CSE2500 System Security and Privacy

1
CSE2500 System Security and Privacy
2
Lecturers
Prof B Srinivasan Phone 990 31333 Room No
C4.47 srini_at_infotech.monash.edu.au
Ms Nandita BhattacharjeePhone 990 32185/990
53293Room No C4.05nandita_at_csse.monash.edu.au
3
Organisation and Evaluation

• 12 weeks of lectures
• 2 hours of tutorials per week mainly problem
  solving, starting from week 2 to week 12.

4
Weekly Lectures

• Lectures
• Wednesdays 7p.m. to 9p.m. in Caulfield K Block
  K3.21
• Alternative Lecture times?
• Fridays 12 noon to 2p.m. in Caulfield K block
  3.09
• Fridays 3p.m. to 5p.m. in Caulfield B block B2.13

5
Tutorials

• Tutorials from week 2 to week 12
• Wednesdays 10a.m. in Caulfield/B471
• Wednesdays 4p.m. in Caulfield/B471
• Wednesdays 4p.m. in Caulfield/B476
• Thursdays 10a.m. in Caulfield/A212
• Thursdays 2p.m. in Caulfield/B224
• Thursdays 6p.m. in Caulfield/F206 or Wednesday
  5p.m in Caulfield/??
• Pl use Allocate for allocating tutorials. If
  you have any problems, please see us during the
  tutorial times next week.

6
Assessment

• Four assessment components
• Two 30 min tests during the tutorial sessions
  in weeks 6 and 12, worth 15 each.
• Individual question solving during the tutorial
  session from weeks 7 to 11, worth 10
• Each student will be assigned a time slot and a
  problem and they have to make a presentation of
  the solution to the rest of the group.
• Examination 2 hours duration worth 60
• You need to get at least 50 to pass this unit.

7
References

• Primary Reference book
• Security in Computing C P Pfleeger and S L
  Pfleeger, Third Edition, 2003, Prentice Hall
• Secondary Reference book
• Computer SecurityDieter Gollmann, 1999, John
  Wiley

8

• Subject CSE2500
• Lecturers
• Prof. Bala Srinivasan
• Mrs. Nandita Bhattacharjee
• Prescribed Text
• Pfleeger
• Security in Computing 3e
• Available from the University Bookshop

9
Where to look for the subject materials?

• http//www.csse.monash.edu.au/courseware/cse2500
• http//beast.csse.monash.edu.au/cse2500
• Please down load and print the lecture materials
  before coming to the class as NO further
  photocopies of notes will be distributed in the
  class.
• The lecture notes is complementary to the
  prescribed text.

10
Security

• Why do you lock your house before you leave?
• How do you choose the kind of lock for your
  house?
• Any added devices (such as alarms, bull terrier,
  etc)
• What you do when you observe that things in the
  house are scattered around?

11
What are you protecting?

• Brick and walls
• Money and jewellery
• Music CDs and tapes
• Etc .

12
Threats to Computer and Communications systems

• Domain of information and network security
• Taxonomy of security attacks
• Aims or services of security
• Model of system/(inter)network security
• Methods of defense

13
Security

• Human nature
• physical, financial, mental,, data and
  information security

14
There are Problems

• Theft - of equipment
• Theft e.g. Copying of confidential material
• Modification - for gain e.g. Adding false names
  to payroll
• Modification - malicious e.g. Virus infections
• Access - easy for us and difficult for them
• .

15
Fact sheet

• bank robbery through computers
• industrial espionage on corporate information
• loss of individual privacy (email, mobile
  phone/computer, fax, ...)
• information vandalism
• computer viruses
• (more can be found in comp.risks)

16
What we mean by Security?

• Protection of assets - can take several forms
• Prevention
• Detection
• Reaction

17
Reactions

• active research in security privacy(numerous
  conferences each year)
• new laws
• education
• collaborations between governments, industries
  academia
• employment of computer security specialists

18
What that means for computer assets?

• What are the assets (for system security)?

19
Information Security

• Shift from the physical security to the
  protection of data (on systems) and to thwart
  hackers (by means of automated software tools)
  called System and information security
  

20
Network Security

• With the widespread use of distributed systems
  and the use of networks and communications
  require protection of data during transmission
  called network security

21
Internetwork security

• The term Network Security may be misleading,
  because virtually all businesses, govt., and
  academic organisations interconnect their data
  processing equipment with a collection of
  interconnected networks probably we should call
  it as (inter)network security

22
Aspects of System (and information) security

• Security attack any action that compromises the
  security of system and information.
• Security mechanism to detect, prevent, or
  recover from a security attack.
• Security service service that enhances and
  counters security attacks.

23
Other terminology

• vulnerability
• a weakness in a computer system that might be
  exploited to cause loss or harm
• attack
• an action that exploits a vulnerability
• threat
• circumstances that have the potential to cause
  loss or harm
• control - a protective measure

24
Security mechanisms

• No single mechanism that can provide the services
  mentioned in the previous slide. However one
  particular aspect that underlines most (if not
  all) of the security mechanism is the
  cryptographic techniques.
• Encryption or encryption-like transformation of
  information are the most common means of
  providing security.

25
Why Security?

• Security is not simple as it might first appear.
• In developing a particular security measure one
  has to consider potential counter measures.
• Because of the counter measures, the problem
  itself becomes complex.
• Once you have designed the security measure, it
  is necessary to decide where to use them.
• Security mechanisms usually involve more than a
  particular algorithm or protocol.

26
Security and Cost Analysis
cost
100
Security level
27
Security Attacks - Taxonomy

• Interruption attack on availability
• Interception attack on confidentiality
• Modification attack on integrity
• Fabrication attack on authenticity

Property that is compromised
28
Interruption

• Also known as denial of services.
• Information resources (hardware, software and
  data) are deliberately made unavailable, lost or
  unusable, usually through malicious destruction.
• e.g cutting a communication line, disabling a
  file management system, etc.

29
Interception

• Also known as un-authorised access.
• Difficult to trace as no traces of intrusion
  might be left.
• e.g illegal eavesdropping or wiretapping or
  sniffing, illegal copying.

30
Modification

• Also known as tampering a resource.
• Resources can be data, programs, hardware
  devices, etc.

31
Fabrication

• Also known as counterfeiting (of objects such as
  data, programs, devices, etc).
• Allows to by pass the authenticity checks.
• e.g insertion of spurious messages in a
  network, adding a record to a file, counterfeit
  bank notes, fake cheques,
• impersonation/masquerading
• to gain access to data, services etc.

32
Security Attacks - Taxonomy
Source and Destination - can be what is supposed
to be and what you get
33
Attacks Passive types

• Passive (interception) eavesdropping on,
  monitoring of, transmissions.
• The goal is to obtain information that is being
  transmitted.
• Types here are release of message contents and
  traffic analysis.

34
Attacks Active types

• Involve modification of the data stream or
  creation of a false stream and can be subdivided
  into masquerade, replay, modification of
  messages and denial of service.

35
Attacks
36
Security threats (to maintain) are

• Confidentiality
• Integrity
• Availability
• to give us secure data (and information)
• Authenticity

37
Confidentiality

• Only accessible by authorised parties
• Not revealed
• More that just not reading
• Confidentiality is distinct from secrecy and
  privacy ( ?)

38
Integrity

• Associated with loss and corruption
• Data Integrity as
• Computerised data same as external, source data
• Data not exposed to alteration or destruction
• No inappropriate modification

39
Availability

• The property of being accessible and useable
  (without delay) upon demand by an authorised
  entity
• We want there to be
• no denial of service

40
Other issues

• Accountability
• Reliability
• Safety
• Dependability

41
Security is defined as

• Computer security deals with the prevention and
  detection of unauthorised actions by users of a
  computer system
• Security deals with the ready availability of
  valuable assets by authorised agents, and the
  denial of that access to all others

42
The security dilemma

• security deals with the ready availability of
  valuable assets by authorised agents, and the
  denial of that access to all others.
• Security-unaware users have specific security
  requirements but (usually) no security
  expertise. But

43
The security dilemma

• The costs of additional resources to implement
  security mechanisms can be quantified.
• Security mechanisms interfere with users, and can
  lead to loss of productivity.
• Managing security also costs.
• Need to perform risk analysis (which will be the
  next topic)

44
Principles of Security

• Principle of easiest penetration
• an intruder will use any means of penetration
• Principles of timeliness
• items only need to be protected until they lose
  their value
• Principles of effectiveness
• controls must work, and they should be
  efficient, easy to use, and appropriate.

45
Layers of technology (and Onion Model)

• In which layer should security mechanisms be
  placed ?
• Should controls be placed in more that one layer
  ?
• See slide 46 too.

Operating System
Kernel
Hardware
Services
Applications
46
Layers

• The presence of layers is a feature of technology
• Separate layers often perform very different
  functions
• Similar functions are combined in one layer
• The boundary between two layers is usually easily
  defined
• Layers can often be independently implemented

47
Vulnerabilities

• The three broad computing system resources are
• hardware
• interruption (denial of service), interception
  (theft)
• software
• interruption (deletion), interception,
  modification
• data
• interruption (loss), interception, modification
  and fabrication

48
One method of defence

• By controls
• What should be the focus of the controls?
• For example should protection mechanisms focus
  on data or operations on that data or on the
  users who use the data?
• Since there are layers of technology, where
  controls should apply?
• Applications, services, operating systems,
  kernel, hardware.

49
Controls

• Can be applied at hardware, software, physical
  or polices.
• Simple mechanisms or lots of features?
• Should defining and enforcing security mechanism
  be a centralised function?
• How to prevent access to the layer below the
  security mechanism?

50
Examples of Controls

• Modern cryptology
• Encryption, authentication code, digital
  signature,etc.
• Software controls
• Standard development tools (design, code, test,
  maintain,etc)
• Operating systems controls
• Internal program controls (e.g access controls
  to data in a database)
• Firewalls

51
Examples of Controls

• Hardware controls
• Security devices, smart cards,
• Physical controls
• Lock, guards, backup of data and software, thick
  walls, .
• Security polices and procedures
• User education
• Law

52
Effectiveness of Controls

• Merely having controls does no good unless they
  are used properly. The factors that affect the
  effectiveness are
• Awareness of protection
• Likelihood of users
• Overlapping controls
• Periodic review

53
Model for network security
Trusted Third party
Principal
Principal
Message
Gate Keeper
Message
Information channel
Secret Info.
Secret Info.
Opponent security threads and possible attacks
Borrowed from Stallings
54
Two questions to ponder

• Having backup copies of the data is it a
  solution to security?
• The internetwork security model (the previous
  slide) has the gate keeper at the receiver (or
  destination) end why not at the sender (source)?