18-631_Lecture01.pptx

Full Transcript

18-631: INTRODUCTION TO
INFORMATION SECURITY
Unit 01:
Foundations

Jema Ndibwile
LEC TURE
01:
Introduction
 COURSE
OVERVIEW
Course Instructor
o Jema David Ndibwile
o Email: [email protected]

Teaching Assistants
o Roland Dunee - [email protected]
o Martha Kachweka - [email protected]
o Hussein Murashi - [email protected]
o Fidele Rurangwa - [email protected]

Course Website: Introduction to Information Security (cmu.edu)
Meeting Time: MW 10:00-11:50
Page 3
 COURSE
Optional
Textbooks
OVERVIEW
o Cryptography and Network Security: Principles and Practice, 5th edition, by
William Stallings. Publisher: Prentice Hall (2010), New Jersey, ISBN: 0136097049

o Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd edition,
by Ross
Anderson. Publisher: John Wiley and sons (2008), New York, ISBN: 0-470-06852-3.
https://www.cl.cam.ac.uk/~rja14/book.html
o Handbook of Applied Cryptography, by Alfred J. Menezes, Paul C. van Oorschot and Scott
A. Vanstone, Publisher: CRC Press (2001), ISBN: 0-8493-8523-7. Also available for free
online: https://cacr.uwaterloo.ca/hac/
Grading
o Homework: 60%
o Midterm 10%
exam: 30%
o Final project:

11 homework assignments. The lowest homework grade will be
dropped.
Page 4
 COURSE
OVERVIEW

Grading Scale

A+ 100% B+ 87.00 - C+ 75.00 - 79.99%
89.99%
A 95.00 - 99.99% B 83.00 - C 70.00 - 74.99%
86.99%
A- 90.00 - 94.99% B- 80.00 - C- 69.99%
A+ cannot be achieved through any bonus pointsand
82.99% or curving
below
C- is considered a failing grade at the CMU graduate level

There is NO rounding up so make every point count!
Page 5
 COURSE
POLICIES
Homework assignments must be submitted via Canvas in PDF or TXT format

The timestamp given by Canvas will be the determining factor if the
assignment is late or not

Any assignment turned in late will only be eligible for 50% of the original
grade for the first 24 hours after the due date

After the 24 hours the assignment will NOT be eligible for a grade

Page 6
 COURSE
POLICIES
Students are enc ouraged to c ollaborate on homework assignments
o Collaboration is limited to disc ussion of the problem and
sketc hing general approaches
o If you collaborate with any other person, list their name(s) at the top
of the first page of your assignment
o Each student must write out and submit their own homework
solutions
o Submitted solutions may not be c opied from any sourc e,
inc luding present or past year’s solutions
o AI generated solutions, e.g., Chat GP, will be detected and considered
cheating

Academic
Page 7 Integrity Policy:
 COURSE
POLICIESon
See the course syllabus on Canvas for more information
following
o Cheating: Taking an unfair or disallowed advantage over
other students
o Plagiarism: Using the work of others without proper
attribution
o Unauthorized Assistance: Using sources of support that have
not been specifically authorized.

Presumptive sanction for a first offense is course failure,
accompanied by the transcript notation “Violation of the
Academic Integrity Policy”
Standard sanction for a first offense by graduate students is
suspension or expulsion
Page 8
If you have any questions on these policies, please feel free to ask
 READING
C RITIQUES
Some homework assignments include reading an academic or industry publication
providing
and a c ritique
Ideal critique should be one page long (3-4 paragraphs)

The c ritique should c onsist of the
following:
1. Citation for the paper. A proper citation will contain the following for four elements:

For example: R. Anderson, "Why Cryptosystems Fail," First Conference
Computer and Communication Security, ACM, November, 1993.
on
2. Research question. What question was the paper trying to answer? This should be
one sentence. A paper might address many questions. But what was the main
question that is answered. Note that any research paper answers a question.

3. What were the three main points made by the paper? The paper may say many things
but what are some of the main ideas described in the paper.

4. Name one way how the paper could be improved OR one question you still have
about what was discussed by the authors in the paper.
Page 9
 COURSE
OBJECTIVE
Course introduces the technical and policy foundations of
information security

Main objective of the course is to enable you to reason about
information systems from a security engineering perspective

Course encourages a mindset of security as a core design
feature, rather than an add-on, in information systems

“Security is a process, not a product” (Bruce Schneier)
Page 10
 COURSE
OUTLINE
Four major themes, grouped in five scheduling units:
o Foundations & c ryptography (Units 1 and 2)
o Endpoint security (Unit 3)
o Network security (Unit 4)
o Human and soc io-economic fac tors (Unit 5)

Assigned readings are subjec t to c hange

Cyber threat landsc ape is c onstantly c hanging

Page 11
 WHAT IS
SECURITY?
“Building systems to remain dependable in the face of malice,
error or misc hanc e” (Ross Anderson)

“Managing a malicious adversary [and] guaranteeing properties
even if a malicious adversary tries to attack” (Adrian Perrig)

Information Security: a set processes and practices designed to
maintain the
Confidentiality,
I ntegrity, and
Availability of data (CIA triad)
Page 12
 CIA also applies to:
WHAT IS
systems the data resides on SECURITY?
networks the data is transmitted through

Other security properties and objectives:
o Privacy/Anonymity
o Authentication (entities and messages)
o Authorization
o Non-repudiation
o Timestamping

Collectively these constitute the various components of
Information Security
Page 13
 SEC URITY
ENGINEERING
Integrating security into an information system,
preferably during the initial design phase

Retrofitting security at a later stage usually leads to poor
results

Proper security is sometimes difficult to do due to:
 Cost
 Convenience
 Culture
Page 14
 SEC URITY
What are you protecting? ANALYSIS
Enumerate assets and their value (monetary value, replacement
cost)
Identify the security requirements (confidentiality, integrity,
availability)

What are the security requirements?
o Any current weakness? (vulnerability assessment)

Who are the adversaries?
o Identify attackers and possible motivations (cybercrime,
espionage, hacktivism)
o Estimate attackers’ resources (tactics, techniques and
procedures)
o Probability and impact of an attack (risk assessment)
Page 15
 SEC URITY
Defense-in-depth APPROAC
o Leverage multiple layers of protection HES
(firewalls, segmentation, access
control, least privilege)
o 100% security is not realistic, but you can significantly increase the cost
to the attacker

Detection
o Capability to identify and respond to security threats in a timely manner
o How much visibility do you really have into your systems?

Recovery
o Ability to resume normal operations after a security incident (backups,
insurance)

Page 16
 SEC URITY
Redundancy: APPROAC HES
Introduce redundancy by duplicating critical components or subsystems. If
one component fails, the redundant one can take over. Redundancy can be
at various levels, from hardware redundancy to software redundancy.
Diversity:
Use diverse technologies, algorithms, or designs for different parts of the
system. This prevents a single vulnerability or failure mode from
affecting the entire system. If one component is compromised, the others
might still be intact.
Isolation:
Implement strong isolation between different components of the system.
This can prevent the spread of errors or malicious activity from one
part of the system to another.

Page 17
 SEC URITY
Monitoring and Diagnostics: APPROAC HES
Incorporate robust monitoring and diagnostic mechanisms to detect errors
or anomalies. This enables the system to identify and respond to problems
before they escalate.
Error Handling:
Design the system to gracefully handle errors and exceptions. Implement
mechanisms that allow the system to recover from errors without crashing
or compromising security.
Fail-Safe Mode:
Design a fail-safe mode that the system can enter if critical errors are
detected. In this mode, the system might limit functionality to essential
operations while minimizing risks.

Page 18
 SEC URITY
APPROAC HES
Security Measures: Implement strong security measures to protect
against malicious attacks. This includes encryption, access controls,
intrusion detection systems, and more.
Regular Testing: Rigorously test the system under various conditions,
including both normal operations and stress scenarios. This helps identify
vulnerabilities and weaknesses.
Continuous Updates: Keep the system up to date with the latest patches
and security updates. Regularly review and improve the system's design and
defenses as new threats emerge.

Page 19
 SEC URITY
APPROAC HES
Human Oversight:
Have a human oversight mechanism in place to intervene if the
system behaves unexpectedly. Humans can make decisions that
automated systems might not be able to handle.
Training and Education:
Ensure that the operators and users of the system are well-trained
and educated about potential risks, proper usage, and emergency
procedures.

Page 20
 LEC TURE 02:
Threat Models
 AGENDA
Get an understanding of possible failure modes in information systems,
and associated threat models

Introduce examples of techniques for preliminary system security analysis

Introduce the concept of attack trees that help to visualize failure modes

Page
22
 WHY CRYPTOSYSTEMS FAIL

Sourc e:
Page
https://xkc d.c om/538/
23
 WHY CRYPTOSYSTEMS FAIL

Sourc e:
Page
https://xkc d.c om/1181/
24
 WHY CRYPTOSYSTEMS FAIL
Seminal paper by Ross Anderson from 1993
o “most frauds were not caused by cryptanalysis or other technical attacks, but
by implementation errors and management failures”

Page
26
 WHY CRYPTOSYSTEMS FAIL
Seminal paper by Ross Anderson from 1993
o “most frauds were not caused by cryptanalysis or other technical attacks, but
by implementation errors and management failures”

Draws analogy between information security and airline industry
o Airlines: low risk because failures are highly publicized and analyzed
o Information security: general reliance on security by obscurity (e.g.,
government classification, proprietary protocols)

Page
27
 WHY CRYPTOSYSTEMS FAIL
Seminal paper by Ross Anderson from 1993
o “most frauds were not caused by cryptanalysis or other technical attacks, but
by implementation errors and management failures”

Draws analogy between information security and airline industry
o Airlines: low risk because failures are highly publicized and analyzed
o Information security: general reliance on security by obscurity (e.g.,
government classification, proprietary protocols)

At the time, U.S. customers bore no responsibility for fraudulent
charges, while U.K. c ustomers did
o No incentive for U.K. banks to be overly concerned about security

Page
28
 WHY CRYPTOSYSTEMS FAIL
Seminal paper by Ross Anderson from 1993
o “most frauds were not caused by cryptanalysis or other technical attacks, but
by implementation errors and management failures”

Draws analogy between information security and airline industry
o Airlines: low risk because failures are highly publicized and analyzed
o Information security: general reliance on security by obscurity (e.g.,
government classification, proprietary protocols)

At the time, U.S. customers bore no responsibility for fraudulent
charges, while U.K. c ustomers did
o No incentive for U.K. banks to be overly concerned about security

Page
29
 WHY CRYPTOSYSTEMS FAIL

Security by Obscurity

Page
Reading Link: Security Through Obscurity: The Good, The Bad, The Ugly |
30 TheCyberPatch
 THREATS , RISKS & VULNERABILITY

RISK = ASSETS X VULNERABILITY X THREATS

Page
31