the protocol? Forge check, steal an empty check, forge signature, edit check
What mechanisms are used to achieve these properties? Unforgeable signatures, uniqueness of handwriting, indelible ink,
tamper evident paper (unauthenticated modification in body of check is detectable)
4 Now throw the internet and software systems into the mix!
Functional Correctness vs. Security Program or System Functional Correctness
Program satisfies specification For reasonable input, get reasonable output
Program or System Security Program properties preserved in face of attack
For unreasonable input, output is not completely disastrous
Main difference Active interference from adversary
Plan for Today Course logistics Overview of topics and learning outcomes
A quick tour of cryptographic primitives
Logistics (1) Lectures: Tuesday & Thursday, 10:30-11:50AM,
in SH 208 Recitation: Friday, 4-4:50PM, in SH 208
Web page: http://www.ece.cmu.edu/~ece739/ Course blackboard (linked from web page) Course work and grading:
Homework (40%) – 4 x 10% Midterm exam(10%) – take home End term exam (10%) – take home Course project (30%) Class participation (10%)
Logistics (2) Recitation:
Friday, 4-4:50PM, in SH 208 Supplements topics discussed in class
TA will discuss and demo various security analysis tools
TA will also elaborate on examples and proof techniques discussed in class
Should be useful for projects and homeworks First recitation this Friday
Logistics (3) Course Project:
Teams of 2 (form team by end of week) Project proposal: 1-2 pages (Due: Oct 8) Models/code (Due: Dec 1) Written report: 5-10 pages (Due: Dec 1) Final presentation in class (Dec 1,3)
Project suggestions later in the lecture or pick your own
Logistics (4)Collaboration policy on homeworks and exams:
You are allowed to discuss solutions to written homework problems with other students in the class, but are required to write out solutions independently and to acknowledge any collaboration or other source. For programming/tools homeworks, you can work in groups of 2.
You are required to work on the take home exams on your own. No collaboration is allowed.
CMU Computing PolicyCMU Policy on Cheating
Prerequisites An introductory course in computer security
such as 18-487, 18-630, or18-730 is recommended, but not required.
If in doubt, please talk to me after class
Quick class poll
10,000-foot View
Four Broad Topics Security Protocols Access Control
13
Privacy Software Security
Motivation: Web Purchase
Secure communicationusing SSL/TLS
SSL uses cryptography to protect data confidentiality and integrity, and guarantee entity authentication
Many Protocols Authentication
Kerberos Key Exchange
SSL/TLS handshake, IKE, JFK, IKEv2, Wireless and mobile computing
Mobile IP, WEP, 802.11i Electronic commerce
Contract signing, SET, electronic cash Anonymous communication
Dining cryptographers, mixnets, crowds, onion routingProtocol Repositories:
http://www.lsv.ens-cachan.fr/spore/, http://www.avispa-project.org/library
Huge practical impact, well-
developed theory!
Learning Outcomes (1) Security properties
What does confidentiality, integrity, authentication, denial of service, fairness, anonymity mean?
Adversary model What are the adversary’s capabilities – snoop on the
network, inject traffic, do complicated math, jam network, observe timing effects,…?
Protocol design How can cryptographic primitives be combined to
achieve security in the presence of such adversaries? What kind of mistakes do protocol designers make?
Protocol analysis How can we automatically find attacks on protocols? How can we prove security properties of protocols?
Possible Project Topics (1)1. Analysis of protocols using existing
methods/tools Electronic voting protocols Anonymous communication protocols Protocols for the emerging smart electric grid Mobility protocols, e.g. Mobile IPv6 “Next generation” internet protocols (accountability)
2. Develop/extend a protocol analysis method/tool Automated prover for PCL (discussed later in class) Extended the ASPIER tool for protocol implementation
verification
18
Sample projects from protocols course at Stanfordhttp://www.stanford.edu/class/cs259/projects.htm
Before we look at other topics A quick (de)tour of cryptography
19
Topic 2: Access Control
Access Control
Goal: Control which principals have access to which objects using a reference monitor that mediates access
Examples: File systems, memory
protection in OS, virtual machines, access to physical spaces, digital libraries, web browsers
CMU21
Distributed Access Control Goal: Flexible and scalable access control in
large-scale, open, distributed systems
Challenges: No central administration, each service makes its
own access control decision Access control policy is distributed
AliceEPub
StateUABU
StateU is a university
Alice is a student
Grants access to university students
Trusts universities to certify students
Trusts ABU to certify universities
Distributed Access Control Example
Learning Outcomes (2) Access control concepts and foundations
Principals, resources, reference monitor Policy expressed using access control matrix or logic Centralized and distributed policies
Access control in practice Mechanisms in current OS, hypervisors Mechanisms based on checking proofs in an
authorization logic (centralized and distributed) Case studies of the Grey system (used in CIC for
access to physical spaces) and the Taos OS (original application for the seminal work on the Lampson et al authorization logic)
Possible Project Topics (2)1. Access control in web browsers
Formal study of access control policies and mechanisms in modern web browsers
2. Access control in hypervisors Formal analysis of the TrustVisor system being
developed at CMU, or of Xen’s protection mechanisms
3. Adding flexible access control to svn
25
Topic 3: Privacy
26
Data Privacy
Huge amount of personal information available to various organizations Hospitals, financial institutions, websites,
universities, census bureau, social networks
Information shared within and across organizational boundaries to enable useful tasks to be completed Personal health information has to be shared to
enable diagnosis, treatment, billing Census bureau releases aggregate statistics
27
Learning Outcomes (3) What is privacy?
Philosophical studies (Gavison, Contextual Integrity) Database privacy definitions (differential privacy) Policy expression in languages (P3P, Logic of Privacy) Privacy regulations in the US, e.g., HIPAA, GLBA
How is privacy compromised? Attacks on AOL & Netflix data sets, cases of HIPAA
violation, end-user understanding of privacy promises How can we enforce privacy?
Achieving differential privacy Enforcing policies in the logic of privacy (the need for
auditing)
28
Possible Project Topics (3) Formalize a privacy regulation in a policy
language Example: GLBA in the logic of privacy
Develop a system for enforcing privacy policies Example: For the logic of privacy
29
Topic 4: Software Security
Software InsecurityRoot causes of security vulnerabilities in software
Language does not protect the abstractions it provides Example: buffer overflow attacks are possible because
C does not protect the array abstraction; not possible in Java
Language does not provide high-level abstractions for developing security applications Example: Java does not provide abstractions for writing
applications that enforce access or information flow control; similar issue for Javascript and web applications insecurity
Learning outcomes (4) Understanding of how type systems can be
used to improve software security
Protecting language abstractions Cyclone: Memory safe dialect of C, i.e. no buffer overflow attacks
Providing language abstractions Information flow control and the Volpano-Smith-Irvine type system
Possible Project Topic (4) Develop a language for secure web
programming Not recommended unless you have significant
experience with typed programming languages
33
From “what” to “why”?
Why study Foundations of Security?
Our discipline of computer science seems to be one in which theory and practice are more intimately related than in any other field.....you can’t get very far in practical work without abstract theories that permit you to think at a higher level, and at the same time theoretical work becomes dead if it doesn’t receive fresh inspiration from practical problems in the “real world”.
Don Knuth, Professor Emeritus of The Art of Computer Programming at Stanford University
5 Turing Award winning ideas! Rivest-Shamir-Adleman: RSA public key
cryptosystem Lampson: Foundations of access control Clarke-Emerson-Sistla: Model-checking systems Hoare: Axiomatic reasoning about programs Milner: Theory of concurrency