Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Requirements

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Requirements"— Presentation transcript:

1 Security Requirements
Confidentiality Requires information in a computer system only be accessible for reading by authorized parties Integrity Assets can be modified by authorized parties only Availability Assets be available to authorized parties Authenticity Requires that a computer system be able to verify the identity of a user

2 Threats Confidentiality Integrity Availability Authenticity
Interception Unauthorized access wiretapping Modification Change or Delete: Data, Messages, Programs Interruption Hardware destruction Disable File Management Fabrication Create data, messages ...

3 What it there to protect?
Hardware Accidental and deliberate damage Tapping of Network lines Overload of networks Software Threats include deletion, alteration, damage Data Involves files Security concerns for availability, secrecy, and integrity Stealing of classified information

4 Protection Limit Sharing Limit Communication Encryption of data
Control access Electronic Signatures Intrusion detection

5 Examples of Protection
File systems Access control defined by user Most system files are not accessible for user Access control OS provides access control via Login and Password User privileges different user have different status (NT user groups) Clean Memory Partitioning Systematic backups

6 Sharing Sharing is the source of all evil!
No sharing: Separation in time or place Share all or share nothing Owner of an object declares it public or private Share via access limitation Operating system checks the permissibility of each access by a specific user/process to a specific object Operating system acts as the guard

7 Memory issues Bound registers for processes access to RAM
Delete vs. erase If you delete a file it is not really gone OS only “forgot” that it was there You can still retrieve the content If you really want to erase thing: Reformat the device(not always possible) Delete files and save useless things until drive is full Beware when your sell you used computer, there may be traces of sensitive information

8 Message encryption: Artistic Math
Encode content x y=F(x,k1) and send y Receiver decodes the content with a function x=D(x,k2) Public key & private: 2 different keys are used (PGP) Secrete Key: k1=k2, D=F-1 ! Illusion of safety You can only read content if you know k2 Simple letter replacement (Midterm) has about 4*10^26 possibilities but easy to guess

9 Electronic Signatures
Became very important recently due to e-commerce Example: You sent and to buy a stock stock crashes 1 hour later, you deny ever having sent the Legal issue: How to prove the authenticity of electronic documents Similar to encryption: You calculate a complex function from the message text, decode it using your private and append it

10 Access Control Authentication
Login Requires both a user identifier (ID) and a password Only admit known and matching ID and password User based or computer based Problems: Users can reveal their password to others either intentionally or accidentally Hackers are skillful at guessing passwords ID/password file can be obtained (hard to decode)

11 ID Provides Security Determines whether the user is authorized to gain access to a system Determines the privileges accorded to the user Guest or anonymous accounts have mover limited privileges than others ID is used for discretionary access control A user may grant permission to files to others by ID

12 Intrusion Techniques Steal Id and Password Circumvent access control
Use a Trojan horse to bypass restrictions on access

13 Techniques for Learning Passwords
Try default password used with standard accounts shipped with computer Exhaustively try all short passwords license plates Try words in dictionary or a list of likely passwords Collect information about users and use these items as passwords address, names, relatives, SSN, phone numbers In a study 86% of password could be guessed

14 Techniques for Stealing Passwords
Tap the line between a remote user and the host system Watch user during login Intercept s that contain passwords

15 Password Selection Strategies
Computer generated passwords :-( Hard to remember, user write them down Reactive password checking strategy :-( System periodically runs password cracker to find guessable passwords System cancels passwords that are guessed and notifies user Consumes resources to do this, can be to late! Proactive password checker :-) The system checks at the time of selection if the password is allowable

16 Types of Attacks Intrusion Remote Attack
Somebody unauthorized manages to log into your system Remote Attack Somebody changes the behavior of your computer without being logged in

17 Intrusion Prevention Firewalls around network Limit the access type:
telnet, ftp, http, ssh, rsh …. Limit access location allow access only from designated machines Machine ID: IP address

18 Intrusion Detection Assume the behavior of the intruder differs from the legitimate user Statistical anomaly detection Collect data related to the behavior of legitimate users over a period of time Statistical tests are used to determine if the behavior is not legitimate behavior Rule-based detection Rules are developed to detect deviation form previous usage pattern Expert system searches for suspicious behavior

19

20 Intrusion Detection Data Collection
Audit record Native audit records All operating systems include accounting software that collects information on user activity Detection-specific audit records Collection facility can be implemented that generates audit records containing only that information required by the intrusion detection system Very common for Web services I can tell exactly what you did on blackboard

21 Remote attacks via Software

22 2 Types of Malicious Programs
Those that need a host program Fragments of programs that cannot exist independently of some application program, utility, or system program Independent Self-contained programs that can be scheduled and run by the operating system

23 Trojan Horse Useful program that contains hidden code that when invoked performs some unwanted or harmful function Can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly User may set file permission so everyone has access can do anything the user could do Example: new exciting freeware game Does not need illegal access

24 Login Spoofing Setup a screen that looks exactly like login
New user comes and tries to login Program reads in login information and mails is to intruder Login fails, user thinks he misspelled and logs in again

25 Logic Bomb Code embedded in a legitimate program that is set to “explode” when certain conditions are met Presence or absence of certain files Particular day of the week Particular user running application Example: An employee had a program that checked whether his name appeared on payroll After he was fired the bomb went off and destroyed important software Potential of blackmail

26 Worms Use network connections to spread form system to system
Electronic mail facility A worm mails a copy of itself to other systems Remote execution capability A worm executes a copy of itself on another system Remote log-in capability A worm logs on to a remote system as a user and then uses commands to copy itself from one system to the other

27 Zombie Program that secretly takes over another Internet-attached computer It uses that computer to launch attacks that are difficult to trace to the zombie’s creator Typical Windows NT problem: Recent case that attacked the White House server

28 Viruses Program that can “infect” other programs by modifying them
Modification includes copy of virus program The infected program can infect other programs

29 Virus Stages Dormant phase Propagation phase Virus is idle
Virus places an identical copy of itself into other programs or into certain system areas on the disk

30 Virus Stages Triggering phase Execution phase
Virus is activated to perform the function for which it was intended Caused by a variety of system events Execution phase Function is performed

31 Types of Viruses Parasitic Memory-resident
Attaches itself to executable files and replicates When the infected program is executed, it looks for other executables to infect Memory-resident Lodges in main memory as part of a resident system program Once in memory, it infects every program that executes

32 Types of Viruses Boot sector Stealth Infects boot record
Spreads when system is booted from the disk containing the virus Stealth Designed to hide itself form detection by antivirus software May use compression

33 Types of Viruses Polymorphic
Mutates with every infection, making detection by the “signature” of the virus impossible Mutation engine creates a random encryption key to encrypt the remainder of the virus The key is stored with the virus

34 Macro Viruses A macro is an executable program embedded in a word processing document or other type of file Autoexecuting macros in Word Autoexecute Executes when Word is started Automacro Executes when defined event occurs such as opening or closing a document Command macro Executed when user invokes a command (e.g., File Save) Dominantly Windows problem

35 E-mail Virus: Windows Issue
Activated when recipient opens the attachment Activated by open an that contains the virus Uses Visual Basic scripting language Propagates itself to all of the addresses known to the infected host Protection: Use program that has very limited privileges (Beware Outlook and Explorer)

36 Antivirus Approaches Detection Identification Removal
Your antivirus program from yesterday is useless for today’s virus! Stern approach: Every time the user logs in to his machine the computer downloads the most current version of antivirus software from the network

37 How does Antivirus software work?
Virus signature scanner Scan target code looking for known viruses CPU emulator Instructions in an executable file are interpreted by the emulator rather than the processor

38 Internet Attacks One way to attack internet services is to create an overload for the server Most server have a capacity that reflects normal use requirements Tojan horse or worms get distributed onto many machines At a specific time all infected machines start sending requests to the same server Server goes down Big problem for online brokerage with time sensitive information

39 Comparison UNIX to WINDOWS
UNIX: targeted by access attacks since it is a Multi-user environment High degree of sharing Constant network access Sophisticated OS: hard to write malicious programs WINDOWS: targeted by remote attacks Singly user environment Less sophisticated OS: easier to write malicious programs Switched off most of the time (used to be)

40 Security Design Principles
Public system design It creates a false illusion if you think nobody knows you architecture Default: no access Repetitive checks for current authority User might have forgotten to lock out, timeout Give the least privileges possible Security should be build in the lowest levels of the system, security as add-on does not work well

41 Summary There is no safe system! Business decision
How do I enforce save behavior from employees Security is very expensive Security get more expensive, the more flexibility , communication and sharing I allow Separate physical network for sensitive data Hire an ex-hacker to break into my system to test security

Download ppt "Security Requirements"

Similar presentations

Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,

Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,
30/04/2015Tim S Roberts 20081 COIT13152 Operating Systems T1, 2008 Tim S Roberts.

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.

COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Unit 18 Data Security 1.

Unit 18 Data Security 1.
Chapter 14 Computer Security Threats

Chapter 14 Computer Security Threats
Informationsteknologi Thursday, October 11, 2007Computer Systems/Operating Systems - Class 161 Today’s class Security.

Informationsteknologi Thursday, October 11, 2007Computer Systems/Operating Systems - Class 161 Today’s class Security.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.

6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.

James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Security Chapter 15. Computer and Network Security Requirements Confidentiality –Requires information in a computer system only be accessible for reading.

Security Chapter 15. Computer and Network Security Requirements Confidentiality –Requires information in a computer system only be accessible for reading.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.
1 Pertemuan 10 Understanding Computers Security Matakuliah: J0282 / Pengantar Teknologi Informasi Tahun: 2005 Versi: 02/02.

1 Pertemuan 10 Understanding Computers Security Matakuliah: J0282 / Pengantar Teknologi Informasi Tahun: 2005 Versi: 02/02.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Data Security.

Data Security.

Similar presentations

Ads by Google