Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Systems Security Dr. Bhavani Thuraisingham

Similar presentations


Presentation on theme: "Information Systems Security Dr. Bhavani Thuraisingham"— Presentation transcript:

1 Information Systems Security Dr. Bhavani Thuraisingham
Introduction to Information Systems Security Lecture #1 June 1, 2012 Dr. Bhavani Thuraisingham

2 Outline What is Cyber Security? What is C. I. A.?
Ten Major Modules of Cyber Security Some Topics in Cyber Security

3 Cyber Security Security traditionally has been about CIA (Confidentiality, Integrity, Availability) Security now also includes areas like Trustworthiness, Quality, Privacy Dependability includes Security, Reliability and Fault Tolerance Initially the term used was Computer Security (Compusec); it then evolved into Infosec – Information security – to include data and networks – now with web its called Cyber Security

4 C. I.A. Confidentiality: Preventing from unauthorized disclosure
Integrity: Preventing from unauthorized modification Availability: Preventing denial of service

5 Ten Major Modules of Cyber Security
Information Security and Risk Management Access Control Security Architecture and Design Physical and Environmental Security Telecommunications Security Cryptography Business Continuity Planning Legal Regulations, Compliance and Investigations Applications Security Operations Security

6 Information Security and Risk Management
Security Management Security Administration Organizational Security Model Information Risk Management Risk Analysis Policies, Standards, Guidelines, Procedures Information Classification Layers of Responsibility Security Awareness Training

7 Access Control Security Principles
Identification, Authentication, Authorization, Accountability Access Control Models Access Control techniques Access Control Administration Access Control Methods Access Control Types Accountability Access Control practices Access Control Monitoring Threats to Access Control

8 Security Architecture and Design
Computer Architecture Systems Architecture Security Models Security Modes of Operation Systems Evaluation Methods Open vs. Closed Systems Enterprise Architecture Security Threats

9 Physical and Environmental Security
What is Physical Security Planning Process Protecting assets Internal Support Systems Perimeter Security Other aspects

10 Telecommunications and Network Security
Open Systems Interconnection Reference Model TCP/IP Types of Transmission LAN Networking Routing Protocols Networking Devices Networking services and protocols Intranets and Extranets Metropolitan Area networks Remote access Wireless technologies Rootkits

11 Cryptography History, Definitions and Concepts Types of Ciphers
Methods of Encryption Type of Asymmetric Systems Message Integrity PKI Key Management Link / End-to-end Encryption standards Internet security Attacks

12 Legal Regulation and Compliance Investigation
Cyber law and Cyber crime Intellectual property law Privacy Liability and Ramifications Digital Forensics and Investigations Ethics

13 Applications Security
Software and applications security issues Database Security Secu4e systems development Application development and security Object-oriented systems and security Distributed computing and security Expert systems and security Web security Mobile code Patch management

14 Operations Security Role of the Operations Department
Administrative Management Assurance Levels Configuration management Media Controls Data Leakage Network and Resource Availability Mainframes Security Vulnerability testing

15 Introduction to Cyber Security
Operating Systems Security Network Security Designing and Evaluating Systems Web Security Data Mining for Malware Detection Other Security Technologies

16 Operating System Security
Access Control Subjects are Processes and Objects are Files Subjects have Read/Write Access to Objects E.g., Process P1 has read acces to File F1 and write access to File F2 Capabilities Processes must presses certain Capabilities / Certificates to access certain files to execute certain programs E.g., Process P1 must have capability C to read file F

17 Mandatory Security Bell and La Padula Security Policy
Subjects have clearance levels, Objects have sensitivity levels; clearance and sensitivity levels are also called security levels Unclassified < Confidential < Secret < TopSecret Compartments are also possible Compartments and Security levels form a partially ordered lattice Security Properties Simple Security Property: Subject has READ access to an object of the subject’s security level dominates that of the objects Star (*) Property: Subject has WRITE access to an object if the subject’s security level is dominated by that of the objects\

18 Covert Channel Example
Trojan horse at a higher level covertly passes data to a Trojan horse at a lower level Example: File Lock/Unlock problem Processes at Secret and Unclassified levels collude with one another When the Secret process lock a file and the Unclassified process finds the file locked, a 1 bit is passed covertly When the Secret process unlocks the file and the Unclassified process finds it unlocked, a 1 bit is passed covertly Over time the bits could contain sensitive data

19 Steps to Designing a Secure System
Requirements, Informal Policy and model Formal security policy and model Security architecture Identify security critical components; these components must be trusted Design of the system Verification and Validation End to End Security? Building a Secure System with Untrusted Components

20 Product Evaluation Orange Book
Trusted Computer Systems Evaluation Criteria Classes C1, C2, B1, B2, B3, A1 and beyond C1 is the lowest level and A1 the highest level of assurance Formal methods are needed for A1 systems Interpretations of the Orange book for Networks (Trusted Network Interpretation) and Databases (Trusted Database Interpretation) Several companion documents Auditing, Inference and Aggregation, etc. Many products are now evaluated using the federal Criteria

21 Network Security Security across all network layers
E.g., Data Link, Transport, Session, Presentation, Application Network protocol security Ver5ification and validation of network protocols Intrusion detection and prevention Applying data mining techniques Encryption and Cryptography Access control and trust policies Other Measures Prevention from denial of service, Secure routing, - - -

22 Data Security: Access Control
Access Control policies were developed initially for file systems E.g., Read/write policies for files Access control in databases started with the work in System R and Ingres Projects Access Control rules were defined for databases, relations, tuples, attributes and elements SQL and QUEL languages were extended GRANT and REVOKE Statements Read access on EMP to User group A Where EMP.Salary < 30K and EMP.Dept <> Security Query Modification: Modify the query according to the access control rules Retrieve all employee information where salary < 30K and Dept is not Security

23 Multilevel Secure Data Management
What is MLS/DBMS ? Users are cleared at different security levels Data in the database is assigned different sensitivity levels--multilevel database Users share the multilevel database MLS/DBMS is the software that ensures that users only obtain information at or below their level In general, a user reads at or below his level and writes at his level Need for MLS/DBMS Operating systems control access to files; coarser grain of granularity Database stores relationships between data Content, Context, and Dynamic access control Traditional operating systems access control to files is not sufficient Need multilevel access control for DBMSs

24 Inference Problem Inference is the process of forming conclusions from premises If the conclusions are unauthorized, it becomes a problem Inference problem in a multilevel environment Aggregation problem is a special case of the inference problem - collections of data elements is Secret but the individual elements are Unclassified Association problem: attributes A and B taken together is Secret - individually they are Unclassified

25 Security Threats to Web/E-commerce

26 Intrusion Detection / Malware Detection
An intrusion can be defined as “any set of actions that attempt to compromise the integrity, confidentiality, or availability of a resource”. Attacks are: Host-based attacks; Network-based attacks Intrusion detection systems are split into two groups: Anomaly detection systems; Misuse detection systems Use audit logs: Capture all activities in network and hosts. Mine the Audit Logs Malware: Virus, Worms, Trojan Horses, - - - Malware changes patterns; need data mining techniques to detect novel classes

27 Some Security Technologies
Digital Identity Management Digital Forensics Digital Watermarking Risk/Cost Analysis Biometrics Other Applications

28 Digital Identity Management
Digital identity is the identity that a user has to access an electronic resource A person could have multiple identities A physician could have an identity to access medical resources and another to access his bank accounts Digital identity management is about managing the multiple identities Manage databases that store and retrieve identities Resolve conflicts and heterogeneity Make associations Provide security Ontology management for identity management is an emerging research area

29 Digital Identity Management - II
Federated Identity Management Corporations work with each other across organizational boundaries with the concept of federated identity Each corporation has its own identity and may belong to multiple federations Individual identity management within an organization and federated identity management across organizations Technologies for identity management Database management, data mining, ontology management, federated computing

30 Digital Forensics “Digital forensics, also known as computer forensics, involved the preservation, identification, extraction, and documentation of computer evidence stored as data or magnetically encoded information”, by John Vacca Digital evidence may be used to analyze cyber crime (e.g. Worms and virus), physical crime (e.g., homicide) or crime committed through the use of computers (e.g., child pornography) Objective of Computer Forensics: To recover, analyze and present computer based material in such a way that it is usable as evidence in a court of law

31 Steganography and Digital Watermarking
Steganography is about hiding information within other information E.g., hidden information is the message that terrorist may be sending to their pees in different parts of the worlds Information may be hidden in valid texts, images, films etc. Difficult to be detected by the unsuspecting human Steganalysis is about developing techniques that can analyze text, images, video and detect hidden messages May use data mining techniques to detect hidden patters Steganograophy makes the task of the Cyber crime expert difficult as he/she ahs to analyze for hidden information Communication protocols are being developed

32 Steganography and Digital Watermarking - II
Digital water marking is about inserting information without being detected for valid purposes It has applications in copyright protection A manufacturer may use digital watermarking to copyright a particular music or video without being noticed When music is copies and copyright is violated, one can detect two the real owner is by examining the copyright embedded in the music or video

33 Risk/Cost Analysis Analyzing risks
Before installing a secure system or a network one needs to conduct a risk analysis study What are the threats? What are the risks? Quantitative approach: Events are ranked in the order of risks and decisions are made based on then risks Qualitative approach: estimates are used for risks Security vs Cost If risks are high and damage is significant then it may be worth the cost of incorporating security; If risks and damage are not high, then security may be an additional cost burden Develop cost models Cost vs. Risk/Threat study

34 Biometrics: Overview Biometrics are automated methods of recognizing a person based on a physiological or behavioral characteristic Features measured: Face, Fingerprints, Hand geometry, handwriting, Iris, Retinal, Vein and Voice Identification and personal certification solutions for highly secure applications Biometrics replaces Traditional Authentication Methods Provides better security; More convenient; Better accountability Applications : Fraud detection and Fraud deterrence Dual purpose: Cyber Security and National Security Numerous applications: medical, financial, child care, computer access etc.

35 Biometrics: Process Three-steps: Capture-Process-Verification
Capture: A raw biometric is captured by a sensing device such as fingerprint scanner or video camera Process: The distinguishing characteristics are extracted from the raw biometrics sample and converted into a processed biometric identifier record Called biometric sample or template Verification and Identification Matching the enrolled biometric sample against a single record; is the person really what he claims to be? Matching a biometric sample against a database of identifiers Study the attacks of biometrics systems Modifying fingerprints; Modifying facial features


Download ppt "Information Systems Security Dr. Bhavani Thuraisingham"

Similar presentations


Ads by Google