CS 556 – Computer Securitycs556/lecture-notes/basic-concepts.pdf · Contributing Factors BASIC...

CS 556 - Computer Security - c© 2012 Colorado State University – 1 / 53

CS 556 – Computer Security

Dr. Indrajit Ray

Email: [email protected]

Department of Computer Science

Colorado State University

Fort Collins, CO 80523, USA

BASIC SECURITY CONCEPTS

BASIC SECURITY

CONCEPTS


Why Security?

BASIC SECURITY

CONCEPTS


● Not a major issue for non-networked centralized systems

✦ Single administrative control

■ Policies can be well defined and enforced

■ System can be physically secured

■ Access can be easily monitored and restricted

Network Connectivity Changes Everything

BASIC SECURITY

CONCEPTS


Internet Perspective

BASIC SECURITY

CONCEPTS


● Spans 180+ countries

✦ Legal system varies

✦ No central administration means practically impossible to

enforce any policy

● Users - Universities, government agencies, research

organizations, corporations, etc.

Scope of Internet Security Problems

BASIC SECURITY

CONCEPTS


● Public, private and government networks have been penetrated

by unauthorized users and rogue programs

● Increased volume of security breaches being reported regularly

✦ Many go unreported for fear of loosing face

National Cyber Incident Statistics

BASIC SECURITY

CONCEPTS


Attack Trends 2005 – 2010

BASIC SECURITY

CONCEPTS


2007 Dollar Amount Losses (Total = $66,930,950)

BASIC SECURITY

CONCEPTS


General Attack Strategies and Their

Relationships

BASIC SECURITY

CONCEPTS


integrity violation illegitimate use

intercept / alter

repudiation

information leakage

integrity violation

theft

replay

resource exhaustion

integrity violation

theft

planting

Virus / Worms

Trojan Horses

trapdoor

service spoofing

masquerade

bypassing controls

physical intrusion

authriztn. violation

penetration

eavesdropping

traffic analysis

EM/RF interception

indiscretions

media scanvenging

denial of serviceinformation leakage

Contributing Factors

BASIC SECURITY

CONCEPTS


● Lack of awareness of Internet threats and risks

✦ Security measures are often not considered until an

enterprise has been attacked

● Wide open network policies

✦ Many sites allow very liberal and open access

● Vast majority of Internet traffic is unencrypted and can be

captured and/or monitored

Contributing Factors (cont’d)

BASIC SECURITY

CONCEPTS


● Lack of security in the TCP/IP protocol suite

✦ IPSEC not widely available

● Complexity of security management and administration

● Gloated and buggy software

● Improved hacking / cracking skills

● Risky behavior by end users

Security Objectives

BASIC SECURITY

CONCEPTS


Availability

IntegrityConfidentiality

Security Objectives

BASIC SECURITY

CONCEPTS


● Confidentiality

✦ Prevent / detect / deter improper disclosure of information

● Integrity

✦ Prevent / detect / deter improper modification of information

● Availability

✦ Prevent / detect / deter improper denial of access to services

provided by the system

Security Objectives (cont’d)

BASIC SECURITY

CONCEPTS


● Note the use of term improper rather than unauthorized

✦ Authorized users are accountable for their actions

✦ Proper authorization is difficult to achieve when the system

spans multiple administrative domains


BASIC SECURITY

CONCEPTS


● Prevention is more fundamental

✦ Detection seeks to prevent by threat of punitive action

✦ Detection requires an audit trail to be maintained that must

be prevented from alteration

● Sometimes detection is the only option

✦ Modification of message on a network

✦ Accountability in the proper use of privileges

Examples of Confidentiality

BASIC SECURITY

CONCEPTS


● Military

✦ The target coordinates of a missile should not be improperly

disclosed

● Commercial

✦ An employee should not come to know the salary of his

manager

Examples of Integrity

BASIC SECURITY

CONCEPTS


● Military

✦ The target coordinates of a missile should not be improperly

modified

● Commercial

✦ An employee should not be able to modify the employee’s

own salary

Examples of Availability

BASIC SECURITY

CONCEPTS


● Military

✦ When the proper command for missile launch is issued, the

missile should fire

● Commercial

✦ Paychecks should be printed on time as stipulated by the law


BASIC SECURITY

CONCEPTS


● Authenticity

✦ The property of being genuine and being able to be verified

and trusted

● Accountability

✦ Requirement that the actions of an entity should be

attributable to that entity.

● Non-repudiation

✦ Requirement that an entity is not able to deny or reject the

validity of its pat actions.

Seventh Objective?

BASIC SECURITY

CONCEPTS


● Prevent / detect / deter improper use of computing resources

✦ hardware resources

✦ software resources

✦ network resources

✦ data resources

Achieving Security

BASIC SECURITY

CONCEPTS


● Security Policy

✦ What needs to be secured?

● Security Mechanism

✦ How can it be secured?

● Security Assurance

✦ How well is it secured?

Security Policy

BASIC SECURITY

CONCEPTS


��

��

��

��

OrganizationalPolicy

Automated InformationSystems Policy

● Specified mostly in terms of access control policies

● Need to include information about security management and

incident reporting

● Need to be pragmatic

Security Mechanisms

BASIC SECURITY

CONCEPTS


● Prevention

✦ Authentication

✦ Access control

✦ Encryption

● Detection

✦ Auditing

✦ Intrusion detection

● Tolerance

✦ Practicality

Security by Obscurity

BASIC SECURITY

CONCEPTS


● If we hide the inner working of a system, it will be secure

✦ It’s a bad idea

✦ Less and less applicable in the emerging world of vendor

independent open standards

✦ Less and less applicable in a world of widespread computer

knowledge and expertise

Security by Legislation

BASIC SECURITY

CONCEPTS


● If we instruct our users on how to behave, we can secure a

system

● For example

✦ Users should not share passwords

✦ Users should not type in their passwords when someone is

looking over their shoulders

✦ Users should not try to reverse engineer CSS

Security by Legislation (cont’d)

BASIC SECURITY

CONCEPTS


● It’s a bad idea

✦ User awareness and cooperation is important but cannot be

the principal focus for achieving security

✦ Human beings tend to defy authority

Security Incident Information Reporting

BASIC SECURITY

CONCEPTS


Professional

Hackers /Crackers

Spies

Terrorists

CorporateRaiders

Criminals

Vandals

Voyeurs

PhysicalAttack

InformationExchange

UserCommand

Script /Program

AutonomousAgent

Toolkit

DistributedTool

Data Tap

ToolAttackers Vulnerability

Design

Configuration

Implemen--tation

Action

Probe

Scan

Flood

Authenticate

Bypass

Spoof

Read

Copy

Steal

Modify

Delete

ResultTarget

UnauthorizedObjectives

Account

Process

Data

Component

Computer

Network

Internetwork

IncreasedAccess

Disclosure ofInformation

Corruption ofInformation

Denial ofService

Theft ofResources

Challenge,Status, Thrill

PoliticalGain

FinancialGain

Damage

attack(s)

incident

event

Security Tradeoffs

BASIC SECURITY

CONCEPTS


��

��

Security Functionality

Ease of Use

Cost

Threat – Vulnerability – Risk

BASIC SECURITY

CONCEPTS


● Threats – Possible attacks on the system

● Vulnerabilities – Weaknesses that may be exploited to cause

loss or harm

● Risk – A measure of the possibility of security breaches and the

severity of the resulting damage

✦ Requires assessment of threats and vulnerabilities

Classes of Security Threats

BASIC SECURITY

CONCEPTS


● Errors and omissions by insiders

● Natural / man-made / machine disasters

● Dishonest insiders

● Disgruntled insiders

● Outsiders

Measuring Risk

BASIC SECURITY

CONCEPTS


● “I often say that when you can measure what you are speaking

about, and express it in numbers, you know something about it;

but when you cannot express it in numbers, your knowledge is of

a meagre and unsatisfactory kind; it may be the beginning of

knowledge, but you have scarcely, in your thoughts, advanced to

the stage of science, whatever the matter may be.” – William

Thomson, 1st Baron Kelvin

✦ Lecture on “Electrical Units of Measurement” (3 May 1883),

published in Popular Lectures Vol. I, p. 73

✦ Source - http://en.wikiquote.org/wiki/William Thomson

Security Risk Management

BASIC SECURITY

CONCEPTS


● Risk analysis

● Risk reduction

● Risk acceptance

Risk Analysis

BASIC SECURITY

CONCEPTS


● Mathematical formulae and computer models can be developed

but the underlying parameters are difficult to quantify and / or

estimate

● There is precious little historical data and whatever exists may

be of little use

✦ Do not forget – Garbage In Garbage Out

Risk Measures

BASIC SECURITY

CONCEPTS


● Probability based quantitative

● Qualitative

● Fuzzy mathematics

Assets - Threat Model

BASIC SECURITY

CONCEPTS


● Threats compromise our assets

● Threats have a probability of occurrence and a severity of effect

● Assets have value

● Assets are vulnerable to threats

● Risk is the expected loss from the possible action of a threat

against an asset

Assets - Threat Model

BASIC SECURITY

CONCEPTS


● R = V × P × S

✦ R is the risk

✦ V is the value of an asset

✦ P is the probability of the occurrence of threat

✦ S is the vulnerability of the asset to the threat, that is, the

severity of the effect of the threat

System - Failure Model

BASIC SECURITY

CONCEPTS


● Threat events cause undesirable outcomes

● Estimate the probability of highly undesirable events

● Risk is the likelihood of an undesirable outcome within a given

period of time

● State space of complex systems is very large and makes this

approach difficult

Risk Acceptance

BASIC SECURITY

CONCEPTS


● Certification

✦ Technical evaluation of a system’s security features with

respect to how well they meet a set of specified security

requirements

● Accreditation

✦ The management’s action of approving an automated

system, perhaps with prescribed administratible safeguards,

for use in a particular environment

Resilient Cyber Systems – Beyond Security (1)

BASIC SECURITY

CONCEPTS


● Cyber defense is an asymmetric warfare

✦ Defender has to try to close all vulnerabilities; attacker has

to exploit just one vulnerability

✦ Attack detection tools are slow to evolve with emerging

attacks

✦ Attacks spread at a much faster pace than deployment rate

of mitigation techniques

● End user interactions affect security in unforeseen manner

● Cyber defense is expensive

✦ Real dollar needed to deploy defenses

✦ Costly in terms of system downtime, system upgrades,

service level degradation, training, etc.

✦ Possibility of unprepared-for interactions with existing

system

Resilient Cyber Systems – Beyond Security (2)

BASIC SECURITY

CONCEPTS


● Cyber system that has the ability to

✦ Provide full level of services in a benign environment

✦ Withstand known and predictable cyber attacks

✦ Continue to provide reduced but critical services in an

adverse (unknown, unpredictable, and unforeseen)

environment

✦ Recover services quickly after an attack

✦ Adapt and evolve to reduce the effectiveness of future

attacks

Measuring Resilience – What We Need

BASIC SECURITY

CONCEPTS


● Measuring level of service

✦ Percentage, average

● Measuring how well system is able to withstand attacks

✦ Assess risks to cyber assets

✦ Assess potential damage

✦ Assess security control cost

✦ Assess best use of resources and capabilities to protect

system

● Measuring how quickly system has responded to and recovered

from attack

✦ Time

Measuring System Resilience

BASIC SECURITY

CONCEPTS


● Need to assess potential effects of a cyber attack on the

organizations mission

● Identify & measure dependencies between

✦ Mission objectives

✦ Cyber assets involved

✦ Activities that affect security

● Assess attackers potential objectives / intentions

✦ Attacker may not have a specific damage to mission in mind

but may just want to cause some damage

Measuring System Resilience

BASIC SECURITY

CONCEPTS


● Assess cost to defender to protect

✦ Real dollar needed to deploy defenses

✦ Costly in terms of system downtime, system upgrades,

service level degradation, training, etc.

✦ Possibility of unprepared-for interactions with existing

system

● Assess tradeoffs for practical, achievable security

● End user interactions affect security / resilience in unforeseen

manner

✦ Difficult to measure and often neglected

Modeling System Risk Profile (1)

BASIC SECURITY

CONCEPTS



BASIC SECURITY

CONCEPTS


Resilient System 201 - Statically Adaptive

Security

BASIC SECURITY

CONCEPTS


● Identify best way to deploy security controls so as to

✦ Minimize cost of security deployment (SCC) without going

over an upper bound while covering as many weak spots as

possible

✦ Minimize residual damage (RDD) resulting from not being

able to cover some weak spots

● Identify optimal solutions that are also robust against certain

levels of compromise

✦ To protect against unforeseen interactions

✦ To protect against compromise of security controls from zero

day attacks

Resilient System 301 - Attacker against

Defender

BASIC SECURITY

CONCEPTS


● Attackers optimization problem

✦ Attacker strategy may be just to cause some damage to a

system and not just effectuate one specific compromise

✦ Attacker adopts strategy that maximizes damage

● Defenders optimization problem

✦ Defender adopts strategy that minimizes cost of

implementing security controls, minimizes residual damage

and identifies robust solutions

Resilient System 401 - Dynamically Adaptive

Security

BASIC SECURITY

CONCEPTS


● For every attack there is a certain probability of occurrence

● Probability can change depending on

✦ What the contributing factors are for the attack

✦ How those factors are changing

● Output of intrusion detection and/or system monitoring tools can

be incorporated to provide near real-time situational awareness

Modeling Dynamically Adaptive Security

BASIC SECURITY

CONCEPTS


Challenges for Emerging Systems

BASIC SECURITY

CONCEPTS


Mesuring Risk for Emerging System

BASIC SECURITY

CONCEPTS


● Be able to predict the security posture of a complex network

● Requires characterization of network at different scales

particularly spatial and temporal

✦ What are the critical points in the network of networks?

✦ How robust is the complex system to attacks?

✦ Can security breach cascade across different networks?

✦ How does the system risk profile evolve over time?

● Requires ability to anticipate user activities

CS 556 – Computer Securitycs556/lecture-notes/basic-concepts.pdf · Contributing Factors BASIC...

Documents

Transcript of CS 556 – Computer Securitycs556/lecture-notes/basic-concepts.pdf · Contributing Factors BASIC...