CS 556 – Computer Securitycs556/lecture-notes/basic-concepts.pdf · Contributing Factors BASIC...
Transcript of CS 556 – Computer Securitycs556/lecture-notes/basic-concepts.pdf · Contributing Factors BASIC...
CS 556 - Computer Security - c© 2012 Colorado State University – 1 / 53
CS 556 – Computer Security
Dr. Indrajit Ray
Email: [email protected]
Department of Computer Science
Colorado State University
Fort Collins, CO 80523, USA
BASIC SECURITY CONCEPTS
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 2 / 53
Why Security?
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 3 / 53
● Not a major issue for non-networked centralized systems
✦ Single administrative control
■ Policies can be well defined and enforced
■ System can be physically secured
■ Access can be easily monitored and restricted
Network Connectivity Changes Everything
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 4 / 53
Internet Perspective
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 5 / 53
● Spans 180+ countries
✦ Legal system varies
✦ No central administration means practically impossible to
enforce any policy
● Users - Universities, government agencies, research
organizations, corporations, etc.
Scope of Internet Security Problems
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 6 / 53
● Public, private and government networks have been penetrated
by unauthorized users and rogue programs
● Increased volume of security breaches being reported regularly
✦ Many go unreported for fear of loosing face
National Cyber Incident Statistics
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 7 / 53
Attack Trends 2005 – 2010
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 8 / 53
2007 Dollar Amount Losses (Total = $66,930,950)
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 9 / 53
General Attack Strategies and Their
Relationships
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 10 / 53
integrity violation illegitimate use
intercept / alter
repudiation
information leakage
integrity violation
theft
replay
resource exhaustion
integrity violation
theft
planting
Virus / Worms
Trojan Horses
trapdoor
service spoofing
masquerade
bypassing controls
physical intrusion
authriztn. violation
penetration
eavesdropping
traffic analysis
EM/RF interception
indiscretions
media scanvenging
denial of serviceinformation leakage
Contributing Factors
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 11 / 53
● Lack of awareness of Internet threats and risks
✦ Security measures are often not considered until an
enterprise has been attacked
● Wide open network policies
✦ Many sites allow very liberal and open access
● Vast majority of Internet traffic is unencrypted and can be
captured and/or monitored
Contributing Factors (cont’d)
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 12 / 53
● Lack of security in the TCP/IP protocol suite
✦ IPSEC not widely available
● Complexity of security management and administration
● Gloated and buggy software
● Improved hacking / cracking skills
● Risky behavior by end users
Security Objectives
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 13 / 53
Availability
IntegrityConfidentiality
Security Objectives
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 14 / 53
● Confidentiality
✦ Prevent / detect / deter improper disclosure of information
● Integrity
✦ Prevent / detect / deter improper modification of information
● Availability
✦ Prevent / detect / deter improper denial of access to services
provided by the system
Security Objectives (cont’d)
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 15 / 53
● Note the use of term improper rather than unauthorized
✦ Authorized users are accountable for their actions
✦ Proper authorization is difficult to achieve when the system
spans multiple administrative domains
Security Objectives (cont’d)
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 16 / 53
● Prevention is more fundamental
✦ Detection seeks to prevent by threat of punitive action
✦ Detection requires an audit trail to be maintained that must
be prevented from alteration
● Sometimes detection is the only option
✦ Modification of message on a network
✦ Accountability in the proper use of privileges
Examples of Confidentiality
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 17 / 53
● Military
✦ The target coordinates of a missile should not be improperly
disclosed
● Commercial
✦ An employee should not come to know the salary of his
manager
Examples of Integrity
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 18 / 53
● Military
✦ The target coordinates of a missile should not be improperly
modified
● Commercial
✦ An employee should not be able to modify the employee’s
own salary
Examples of Availability
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 19 / 53
● Military
✦ When the proper command for missile launch is issued, the
missile should fire
● Commercial
✦ Paychecks should be printed on time as stipulated by the law
Security Objectives (cont’d)
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 20 / 53
● Authenticity
✦ The property of being genuine and being able to be verified
and trusted
● Accountability
✦ Requirement that the actions of an entity should be
attributable to that entity.
● Non-repudiation
✦ Requirement that an entity is not able to deny or reject the
validity of its pat actions.
Seventh Objective?
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 21 / 53
● Prevent / detect / deter improper use of computing resources
✦ hardware resources
✦ software resources
✦ network resources
✦ data resources
Achieving Security
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 22 / 53
● Security Policy
✦ What needs to be secured?
● Security Mechanism
✦ How can it be secured?
● Security Assurance
✦ How well is it secured?
Security Policy
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 23 / 53
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
������������������������������������������������������������������������������������������������������������������������
������������������������������������������������������������������������������������������������������������������������
OrganizationalPolicy
Automated InformationSystems Policy
● Specified mostly in terms of access control policies
● Need to include information about security management and
incident reporting
● Need to be pragmatic
Security Mechanisms
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 24 / 53
● Prevention
✦ Authentication
✦ Access control
✦ Encryption
● Detection
✦ Auditing
✦ Intrusion detection
● Tolerance
✦ Practicality
Security by Obscurity
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 25 / 53
● If we hide the inner working of a system, it will be secure
✦ It’s a bad idea
✦ Less and less applicable in the emerging world of vendor
independent open standards
✦ Less and less applicable in a world of widespread computer
knowledge and expertise
Security by Legislation
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 26 / 53
● If we instruct our users on how to behave, we can secure a
system
● For example
✦ Users should not share passwords
✦ Users should not type in their passwords when someone is
looking over their shoulders
✦ Users should not try to reverse engineer CSS
Security by Legislation (cont’d)
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 27 / 53
● It’s a bad idea
✦ User awareness and cooperation is important but cannot be
the principal focus for achieving security
✦ Human beings tend to defy authority
Security Incident Information Reporting
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 28 / 53
Professional
Hackers /Crackers
Spies
Terrorists
CorporateRaiders
Criminals
Vandals
Voyeurs
PhysicalAttack
InformationExchange
UserCommand
Script /Program
AutonomousAgent
Toolkit
DistributedTool
Data Tap
ToolAttackers Vulnerability
Design
Configuration
Implemen--tation
Action
Probe
Scan
Flood
Authenticate
Bypass
Spoof
Read
Copy
Steal
Modify
Delete
ResultTarget
UnauthorizedObjectives
Account
Process
Data
Component
Computer
Network
Internetwork
IncreasedAccess
Disclosure ofInformation
Corruption ofInformation
Denial ofService
Theft ofResources
Challenge,Status, Thrill
PoliticalGain
FinancialGain
Damage
attack(s)
incident
event
Security Tradeoffs
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 29 / 53
������������������������������������������������������������������������������
������������������������������������������������������������������������������
Security Functionality
Ease of Use
Cost
Threat – Vulnerability – Risk
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 30 / 53
● Threats – Possible attacks on the system
● Vulnerabilities – Weaknesses that may be exploited to cause
loss or harm
● Risk – A measure of the possibility of security breaches and the
severity of the resulting damage
✦ Requires assessment of threats and vulnerabilities
Classes of Security Threats
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 31 / 53
● Errors and omissions by insiders
● Natural / man-made / machine disasters
● Dishonest insiders
● Disgruntled insiders
● Outsiders
Measuring Risk
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 32 / 53
● “I often say that when you can measure what you are speaking
about, and express it in numbers, you know something about it;
but when you cannot express it in numbers, your knowledge is of
a meagre and unsatisfactory kind; it may be the beginning of
knowledge, but you have scarcely, in your thoughts, advanced to
the stage of science, whatever the matter may be.” – William
Thomson, 1st Baron Kelvin
✦ Lecture on “Electrical Units of Measurement” (3 May 1883),
published in Popular Lectures Vol. I, p. 73
✦ Source - http://en.wikiquote.org/wiki/William Thomson
Security Risk Management
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 33 / 53
● Risk analysis
● Risk reduction
● Risk acceptance
Risk Analysis
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 34 / 53
● Mathematical formulae and computer models can be developed
but the underlying parameters are difficult to quantify and / or
estimate
● There is precious little historical data and whatever exists may
be of little use
✦ Do not forget – Garbage In Garbage Out
Risk Measures
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 35 / 53
● Probability based quantitative
● Qualitative
● Fuzzy mathematics
Assets - Threat Model
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 36 / 53
● Threats compromise our assets
● Threats have a probability of occurrence and a severity of effect
● Assets have value
● Assets are vulnerable to threats
● Risk is the expected loss from the possible action of a threat
against an asset
Assets - Threat Model
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 37 / 53
● R = V × P × S
✦ R is the risk
✦ V is the value of an asset
✦ P is the probability of the occurrence of threat
✦ S is the vulnerability of the asset to the threat, that is, the
severity of the effect of the threat
System - Failure Model
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 38 / 53
● Threat events cause undesirable outcomes
● Estimate the probability of highly undesirable events
● Risk is the likelihood of an undesirable outcome within a given
period of time
● State space of complex systems is very large and makes this
approach difficult
Risk Acceptance
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 39 / 53
● Certification
✦ Technical evaluation of a system’s security features with
respect to how well they meet a set of specified security
requirements
● Accreditation
✦ The management’s action of approving an automated
system, perhaps with prescribed administratible safeguards,
for use in a particular environment
Resilient Cyber Systems – Beyond Security (1)
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 40 / 53
● Cyber defense is an asymmetric warfare
✦ Defender has to try to close all vulnerabilities; attacker has
to exploit just one vulnerability
✦ Attack detection tools are slow to evolve with emerging
attacks
✦ Attacks spread at a much faster pace than deployment rate
of mitigation techniques
● End user interactions affect security in unforeseen manner
● Cyber defense is expensive
✦ Real dollar needed to deploy defenses
✦ Costly in terms of system downtime, system upgrades,
service level degradation, training, etc.
✦ Possibility of unprepared-for interactions with existing
system
Resilient Cyber Systems – Beyond Security (2)
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 41 / 53
● Cyber system that has the ability to
✦ Provide full level of services in a benign environment
✦ Withstand known and predictable cyber attacks
✦ Continue to provide reduced but critical services in an
adverse (unknown, unpredictable, and unforeseen)
environment
✦ Recover services quickly after an attack
✦ Adapt and evolve to reduce the effectiveness of future
attacks
Measuring Resilience – What We Need
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 42 / 53
● Measuring level of service
✦ Percentage, average
● Measuring how well system is able to withstand attacks
✦ Assess risks to cyber assets
✦ Assess potential damage
✦ Assess security control cost
✦ Assess best use of resources and capabilities to protect
system
● Measuring how quickly system has responded to and recovered
from attack
✦ Time
Measuring System Resilience
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 43 / 53
● Need to assess potential effects of a cyber attack on the
organizations mission
● Identify & measure dependencies between
✦ Mission objectives
✦ Cyber assets involved
✦ Activities that affect security
● Assess attackers potential objectives / intentions
✦ Attacker may not have a specific damage to mission in mind
but may just want to cause some damage
Measuring System Resilience
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 44 / 53
● Assess cost to defender to protect
✦ Real dollar needed to deploy defenses
✦ Costly in terms of system downtime, system upgrades,
service level degradation, training, etc.
✦ Possibility of unprepared-for interactions with existing
system
● Assess tradeoffs for practical, achievable security
● End user interactions affect security / resilience in unforeseen
manner
✦ Difficult to measure and often neglected
Modeling System Risk Profile (1)
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 45 / 53
Modeling System Risk Profile (2)
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 46 / 53
Modeling System Risk Profile (3)
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 47 / 53
Resilient System 201 - Statically Adaptive
Security
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 48 / 53
● Identify best way to deploy security controls so as to
✦ Minimize cost of security deployment (SCC) without going
over an upper bound while covering as many weak spots as
possible
✦ Minimize residual damage (RDD) resulting from not being
able to cover some weak spots
● Identify optimal solutions that are also robust against certain
levels of compromise
✦ To protect against unforeseen interactions
✦ To protect against compromise of security controls from zero
day attacks
Resilient System 301 - Attacker against
Defender
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 49 / 53
● Attackers optimization problem
✦ Attacker strategy may be just to cause some damage to a
system and not just effectuate one specific compromise
✦ Attacker adopts strategy that maximizes damage
● Defenders optimization problem
✦ Defender adopts strategy that minimizes cost of
implementing security controls, minimizes residual damage
and identifies robust solutions
Resilient System 401 - Dynamically Adaptive
Security
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 50 / 53
● For every attack there is a certain probability of occurrence
● Probability can change depending on
✦ What the contributing factors are for the attack
✦ How those factors are changing
● Output of intrusion detection and/or system monitoring tools can
be incorporated to provide near real-time situational awareness
Modeling Dynamically Adaptive Security
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 51 / 53
Challenges for Emerging Systems
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 52 / 53
Mesuring Risk for Emerging System
BASIC SECURITY
CONCEPTS
CS 556 - Computer Security - c© 2012 Colorado State University – 53 / 53
● Be able to predict the security posture of a complex network
● Requires characterization of network at different scales
particularly spatial and temporal
✦ What are the critical points in the network of networks?
✦ How robust is the complex system to attacks?
✦ Can security breach cascade across different networks?
✦ How does the system risk profile evolve over time?
● Requires ability to anticipate user activities