Presentation on theme: "Software Security Professor Clark Thomborson Computer Science Department Auckland University NZ Information Security Forum, 1 st March 2001."— Presentation transcript:
Software Security Professor Clark Thomborson Computer Science Department Auckland University NZ Information Security Forum, 1 st March 2001
What do we want from Security? Our home & office security systems should –allow authorised access, and –prevent unauthorised access. Security systems are imperfect. They will –deny access to an authorised user (type-1 fault), –allow unauthorised access (type-2 fault), and –misdefine authorised or access (type-3 fault). Type-1 and type-2 faults are technical defects in implementation or operation. Type-3 faults result from misunderstandings, disagreements or ignorance of law, ethics, economics, psychology, politics, technology…
Technological Utopia Most technologists prefer open systems. Physical analogy: an open door allows access to anyone (who can walk up to the door). Examples of open-access systems: –Free-to-air television allows unrestricted viewing (if you have a TV in a broadcasters area); –The world-wide web allows unrestricted viewing (if you have a computer, web-browser software, and an ISP). Virtues: –extreme simplicity; –no type-2 faults (there are no unauthorised accesses!); –wonderful possibilities for interoperability with other systems.
Type-1 Faults in Open Systems Open systems may be overloaded, denying access from time to time. Open systems may be subverted, becoming inoperable from time to time. –A hacker may overwrite my website. (Type-3 fault? I intend my website to allow open-access for viewing, but not open-access for writing!) –My email may contain a virus. (Type-3 fault? I intend my email inbox to be open-access for incoming mail, and I like the easy-open features of MS OE, but I dont want to lose control of my computer!)
Type-3 Faults in Open Systems Economic: donations, advertising revenues, subsidies, or other indirect funding may be insufficient to sustain operations. Legal: civil (e.g. infringement through MP3 downloads) or criminal (e.g. supplying pornography). Ethical: is it appropriate to value our right to know above our right to privacy and our right to fair compensation for work?
Extreme Solutions Open systems avoid type-2 faults. Non-responsive systems avoid type-1 faults: they never allow an unauthorised access! Most well-designed systems have some access restrictions, in three layers: –Prevention, to limit type-1 and type-2 faults. –Detection, to discover faults. –Response, to minimise future faults.
Prevention Techniques (Controls) There are three main classes of control: –Ethical controls, e.g. Thou shalt not steal; –Legal controls, enforced by the state; –Technical controls, enforced by systems design. Example: authentication by passwords, smartcards, or biometrics. Software security systems allow (and require) new forms of control. Challenge: the controls in physical systems may not have analogues in virtual systems.
Ethical Challenges When I think about copying software or music for a friend, should I pay attention to –Thou shalt not steal (Mosaic law) or –Faith, hope, charity (Christian virtue)? We have well-developed ethics to guide our distribution of physical goods: consider water and gold. We are just beginning to develop an ethics to guide our distribution of software. –Free software:
The Ethics of Free Software John Goerzen Proprietary (or closed) software lacks many of the benefits that society has derived from the marvels of the industrial resolution. When a proprietary project is developed, there is no peer review. Imagine taking a flight on a jumbo jet designed by only a single person with no safety review from others. –http://www.complete.org/papers/fsethics/http://www.complete.org/papers/fsethics/
Emergent Ethics of Software Piracy? Insiders entitlement: if youre clever enough to find warez then you deserve to have it without paying. However… A lamer is someone who scams codes off others, rather than doing cracks or really understanding the fundamental concepts. –The New Hackers Dictionary http://www.tuxedo.org/~esr/jargon http://www.tuxedo.org/~esr/jargon
Ethical Analysis of Copyright Samuel Johnson: For the general good of the world, a writers work should be understood as belonging to the publick. (The publics right to information.) Richard Aston: it is against natural reason and moral rectitude that a government should strip businesses of their property after fourteen years. (The publishers right to compensation.)
A Chinese Ethics of Copyright? Pirated software is easily available in Hong Kong. What is fair compensation for work in China? –Multinationals might pay USD $0.11/hour for labour, is this consistent with copyright charges? The Confucian ethic of Wen implies that Mandarins should produce (but not sell) art. What were Maos thoughts on copyright? China is a signatory to international copyright agreements. The government promises to enforce the agreements, but I wonder about the process of developing an ethic of compliance.
Legal Challenges Defining the boundaries of intellectual property (law of copyright, patent, trademark, trade secret, as applied to software systems and databases). Jurisdictional disputes: which nations laws should apply? Distinguishing between authorised use and abuse, especially in open systems: 1 million customers/day at a website is ok, but 1 billion SYN messages from a virus-swarm is not ok!
Technical Challenge: Ubiquity World-wide reachability: billions of potential attackers! A person robbing a physical bank vault must travel to the vault, and transport the spoils. A person robbing a virtual bank may do so from anywhere on the planet. Virtual systems and virtual attackers lack physical presence!
Technical Challenge: Speed Virtual systems may operate at inhumanly-fast speeds, overrunning our ability to respond to a new type of attack. How can we change the locks on a virtual door within milliseconds of an attack???
Technical Challenge: Identity Existing security systems for the physical world rely on millennia of practical and legal experience in establishing identity and responsibility. Virtual identity is in its infancy, although PKI is a good start…
Authorisation in a Virtual World In a traditional library, a person must walk through a door, in order to view a copy of a book. Technology: locks, library cards, magnetic strips & detectors,... In a virtual library, a person delegates authority to a software proxy. –A 14-digit code, when typed on my computer keyboard, will authorise my web-browsing software to act as my proxy at my Universitys online library. –My proxy can make copies of library materials. –Technology: access codes, passwords, proxies, … –Security issues: unauthorised copying, impersonation. Type-3 question: What access controls are appropriate for a virtual library?
Technical Challenge: Complexity A lone attacker can spend a long time analyzing a system before mounting a widespread attack. The security analyst doesnt have the luxury of time when analyzing what might be going wrong in a complex system. A hasty fix may cause more damage than the attack!
Novel Controls on Software Piracy (my research) We can obfuscate software. –Obfuscated software is very difficult for a human to understand, so it resists reverse engineering. –Obfuscated software is functionally identical to the unobfuscated version. Obfuscation will limit unauthorised modification of software. It is very difficult to prevent unauthorised copying, reuse, and resale of software.
Software Watermarking We can add indelible watermarks or fingerprints to software. Any copy of the software, even after common translations (such as decompiling and recompiling) will carry the watermark. A watermark can identify the manufacturer. A fingerprint can identify the licensed owner. Unauthorised copying can be detected.
Summary Security systems suffer three types of faults: –Denial of authorised access –Allowing unauthorised access –Inappropriate specification Access can be controlled by ethical, legal and technological means. Analogues to physical access controls, such as location, speed and identity, are lacking in software systems. Software security is in its infancy, however there are partial solutions.