EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing

1
EEC 693/793Special Topics in Electrical
EngineeringSecure and Dependable Computing

• Lecture 3
• Wenbing Zhao
• Department of Electrical and Computer Engineering
• Cleveland State University
• wenbing_at_ieee.org

2
Outline

• Types of threats
• Meaning of computer security
• Vulnerabilities in computer systems
• Threats in computer networks

3
The Meaning of Computer Security

• The purpose of computer security is to devise
  ways to prevent the weaknesses from being
  exploited
• What we mean when we say that a system is secure
• Confidentiality computer-related assets are
  accessed only by authorized parties.
  Confidentiality is sometimes called secrecy or
  privacy
• Integrity assets can be modified only by
  authorized parties or only in authorized ways
• Availability assets are accessible to authorized
  parties at appropriate times

4
Relationship of Security Goals

• A secure system must meet all three requirements
• The challenge is how to find the right balance
  among the goals, which often conflict
• For example, it is easy to preserve a particular
  object's confidentiality in a secure system
  simply by preventing everyone from reading that
  object
• However, this system is not secure, because it
  does not meet the requirement of availability for
  proper access
• gt There must be a balance between
  confidentiality and availability

5
Relationship of Security Goals
6
Confidentiality

• Confidentiality is the security property we
  understand best because its meaning is narrower
  than the other two
• However, it is not trivial to ensure
  confidentiality. For example,
• Who determines which people or systems are
  authorized to access the current system?
• By "accessing" data, do we mean that an
  authorized party can access a single bit? pieces
  of data out of context?
• Can someone who is authorized disclose those data
  to other parties?

7
Integrity

• It is much harder to ensure integrity. One reason
  is that integrity means different things in
  different context
• For example, if we say that we have preserved the
  integrity of an item, we may mean that the item
  is
• precise
• accurate
• unmodified
• modified only in acceptable ways
• modified only by authorized people
• modified only by authorized processes
• consistent
• internally consistent
• meaningful and usable

8
Integrity

• Aspects of integrity computerized data are the
  same as those in source documents they have not
  been exposed to accidental or malicious
  alteration or destruction
• Aspects of integrity authorized actions,
  separation and protection of resources, and error
  detection and correction
• Integrity can be enforced in much the same way as
  can confidentiality by rigorous control of who
  or what can access which resources in what ways

9
Availability

• Availability applies both to data and to services
  (i.e., to information and to information
  processing
• We say a data item, service, or system is
  available if
• There is a timely response to our request
• There is a fair allocation of resources, so that
  some requesters are not favored over others
• The service or system involved are fault tolerant
  - hardware or software faults lead to graceful
  cessation of service or to workarounds rather
  than to crashes and abrupt loss of information
• The service or system can be used easily and in
  the way it was intended to be used
• .

10
Availability

• The security community is just beginning to
  understand what availability implies and how to
  ensure it
• A small, centralized control of access is
  fundamental to preserving confidentiality and
  integrity, but it is not clear that a single
  access control point can enforce availability
• Much of computer security's past success has
  focused on confidentiality and integrity full
  implementation of availability is security's next
  great challenge

11
Vulnerabilities

• Vulnerabilities What would prevent us from
  reaching one or more of our three security goals
• The three assets (hardware, software and data)
  and the connections among them are all potential
  security weak points

12
Vulnerabilities
13
Software Vulnerabilities

• Software is surprisingly easy to delete and to
  copy
• Software is vulnerable to modifications that
  either cause it to fail or cause it to perform an
  unintended task

14
Software Vulnerabilities

• Logic bomb a program that has been maliciously
  modified to fail when certain conditions are met
  or when a certain date or time is reached
• Trojan horse a program that overtly does one
  thing while covertly doing another
• Virus a specific type of Trojan horse that can
  be used to spread its "infection" from one
  computer to another
• Trapdoor a program that has a secret entry point
• Information leaks in a program code that makes
  information accessible to unauthorized people or
  programs

15
Data Vulnerabilities

• Data items have greater public value than
  hardware and software, because more people know
  how to use or interpret data
• By themselves, out of context, pieces of data
  have essentially no intrinsic value
• On the other hand, data items in context do
  relate to cost, perhaps measurable by the cost to
  reconstruct or redevelop damaged or lost data

16
Data Vulnerabilities

• Confidential data leaked to a competitor may
  narrow a competitive edge
• Data incorrectly modified can cost human lives
• Inadequate security may lead to financial
  liability if certain personal data are made
  public
• The value of data over time is far less
  predictable or consistent
• Quite often, data is valuable only for a period
  of time

17
Principle of Adequate Protection

• Principle of Adequate Protection
• Computer items must be protected only until they
  lose their value
• They must be protected to a degree consistent
  with their value

18
Security of Data
Integrity prevents unauthorized modification
Confidentiality prevents unauthorized disclosure
of a data item
Availability prevents denial of authorized access
19
Threats in Networks

• Networks are specialized collections of hardware,
  software, and data
• Each network node is itself a computing system
• It experiences all normal security problems
• A network must also confront communication
  problems that involve the interaction of system
  components and outside resources

20
Threats in Networks

• The challenges to achieve network security are
  rooted in
• A network's lack of physical proximity
• Use of insecure, shared media, and
• The inability of a network to identify remote
  users positively

21
What Makes a Network Vulnerable

• Anonymity. An attacker can mount an attack from
  thousands of miles away and never come into
  direct contact with the system, its
  administrators, or users
• Many points of attackboth targets and origins.
  An attack can come from any host to any host, so
  that a large network offers many points of
  vulnerability

22
What Makes a Network Vulnerable

• Sharing. Because networks enable resource and
  workload sharing, more users have the potential
  to access networked systems than on single
  computers
• Complexity of system. A network combines two or
  more possibly dissimilar operating systems
• Unknown network boundary. A network's
  expandability also implies uncertainty about the
  network boundary

23
What Makes a Network Vulnerable
Unknown network boundary
24
What Makes a Network Vulnerable

• Unknown path in message routing. There may be
  many paths from one host to another. Some
  intermediate node might not be trustworthy

25
Methods of Defense

• Harm occurs when a threat is realized against a
  vulnerability
• To protect against harm, we can neutralize the
  threat, close the vulnerability, or both
• The possibility for harm to occur is called risk

26
Methods of Defense

• We can deal with harm in several ways. We can
  seek to
• Prevent it, by blocking the attack or closing the
  vulnerability
• Deter it, by making the attack harder, but not
  impossible
• Deflect it, by making another target more
  attractive (or this one less so)
• Detect it, either as it happens or some time
  after the fact
• Recover from its effects

27
Methods of Defense Multiple Controls
28
Countermeasures / Controls

• Encryption
• Scrambling process
• Software controls
• Hardware controls
• hardware or smart card implementations of
  encryption
• Policies and Procedures
• Example change password periodically
• Physical Controls
• Example Locks on doors, guards at entry points

29
Software Controls

• Internal program controls parts of the program
  that enforce security restrictions, such as
  access limitations
• Operating system and network system controls
  limitations enforced by the operating system or
  network to protect each user from all other users
• Independent control programs application
  programs, such as password checkers, intrusion
  detection utilities, or virus scanners, that
  protect against certain types of vulnerabilities
• Development controls quality standards under
  which a program is designed, coded, tested, and
  maintained, to prevent software faults from
  becoming exploitable vulnerabilities

30
Principle of Effectiveness

• Principle of Effectiveness Controls must be
  usedand used properlyto be effective. They must
  be efficient, easy to use, and appropriate