CMSC 414 Computer and Network Security Jonathan Katz

advertisement
CMSC 414
Computer and Network Security
Jonathan Katz
Introduction and overview
 What is computer/network security? Why is it
important?
 Course philosophy and goals
 Course organization and information
 High-level overview of topics
 Why security isn’t everything
“Security”
 Most of computer science is concerned with
achieving desired behavior
 Security is concerned with preventing undesired
behavior
– Different way of thinking!
– An enemy/opponent/hacker/adversary may be actively
and maliciously trying to circumvent any protective
measures you put in place
One illustration of the difference
 Software testing determines whether a given
program implements a desired functionality
– Test I/O characteristics
– Q/A
 How do you test whether a program does not
allow for undesired functionality?
– Penetration testing helps, but only up to a point
Security is complex
 Draws on all (?) areas of CS
– Theory (especially cryptography)
– Networking
– Operating systems
– Databases
– AI/learning theory
– Computer architecture/hardware
– Programming languages/compilers
– HCI, psychology
 Often not easy to assign topics to one area; the field is
inherently interdisciplinary
Security is increasingly important
Security incidents (reported)
Computers are pervasive
 Electronic banking
 iPods, cell phones, PDAs
 Automobiles
 Appliances, TVs
 Cameras, picture frames(!)
– See http://www.securityfocus.com/news/11499
 These can all potentially be attacked
Philosophy of this course
 We are not going to be able to cover everything
 Main goals
– A sampling of many different aspects of security
– The “mindset” of security: a new way of thinking
– Become familiar with basic crypto, acronyms (RSA,
SSL, PGP, etc.), and “buzzwords”
– Become an educated security consumer/user
– Try to keep it interesting with real-world examples and
research papers
Grades
 Somewhat difficult to test on this material
– Unfortunately, there will be some memorization
– But I hope you find the untested material compelling
and worthwhile
 I am happy to give everyone an “A”
– But you will have to demonstrate knowledge of what is
covered in class
– Homeworks/projects will count for a substantial portion
of the grade
– Class participation will be taken into account
Course Organization
Staff
 Me
 TA
 Contact information, office hours, listed on course
webpage
Course webpage
http://www.cs.umd.edu/~jkatz/security/s08
 Contains course organization, updated syllabus,
various links, etc.
– Also links to papers and news articles!
– Slides will be posted for convenience, but they are not
a substitute for attending lecture
 Homeworks distributed from the course webpage
 Check daily for updates, announcements, etc.
 Newsgroup/wiki?
Textbooks and readings
 Unfortunately, hard to find a good textbook…
 Required text:
– “Network Security…” by Kaufman, Perlman, and
Speciner (most recent edition)
 I will less frequently use:
– “Computer Security…” by Stallings and Brown
 Will supplement with other readings (distributed
on class webpage)
Class participation and readings
 Research papers and news articles will be posted
on the course webpage
– Read these before class and come prepared to discuss
 Material from these readings is fair game for the
exams, even if not covered in class (unless stated
otherwise)
 Please suggest (via email) other papers or relevant
news articles!
Course requirements
 Homeworks
– About 4-5 throughout the semester
– Programming portion will be done with a partner
– Details about projects to come…
 Each student will receive a computer account
– Accounts will be assigned in the next class
Prerequisites
 We will cover some (basic) cryptography
– I will assume you remember Discrete Math
 Later we will cover network security
– I assume that everyone has taken CMSC 417, or is
taking it this semester, or understands the OSI (network
layer) model
– Please let me know if not
Syllabus (very tentative)
Syllabus I
 Introduction…
– Is security achievable…?
– Is security everything?
– Some basic security principles
 Cryptography
– The basics (take CMSC 456 or read my book for more)
• If you took 456 with me, you can skip
– Cryptography is not the whole solution…
– …but it is an important part of the solution
– Along the way, we will see why cryptography can’t solve all
security problems
Syllabus II
 System security
– General principles
– Security policies
– Access control; confidentiality/integrity
– OS security
– “Trusted computing”
Syllabus III
 Network security
– Identity
– Authentication and key exchange protocols
– Password and biometric authentication
– Anonymity and pseudonymity
– Some real-world protocols (IPSec/SSL)
– Wireless security
Syllabus IV
 Miscelaneous
– E-mail security (PGP)
– Web-based security (phishing, spoofing)
– Buffer overflows and secure programming
– Viruses, worms, and malicious code
– Random cool topics…
Understanding Security
(without really talking about security)*
*Or,
“let’s get meta”
Understanding security
 Security not limited to computers
 Why is (computer) security hard?
 How hard is it?
 Is security the answer to computer security?
Security
 Learn to think with a “security mindset” in general
– What is “the system”?
– What is the weakest point of attack?
– What threats am I trying to address?
– How effective will a given countermeasure be?
– What is the trade-off between security, cost, and
usability?
An example: airline security
 Ask: what is the cost (economic and otherwise) of
current airline security?
 Ask: do existing rules (e.g., banning liquids) make
sense?
 Ask: are the tradeoffs worth it?
– (Why do we not apply the same rules to train travel?)
 Ask: how would you get a weapon on board a
plane?
– (I will not give you the answer)
– This is a thought experiment only!
An example closer to home
How would you attack this system?
Which of these attacks are worth defending against?
One good attack
 Use public records to get someone’s maiden name
 The problem is not that the information is public
 The problem is that we use mothers’ maiden
names for authentication
 Similar issues with SSNs, credit card #s, etc…
 Note: “the system” here is not just the computer,
nor is it just the network…
Computer security is not just about
computers
 Remember: what is “the system”?
 Physical security
 Social engineering
– Bribes for passwords
– Malicious code in email attachments
 “External” means of getting information
– Legal records
– Trash cans
Security as a trade-off
 It is relatively easy to build a secure database, or a
secure computer system, or spam-resistant email
– How?
 The goal is not (usually) “to make the system as
secure as possible”…
 …but instead, “to make the system as secure as
possible within certain constraints” (cost,
usability, convenience)
 Password example
Cost-benefit analysis
 Important to evaluate what level of security is
necessary/appropriate
– Cost of mounting a particular attack vs. value of attack
to an adversary
– Cost of damages from an attack vs. cost of defending
against the attack
– Likelihood of a particular attack
 We may revisit this later in the semester
“More” security not always better
 “No point in putting a higher post in the ground
when the enemy can go around it”
 Need to identify the weakest link
 Security of a system is only as good as the security
at its weakest point…
 Security is not a “magic bullet”
 Security is a process, not a product
Is security the answer?
 Given the inherent tradeoffs, it seems that almost
all deployed systems will have some vulnerability
– “More security” is not a sufficient answer
 Detection and response
– How do you know when you are being attacked?
– How quickly can you stop the attack?
– Can you prevent the attack from recurring?
 Recovery
– Can be much more important than prevention
 Security is a process, not a product…
Summary
 “The system” is not just a computer or a network
 Prevention is not the only goal
– Cost-benefit analysis
– Detection, response, recovery
 Nevertheless…in this course, we will focus on
computer security, and primarily on prevention
– If you want to be a security expert, you need to keep the
rest in mind
“Trusting trust”
(or: why security is hard)
“Trusting trust”
 Whom do you trust?
 Does one really need to be this paranoid??
– Probably not
– Sometimes, yes
 Shows that security is complex…and essentially
impossible
 Comes back to risk/benefit trade-off
Next time:
begin cryptography
Download