Presentation on theme: "Computer Security Hugo Andrés López Summary. Distributed System Security Distributed systems – computers connected by a network Communications (network)"— Presentation transcript:
Distributed System Security Distributed systems – computers connected by a network Communications (network) security – addresses security of the communications links Computer security – addresses security of the end systems Application security – relies on both to provide services securely to end users Security Management – Not just the system but also the people!
Computer Security OBJECTIVE : – Protect accessible resources in spite of malicious intent and behaviour that involves information and communication technologies CAVEAT : – This course: an overview of techniques but beware that most computer attacks involve some form of social engineering and user psychology
Why Computer Security is different? Are security bugs different from ordinary bugs? “On balance I claim that they are, not for a technical but for a social reason. Consider a paradigmatic “ordinary” bug, such as library that wrongly calculates the square root of 2 while apparently doing everything else right. After certain amount of hilarity the community response would be either to use a different library, or, more likely, to avoid taking the square root of 2. If a security bug is found in a system there is a community of people who make their personal priority to make the wrong behavior happen, typically in other people’s computers.” Roger Needham
Dramatis Personae… Users/agents and all that: – In Computer Security and in Networks we often have some casting of characters: Alice and Bob are the good users who wants to communicate or do some other things Eve, Charlie wants to disrupt it – Dramatis personae is a comfortable simplification but it should be clear that it is a simplification CAVEAT: – we should not attribute human form to computer processes. The word “user” is often used for a human being or a process acting on behalf (maybe) of a human being, or a process acting on behalf of a process, acting on behalf on a process… Terminology Principal – Some entity on a network or on a system that ask for some security relevant services
ISO 7498-2 Standard definitions of security terminology, descriptions for security services and mechanisms, defines where in OSI reference model security services may be provided, introduces security management concepts.
Security life-cycle Model is as follows: – define security policy, – analyse security threats (according to policy), – define security services to meet threats, – define security mechanisms to provide services, – provide on-going management of security.
Threats, services and mechanisms security threat – a possible means by which a security policy may be breached (e.g. loss of integrity or confidentiality). security service – a measure which can be put in place to address a threat (e.g. provision of confidentiality). security mechanism – a means to provide a service (e.g. encryption, digital signature).
Security domains and policies In a secure system, the rules governing security behaviour should be made explicit in the form of a security policy. Security policy – the set of criteria for the provision of security services Security domain – the scope of a single security policy
Generic security policy ISO 7498-2 generic authorisation policy: – ‘Information may not be given to, accessed by, nor permitted to be inferred by, nor may any resource be used by, those not appropriately authorised.’ Possible basis for more detailed policy. N.B. does not cover availability (e.g. denial of service) issues.
Security Policy Types identity-based – access to and use of resources determined on the basis of the identities of users and resources, rule-based – resource access controlled by global rules imposed on all users, e.g. using security labels.
Security threats Threat – person, thing, event or idea which poses some danger to an asset (in terms of confidentiality, integrity, availability or legitimate use). Attack – realisation of a threat. Safeguards – measures (e.g. controls, procedures) to protect against threats. Vulnerabilities – weaknesses in safeguards.
Risk – measure of the cost of a vulnerability – takes into account probability of a successful attack Risk analysis – determines whether expenditure on (new/better) safeguards is warranted. Quality of Protection? – A missing concept in ISO “Total Security will only be achieved when we are all dead” Classroom thought
Fundamental Threats Integrity violation – USA Today, falsified reports of missile attacks on Israel, 7/2002 Denial of service – Yahoo, 2/2000, 1Gbps Information Leakage – Prince Charles mobile phone calls, 1993 Illegitimate use – Vladimir Levin, Citibank, $3.7M, 1995
Enabling threats Realisation of any of these threats can lead directly to a realisation of a fundamental threat: – Masquerade, – Bypassing controls, – Authorisation violation, – Trojan horse, – Trapdoor.
Security Services classification Authentication – including entity authentication and origin authentication, Access control, Data confidentiality, Data integrity, Non-repudiation.
Authentication Entity authentication provides checking of a claimed identity at a point in time. – Typically used at start of a connection. – Addresses masquerade and replay threats. Origin authentication provides verification of source of data. – Does not protect against replay or delay. Password Authentication, Challenge- Response Protocols, OTPs…
Access control Provides protection against unauthorised use of resource, including: – use of a communications resource, – reading, writing or deletion of an information resource, – execution of a processing resource. Remote users RBAC, White – Blacklisting …
Data Confidentiality Protection against unauthorised disclosure of information. Four types: – Connection confidentiality (e-banking), – Connectionless confidentiality (p2p networks), – Selective field confidentiality (e-voting), – Traffic flow confidentiality. Ex: Internet banking session – Encrypting routers as part of Swift funds transfer network
Data Integrity Provides protection against active threats to the validity of data. Five types: – Connection integrity with recovery, – Connection integrity without recovery, – Selective field connection integrity, – Connectionless integrity, – Selective field connectionless integrity. Think of SQL injection and you’ll get an idea
Non-repudiation Protects against a sender of data denying that data was sent (non-repudiation of origin). Protects against a receiver of data denying that data was received (non-repudiation of delivery). I.e.: Signed letter with a recorded delivery
Security mechanisms They exist with a single purpose: Provide and Support Security services. Classes – Specific security mechanisms. – Pervasive security mechanisms (not specific from a particular service)
Specific Security Mechanisms Cyphering, digital signature, access control mechanisms, data integrity mechanisms, authentication exchanges, traffic padding, routing control, Notarisation (Trusted 3 rd Parties).
Examples on Pervasive Mechanisms Event detection – Includes detection of attempted security violations, legitimate security-related activity. – Can be used to trigger event reporting (alarms), event logging, automated recovery. Security audit trail – Log of past security-related events. – Permits detection and investigation of past security breaches. Security recovery – Includes mechanisms to handle requests to recover from security failures. – May include immediate abort of operations, temporary invalidation of an entity, addition of entity to a blacklist.
Where to focus security controls? The focus may be on data – operations – users Data – e.g. integrity requirements may refer to rules on Format and content of data items (internal consistency). – account balance is an integer Operations that may be performed on a data item – credit, debit, transfer, … Users who are allowed to access a data item – account holder and bank clerk have access to account