Information security summary

Transcription

1 Information security summary Tuomas Aura CS-C3130 Information security Aalto University, autumn 2016

2 Outline Timeline of computer security (Areas of security) Engineering secure systems 2

3 TIMELINE OF COMPUTER SECURITY 3

4 70s Military origins of security threats and policies Multi-user operating systems need for protection Access control models: multi-level security, Bell- LaPadula 1976, BIBA 1977 DES block cipher 1976 cryptanalysis, need for key distribution Public-key cryptosystems: Diffie-Hellman 1976, RSA 1978 Key distribution: certificates 1978 key exchange protocols: Needham-Schroeder

5 80s Anonymity, Chaum s mixes 1981, anonymous payment 1982 Orange Book 1985: mandatory access control Commercial security models from accounting and auditing rules: Clark-Wilson 1987 X.509 PKI 1988 IBM PC software copy protection floppy disk virus 1987 Internet Morris worm

6 90s Wider availability of cryptography GSM cellular network 1991 Open-source cryptography: PGP 1991 Password sniffers SSH 1995 Commercial Internet SSL and VeriSign CA 1995 RSA patent expired in 2000 Perils of the Internet Firewalls Windows 95 insecure PCs connected to Internet Spam: Cantor and Siegel 1994 Macro virus: Melissa 1999 Music downloads DRM More methodological approach to security research: Secure operating systems: SEVMS until 1996 Information flow, formal analysis of key exchange protocols Intrusion detection 6

7 2000s Malware, botnets, spyware Fast-spreading Internet worms: Code Red 2001 secure programming, safe languages security analysis and testing tools Phishing: shift from hacking to profitable crime Total information awareness Central control vs. more diverse computing platforms: Enterprise identity management Mobile device operating systems, app permissions Mobility, ah-hoc networks, sensor networks More diverse security research: Security is integral part of most areas of computing Connections to law, sociology, psychology, management, usability, design Social networks, privacy concerns 7

8 2010s Cyber defense and attack Stuxnet 2010, malware business, government sponsors Snowden 2013, PRISM (2007-) Targeted attacks, advanced persistent threats Cloud computing Flaws still found in key security technologies: e.g. Heartbleed 2014, fake SSL certificates Critical infrastructure protection, smart grid security Internet of Things, vehicular communication Mobile payments, Bitcoin Ransomware What else? What is the future? 8

9 AREAS OF SECURITY 9

10 Areas of IT security [Gollmann] Computer security security of end hosts and client/server systems Focus: access control in operating systems Example: access control lists for file systems Network security security of communication Focus: protecting data on the wire Example: encryption to prevent sniffing Application security security of services to end users and businesses Focus: application-specific trust relations Example: secure and legally binding bank transactions 10

11 Viewpoints to security Cryptography (mathematics) Computer security (systems research) Network security (computer networking) Software security (software engineering, programming languages and tools) Formal methods for security (theoretical CS) Hardware security (HW engineering) Human aspects of security (usability, sociology) Security management (information-systems management, enterprise security) Economics of security, laws and regulation You cannot be just a security expert! Need broader understanding of the systems and applications 11

12 ENGINEERING SECURE SYSTEMS 12

13 Security is a continuous process Continuous race between attackers and defenders Attackers are creative No security mechanisms will stop all attacks; attackers just move to new methods and targets Some types of attacks can be eliminated but others will take their place Compare with crime statistics: Do locks or prisons reduce crime in the long term? Security mechanisms will fail and new threats will arise Monitoring and auditing for new attacks Contingency planning: how to recover from a breach 13

14 Proactive vs. reactive security Technical prevention: design systems to prevent, discourage and mitigate attacks If attack cannot be prevented, increase its cost and control damage Detection and reaction: detect attacks and take measures to stop them, or to punish the guilty In open networks, attacks happen all the time We can detect port scans, spam, phishing etc., yet can do little to stop it or to punish attackers Technical prevention and mitigation must be the primary defense However, detection is needed to monitor the effectiveness of the technical prevention 14

15 Cost vs. benefit Rational attackers compare the cost of an attack with the gains from it Attackers look for the weakest link; thus, little is gained by strengthening the already strong bits Rational defenders compare the risk of an attack with the cost of implementing defenses Lampson: Perfect security is the enemy of good security But human behavior is not always rational: Attackers follow each other and flock all to the same path Defenders buy a peace of mind; avoid personal liability by doing what everyone else does Many things are explained better by group behavior than rational choice 15

16 Deployablity of solutions Why some solutions are good in theory but fail to be deployed in practice? Immediate security gains for the early adopters Minimize pain felt by users and sysadmins Incremental deployment strategy Alignment with business interests Someone else s viewpoint: Create a buzz, grab mindshare, get management support (?) Some Security technologies that failed or had difficulties in deployment: Global X.509 PKI Universal encryption with IPsec DDoS filtering Microsoft Passport 16

17 Saltzer and Schroeder Design principles that help avoid problems Violations often indicate vulnerabilities Saltzer and Schroeder design principles [CACM 1974]: Economy of mechanism: keep the design simple Fail-safe defaults: fail towards denying access Complete mediation: check authorization of every access request Open design: assume attacker knows the system internals Separation of privilege: require two separate keys or other ways to check authorization whenever possible Least privilege: give only the necessary access rights Least common mechanisms: ensure failures stay local, diversity Psychological acceptability: design security mechanism that are easy to use correctly 17

18 Ethical questions What is ethical hacking? Responsible vs full disclosure of security flaws? Do you approve of hacktivism? Is security of your products and services a moral responsibility? Privacy vs. business interests? Does surveillance increase trust and security? Selling security products to oppressive governments? Offensive capabilities in cyber security and intelligence? Using security as an argument in organizational or national politics? What will you do if your employer asks you to do something legal that you find ethically questionable? 18

19 Reading material Dieter Gollmann: Computer Security, 2nd ed. chapters 1 2; 3rd ed. chapters 1 and 3 Matt Bishop: Introduction to computer security, chapter 1 ( Edward Amoroso: Fundamentals of Computer Security Technology, chapter 1 Ross Anderson: Security Engineering, 2nd ed., chapter 1 (1st ed. 19

20 Exercises What is the role of laws and punishment in computer security? Can the development of information security technology be unethical, or is engineering value neutral? Give examples. When is it (or when could it be) ok for you to attack against IT systems? Give examples. How do the viewpoints of security practitioners (e.g. system admin or company security officer) differ from engineer or academic researchers? How have the Snowden leaks in 2013 changed the overall picture of information security? 20

21 The course ends, what next? CS-C3130 Information Security (Tuomas Aura, period I) almost done CS-E4300 Network Security (Tuomas Aura, period II) CS-E4310 Mobile Systems Security (Asokan, period III) CS-E4160 Laboratory Works in Networking and Security (period III-IV) CS-E4320 Cryptography and Data Security (period I-II) CS-E4330 Special Course in Information Security malware analysis in spring 2017 Announcements for variable topic courses at: CS-E4003 Special Assignment in Computer Science by agreement with one of the professors or researchers Bachelor and Master s thesis 21