01 Computer security overview - Department of Computer Science

advertisement
Computer security overview
Tuomas Aura
CSE-C3400 Information security
Aalto University, autumn 2014
Outline
 Timeline of computer security
 What is security anyway?
2
TIMELINE OF COMPUTER SECURITY
3
70s
 Multi-user operating systems
 need for protection
 Access control models: multi-level security, BellLaPadula 1976, BIBA 1977
 DES encryption algorithm 1976
 cryptanalysis, need for key distribution
 Public-key cryptosystems:
Diffie-Hellman 1976, RSA 1978
 Key distribution:
 certificates 1978
 key exchange protocols: Needham-Schroeder
1978
4
80s
 Anonymity, Chaum’s mixes 1981, anonymous
payment 1982
 Orange Book 1985: mandatory access control
 Commercial security models from accounting
and auditing rules: Clark-Wilson 1987
 X.509 PKI 1988
 IBM PC
 software copy protection
 floppy disk virus 1987
 Internet  Morris worm 1988
5
90s
 More methodological approach to security research:
 Information flow security
 Secure operating systems: SEVMS until 1996
 Formal analysis of key exchange protocols
 Wider availability of cryptography
–
–
–
–
–






GSM cellular network 1991
Open-source cryptography: PGP 1991
Password sniffers  SSH 1995
Commercial Internet SSL and VeriSign CA 1995
RSA patent expired in 2000
Windows 95  insecure PCs connected to Internet
Spam: Cantor and Siegel 1994
PKI criticism  trust management research
Research intrusion detection
Macro virus: Melissa 1999
DRM
6
2000s
 Malware
– Fast-spreading Internet worms: Code Red 2001
 secure programming, safe languages
 security analysis and testing tools
– Botnets, spyware, malware analysis






Computer crime: phishing
Total information awareness 2002Mobile device operating systems, app permissions
Enterprise identity management
Research on security in mobility, ah-hoc networks, sensor networks
Security has become integral part of most areas of computing and
computer science
 Connections to law, sociology, psychology, management, usability,
design
 Social networks, privacy concerns
7
2010s
 Cyber defense and attack
– Stuxnet 2010, malware business, government sponsors
– Snowden 2013, PRISM (2007-)
– Advanced persistent threat
 Flaws still found in key security technologies:
Heartbleed 2014, fake SSL certificates
 Critical infrastructure protection, smart grid security
 Mobile app security, cloud computing
 Mobile payments
 Bitcoin, ransomware
 Research on Internet of Things, vehicular
communication
 What else?
8
WHAT IS SECURITY
9
What is security
 When talking about security, we are concerned
about bad events caused with malicious intent
– Security vs. reliability
 Terminology:
– Threat = bad event that might happen
– Attack = someone intentionally causes the bad thing to
happen
– Vulnerability = weakness in an information system that
enables an attack
– Exploit = implementation of an attack
– Risk = probability of an attack × damage in dollars
 Security is a non-functional property of a system
Security Goals
 CIA = confidentiality, integrity, availability
– Confidentiality — protection of secrets
– Integrity — only authorized modification of data and
system configuration
– Availability — no denial of service, business continuity
 Examples: secret agent names, web server
 The CIA model is a good starting point but not all:
– Access control — no unauthorized use of resources
– Privacy — control of personal data and space
– What else?
11
Security is a continuous process
 Continuous race between attackers and defenders
– Attackers are creative
 No security mechanisms will stop all attacks; attackers
just move to new methods and targets
– Some types of attacks can be eliminated but others will
take their place
– Compare with crime statistics: Do locks or prisons reduce
crime in the long term?
 Security mechanisms will fail and new threats will arise
→ Monitoring and auditing for new attacks
→ Contingency planning: how to recover from a breach
15
Cost vs. benefit
 Rational attackers compare the cost of an attack with
the gains from it
– Attackers look for the weakest link; thus, little is gained by
strengthening the already strong bits
 Rational defenders compare the risk of an attack with
the cost of implementing defenses
– Lampson: “Perfect security is the enemy of good security”
 But human behavior is not always rational:
– Attackers follow each other and flock all to the same path
– Defenders buy a peace of mind; avoid personal liability by
doing what everyone else does
→ Many things are explained better by group behavior than
rational choice
17
Who is the attacker?
 We partition the world into good and bad entities
– Honest parties vs. attackers, red vs. blue
– Good ones follow specification, bad ones do not
– Different partitions lead to different perspectives on the security of the
same system
 Typical attackers:
–
–
–
–
–
–
–
Curious or dishonest individuals — for personal gain
Friends and family
Hackers, crackers, script kiddies — for challenge and reputation
Companies — for business intelligence and marketing
Organized criminals — for money
Governments and security agencies — NSA, SVR, GCHQ, DGSE, etc.
Military SIGINT — strategic and tactical intelligence, cyber defense
 Insiders are often the greatest threat
– Employee, administrator, service provider, customer, family member
 Often, not all types of attackers matter
– Who would you not want to read your diary or email?
18
Reading material
 Dieter Gollmann: Computer Security, 2nd ed.
chapters 1–2; 3rd ed. chapters 1 and 3
 Matt Bishop: Introduction to computer
security, chapter 1
(http://nob.cs.ucdavis.edu/book/book-intro/intro01.pdf)
 Edward Amoroso: Fundamentals of Computer
Security Technology, chapter 1
 Ross Anderson: Security Engineering, 2nd ed.,
chapter 1
(1st ed. http://www.cl.cam.ac.uk/~rja14/Papers/SE-01.pdf)
19
Exercises
 What security threats and goals are there in the postal (paper mail)
system?
– What different entities are there in the postal system?
– Do they have the same of different security concerns?
– Who could be the attacker? Does the answer change if you think from
a different entity’s viewpoint? Who are insiders?
– Can you think of attacks where it is necessary for two or more
malicious parties to collude?
 What is the role of laws and punishment in computer security?
 Can the development of information security technology be
unethical, or is engineering value neutral? Give examples.
 When is it (or when could it be) ok for you to attack against IT
systems? Give examples.
 How do the viewpoints of security practitioners (e.g. system admin
or company security officer) differ from academic researchers?
 How have the Snowden leaks in 2013 changed the overall picture of
information security?
20
Download