Full Transcript

18-631: INTRODUCTION TO INFORMATION SECURITY Unit 01: Foundations Jema Ndibwile LEC TURE 01: Introduction COURSE OVERVIEW Course Instructor o Jema David Ndibwile o Email: je...

18-631: INTRODUCTION TO INFORMATION SECURITY Unit 01: Foundations Jema Ndibwile LEC TURE 01: Introduction COURSE OVERVIEW Course Instructor o Jema David Ndibwile o Email: [email protected] Teaching Assistants o Roland Dunee - [email protected] o Martha Kachweka - [email protected] o Hussein Murashi - [email protected] o Fidele Rurangwa - [email protected] Course Website: Introduction to Information Security (cmu.edu) Meeting Time: MW 10:00-11:50 Page 3 COURSE Optional Textbooks OVERVIEW o Cryptography and Network Security: Principles and Practice, 5th edition, by William Stallings. Publisher: Prentice Hall (2010), New Jersey, ISBN: 0136097049 o Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd edition, by Ross Anderson. Publisher: John Wiley and sons (2008), New York, ISBN: 0-470-06852-3. https://www.cl.cam.ac.uk/~rja14/book.html o Handbook of Applied Cryptography, by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, Publisher: CRC Press (2001), ISBN: 0-8493-8523-7. Also available for free online: https://cacr.uwaterloo.ca/hac/ Grading o Homework: 60% o Midterm 10% exam: 30% o Final project: 11 homework assignments. The lowest homework grade will be dropped. Page 4 COURSE OVERVIEW Grading Scale A+ 100% B+ 87.00 - C+ 75.00 - 79.99% 89.99% A 95.00 - 99.99% B 83.00 - C 70.00 - 74.99% 86.99% A- 90.00 - 94.99% B- 80.00 - C- 69.99% A+ cannot be achieved through any bonus pointsand 82.99% or curving below C- is considered a failing grade at the CMU graduate level There is NO rounding up so make every point count! Page 5 COURSE POLICIES Homework assignments must be submitted via Canvas in PDF or TXT format The timestamp given by Canvas will be the determining factor if the assignment is late or not Any assignment turned in late will only be eligible for 50% of the original grade for the first 24 hours after the due date After the 24 hours the assignment will NOT be eligible for a grade Page 6 COURSE POLICIES Students are enc ouraged to c ollaborate on homework assignments o Collaboration is limited to disc ussion of the problem and sketc hing general approaches o If you collaborate with any other person, list their name(s) at the top of the first page of your assignment o Each student must write out and submit their own homework solutions o Submitted solutions may not be c opied from any sourc e, inc luding present or past year’s solutions o AI generated solutions, e.g., Chat GP, will be detected and considered cheating Academic Page 7 Integrity Policy: COURSE POLICIESon See the course syllabus on Canvas for more information following o Cheating: Taking an unfair or disallowed advantage over other students o Plagiarism: Using the work of others without proper attribution o Unauthorized Assistance: Using sources of support that have not been specifically authorized. Presumptive sanction for a first offense is course failure, accompanied by the transcript notation “Violation of the Academic Integrity Policy” Standard sanction for a first offense by graduate students is suspension or expulsion Page 8 If you have any questions on these policies, please feel free to ask READING C RITIQUES Some homework assignments include reading an academic or industry publication providing and a c ritique Ideal critique should be one page long (3-4 paragraphs) The c ritique should c onsist of the following: 1. Citation for the paper. A proper citation will contain the following for four elements: For example: R. Anderson, "Why Cryptosystems Fail," First Conference Computer and Communication Security, ACM, November, 1993. on 2. Research question. What question was the paper trying to answer? This should be one sentence. A paper might address many questions. But what was the main question that is answered. Note that any research paper answers a question. 3. What were the three main points made by the paper? The paper may say many things but what are some of the main ideas described in the paper. 4. Name one way how the paper could be improved OR one question you still have about what was discussed by the authors in the paper. Page 9 COURSE OBJECTIVE Course introduces the technical and policy foundations of information security Main objective of the course is to enable you to reason about information systems from a security engineering perspective Course encourages a mindset of security as a core design feature, rather than an add-on, in information systems “Security is a process, not a product” (Bruce Schneier) Page 10 COURSE OUTLINE Four major themes, grouped in five scheduling units: o Foundations & c ryptography (Units 1 and 2) o Endpoint security (Unit 3) o Network security (Unit 4) o Human and soc io-economic fac tors (Unit 5) Assigned readings are subjec t to c hange Cyber threat landsc ape is c onstantly c hanging Page 11 WHAT IS SECURITY? “Building systems to remain dependable in the face of malice, error or misc hanc e” (Ross Anderson) “Managing a malicious adversary [and] guaranteeing properties even if a malicious adversary tries to attack” (Adrian Perrig) Information Security: a set processes and practices designed to maintain the Confidentiality, I ntegrity, and Availability of data (CIA triad) Page 12 CIA also applies to: WHAT IS systems the data resides on SECURITY? networks the data is transmitted through Other security properties and objectives: o Privacy/Anonymity o Authentication (entities and messages) o Authorization o Non-repudiation o Timestamping Collectively these constitute the various components of Information Security Page 13 SEC URITY ENGINEERING Integrating security into an information system, preferably during the initial design phase Retrofitting security at a later stage usually leads to poor results Proper security is sometimes difficult to do due to:  Cost  Convenience  Culture Page 14 SEC URITY What are you protecting? ANALYSIS Enumerate assets and their value (monetary value, replacement cost) Identify the security requirements (confidentiality, integrity, availability) What are the security requirements? o Any current weakness? (vulnerability assessment) Who are the adversaries? o Identify attackers and possible motivations (cybercrime, espionage, hacktivism) o Estimate attackers’ resources (tactics, techniques and procedures) o Probability and impact of an attack (risk assessment) Page 15 SEC URITY Defense-in-depth APPROAC o Leverage multiple layers of protection HES (firewalls, segmentation, access control, least privilege) o 100% security is not realistic, but you can significantly increase the cost to the attacker Detection o Capability to identify and respond to security threats in a timely manner o How much visibility do you really have into your systems? Recovery o Ability to resume normal operations after a security incident (backups, insurance) Page 16 SEC URITY Redundancy: APPROAC HES Introduce redundancy by duplicating critical components or subsystems. If one component fails, the redundant one can take over. Redundancy can be at various levels, from hardware redundancy to software redundancy. Diversity: Use diverse technologies, algorithms, or designs for different parts of the system. This prevents a single vulnerability or failure mode from affecting the entire system. If one component is compromised, the others might still be intact. Isolation: Implement strong isolation between different components of the system. This can prevent the spread of errors or malicious activity from one part of the system to another. Page 17 SEC URITY Monitoring and Diagnostics: APPROAC HES Incorporate robust monitoring and diagnostic mechanisms to detect errors or anomalies. This enables the system to identify and respond to problems before they escalate. Error Handling: Design the system to gracefully handle errors and exceptions. Implement mechanisms that allow the system to recover from errors without crashing or compromising security. Fail-Safe Mode: Design a fail-safe mode that the system can enter if critical errors are detected. In this mode, the system might limit functionality to essential operations while minimizing risks. Page 18 SEC URITY APPROAC HES Security Measures: Implement strong security measures to protect against malicious attacks. This includes encryption, access controls, intrusion detection systems, and more. Regular Testing: Rigorously test the system under various conditions, including both normal operations and stress scenarios. This helps identify vulnerabilities and weaknesses. Continuous Updates: Keep the system up to date with the latest patches and security updates. Regularly review and improve the system's design and defenses as new threats emerge. Page 19 SEC URITY APPROAC HES Human Oversight: Have a human oversight mechanism in place to intervene if the system behaves unexpectedly. Humans can make decisions that automated systems might not be able to handle. Training and Education: Ensure that the operators and users of the system are well-trained and educated about potential risks, proper usage, and emergency procedures. Page 20 LEC TURE 02: Threat Models AGENDA Get an understanding of possible failure modes in information systems, and associated threat models Introduce examples of techniques for preliminary system security analysis Introduce the concept of attack trees that help to visualize failure modes Page 22 WHY CRYPTOSYSTEMS FAIL Sourc e: Page https://xkc d.c om/538/ 23 WHY CRYPTOSYSTEMS FAIL Sourc e: Page https://xkc d.c om/1181/ 24 WHY CRYPTOSYSTEMS FAIL Seminal paper by Ross Anderson from 1993 o “most frauds were not caused by cryptanalysis or other technical attacks, but by implementation errors and management failures” Page 26 WHY CRYPTOSYSTEMS FAIL Seminal paper by Ross Anderson from 1993 o “most frauds were not caused by cryptanalysis or other technical attacks, but by implementation errors and management failures” Draws analogy between information security and airline industry o Airlines: low risk because failures are highly publicized and analyzed o Information security: general reliance on security by obscurity (e.g., government classification, proprietary protocols) Page 27 WHY CRYPTOSYSTEMS FAIL Seminal paper by Ross Anderson from 1993 o “most frauds were not caused by cryptanalysis or other technical attacks, but by implementation errors and management failures” Draws analogy between information security and airline industry o Airlines: low risk because failures are highly publicized and analyzed o Information security: general reliance on security by obscurity (e.g., government classification, proprietary protocols) At the time, U.S. customers bore no responsibility for fraudulent charges, while U.K. c ustomers did o No incentive for U.K. banks to be overly concerned about security Page 28 WHY CRYPTOSYSTEMS FAIL Seminal paper by Ross Anderson from 1993 o “most frauds were not caused by cryptanalysis or other technical attacks, but by implementation errors and management failures” Draws analogy between information security and airline industry o Airlines: low risk because failures are highly publicized and analyzed o Information security: general reliance on security by obscurity (e.g., government classification, proprietary protocols) At the time, U.S. customers bore no responsibility for fraudulent charges, while U.K. c ustomers did o No incentive for U.K. banks to be overly concerned about security Page 29 WHY CRYPTOSYSTEMS FAIL Security by Obscurity Page Reading Link: Security Through Obscurity: The Good, The Bad, The Ugly | 30 TheCyberPatch THREATS , RISKS & VULNERABILITY RISK = ASSETS X VULNERABILITY X THREATS Page 31

Use Quizgecko on...
Browser
Browser