Security Requirements

1
Security Requirements

• Confidentiality
• Requires information in a computer system only be
  accessible for reading by authorized parties
• Integrity
• Assets can be modified by authorized parties only
• Availability
• Assets be available to authorized parties
• Authenticity
• Requires that a computer system be able to verify
  the identity of a user

2
Threats

• Confidentiality
• Integrity
• Availability
• Authenticity

• Interception
• Unauthorized access
• wiretapping
• Modification
• Change or Delete Data, Messages, Programs
• Interruption
• Hardware destruction
• Disable File Management
• Fabrication
• Create data, messages ...

3
What it there to protect?

• Hardware
• Accidental and deliberate damage
• Tapping of Network lines
• Overload of networks
• Software
• Threats include deletion, alteration, damage
• Data
• Involves files
• Security concerns for availability, secrecy, and
  integrity
• Stealing of classified information

4
Protection

• Limit Sharing
• Limit Communication
• Encryption of data
• Control access
• Electronic Signatures
• Intrusion detection

5
Examples of Protection

• File systems
• Access control defined by user
• Most system files are not accessible for user
• Access control
• OS provides access control via Login and Password
• User privileges
• different user have different status (NT user
  groups)
• Clean Memory Partitioning
• Systematic backups

6
Sharing

• Sharing is the source of all evil!
• No sharing Separation in time or place
• Share all or share nothing
• Owner of an object declares it public or private
• Share via access limitation
• Operating system checks the permissibility of
  each access by a specific user/process to a
  specific object
• Operating system acts as the guard

7
Memory issues

• Bound registers for processes access to RAM
• Delete vs. erase
• If you delete a file it is not really gone
• OS only forgot that it was there
• You can still retrieve the content
• If you really want to erase thing
• Reformat the device(not always possible)
• Delete files and save useless things until drive
  is full
• Beware when your sell you used computer, there
  may be traces of sensitive information

8
Message encryption Artistic Math

• Encode content x yF(x,k1) and send y
• Receiver decodes the content with a function
  xD(x,k2)
• Public key private 2 different keys are used
  (PGP)
• Secrete Key k1k2, DF-1 ! Illusion of safety
• You can only read content if you know k2
• Simple letter replacement (Midterm)
• has about 41026 possibilities but easy to guess

9
Electronic Signatures

• Became very important recently due to e-commerce
• Example You sent and email to buy a stock
• stock crashes 1 hour later, you deny ever having
  sent the email
• Legal issue How to prove the authenticity of
  electronic documents
• Similar to encryption You calculate a complex
  function from the message text, decode it using
  your private and append it

10
Access Control Authentication

• Login
• Requires both a user identifier (ID) and a
  password
• Only admit known and matching ID and password
• User based or computer based
• Problems
• Users can reveal their password to others either
  intentionally or accidentally
• Hackers are skillful at guessing passwords
• ID/password file can be obtained (hard to decode)

11
ID Provides Security

• Determines whether the user is authorized to gain
  access to a system
• Determines the privileges accorded to the user
• Guest or anonymous accounts have mover limited
  privileges than others
• ID is used for discretionary access control
• A user may grant permission to files to others by
  ID

12
Intrusion Techniques

• Steal Id and Password
• Circumvent access control
• Use a Trojan horse to bypass restrictions on
  access

13
Techniques for Learning Passwords

• Try default password used with standard accounts
  shipped with computer
• Exhaustively try all short passwords license
  plates
• Try words in dictionary or a list of likely
  passwords
• Collect information about users and use these
  items as passwords
• address, names, relatives, SSN, phone numbers
• In a study 86 of password could be guessed

14
Techniques for Stealing Passwords

• Tap the line between a remote user and the host
  system
• Watch user during login
• Intercept emails that contain passwords

15
Password Selection Strategies

• Computer generated passwords -(
• Hard to remember, user write them down
• Reactive password checking strategy -(
• System periodically runs password cracker to find
  guessable passwords
• System cancels passwords that are guessed and
  notifies user
• Consumes resources to do this, can be to late!
• Proactive password checker -)
• The system checks at the time of selection if the
  password is allowable

16
Types of Attacks

• Intrusion
• Somebody unauthorized manages to log into your
  system
• Remote Attack
• Somebody changes the behavior of your computer
  without being logged in

17
Intrusion Prevention

• Firewalls around network
• Limit the access type
• telnet, ftp, http, ssh, rsh .
• Limit access location
• allow access only from designated machines
• Machine ID IP address

18
Intrusion Detection

• Assume the behavior of the intruder differs from
  the legitimate user
• Statistical anomaly detection
• Collect data related to the behavior of
  legitimate users over a period of time
• Statistical tests are used to determine if the
  behavior is not legitimate behavior
• Rule-based detection
• Rules are developed to detect deviation form
  previous usage pattern
• Expert system searches for suspicious behavior

19
(No Transcript)
20
Intrusion Detection Data Collection

• Audit record
• Native audit records
• All operating systems include accounting software
  that collects information on user activity
• Detection-specific audit records
• Collection facility can be implemented that
  generates audit records containing only that
  information required by the intrusion detection
  system
• Very common for Web services
• I can tell exactly what you did on blackboard

21

• Remote attacks via Software

22
2 Types of Malicious Programs

• Those that need a host program
• Fragments of programs that cannot exist
  independently of some application program,
  utility, or system program
• Independent
• Self-contained programs that can be scheduled and
  run by the operating system

23
Trojan Horse

• Useful program that contains hidden code that
  when invoked performs some unwanted or harmful
  function
• Can be used to accomplish functions indirectly
  that an unauthorized user could not accomplish
  directly
• User may set file permission so everyone has
  access
• can do anything the user could do
• Example new exciting freeware game
• Does not need illegal access

24
Login Spoofing

• Setup a screen that looks exactly like login
• New user comes and tries to login
• Program reads in login information and mails is
  to intruder
• Login fails, user thinks he misspelled and logs
  in again

25
Logic Bomb

• Code embedded in a legitimate program that is set
  to explode when certain conditions are met
• Presence or absence of certain files
• Particular day of the week
• Particular user running application
• Example An employee had a program that checked
  whether his name appeared on payroll
• After he was fired the bomb went off and
  destroyed important software
• Potential of blackmail

26
Worms

• Use network connections to spread form system to
  system
• Electronic mail facility
• A worm mails a copy of itself to other systems
• Remote execution capability
• A worm executes a copy of itself on another
  system
• Remote log-in capability
• A worm logs on to a remote system as a user and
  then uses commands to copy itself from one system
  to the other

27
Zombie

• Program that secretly takes over another
  Internet-attached computer
• It uses that computer to launch attacks that are
  difficult to trace to the zombies creator
• Typical Windows NT problem Recent case that
  attacked the White House server

28
Viruses

• Program that can infect other programs by
  modifying them
• Modification includes copy of virus program
• The infected program can infect other programs

29
Virus Stages

• Dormant phase
• Virus is idle
• Propagation phase
• Virus places an identical copy of itself into
  other programs or into certain system areas on
  the disk

30
Virus Stages

• Triggering phase
• Virus is activated to perform the function for
  which it was intended
• Caused by a variety of system events
• Execution phase
• Function is performed

31
Types of Viruses

• Parasitic
• Attaches itself to executable files and
  replicates
• When the infected program is executed, it looks
  for other executables to infect
• Memory-resident
• Lodges in main memory as part of a resident
  system program
• Once in memory, it infects every program that
  executes

32
Types of Viruses

• Boot sector
• Infects boot record
• Spreads when system is booted from the disk
  containing the virus
• Stealth
• Designed to hide itself form detection by
  antivirus software
• May use compression

33
Types of Viruses

• Polymorphic
• Mutates with every infection, making detection by
  the signature of the virus impossible
• Mutation engine creates a random encryption key
  to encrypt the remainder of the virus
• The key is stored with the virus

34
Macro Viruses

• A macro is an executable program embedded in a
  word processing document or other type of file
• Autoexecuting macros in Word
• Autoexecute
• Executes when Word is started
• Automacro
• Executes when defined event occurs such as
  opening or closing a document
• Command macro
• Executed when user invokes a command (e.g., File
  Save)
• Dominantly Windows problem

35
E-mail Virus Windows Issue

• Activated when recipient opens the e-mail
  attachment
• Activated by open an e-mail that contains the
  virus
• Uses Visual Basic scripting language
• Propagates itself to all of the e-mail addresses
  known to the infected host
• Protection Use email program that has very
  limited privileges (Beware Outlook and Explorer)

36
Antivirus Approaches

• Detection
• Identification
• Removal
• Your antivirus program from yesterday is useless
  for todays virus!
• Stern approach Every time the user logs in to
  his machine the computer downloads the most
  current version of antivirus software from the
  network

37
How does Antivirus software work?

• Virus signature scanner
• Scan target code looking for known viruses
• CPU emulator
• Instructions in an executable file are
  interpreted by the emulator rather than the
  processor

38
Internet Attacks

• One way to attack internet services is to create
  an overload for the server
• Most server have a capacity that reflects normal
  use requirements
• Tojan horse or worms get distributed onto many
  machines
• At a specific time all infected machines start
  sending requests to the same server
• Server goes down
• Big problem for online brokerage with time
  sensitive information

39
Comparison UNIX to WINDOWS

• UNIX targeted by access attacks since it is a
• Multi-user environment
• High degree of sharing
• Constant network access
• Sophisticated OS hard to write malicious
  programs
• WINDOWS targeted by remote attacks
• Singly user environment
• Less sophisticated OS easier to write malicious
  programs
• Switched off most of the time (used to be)

40
Security Design Principles

• Public system design
• It creates a false illusion if you think nobody
  knows you architecture
• Default no access
• Repetitive checks for current authority
• User might have forgotten to lock out, timeout
• Give the least privileges possible
• Security should be build in the lowest levels of
  the system, security as add-on does not work well

41
Summary

• There is no safe system!
• Business decision
• How do I enforce save behavior from employees
• Security is very expensive
• Security get more expensive, the more flexibility
  , communication and sharing I allow
• Separate physical network for sensitive data
• Hire an ex-hacker to break into my system to test
  security