Lecture 1 - School of Information Sciences

advertisement
IS 2150 / TEL 2810
Introduction to Security
Lecture 1
August 31, 2006
1
Contact

Instructor: James B. D. Joshi






706A, IS Building
Phone: 412-624-9982
E-mail: jjoshi@mail.sis.pitt.edu
Web: http://www.sis.pitt.edu/~jjoshi/
Office Hours:
 Tuesdays: 3.00 – 6.00 p.m.
 By appointments
GSA: Saubhagya R. Joshi



Email: srjoshi@mail.sis.pitt.edu
Office hours: Wednesday 2:00-4:00PM
Place: GIS Lab, 4th Floor
2
IS 2150 / TEL 2810

The objective of the course is to cover the
fundamental issues of information system
security and assurance.


Certified by NSA



Develop broad understanding of diverse issues
About 85% is based on the CNSS requirements
Core course for SAIS track
Course webpage:
http://www.sis.pitt.edu/~jjoshi/courses/2007_1/IS2150SYL071.html
3
Course Outline

Security Basics (1-8)



General overview and definitions
Security models and policy issues

Crypto systems, digital signature,
authentication, PKI
IPSec, VPN, Firewalls
Systems Design Issues and
Information assurance (13-21, 24)





Design principles
Security Mechanisms
Auditing Systems
Risk analysis
System verification
Intrusion Detection and
Response (23, 25, ..)

Basic Cryptography and Network
security (9-12, 26)







Attack Classification and
Vulnerability Analysis
Detection, Containment and
Response/Recovery
Legal, Ethical, Social Issues
Evaluation, Certification
Standards
Miscellaneous Issues (22, ..)





Malicious code, Mobile code
Digital Rights Management,
Forensics
Watermarking,
E/M-commerce security,
Multidomain Security
Identity/Trust Management
4
Course Material

Textbook

Introduction to Computer Security, Matt Bishop,



Computer Security: Art and Science, Matt Bishop – is fine too
Other Recommended




Errata URL: http://nob.cs.ucdavis.edu/~bishop/
Security in Computing, Charles P. Pfleeger, Prentice Hall
Inside Java 2 Platform Security, 2nd Edition, L. Gong, G. Ellision,
M. Dageforde
Security Engineering: A Guide to Building Dependable
Distributed Systems, Ross Anderson, Wiley, John & Sons,
Incorporated, 2001
Supplemental readings will be provided
5
Prerequisites

Assumes the following background

Programming skill


Working knowledge of


Operating systems, algorithms and data structures,
database systems, and networks
Basic Mathematics


Some assignments in Java
Set, logic, induction techniques, data
structure/algorithms
Not sure?
SEE ME
6
Grading


Lab + Homework/Quiz/Paper review 40%
Exams 40% includes



Paper/Project 20%



Midterm 20%
Final 20%
List of suggested topics will be posted;
Encouraged to think of a project/topic of your
interest
Some other

Seminar and participation
7
Course Policies



Your work MUST be your own
 Zero tolerance for cheating/plagiarism
 You get an F for the course if you cheat in anything however
small – NO DISCUSSION
 Discussing the problem is encouraged
Homework
 Penalty for late assignments (15% each day)
 Ensure clarity in your answers – no credit will be given for
vague answers
 Sample solutions will be provided
Check webpage for everything!
 You are responsible for checking the webpage for updates
8
Overview of
Security Assured Information Systems
Track
9
LERSAIS

Laboratory of Education and Research in Security
Assured Information Systems


Established in 2003
National Center of Academic Excellence in Information
Assurance Education Program




A US National Security Agency program initiated in 1998
through a presidential directive to SECURE the Cyberspace
Partnered by Department of Homeland Security since 2003
There are 70+ such centers now
Designation requires meeting a set of criteria




Basic IA curriculum
Strong research activity
LERSAIS is Pitt’s representative center
Website: http://www.sis.pitt.edu/~lersais/
10
IA Education @Pitt

Pitt’s IA curriculum has been certified for

Committee on National Security Systems IA
Standards







CNSS 4011:
CNSS 4012:
CNSS 4013:
Security
CNSS 4014:
CNSS 4015:
Information Security Professionals
Designated Approving Authority
System Administrator in Information Systems
Information Systems Security Officer
System Certifiers
Pitt is one among 12 Institutions in the US and only one in the
State of Pennsylvania to have all certifications
Website: http://www.sis.pitt.edu/~sais/
11
IA Education @Pitt: Grants

NSF – Scholarship for Service Grant

First award ($286,710)


Second award ($1,055,553)


For establishing a scholarship program
Department of Defense Information Assurance
Scholarship (DoD IASP)


For the development of the curriculum
Support for 4 National Defense University Students to
pursue IA degree at Pitt
CISCO Critical Infrastructure Assurance Group


Equipment grant winner of Year Spring-2005
Equipments worth $130,000
12
IA Education @Pitt:
Tracks/Courses
Master of Science in Information Sciences
Master of Science in Telecommunications and Networking
Certificate of Advanced Studies
(CNSS Certifications)
Courses:
Introduction to Security
Developing Secure Systems
Cryptography
Security in E-commerce
Network Security
Security Management
Capstone course
Information System and
Network Infrastructure Protection
Information Ethics
Legal Issues in Information
Handling
13
NSF IA Scholarship @ Pitt

New scholarship starting this Fall

Support include



Students should be



Website will be created
shortly; for now check out :
http://www.sfs.opm.gov/
In the track (MSIS/MST)
Within last 2 years of completing the PhD studies
Support for up to 2 years



Stipend of $12,000/year
Tuition and fees
Work in Gov for the equal amount of time
Summer internship is required
Citizenship is required

Need to obtain clearance for work in Gov
14
NSF IA Scholarship @ Pitt

Less chance for the following



If you have less than one year of study
If you want to work fulltime and study
under scholarship
Scholarship students will have to



Involve in some activities of LERSAIS
University activities of importance
Mentor future scholarship students
15
MSIS
Security Assured Information Systems Track
Foundations
(6 credits)
IS-2000
Intro to Info Sc
IS-2170
Cryptography
Cognitive
Systems
(6 credits)
IS-2300
Human
Information
Processing
IS-2470
Interactive
System Design
OR
IS-2350
Human Factors
In Systems
Systems and Technology
(9 credits SAIS Track + 9 S&T)
(18 credits)
Electives
(3 Credits SAIS Track
+ 3 Credits S&T)
IS-2570 Dev sec Systems
IS-2550
Client-Sever
IS2710 DBMS
IS-2771 Sec in E-Comm
IS2150
Intro to ComSec
IS-2511
TEL-2821 Net Sec
Adv. Anal. & Des.
OR
TEL 2830/IS-2190
IS-2540
Capstone Course
Soft Engg.
in Security
IS2810/TEL-2813
Sec Mgmt
LIS-2194 Info Ethics
LIS-2184 Legal issues
in Handling Info
One S&T Electives
(may include another of
the SAIS course elective)
16
MST
Security Assured Information Systems Track
Core Required
(9 credits)
TEL-2210
Electronic
Comm II
TEL-2120
Network
Performance
TEL-2310
Computer
Networks
Human Comm
Mgmt/Policy
(6 credits)
Protocols and
Design
(6 credits)
IS-2300 Human
Information
Processing
TEL-2110
Network Design
TEL-2510
US Telecom
Policy OR
TEL-2511
Intl. Telecom
Policy
OR
LIS-2194
Information
Ethics
TEL-2121
Network Mgt.
TEL-2320 LANs
TEL-2321 WANs
TEL-2720
Cellular Radio and
PCS
TEL-2721
Mobile Data
Networks
SAIS Track
Core
(12 credits)
SAIS Track
Electives
(3 credits)
IS2150/TEL-2810
Intro
To Security
TEL-2825
Infrs. Protection
IS2170/TEL-2820
Cryptography
IS-2771
Security in
E-Commerce
TEL-2821
Network
Security
IS-2810/TEL-2813
Security
Management
IS2190/TEL-2830
Capstone Course
in Security
TEL-2829
Adv. Cryptography
OR
Other Electives
17
Education @Pitt
Certificate of Advanced Studies
Basic IA Studies
Advanced IA Studies
Pre-requisite: MSIS, MST or MS in related areas
15 credits of coursework:
• Three SAIS Core courses (9)
• Systems & Technology course (3)
• Capstone (3)
Certificates: CNSS 4011, 4012,
and 4013
24 credits of coursework:
• Three SAIS Core courses (9)
• Security management (3)
• One IA Elective (3)
• 2 Systems-Tech electives (6)
• Capstone (3)
Certificates: CNSS 4011, 4012,
4013, 4014A, and 4015
18
Expected Pre-requisite Structure
IS-2150
TEL-2810
Intro to Security
TEL-2000
TEL-2120
IS-2510
IS-2511
IS-2550
IS-2710
IS-2160
TEL-2820
Cryptography
TEL-2825
Infrs. Protection
TEL-2821
Network Security
IS-2570
Dev. Secure
Systems
IS-2820/TEL-2813
Security
Management
IS-2771
E-commerce
Security
TEL-2830/IS2190
Capstone
TEL-2829
Adv. Cryptography
IS-2939
TEL-2938
Advanced Topics
Check SIS web
pages for new
course numbers
19
The Department of Information Science and Telecommunication’s
Laboratory of Education and Research on Security Assured Information Systems
(LERSAIS),
a National Center of Academic Excellence in Information Assurance Education (2004-2007),
hereby certifies that
Mr. John Smith
has successfully completed the requirements for the DIST’s IA certification in Fall 2004
The DIST’s IA certification requires a student to demonstrate competence in the following three IA courses
TELCOM 2810 Introduction to Computer Security;
TELCOM 2820 Cryptography
TELCOM 2821 Network Security
These three courses have been certified by the National Security Agency (NSA) as meeting the following IA
education standards set by the Committee on National Systems Security (CNSS)
NSTISSI No. 4011, Information Systems Security Professionals
NSTISSI No. 4012, Designated Approving Authority
NSTISSI No. 4013, System Administrators in Information Systems Security
Ronald Larsen
(Dean, School of Information Sciences)
20
Introduction to Security
Overview of Computer Security
21
Information Systems Security

Deals with

Security of (end) systems


Examples: Operating system, files in a host, records,
databases, accounting information, logs, etc.
Security of information in transit over a network

Examples: e-commerce transactions, online banking,
confidential e-mails, file transfers, record transfers,
authorization messages, etc.
“Using encryption on the internet is the equivalent of arranging an
armored car to deliver credit card information from someone living in a
cardboard box to someone living on a park bench” –
Gene Spafford
22
Basic Components of Security

Confidentiality


Keeping data and resources secret or hidden
Integrity



Ensuring authorized modifications;
Includes correctness and trustworthiness
May refer to



CIA
Data integrity
Origin integrity
Availability

Trust Management
(Emerging Challenge)
Ensuring authorized access to data and resources when
desired
23
CIA-based Model
NSTISSC 4011 Security Model (CNSS 4011)
24
Basic Components of Security

Additional from NIST (National Institute of
Standards and Technology

Accountability


[Security] assurance


Ensuring that an entity’s action is traceable uniquely to
that entity
Assurance that all four objectives are met
Other

Non-repudiation:

false denial of an act
25
Interdependencies
confidentiality
integrity
Integrity
confidentiality
availability
Integrity
confidentiality
accountability
Integrity
confidentiality
26
Security - Years back

Physical security




Information was primarily on paper
Lock and key
Safe transmission
Administrative security



Control access to materials
Personnel screening
Auditing
27
Information security today

Emergence of the Internet and distributed
systems



Increasing system complexity
Open environment with previously unknown
entities interacting
Digital information needs to be kept secure



Competitive advantage
Protection of assets
Liability and responsibility
28
Information security today

Financial losses



The FBI estimates that an insider attack results in
an average loss of $2.8 million
There are reports that the annual financial loss
due to information security breaches is between 5
and 45 billion dollars
National defense

Protection of critical infrastructures:


Power Grid; Air transportation; SCADA
Interlinked government agencies


Bad Grade for most of the agencies (GAO Reports)
DHS gets a failing grade (2005) !!
29
Terminology
Security Architecture
Requirements
Requirements
Policies
Policies
Security
Features
or
Services
Attackers/Intruders/
Malfeasors
Resources
Assets
Information
Security
Models/
Mechanisms
30
Attack Vs Threat

A threat is a “potential” violation of security




The violation need not actually occur
The fact that the violation might occur makes it a
threat
It is important to guard against threats and be
prepared for the actual violation
The actual violation of security is called an
attack
31
Common security attacks

Interruption, delay, denial of receipt or denial of service


Interception or snooping


Unauthorized party changes information in transit or
information stored for subsequent access
Fabrication, masquerade, or spoofing


Unauthorized party gains access to information by browsing
through files or reading communications
Modification or alteration


System assets or information become unavailable or are
rendered unavailable
Spurious information is inserted into the system or network by
making it appear as if it is from a legitimate entity
Repudiation of origin
 False denial that an entity did (send/create) something
32
Classes of Threats (Shirley)

Disclosure: unauthorized access to information


Deception: acceptance of false data


Modification, masquerading/spoofing, repudiation of
origin, denial of receipt
Disruption: interruption/prevention of correct
operation


Snooping
Modification
Usurpation: unauthorized control of a system
component

Modification, masquerading/spoofing, delay, denial of
service
33
Policies and Mechanisms

A security policy states what is, and is not,
allowed




This defines “security” for the site/system/etc.
Policy definition: Informal? Formal?
Mechanisms enforce policies
Composition of policies

If policies conflict, discrepancies may create
security vulnerabilities
34
Goals of Security

Prevention


Detection



To prevent someone from violating a security policy
To detect activities in violation of a security policy
Verify the efficacy of the prevention mechanism
Recovery





Stop policy violations (attacks)
Assess and repair damage
Ensure availability in presence of an ongoing attack
Fix vulnerabilities for preventing future attack
Retaliation against the attacker
35
Assumptions and Trust


Policies and mechanisms have implicit
assumptions
Assumptions regarding policies



Unambiguously partition system states into
“secure” and “nonsecure” states
Correctly capture security requirements
Mechanisms


Assumed to enforce policy; i.e., ensure that the
system does not enter “nonsecure” state
Support mechanisms work correctly
36
Types of Mechanisms




Let P be the set of all the reachable states
Let Q be a set of secure states identified by a
policy: Q  P
Let the set of states that an enforcement
mechanism restricts a system to be R
The enforcement mechanism is



Secure if R  Q
Precise if R = Q
Broad if there are some states in R that are not
in Q
37
Types of Mechanisms
broad
secure
set R
precise
set Q (secure states)
38
Information Assurance

Information Assurance Advisory Council (IAAC):

“Operations undertaken to protect and defend
information and information systems by ensuring
their availability, integrity, authentication,
confidentiality and non-repudiation”
National Institute of Standards Technology
“Assurance is the basis for confidence that the
security measures, both technical and operational,
work as intended to protect the system and the
information it processes”
39
Assurance

Assurance is to indicate “how much” to trust a system and is
achieved by ensuring that




The required functionality is present and correctly implemented
There is sufficient protection against unintentional errors
There is sufficient resistance to intentional penetration or by-pass
Basis for determining this aspect of trust

Specification



Design


Requirements analysis
Statement of desired functionality
Translate specification into components that satisfy the specification
Implementation

Programs/systems that satisfy a design
40
Operational Issues


Designing secure systems has operational issues
Cost-Benefit Analysis



Risk Analysis




Benefits vs. total cost
Is it cheaper to prevent or recover?
Should we protect something?
How much should we protect this thing?
Risk depends on environment and change with time
Laws and Customs



Are desired security measures illegal?
Will people do them?
Affects availability and use of technology
41
Human Issues

Organizational Problems



Power and responsibility
Financial benefits
People problems

Outsiders and insiders


Which do you think is the real threat?
Social engineering
42
Tying all together: The Life
Cycle
Threats
Human factor
Policy
Specification
Design
Implementation
Operation &
Maintenance
43
Download