Wrapup CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/
Final 2 The final is on Tuesday, May 8, 8:00 in 160 Willard (here) Be late at your own peril (We may lock the door at 8:10) You will have the full time to take the test, but no more Coverage: Anything we talked about in class or appeared in the readings Mainly topics since mid-term Types of questions Constructive (here is scenario, design X and explain it) Philosophical (why does Z argue that ) Explanatory (what is the key tradeoff between A and B )
Prior Topics Terminology Any term defined in the early lectures Crypto Algorithms Diffie-Hellman and RSA Keys Crypto protocols Public key Secret key Integrity, Authenticity, Secrecy 3
Topics Since Midterm Code Security Access Control Principles UNIX Security Windows Security Trusted Computing Secrecy Integrity Intrusion Detection MAC systems Virtual machine systems 4
Code Security Problems Buffer overflows, printf, integer overflows, names, characters Considerations for writing and deploying secure code Validate input (prevent vulnerabilities) Minimize attack surface (number of points of potential vulnerabilities) Minimize permissions Safe transition of privilege via invocation Return little information Type safety Implications to attacks above 5
Access Control Principles Protection System Protection State State Enforcer Access Matrix Use it Variants (RBAC) Security guarantees from policies Protection and Security Know the difference Reference Monitor Know the guarantees Know how to apply them to other systems How does X satisfy RM guarantees? 6
UNIX and Windows Subjects UNIX: users; Windows: more complex Objects UNIX: files; Windows: more complex User Authentication Access Enforcement Process Implications for security Transitions UNIX: Setuid; Windows: Windows Services Constrained execution UNIX: chroot, nobody; Windows: Restricted contexts General vulnerabilities 7
Trusted Computing Palladium TPM Know the difference Mechanisms Protected Storage Attestation How TPM supports Boot guarantees 8
Secrecy and Integrity Secrecy Secrecy and security Multilevel security, Chinese Wall Security Secrecy properties Miscellaneous Trojan horses, covert channels Program secrecy (Denning) Integrity Integrity and security Biba and LOMAC Integrity realization Privilege separation 9
Intrusion Detection Anomaly and misuse detection Relation to access control Network and host IDS Positives/Negatives Bayes Rule Analysis 10
MAC Systems and VM Systems Relation to Reference Monitors Mandatory Access Control Multics Transitions (all) SELinux/LSM architecture Virtual Machine architectures VM principles Xen enforcement VM vs OS enforcement Java enforcement 11
The state of security 12 issues are in public consciousness Press coverage is increasing Losses mounting (billions and billions) Affect increasing (ATMs, commerce) What are we doing? sound and fury signifying nothing - W. Shakespeare (well, its not quite that bad)
The problems What is the root cause? Security is not a key goal and it never has been so, we need to figure out how to change the way we do engineering (and science) to make computers secure. Far too much misunderstanding about basic security and the use of technology This is also true physical security 13
The current solutions 14 Make better software we mean it - B. Gates (2002) no really - B. Gates (2003) Linux is bad too - B. Gates (2005) it s in longhorn... - B. Gates (2006) CERT/SANS-based problem/event tracking Experts tracking vulnerabilities Patch system completely broken Destructive research Back-pressure on product developers Arms-race with bad guys Problem: reactive, rather than proactive
The real solutions 15 Fix the economic incentive equation Eventually, MS/Sun/Apple/*** will be in enough pain that they change the way they make software Education Things will get better when people understand when how to use technology Fix engineering practices Design for security Apply technology What we have been talking about
The bottom line 16 The Web/Internet and new technologies are being limited by their ability to address security and privacy concerns it is incumbent in us as scientists to meet these challenges. Evangelize importance of security Provide sound technologies Define better practices
Thank You!!! 17 tjaeger@cse.psu.edu