CS461/ECE422 — Computer Security I — Spring 2012

Computing in the presence of an adversary

Adversary (threat agent)
An entity that attacks, or is a threat to, a system.

Attack
An assault on system security that derives from an
intelligent threat; that is, an intelligent act that is a
deliberate attempt (especially in the sense of a
method or technique) to evade security services and
violate the security policy of a system.
[source: RFC 2828]
2012-01-17
Nikita Borisov — UIUC
2

Security Services
 Prevent “bad” things from happening
 Mechanism

Security Policies
 Define what is “bad” and what is “good”
 Policy
2012-01-17
Nikita Borisov — UIUC
3
Area
Usual perspective
Security perspective
Reliability
Random failures
Deliberate failures
Usability
User confusion
User deception
Programming languages
(memory safety)
Crashes
Entrance vector
Software engineering
(bugs)
Software quality
Attack vectors
2012-01-17
Nikita Borisov — UIUC
4
Security only as good
as weakest link
 Must understand all
parts of the system

 O/S
 Networking
 Devices
 Physical security
 People

2012-01-17
Nikita Borisov — UIUC
We will cover some of
these topics
5
Task: log into online
bank account to
transfer funds
 What are the
vulnerabilities?

2012-01-17
Nikita Borisov — UIUC
6

Confidentiality
 Keeping data and resources hidden
 Privacy

Integrity
 Data integrity (integrity)
 Origin integrity (authentication)

Availability
 Enabling access to data and resources
2012-01-17
Nikita Borisov — UIUC
Slide
#1-7
•
Authenticity
•
•
Property of being genuine. Can be verified and
trusted
Accountability
•
Actions of an entity can be traced uniquely to
that entity
• Nonrepudiation or “you can’t escape your past”.
2012-01-17
Nikita Borisov — UIUC
8




Threat – Set of circumstances that has the
potential to cause loss or harm. Or a
potential violation of security.
Vulnerability – Weakness in the system that
could be exploited to cause loss or harm
Attack – When an entity exploits a
vulnerability on system
Control or Countermeasure – A means to
prevent a vulnerability from being exploited
2012-01-17
Nikita Borisov — UIUC
Slide
#1-9
Security entails:
 Identifying assets
Owners
 Identifying
value
wish to minimize
vulnerabilities
 Designing
countermeasures
 Assessing risk
impose
countermeasures
to
reduce
risk
that
increase
Threat agents
to
give
rise to
assets
threats
to
wish to abuse and/or may damage
Figure 1.2 Security Concepts and Relationships
[Figure 1.2 from Stallings & Brown]
2012-01-17
Nikita Borisov — UIUC
10
2012-01-17
Nikita Borisov — UIUC
Slide
#1-11




Disclosure – Unauthorized access to
information
Deception – Acceptance of false data
Disruption – Interruption or prevention of
correct operation
Usurpation – Unauthorized control of some
part of a system
2012-01-17
Nikita Borisov — UIUC
Slide
#1-12

Snooping or interception
 Unauthorized interception of information

Falsification
 Unauthorized change of information

Masquerading or spoofing
 An impersonation of one entity by another

Repudiation
 A false denial that an entity received some
information.
2012-01-17
Nikita Borisov — UIUC
Slide
#1-13

Policy
 A statement of what is and what is not allowed
 Divides the world into secure and non-secure
states
 A secure system starts in a secure state. All
transitions keep it in a secure state.

Mechanism or Implementation
 A method, tool, or procedure for enforcing a
security policy
 Prevent, detect, response, or recovery
2012-01-17
Nikita Borisov — UIUC
Slide
#1-14

Web server accepts all connections
 No authentication required
 Self-registration
 Connected to the Internet
2012-01-17
Nikita Borisov — UIUC
Slide
#1-15

Locks prevent unwanted physical access.
 What are the assumptions this statement builds
on?
2012-01-17
Nikita Borisov — UIUC
Slide
#1-16


Policy correctly divides world into secure and
insecure states.
Mechanisms prevent transition from secure
to insecure states.
2012-01-17
Nikita Borisov — UIUC
Slide
#1-17

Bank officers may move money between
accounts.
 Any flawed assumptions here?
2012-01-17
Nikita Borisov — UIUC
Slide
#1-18


Evidence of how much to trust a system
Evidence can include
 System specifications
 Design
 Implementation
2012-01-17
Nikita Borisov — UIUC
Slide
#1-19

Why do you trust Aspirin from a major
manufacturer?
 FDA certifies the aspirin recipe
 Factory follows manufacturing standards
 Safety seals on bottles

Analogy to software assurance
2012-01-17
Nikita Borisov — UIUC
Slide
#1-20


Must look at the big picture when securing a
system
Main components of security
 Confidentiality
 Integrity
 Availability



Differentiating Threats, Vulnerabilities,
Attacks and Controls
Policy vs mechanism
Assurance
2012-01-17
Nikita Borisov — UIUC
Slide
#1-21

Staff
 Nikita Borisov, instructor
 Qiyan Wang, TA

Communications
 Class web page
http://www.cs.illinois.edu/class/sp12/cs461
 Newsgroup
class.sp12.cs461

More to come next class
2012-01-17
Nikita Borisov — UIUC
Slide
#1-22


Two lectures / week
Each lecture:
 Starts 8am sharp
 i-Clicker review questions
 5-minute break halfway through

Active learning exercises
 ~1 per week
 Help keep you awake!
 Bring pen, paper
2012-01-17
Nikita Borisov — UIUC
23



Midterm: 20%
Final: 40%
Homework: 15%
 Every 1-2 weeks

Security analysis: 15%
 See next slide


Participation: 10%
Extra project worth 20% for grad students
taking for 4 credits
2012-01-17
Nikita Borisov — UIUC
Slide
#1-24

Last few days of Slashdot
2012-01-17
Nikita Borisov — UIUC
25

Analyze a current event
 Report what happened
 Describe threats, vulnerabilities, assets, and risks
involved
 Identify lessons

Analyze an existing system
 Perhaps one you encounter in daily life
▪ Pictures are great
 Describe threats, vulnerabilities, assets, and risks
involved
2012-01-17
Nikita Borisov — UIUC
26

Total requirements: 3 in a semester
 At least one current event and one existing
system
 Due Feb 14, Mar 13, Apr 17

May be done in groups
 1-3 students per group

Posted in forum
 TBA
2012-01-17
Nikita Borisov — UIUC
27




i-Clicker participation
Comments / questions in class, on newsgroup
Discussion of security analyses
100% participation not required for 100% of
grade
2012-01-17
Nikita Borisov — UIUC
28

Review department and university cheating
and honor codes:
 https://agora.cs.illinois.edu/display/undergradPro
g/Honor+Code
 http://admin.illinois.edu/policy/code/article1_part
4_1-402.html


This has been an issue in the past
Expectations for exams, homeworks,
projects, and papers
2012-01-17
Nikita Borisov — UIUC
Slide
#1-29

Main text:
 Computer Security: Principles and Practice by
William Stallings and Lawrie Brown


Additional readings provided via compass or
public links
Books on reserve at the library
2012-01-17
Nikita Borisov — UIUC
Slide
#1-30

Three introductory courses
 Computer Security I (CS461/ECE422)
▪ Covers NSA 4011 security professional requirements
▪ Taught every semester (mostly)
 Computer Security II (CS463/ECE424)
▪ Continues in greater depth on more advanced security topics
▪ Taught every 1-2 semesters
 Applied Computer Security Lab (CS460/ECE419)
▪ With CS461 covers NSA 4013 system administrator
requirements

Two of the three courses will satisfy the Security
Specialization in the CS track for Computer
Science majors.
2012-01-17
Nikita Borisov — UIUC
Slide
#1-31

Cryptography
 Theoretical foundations (Prabhakaran)
 Applied cryptography (Prabahkaran & Borisov)
 Number theory (Blahut)



Security Reading Group CS591RHC
Advanced Computer Security CS563
Local talks
 http://www.iti.illinois.edu/content/seminars-and-
events

ITI Security Roadmap
 http://www.iti.illinois.edu/content/security
2012-01-17
Nikita Borisov — UIUC
Slide
#1-32