cs-lecture1-basic concept.pdf

Transcript

Lecture 1-Basic concepts 1.1 Computer security CS is the protection of the items you value, called the assets of a computer or computer system. There are many types of assets, involving hardware, software, data, people, processes, or combinations of these. To determine what to protect, we must first identify what has value and to whom. O Asset value depends on factors, personal, time dependent, replicable or not ,cost of lose 1.2 Computer Security Goals When we talk about computer security, we mean that we are addressing three important aspects of any computer-related system: confidentiality, integrity, and availability.  Confidentiality ensures that computer-related assets are accessed only by authorized parties. That is, only those who should have access to something will actually get that access. By "access," we mean not only reading but also viewing, printing, or simply knowing that a particular asset exists. Confidentiality is sometimes called secrecy or privacy.  Integrity means that assets can be modified only by authorized parties or only in authorized ways. In this context, modification includes writing, changing, changing status, deleting, and creating.  Availability means that assets are accessible to authorized parties at appropriate times. In other words, if some person or system has legitimate access to a particular set of objects, that access should not be prevented. For this reason, availability is sometimes known by its opposite, denial of service.  The properties are called the C-I-A triad or the security triad.  Adds to them two more properties that are desirable, particularly in communication networks:  authentication: the ability of a system to confirm the identity of a sender 1 Lecture 1-Basic concepts  nonrepudiation or accountability: the ability of a system to confirm that a sender cannot convincingly deny having sent something  Computer security seeks to prevent unauthorized viewing (confidentiality) or modification (integrity) of data while preserving access (availability). 1.2.1 Confidentiality One word that captures most aspects of confidentiality is view, Here are some properties that could mean a failure of data confidentiality: An unauthorized person accesses a data item. An unauthorized process or program accesses a data item. A person authorized to access certain data accesses other data not authorized 1.2.2 Integrity Integrity is harder to pin down than confidentiality. integrity means different things in different contexts. For example, if we say that we have preserved the integrity of an item, we may mean that the item is precise accurate unmodified modified only in acceptable ways modified only by authorized people modified only by authorized processes consistent 2 Lecture 1-Basic concepts internally consistent meaningful and usable 1.2.3 Availability Availability applies both to data and to services (that is, to information and to information Processing), and it is similarly complex. As with the notion of confidentiality, different people expect availability to mean different things. For example, an object or service is thought to be available if the following are true: It is present in a usable form. It has enough capacity to meet the service’s needs. It is making clear progress, and, if in wait mode, it has a bounded waiting time. The service is completed in an acceptable period of time. We can construct an overall description of availability by combining these goals. 1.3 Vulnerabilities, Threats, Attacks, and Controls  Vulnerability is a weakness in the security system, for example, in procedures, design, or implementation that might be exploited to cause loss or harm.  A threat to a computing system is a set of circumstances that has the potential to cause loss or harm.  Attacker a human who exploits vulnerability perpetrates an attack on the system.  a control is an action, device, procedure, or technique that removes or reduces a vulnerability.  Harm The negative consequence of an actualized threat.  Attack: is an actualized threat. We can describe the relationship among threats, controls, and vulnerabilities in this way: A threat is blocked by control of vulnerability the following figure shows how these concept are related UN fixed vulnerability 2 System progress Actualized threat 1 Exploit Threat Harm 3 4 3 Lecture 1-Basic concepts Vulnerability 2 System progress 1 Control 3 Exploit Threat 6 - continue progress 5 Fail to harm 4 1.3.1 Threat Source of threat can be either human or nonhuman as listed below:  Nonhuman threats include natural disasters like fires or floods; loss of electrical power; failure of a component such as a communications cable, processor chip, or disk drive; or attack by a wild boar.  Human threats  Nonmalicious kinds of harm include someone’s accidentally spilling a soft drink on a laptop, unintentionally deleting text, inadvertently sending an email message to the wrong person, and carelessly typing “12” instead of “21” when entering a phone number or clicking “yes” instead of “no” to overwrite a file.  Malicious attacks can be random or directed.  In a random attack the attacker wants to harm any computer or user; such an attack is analogous to accosting the next pedestrian who walks down the street. An example of a random attack is malicious code posted on a website that could be visited by anybody.  In a directed attack, the attacker intends harm to specific computers, perhaps at one organization (think of attacks against a political organization) or belonging to a specific individual (think of trying to drain a specific person’s bank account, for example, by impersonation). 4 Lecture 1-Basic concepts We can view any threat as being one of four kinds: interception, interruption, modification, and fabrication  An interception means that some unauthorized party has gained access to an asset. The outside party can be a person, a program, or a computing system. Examples of this type of failure are illicit copying of program or data files, or wiretapping to obtain data in a network. It violates the confidentiality security concept.  In an interruption, an asset of the system becomes lost, unavailable, or unusable. An example is malicious destruction of a hardware device, erasure of a program or data file, or malfunction of an operating system file manager so that it cannot find a particular disk file. It violate the availability security concept  If an unauthorized party not only accesses but tampers with an asset, the threat is a modification. For example, someone might change the values in a database, alter a program so that it performs an additional computation, or modify data being transmitted electronically. Its violate the integrity concept  Finally, an unauthorized party might create a fabrication of counterfeit objects on a computing system. The intruder may insert spurious transactions to a network communication system or add records to an existing database. Sometimes these additions can be detected as forgeries, it violate the authenticity concept. 5 Lecture 1-Basic concepts 1.3.2 Attacker A malicious attacker must have three things to success:  Method: the skills, knowledge, tools, and other things with which to be able to pull off the attack  Opportunity: the time and access to accomplish the attack  Motive: a reason to want to perform this attack against this system it can be for Fun, challenge, revenge, fraud, extortion, money laundering, and drug trafficking. 1.3.4 Vulnerabilities Vulnerabilities of computing systems, are shown below 6 Lecture 1-Basic concepts 1.3.4.1 Hardware Vulnerabilities  Visible Attack, by adding devices, changing them, removing them, intercepting the traffic to them, or flooding them with traffic until they can no longer function.  attacked physically, Computers have been drenched with water, burned, frozen, gassed, and electrocuted with power surges  Machinicide," usually involves someone who actually wishes to harm the computer hardware or software. Machines have been shot with guns, stabbed with knives, and smashed with all kinds of things. Sometimes the security of hardware components can be enhanced greatly by simple physical measures such as locks and guards. Hardware security is usually the concern of a relatively small staff of computing center professionals. 1.3.4.2 Software Vulnerabilities. a. Software alteration: A classic example of exploiting software vulnerability is the case in which a bank worker realized that software truncates the fractional interest on each account. In other words, if the monthly interest on an account is calculated to be $14.5467, the software credits only $14.54 and ignores the $.0067. b. Software Deletion : Software is surprisingly easy to delete. Each of us has, at some point in our careers, accidentally erased a file or saved a bad copy of a program, destroying a good previous copy. Because of software's high value to a commercial computing center, access to software is usually carefully controlled through a process called configuration management so that software cannot be deleted, destroyed, or replaced accidentally c. Software Modification: Software is vulnerable to modifications that either cause it to fail or cause it to perform an unintended task. Indeed, because software is so susceptible to errors, it is quite easy to modify.  The program may be maliciously modified to fail when certain conditions are met or when a certain date or time is reached. Because of this delayed effect, such a program is known as a logic bomb. For example, a disgruntled employee may modify a crucial program so that it accesses the system date and halts abruptly after July 1. Other categories of software modification include  Trojan horse: a program that overtly does one thing while covertly doing another  virus: a specific type of Trojan horse that can be used to spread its "infection" from one computer to another  Trapdoor: a program that has a secret entry point 7 Lecture 1-Basic concepts  information leaks in a program: code that makes information accessible to unauthorized people or programs d. Software Theft : This attack includes unauthorized copying of software. Software authors and distributors are entitled to fair compensation for use of their product, as are musicians and book authors. Unauthorized copying of software has not been stopped satisfactorily by copyright laws for electronic media. Software security is a larger problem, its responsibility of programmers and analysts who create or modify programs. 1.3.4.3 Data Vulnerability a. Data Confidentiality Data can be gathered by many means, such as tapping wires, planting bugs in output devices, sifting through trash receptacles, monitoring electromagnetic radiation, bribing key employees, inferring one data point from other values, or simply requesting the data. b. Data Integrity Data are especially vulnerable to modification through malicious programs, errant file system utilities, and flawed communication facilities.. 1.3.4.5 Methods of Defense Harm occurs when a threat is realized against a vulnerability. To protect against harm, then, we can neutralize the threat, close the vulnerability, or both. The possibility for harm to occur is called risk. We can deal with harm in several ways. We can seek to prevent it, by blocking the attack or closing the vulnerability deter it, by making the attack harder but not impossible deflect it, by making another target more attractive (or this one less so) detect it, either as it happens or some time after the fact recover from its effects 1.3.5 Controls To consider the controls or countermeasures that attempt to prevent exploiting a computing system's vulnerabilities. a. Data control Encryption clearly addresses the need for confidentiality of data. Additionally, it can be used to ensure integrity; data that cannot be read generally cannot easily be changed in a meaningful manner. b. Software Controls Program controls include the following: 8 Lecture 1-Basic concepts  Internal program controls: parts of the program that enforce security restrictions, such as access limitations in a database management program  Operating system and network system controls: limitations enforced by the operating system or network to protect each user from all other users  Independent control programs: application programs, such as password checkers, intrusion detection utilities, or virus scanners, that protect against certain types of vulnerabilities  Development controls: quality standards under which a program is designed, coded, tested, and maintained to prevent software faults from becoming exploitable vulnerabilities c. Hardware Controls Numerous hardware devices have been created to assist in providing computer security. These devices include a variety of means, such as: -hardware or smart card implementations of encryption -locks or cables limiting access or deterring theft -devices to verify users' identities -firewalls -intrusion detection systems -circuit boards that control access to storage media d. User Policies and Procedures Enforce procedures or policies among users rather than enforcing security through hardware or software means. In fact, some of the simplest controls, such as frequent changes of passwords, can be achieved at essentially no cost but with tremendous effect. 9 Lecture 1-Basic concepts Exercises 1- Distinguish among vulnerability, threat, and control. 2- One control against accidental software deletion is to save all old versions of a program. Of course, this control is prohibitively expensive in terms of cost of storage. Suggest a less costly control against accidental software deletion. Is your control effective against all possible causes of software deletion? If not, what threats does it not cover? 3- List at least three kinds of harm a company could experience from electronic espionage or unauthorized viewing of confidential company materials. 4- Suppose a program to print paychecks secretly leaks a list of names of employees earning more than a certain amount each month. What controls could be instituted to limit the vulnerability of this leakage? 5- Preserving confidentiality, integrity, and availability of data is a restatement of the concern over interruption, interception, modification, and fabrication. How do the first three concepts relate to the last four? That is, is any of the four equivalent to one or more of the three? Is one of the three encompassed by one or more of the four? 6- When you say that software is of high quality, what do you mean? How does security fit into your definition of quality? For example, can an application be insecure and still be "good"? 7- Consider a program to display on your web site your city's current time and temperature. Who might want to attack your program? What types of harm might they want to cause? What kinds of vulnerabilities might they exploit to cause harm? 8- Consider a program that allows consumers to order products from the web. Who might want to attack the program? What types of harm might they want to cause? What kinds of vulnerabilities might they exploit to cause harm? 9- Consider a program to accept and tabulate votes in an election. Who might want to attack the program? What types of harm might they want to cause? What kinds of vulnerabilities might they exploit to cause harm? 10- Consider a program that allows a surgeon in one city to assist in an operation on a patient in another city via an Internet connection. Who might want to attack the program? What types of harm might they want to cause? What kinds of vulnerabilities might they exploit to cause harm? 10