Sicurezza più - cs.unibo.itbabaoglu/courses/security08-09/lucidi/intro.pdf · © Babaoglu...

ALMA MATER STUDIORUM – UNIVERSITA’ DI BOLOGNA

Sicurezza

Prof. Ozalp Babaoglu

© Babaoglu 2001-2009 Sicurezza 2

! Illustrare teorie, metodi, tecniche e strumenti per rendere un sistema informatico più sicuro

! Acquisire conoscenza tecnica per poter decidere in maniera informata

! Acquisire intuizioni per poter utilizzare concetti e valutare tecnologie rilevanti

! Acquisire scetticismo tecnologico

Obiettivi


Informazioni Amministrative

! Propedeudicità:

" L'esame di Sicurezza può essere sostenuto solo dopo il superamento e registrazione dell'esame di Sistemi Operativi

! Frequenza:

" Obligatoria

! Valutazione:

" Esame finale (50% del voto)

" Laboratorio/Esercitazione (30% del voto)

" Quiz (due su tre) durante il corso (20% del voto)

Modalità e attività di laboratorio saranno definite nelle pagine web


Informazioni Amministrative

! Home Page del corso

" http://www.cs.unibo.it/babaoglu/courses/security

! Home Page del docente

" http://www.cs.unibo.it/babaoglu

! Lezioni: Lunedì, Martedì, Mercoledì 11-13 (Aula Magna)

! Esercitazione: Giovedì 11.30-13.30 (Ercolani E2)

! Ricevimento: Martedì 13-15 (Mura Anteo Zamboni 7)

! Tutore: Angelo di Iorio

" [email protected]


Libro di Testo

! Introduction to Computer Security, Matt Bishop, Addison-Wesley, 2005


Security Incidents Reported to CERT

0

14000

28000

42000

56000

70000

84000

98000

112000

126000

140000

20012002

2003

0

30

60

90

120

150

180

210

240

270

300

19881989

1990


Some Numbers

! Economic impact of viruses, worms and Trojan horses $17.1 billion in 2000 ($8.75 billion due to the I Love You virus alone)

! In one study, one out of every 325 e-mails had a malicious attachment

! In a recent EU study, one out of every two e-mails sent is unsolicited junk costing European businesses more than !2,5 billion a year in lost productivity

! In the first half of 2005 a record 1,862 new software vulnerabilities discovered, 60% of them in programs that run over the Internet

© Babaoglu 2001-2009 Sicurezza

Internet Domain Survey Host Count

8

0M

65M

130M

195M

260M

325M

390M

455M

520M

585M

650M

8/1

981

10/1

992

1/1

993

4/1

993

7/1

993

10/1

993

1/1

994

7/1

994

10/1

994

1/1

995

7/1

995

1/1

996

7/1

996

1/1

997

7/1

997

1/1

998

7/1

998

1/1

999

7/1

999

1/2

000

7/2

000

1/2

001

7/2

001

1/2

002

7/2

002

1/2

003

1/2

004

7/2

004

1/2

005

7/2

005

1/2

006

7/2

006

7/2

007

7/2

008

1/2

009

So

urc

e: In

tern

et S

yste

ms C

on

so

rtium

(ww

w.is

c.o

rg)


(Lack Of) Security in the Media

! “Computer Hacker Invades Web Site of the Justice Department”, NYT, 18 August 1996

! “Hacker Group Commandeers The New York Times Web Site”, NYT, 14 September 1998

! “Yahoo Blames a Hacker Attack for a Lengthy Service Failure”, NYT, 8 February 2000

! “A Hacker May Have Entered Egghead Site”, NYT, 23 December 2000



! “Stung by Security Flaws, Microsoft Makes Software Safety a Top Goal”, NYT, 17 January 2002

! “Millions of Cisco Devices Vulnerable To Attack”, Information Week, 18 July 2003

" “A method for shutting down networking devices circulates on the Internet”

! “New Doomjuice Worm Emerges, Targets Microsoft”, Reuters UK, 9 February 2004



! And countless other incidents that are not publicized for fear of embarrassment

! Yet when a public incident occurs, security experts and antivirus software vendors tend to exaggerate its costs

! In 2002, US companies spent more than $4.3 billion on antivirus software products alone


Changing Face of Attackers

! Shift from large, multipurpose attacks on the network perimeter towards smaller, more targeted attacks to desktop computers

! Shift from malicious “hacking” to criminal attacks with economic motives

" Identity theft

" Phishing

" Denial-of-service

12


Identity Theft

! In April 2005, an intrusion into its Seisint database of LexisNexis compromises personal information of about 310,000 persons

! In August 2004, an intrusion had compromised 1.4 million records of personal information at UC Berkeley

! In August 2007, identity thieves who compromised Monster.com's database also made off with the personal information of 146,000 people who use USAJobs


Identity Theft

The laptop contained personal information of some 98,369 individuals

14


Phishing

15

http://dmc.ajou.ac.kr/~qpid/zboard/fineco.it.html


Phishing

! During the first half of 2005 the volume of phishing e-mails grew from an average of about 3 million a day to about 5.7 million

! One out of every 125 email messages is a phishing attempt

! 1% of US households were victims of successful phishing attacks in 2004

16


Cyberextortion

! During the first half of 2005 Denial-of-Service (DoS) attacks increased from an average of 119 a day to 927

! 17% of US businesses surveyed report having received shut-down threats by DoS attacks

! One company refusing to pay extortion spends $100,000 annually to defend against DoS attacks

17 © Babaoglu 2001-2009 Sicurezza

“Botnets” and “Zombies”

! SecurityFocus, 23 January 2006

" In October 2005, Dutch authorities arrested three men in the Netherlands who allegedly controlled a network of more than 1.5 million compromised computers

! International Herald Tribune, 10 November 2007

" A computer security consultant accused of installing malicious software to create an army of up to 250,000 "zombie" computers so he could steal identities and access bank accounts will plead guilty to four federal charges

18


Update

! New York Times, 25 September 2006

" ChoicePoint, CardSystems Solutions, Time Warner and dozens of universities have collectively revealed 93,754,333 private records

" The Commerce Department announced that between 2001 and the present, 1,137 laptops were lost, missing or had been stolen

! USA Today, 23 January 2009

" Heartland Payment Systems disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants


Update

! Forbes.com, 2 February 2009

" According to a report released by the Ponemon Institute and funded by encryption firm PGP, the cost of a data breach for companies has risen to $202 per lost record, up from $197 in the institute's 2007 study. For the 47 companies audited in the study, those costs added up to $6.6 million per incident.

20


Update

! Symantec Internet Security Threat Report covering the first 6 months of 2006.

" The Symantec Probe Network detected 157,477 unique phishing messages

" Botnets have become a major part of the underground economy

" An average of 6,110 denial-of-service attacks per day

" Spam made up 54% of all monitored email traffic


Update

Source: Barracuda Networks 2007 Annual Spam Report

22


Update

! Symantec Report on the Underground Economy, July 2007 - June 2008

23 © Babaoglu 2001-2009 Sicurezza 24

Security in Context

! Security has to be custom tailored to individual needs, much like a suit or a dental prothesis

! There is no “one-size-fits-all” solution

! Security is a complex and extensive area that permeates all levels of computing systems including their physical environment

! Hardware-OS-Application-Network-Operator

! And like security in any other context, computer security is as strong as its weakest link


Security in Context

! We will study the technical issues related to security in a non-technical context

" “If you work with computer and network security long enough, you realize that the biggest problem is people: the people who design the software, the people who deploy it, the people who use the systems, the people who abuse the systems, and sometimes the people who guard the systems. There are certainly many technological challenges to be met, but the biggest problems still come back to people.” Gene Spafford


Network Information Systems

We will cast our study of security in the context of Network Information Systems

! Networked Information Systems (NIS) integrate

" computers,

" communications, and

" people (as users and as operators)



These systems are increasingly pervasive in everyday life

! Public telephone system

! Electrical power grid

! Internet

! Banking and finance

! E-Business

! Ballistic missile defense

Yet they are not trustworthy



! Provide new opportunities

" Increase speed/bandwidth of interaction

" New modes for interaction with customers

" New services

! Introduce new risks

" Dependence on complex hardware/software infrastructures

" Attacks from anywhere

" Sharing with anyone

" Automated infection

" Hostile code


Network Information Systems:Software Characteristics

! Substantial legacy content

" Documentation missing or incomplete

" Difficult to modify or port

! Grows by accretion and agglomeration

" No master plan or architect

" Nobody understands how/why the system works

! Uses commercial off the shelf (COTS) components and COTS middleware


Some Relevant Business Trends

! Organizations driven to operate faster / more efficiently (e.g. JIT production and services) due to increased competitiveness

! Climate of deregulation (e.g. power, telecom) requires cost control and product enhancements

! Rise of electronic commerce


NIS as a response

NIS affects costs and products

! Enables outsourcing of suppliers (b2b)

! Enables diminishing capacity cushion

" Control is essential – don’t have spare capacity

" Control is more difficult – need automated support

" But cascading failures more likely

! Enables product enhancements, but complexity is increased so result is flaws and surprising behavior


Trustworthiness

! NIS is trustworthy when it works correctly despite

" Malicious/hostile attacks

" Design and implementation errors (bugs)

" Human user and operator errors

" Environmental disruptions

(in increasing order of frequency)

! Holistic and multidimensional problem

" Property of system, not just components

" Involves many interacting sub-properties


Trustworthiness

! Trustworthiness is an example of a nonfunctional requirement

! System satisfies functional requirements if it does what it is supposed to do: inputs produce correct outputs

! System satisfies nonfunctional requirements (in a given context) if it does no more or no less than its functional requirements


Trustworthiness

! By their nature, attacks/errors/bugs are unpredictable and cannot be formalized; to do so would rule out possible scenarios, and thus would be incorrect

! Trustworthiness cannot be added to an existing system as an afterthought


Trustworthiness

! All aspects of trustworthiness can be seen as perturbations in the system. Are they all the same?

! Environmental disruptions are typically independent, thus replication can be effective

! Attacks and errors are not independent, thus replication is not effective

! Software bugs are probably the worst as they may have arbitrary privileges


What if NIS is not Trustworthy?

! Information disclosure (stored or transmitted)

" personal embarrassment

" compromise of corporate strategy

" compromise of national security

! Information alteration

" affect government or corporate operations

! New forms of warfare

" disable capacity without physical destruction

" attack without physical penetration by attacker

" “time bomb” and undetectable attacks


Real World Security

! Security in the real world is based on

" Value

" Locks

" Punishment

! Bad guys who break in are caught and punished often enough to make crime unattractive

! Ability to punish implies existence of a “police” force and a judiciary

! Locks must add minimum interference to life


Real World Security

! All locks are not the same

" Different keys

" Different strengths

" Environment dependent

! Individual security needs based on perception

! Pay for what you believe you need

! Locks do not provide absolute security but prevent casual intrusion by raising the threshold of for a break-in


Real World Security

! Perfect defense against theft: put all of your personal belongings in a safe deposit box

! Problem: expensive and inconvenient

! Practical security balances cost of protection and risk of loss (cost of recovery times probability of loss)

! If cost of protection is higher than the risk of loss, it is better to accept it as “cost of doing business” (Auto insurance, Banks, credit card companies do this all the time)


NIS Security

! With computers, security is mainly about software, which is cheap to manufacture, never wears out, cannot be attacked with drills or explosives

! Computer security ! Cryptography

! Since cryptography can be nearly perfect, so can computer security

! This reasoning is flawed for several reasons


Why Trustworthy NIS do not Exist?

! Most security problems due to buggy code

" Cryptography won’t help this at all

" Reported bugs are in cryptographic modules

! Security is complex and difficult to get right and set up correctly

! Security is a pain and gets in the way of doing things

! Since the danger is small, people prefer to buy features over security

! Software and system market dominated by commercial off-the-shelf (COTS) components

" Leverage huge economies of scale, interoperability, reduced time-to-market but inherit lack of trustworthiness


Why Trustworthy NIS do not Exist?

! Patent restrictions

! Government regulations (restrictions on export of cryptography technologies)

! Reliance on existing communication infrastructures (Internet)

! Everything is interconnected

" Telephone and power companies use Internet technology

" Their operational systems are linked to their corporate systems, which are linked to the Internet

" And the Internet requires power, and is largely built on top of Telephone circuits


Economics of Trustworthiness

! Few customers understand

" What trustworthiness buys

" What is risked by its absence (reliability is an exception)

" Consumers seem to prefer functionality!

! Producers/consumers cannot assess

" Trustworthiness of products

" Costs of having trustworthiness in products

" Costs of not having trustworthiness in products


Overview of NIS Security

Like any system, we can study security with respect to

! Specification: What is it supposed to do?

! Implementation: How does it do it?

! Correctness: Does it really work?

In security, these are called

! Policy (Specification)

! Mechanism (Implementation)

! Assurance (Correctness)


Overview of NIS Security

! Assurance is particularly important for security since the system may be subject to malicious attack

! Deployed systems may be perfectly functional for ordinary users despite having thousands of bugs

! But attackers try to drive the system into states that they can exploit, which increase as the number of bugs increases


Definitions

! Vulnerability: A weakness that can be exploited to cause damage

! Attack: A method of exploiting a vulnerability

! Threat: A motivated, capable adversary that mounts an attack

Strategies:

! Identify and fix each vulnerability (bug)

! Identify threats and eliminate those vulnerabilities that those threats exploit


Shrinking Vulnerability-to-Attack Time

Source: Network Computing (www.nwc.com), April 2004


Shrinking Vulnerability-to-Attack Time

! In 2005, the mean time between the disclosure of a vulnerability and the release of associated exploit code is 6.0 days

! In 2005, an average of 54 days elapsed between the appearance of a vulnerability and the release of an associated patch by the affected vendor

48


Vulnerabilities, Attacks, Threats

Range of threats that NIS face:

! Inquisitive, unintentional blunders

! Hackers driven by technical challenges

! Disgruntled employees/customers seeking revenge

! Criminals interested in personal financial gain

! Organized crime with intent of financial gain

! Organized terrorist groups seeking isolated attacks

! Foreign espionage agents seeking information for economic, political, military purposes


Knowledge vs Damage

Severity of a threat is related to the resources available for the attack

! Knowledge is a resource

! Money can buy anything, including knowledge

! Easy access to “packaged” knowledge (e.g., SATAN for Unix systems) results in a discontinuity between the technical expertise of a particular threat and the severity of the damage


Knowledge vs Damage

51

Today 1980’s

Amount of Damage

Leve

l of K

now

ledge


Google Hacking

! International Herald Tribune, 28 September 2006. “Hacking made easy: 'Secret' data just a Google search away”:

" One widespread vulnerability can be exploited through a practice that has come to be known as Google hacking. These hacks require no special tools and little skill. All that is needed is a Web-connected PC and a few keywords to look for, like "filetype:sqlpassword" or "index.of.password."

52


Security Policies

NIS security needs typically worry about

! Secrecy (confidentiality): controlling who gets to read information

! Integrity: controlling how information changes or resources are used

! Availability: providing prompt access to information and resources

! Accountability: knowing who has had access to information or resources


Security Policies

What do locks, keys, values and the police have to do with computer security?

! Locks: authorization, access control mechanisms

! Keys: authentication required to open a lock. Can be something the user knows, has or is

! Police: same as the real world. Since attacks can be launched remotely, equivalents of video cameras are needed for convicting offenders


Gold Standard of Security

Any system claiming to be secure must contain mechanisms for

! Authentication

! Authorization

! Auditing


Assurance vs Functionality

! Assurance is the ability to convince ourselves that a system is trustworthy

! Increased functionality implies increased complexity and complexity is the worst enemy of security

FunctionalityA

ssura

nce


Assurance vs Functionality

Two general principles to promote higher assurance

! Economy of Mechanism: small and simple mechanisms whenever possible

! Open Design: security of a mechanism should not depend on attacker’s ignorance of how the mechanism works or is built

" No “security through obscurity”

" Makes security harder but is necessary for increased assurance

Sicurezza più - cs.unibo.itbabaoglu/courses/security08-09/lucidi/intro.pdf · © Babaoglu...

Documents

Transcript of Sicurezza più - cs.unibo.itbabaoglu/courses/security08-09/lucidi/intro.pdf · © Babaoglu...