Lecture 1 - Center for Computer Systems Security

advertisement
USC CSci499
Security Systems
Lecture notes – Spring 2013
Dr. Jelena Mirkovic
University of Southern California
Information Sciences Institute
Class home page
• http://ccss.usc.edu/499
–
–
–
–
Syllabus
Assignments
News
Lecture notes
• Keep checking it!
Contact
• Instructor
– Dr. Jelena Mirkovic
– Office hours Fri 1-2pm or by appt in SAL 214/216
– Contact via email (on class web page)
Grading
• Grading:
–
–
–
–
–
–
CTF exercises: 20%
Homeworks: 20%
Quizzes: 5%
Participation: 5%
Midterm Exam: 20%
Final Exam: 30%
• Grades assigned using an absolute curve:
A
A-
B+
B
B-
C+
C
C-
D+
D
D
90
86
83
80
76
73
70
66
63
60
56
Homeworks
• Done on DeterLab testbed
– I will open an account for each of you after the class
– You will get an automated email how to log on
– Your assignment for the next class – read through the
tutorial (at http://www.deterlab.net) and run a sample
experiment to learn how to use DeterLab
• We’ll have 4 homeworks, each carries 5% of your
grade
• Ask for help early
• Do NOT email testbed ops, I can help with all DeterLab
issues
Capture-the-Flag Exercises
• Done on DeterLab testbed
• Blue team develops some technology, Red team
attacks it
• Everyone will have a chance to be on both teams
• Each exercise will be performed in class, each carries
10% of your grade
– I’m not looking for extraordinary solutions (although they
are welcome) but for good integration of what you learned
in class and what you managed to learn off the Internet
– Teamwork is important
Quizzes
•
•
•
•
Done before each homework exercise
Repeated after the exercise
You MUST take each quiz
Total 5% of your grade
Midterm and Final
• Closed book, closed notes
• Each last 1 h 20 min
• We will have reviews in class before each
Class Participation
• Class participation is important
– Ask and answer questions in class
– Ask, answer, participate on-line
• Class participation carries 5% of your grade
DEN
• DEN system will host the class discussion board
– To gain access and log in
https://mapp.usc.edu/
– Contact webclass@usc.edu if you have difficulty with
the system
– I will check the discussion board once daily but if you
want a reliable response from me email me directly
Academic Integrity
• What is and is not OK
– I encourage you to work with others to learn the material
but everyone must DO their work ALONE
– Do not to turn in the work of others
– Do not give others your work to use as their own
– Do not plagiarize from others (published or not)
– Do not try to deceive the instructor
• See the Web site
– More guidelines on academic integrity
– Links to university resources
– Ask if in doubt
• You can always ask me for help!
What Does Security Mean?
What Does Security Mean?
… In Real Life
•
No one should be able to:
–
–
–
–
–
–
–
–
–
Break into my house
Attack me
Steal my TV
Use my house to throw water balloons on people
Damage my furniture
Pretend to be my friend Bob and fool me
Waste my time with irrelevant things
Prevent me from going to my favorite restaurant
Destroy my road, bridge, city ..
What Does Security Mean?
… wrt Computers and Nets
•
No one should be able to:
–
–
–
–
–
–
–
•
Break into my computer
Attack my computer
Steal my information
Use my computer to attack others
Damage my computer or data
Use my resources without my permission
Mess with my physical world
I want to talk to Alice
–
–
Pretend to be Alice or myself or our computers
Prevent me from communicating with Alice
Computer vs. Network Security
•
An isolated computer has a security risk?
–
•
Computer security aims to protect a single, connected,
machine
Networking = communication at all times and in
all scenarios!!!
–
Network security aims to protect the communication
and all its participants
Computer security
•
Network security
Security = robustness or fault tolerance?
Security Properties
• Confidentiality (C)
– Keep data secret from non-participants
• Integrity (I)
– Aka “authenticity”
– Keep data from being modified
– Keep it functioning properly
• Availability (A)
– Keep the system running and reachable
Orthogonal Aspects
• Policy
– Deciding what confidentiality, integrity and availability
mean
• Mechanism
– Implementing the policy
Security Goals
• Attack prevention
– It is impossible for the attack to succeed
• Attack detection
– Low false positives, false negatives and detection delay
A false positive is when the system detects an attack, but the attack
did not occur.
A false negative is when the attack is missed by the system.
• Attack response
– Retaliation, observation, recovery
• Attack recovery
– Remedy the effects of the attack or sustain it
What Does Security Mean?
… wrt Computers and Nets
•
No one should be able to:
–
–
–
–
–
–
–
•
Break into my computer – A, C, I
Attack my computer – A, C, I
Steal my information - C
Use my computer to attack others – I?
Damage my computer or data - I
Use my resources without my permission – A
Mess with my physical world – I, A
I want to talk to Alice
–
–
Pretend to be Alice or myself or our computers – C, I
Prevent me from communicating with Alice - A
What Are the Threats?
•
Breaking into my computer
o
Hackers
• Break a password or sniff it off the network
• Exploit a vulnerability
A vulnerability is a weakness in the system (its design,
implementation or use procedures) that when exploited
makes it behave in a way that system’s creator did not expect.
An exploit is a set of steps that exercises the vulnerability
Use social engineering
• Impersonate someone I trust
Viruses and worms
•
o
What Are the Threats?
•
Attacking my computer
o
Denial-of-service attacks
A DOS attack aims to disrupt a service by either
exploiting a vulnerability or by sending a lot of
bogus messages to a computer offering a service
o
Viruses and some worms
A virus is a self-replicating program that requires
user action to activate such as clicking on E-mail,
downloading an infected file or inserting an infected
floppy, CD, etc ..
A worm is a self-replicating program that does not
require user action to activate. It propagates itself
over the network, infects any vulnerable machine it
finds and then spreads from it further.
What Are the Threats?
•
Stealing my information
o
o
o
From my computer or from communication
I will use cryptography!
• There are many ways to break ciphers
• There are many ways to divulge partial information
(e.g. who do you talk to)
I would also like to hide who I talk to and when
• I will use anonymization techniques
• Anonymization hinders other security approaches
that build models of normal traffic patterns
What Are the Threats?
•
Using my machine to attack others
o
o
o
o
E-mail viruses
Worms
Denial-of-service attacks (including reflector attacks)
Spam, phishing
What Are the Threats?
•
Damaging my computer or data
o
o
o
o
I have to prevent break-ins
I will also use cryptography to detect tampering
I must replicate data to recover from tampering
Denial-of-service attacks and worms can sometimes
damage computers
What Are the Threats?
•
Taking up my resources with irrelevant messages
o
o
o
Denial-of-service attacks
Spam mail (takes time to read and fills space)
Viruses and worms
What Are the Threats?
•
Messing up with my physical world
o
Cyber-physical attacks or collateral victims
o
o
o
o
Power systems, traffic control, utilities
Travel agencies
Medical devices
Smart vehicles
What Are the Threats?
•
Pretending to be Alice or myself or our computers
o
o
o
I want to be sure who I am talking to
(authentication and digital signatures)
It is hard to impersonate a computer in two-way
communication, such as TCP
• But it has been done
Plain IP spoofing seems an extremely hard problem to
solve
IP spoofing means putting a fake IP address in the
sender field of IP packets.
What Are the Threats?
•
Preventing me from communicating with Alice
o
o
o
Alice could be attacked
Routers could be overloaded or tampered with
DNS servers could be attacked
Some Security Mechanisms
•
•
•
•
•
•
•
Encryption
Checksums
Key management
Authentication
Authorization
Accounting
Firewalls
•
•
•
•
•
•
VPNs
Intrusion Detection
Intrusion Response
Virus scanners
Policy managers
Trusted hw
What Are the Challenges?
•
•
Your security frequently depends on others
– Tragedy of the Commons
A good solution must
– Handle the problem to a great extent
– Handle future variations of the problem, too
– Be inexpensive
– Have economic incentive
– Require a few deployment points
– Require non-specific deployment points
What Are the Challenges?
•
Fighting a live enemy
o
o
o
o
Security is an adversarial field
No problem is likely to be completely solved
New advances lead to improvement of attack
techniques
Researchers must play a double role
What Are the Challenges?
•
•
•
Attack patterns change
Often there is scarce attack data
Testing security systems requires reproducing or
simulating legitimate and traffic
o
•
•
•
No agreement about realistic traffic patterns
No agreement about metrics
There is no standardized evaluation procedure
Some security problems require a lot of resources
to be reproduced realistically
Practical Considerations
• Risk analysis and risk management
– How important it is to enforce a policy
– Which threats matter
– Legislation may play a role
• The role of trust
– Assumptions are necessary
• Human factors
– The weakest link
In The Shoes of an Attacker
• Who are the attackers
– Used to be teenage hackers (bragging rights)
– Now organized criminal (for profit)
– Political organizations
• Risk to the attacker
– Usually very small
Download