Lecture 1:
Computer security overview
Tuomas Aura
T-110.4206 Information security technology
Aalto University, autumn 2012
Outline
 Timeline of computer security
 What is security anyway?
 Summary
2
TIMELINE OF COMPUTER SECURITY
3
70s
 Multi-user operating systems
 need for protection
 Access control models: multi-level security, BellLaPadula 1976, BIBA 1977
 DES encryption algorithm 1976
 cryptanalysis, need for key distribution
 Public-key cryptosystems:
Diffie-Hellman 1976, RSA 1978
 Key distribution:
 certificates 1978
 key exchange protocols: Needham-Schroeder
1978
4
80s
 Orange Book 1985: mandatory access control
 Commercial security models from accounting
and auditing rules: Clark-Wilson 1987
 X.509 PKI 1988
 IBM PC
 software copy protection
 floppy disk virus 1987
 Internet  Morris worm 1988
5
90s
 More methodological approach to security research:
 Information flow security
 Secure operating systems: SEVMS until 1996
 Formal analysis of key exchange protocols
 Wider availability of cryptography
–
–
–
–
–






Cellular networks: GSM 1991
Open-source cryptography: PGP 1991
Password sniffers  SSH 1995
Commercial Internet  SSL and VeriSign CA 1995
RSA patent expired in 2000
Spam: Cantor and Siegel 1994
PKI criticism  trust management research
User authentication beyond passwords
Intrusion detection
Macro virus: Melissa 1999
DRM
6
2000s
 Fast-spreading Internet worms: Code Red 2001
 secure programming
 secure programming languages
 security analysis and testing tools
 Botnets, spyware  malware analysis
 Computer crime: phishing
 Enterprise identity management
 Security in mobility, Grid, ah-hoc networks,
sensor networks
 Mobile device operating systems
 Social networks, privacy concerns
7
2010s







Cloud computing
Internet of Things
Cyberwar, critical infrastructure protection
App security
Vehicular communication
Mobile payments?
Smart grid security, home automation
8
WHAT IS SECURITY
9
What is security
 When talking about security, we are concerned
about bad events caused with malicious intent
– Security vs. reliability
 Terminology:
– Threat = bad event that might happen
– Attack = someone intentionally causes the bad thing to
happen
– Vulnerability = weakness in an information system that
enables an attack
– Exploit = implementation of an attack
– Risk = probability of an attack × damage in dollars
Security Goals
 CIA = confidentiality, integrity, availability
– Confidentiality — protection of secrets
– Integrity — only authorized modification of data and
system configuration
– Availability — no denial of service, business continuity
 Examples: secret agent names, web server
 The CIA model is a good starting point but not all:
– Access control — no unauthorized use of resources
– Privacy — control of personal data and space
– What else?
11
Areas of IT security
[Gollmann]
 Computer security — security of end hosts and
client/server systems
– Focus: access control in operating systems
– Example: access control lists for file systems
 Network security — security of communication
– Focus: protecting data on the wire
– Example: encryption to prevent sniffing
 Application security — security of services to end
users and businesses
– Focus: application-specific trust relations
– Example: secure and legally binding bank transactions
12
Viewpoints to security




Cryptography (mathematics)
Computer security (systems research)
Network security (computer networking)
Software security (software engineering, programming
languages and tools)
 Formal methods for security (theoretical CS)
 Hardware security (HW engineering)
 Human aspects of security (usability, sociology)
 Security management (information-systems management,
enterprise security)
 Economics of security, laws and regulation
You cannot be just a security expert! Need broader
understanding of the systems and applications
13
Security is a continuous process
 Continuous race between attackers and defenders
– Attackers are creative
 No security mechanisms will stop all attacks; attackers
just move to new methods and targets
– Some types of attacks can be eliminated but others will
take their place
– Compare with crime statistics: Do locks or prison reduce
crime in the long term?
 Security mechanisms will fail and new threats will arise
→ Monitoring and auditing for new attacks
→ Contingency planning: how to recover from a breach
14
Cost vs. benefit
 Rational attackers compare the cost of an attack with
the gains from it
– Attackers look for the weakest link; thus, little is gained by
strengthening the already strong bits
 Rational defenders compare the risk of an attack with
the cost of implementing defenses
– Lampson: “Perfect security is the enemy of good security”
 But human behavior is not always rational:
– Attackers follow each other and flock all to the same path
– Defenders buy a peace of mind; avoid personal liability by
doing what everyone else does
→ Many events are explained better by group behavior than
rational choice
15
Proactive vs. reactive security
 Technical prevention: design systems to prevent,
discourage and mitigate attacks
– If attack cannot be prevented, increase its cost and
control damage
 Detection and reaction: detect attacks and take
measures to stop them, or to punish the guilty
 In open networks, attacks happen all the time
– We can detect port scans, spam, phishing etc., yet can
do little to stop it or to punish attackers
→ Technical prevention and mitigation must be
the primary defence
 However, detection is needed to monitor the
effectiveness of the technical prevention
16
Who is the attacker?
 We partition the world into good and bad entities
– Honest parties vs. attackers, red vs. blue
– Good ones follow specification, bad ones do not
– Different partitions lead to different perspectives on the security
of the same system
 Typical attackers:
–
–
–
–
–
–
Curious or dishonest individuals — for personal gain
Hackers, crackers, script kiddies — for challenge and reputation
Companies — for economic intelligence and marketing
Security agencies — NSA, FAPSI, GCHQ, DGSE, etc.
Military SIGINT — strategic and tactical intelligence, cyber war
Organized criminals — for money
 Often, not all types of attackers matter
– E.g. who would you not want to read your diary or email?
17
Ethical considerations
 Who is allowed to attack and when?
– Violations of policy vs. actual damage
 Are security policies for us or against us?
–
–
–
–
University policy vs. active learning
Difference between research or QA and crime?
Privacy of human subjects
Getting work done vs. following rules
 Security is commonly used as an excuse for
indecision and power grabs
 Ethics and engineering:
– What is your technology used for?
– Is your product secure enough for release?
19
SUMMARY
20
Reading material
 Dieter Gollmann: Computer Security, 2nd ed.
chapters 1–2; 3rd ed. chapters 1 and 3
 Matt Bishop: Introduction to computer
security, chapter 1
(http://nob.cs.ucdavis.edu/book/book-intro/intro01.pdf)
 Edward Amoroso: Fundamentals of Computer
Security Technology, chapter 1
 Ross Anderson: Security Engineering, 2nd ed.,
chapter 1
(1st ed. http://www.cl.cam.ac.uk/~rja14/Papers/SE-01.pdf)
23
Exercises
 What security threats and goals are there in the postal (paper mail)
system?
– What different entities are there in the postal system?
– Do they have the same of different security concerns?
– Who could be the attacker? Does the answer change if you think from
a different entity’s viewpoint? Who are insiders?
– Can you think of attacks where it is necessary for two or more
malicious parties to collude?
 What is the role of laws and punishment in computer security?
 Can the development of information security technology be
unethical, or is engineering value neutral? Give examples.
 When is it (or when could it be) ok for you to attack against IT
systems? Give examples.
 How do the viewpoints of security practitioners (e.g. system admin
or company security officer) and academic researchers differ?
24