INTRO TO COMP SECURITY
INTRO TO COMP SECURITY CS 591
Popular in Course
Popular in ComputerScienence
This 43 page Class Notes was uploaded by Orrin Rutherford on Wednesday September 2, 2015. The Class Notes belongs to CS 591 at Portland State University taught by Staff in Fall. Since its upload, it has received 25 views. For similar materials see /class/168288/cs-591-portland-state-university in ComputerScienence at Portland State University.
Reviews for INTRO TO COMP SECURITY
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 09/02/15
CS 591 Introduction to Computer Security Lecture 3 History and Policy James Hook 33008 1737 History 33008 1737 Military Security 0 Protection of information has been part of warfare throughout recoded history 0 World War II and the Cold War led to a common protective marking scheme for documents Ross Anderson 731 Top Secret Secret Confidential Open 33008 1737 Batch Computing 0 Early computers were simple small machines with little persistent state 0 To run a job for a user an operator would Mount the removable media disks and tapes requested by the user Completely initialize the computer by pressing an Initial Program Loadquot button that read the boot loader from the card deck supplied by the user Execute the operating system loaded by the boot loader found on the removable media 33008 1737 Secure batch computing 0 To make this style of batch computing secure it was only necessary to focus on the physical security of the room insure that the state was initialized and handle all removable media according to the rules for handling classified documents 33008 1737 Cold War Computing 0 The cold war relied on aircraft capable of dropping nuclear bombs Aircraft need to know about weather 0 Global weather prediction was one of the most important computational tasks in the cold war 33008 1737 Computer Communicate Weather prediction needs input from weather stations 0 The batch model of military computing had to be abandoned The security perimeter of the weather prediction system was no longer the computer room 33008 1737 Practice beyond Policy c The weather system evolved to collect data from around the globe and give reports to pilots at Strategic Air Command centers Recognizing that this practice was outside of policy doctrine the Air Force commissioned a study on Computer Security 0 James P Anderson wrote the report Computer Security Technology Planning Study 1972 33008 1737 Anderson s study 0 Forward looking study focused on driving forces Time shared computing Communication and Networking 33008 1737 n Remnrcments Trends and mach mme P 9 zznna 1737 0mm Multilevel SAC MAC am Open Operatiml muse suma upmaan AFLC Arms NORAD AFCWC C MAC ECAC Amwm Tmnswtjoil systems Mme MAC Bene t programming Arm Amsc NORAD Mqu SAC magma Namrks all Air Farce LugAsthma Commaml m Fume Data Sur cw Jamar meme cannot New NORADAerospace Defense Cmmand Ai erce 39 Cm came 5mm ommLm 2122mm Compmmmy Analysis Canter AILC Anderson on networks The security mm m 1139 netoner is man less Strunan than that of must applimtimm Campumr matwu c that have one car 11mm nodes that can be aceLeased by users Wi l clearancga helm lw Mghe Naval 0f informatinn in HM Il ztwm39k ema g t mta nmllt evel anna39 wurks The annuity threat pulsed thy such npemtimw is at in gemral the cmnmumr to mmgmter mmmmicatinna an ae ap39ted walid an the qaes amable man that the other computer Ms 3 high secu ty rgliab ity However if mman 91 a 11min can he marched by 1 unanimous wears ue 31mm nahmrk may he wmprom se While them are growmg mquiremems for intermmecting cmyu mr Systems mm nmwnrks and Several natwnrlas Air Weathar Nahmrk SACCS JE UIC1 and AUTUMN already exist the dilmen ium 0f the S cuvity pimhmiam are uran More infurma uum is meadm am both the net wmclca am their scramit Inquiry numtg F01 lli 33933011 am recnmmamimg that netwnrk security be inclu m in the eml i u 39 engrelwmem pr gwm 33008 1737 The Insider Threat din tii Maligiaqai gmr 211 uimnmnts Eur efa ser Um mm the pi39incipal tlu39eaL hag been Seen in he an external penetration The primary damage against external petmtratim has been that of preventing access 10 any part oE the y t ln or ita dam The malieious Utagr mumem met the other hand has bypassed this zzm 9f c efeme by 33511315ng that the malicious user has legitimate access to a system Taken the mniex mt open use syatem v th general anagrami 33008 1737 The Handbook The ham jmk 0E ctrmammv zwcumty taillmiaqmas is Emulsisz as a cm ac an of aygtem degign mlemmta un and uper tian practices cove mg all bf mlter aeeur y Hum teclmiquea n 39 naer identifimtion armgh nagmaria of program validation in resommem ed senmm yummy practices 311 proceedwas in the apera n of Begum systems JLE is lawman for um by c eaigmrs and develmpexa of EBAquot informatian systems Beczmsa of n ip t gluing in this technulugy lm Emma bamk should be mammitmti thutuug mm Mae mglafILmta future 33008 1737 DOD Security Research 0 With publication of Anderson s report significant research funds were allocated to Computer Security 0 Two goals Solve aspects of the Security Problem as articulated by Anderson Give guidance to military procurement officers on how to acquire secure computing systems 33008 1737 DOD Research dominates 70 s 0 Although not all security challenges were related to defense defense sponsored research dominates publications in 70 s and 80 s 0 In that period Confidentiality was stressed The neglect of Availability would bite on September 11 2001 33008 1737 Objectives 0 Explore what a security policy is develop a vocabulary to discuss policies 0 Examine the role of trust in policy 33008 1737 What is a Security Policy 0 Statement that articulates the security goal 0 In the state machine model it identifies the authorized or secure states which are distinct from the unauthorized or nonsecure states 0 A secure system is one in which the system can only enter authorized states Note The policy doesn t make the system secure it defines what secure is 33008 1737 Confidentiality X set of entities I some information o I has the property of con dentiality with respect to X if no member of X can obtain information about I o What is information 33008 1737 Confidentiality Scenario 0 If an instructor wishes to keep class grades confidential from the students which of the following can the instructor do Email the grade file to the class mailing list Email an encrypted grade file to the class mailing list Email summary statistics mean median max and min to the class mailing list 0 What is information What is data 33008 1737 Integrity Bishop X I as before I has the property of integrity with respect to X if all members of X trust I 0 Dictionary httpwwwmwcomdictionaryintegrity 1 firm adherence to a code of especially moral or artistic values INCORRUPTIBILITY 2 an unimpaired condition SOUNDNESS 3 the quality or state of being complete or undivided COMPLEI39ENESS 33008 1737 Integrity If Alice and Bob trust their horoscopes do horoscopes have integrity 0 If the users of a system trust the file system does it have integrity 0 Is it reasonable for integrity to be based on user perception If the public loses confidence in voting machines can even a perfect DRE machine have integrity 33008 1737 Assurance Assurance aims to provide intrinsic evidence of integrity 0 We trust the integrity of the bank because we intrinsically trust the accounting practices used by banks 0 We also trust the bank because The bank is audited for compliance with these trusted practices The bank s data is scrutinized for signatures of fraud 33008 1737 Integrity Although we may desire an intrinsic notion of integrity we must accept the perception of trust in the general case 0 If we do not have intrinsic assurance the best we can demand is that no agent can refute integrity 33008 1737 Availability 0 Let X be a set of entities I a resource 0 I has the property of availability with respect to X if all members of X can access I o What is access 0 Quality of service is not always binary 33008 1737 Setting the bar on access 0 Organizational context is critical 0 For a person access sufficient to perform their job function Avionics system micromilli second some military airframes are aerodynamically unstable avionics system is required to keep them in the air Air Traffic control 1005 of milliseconds Airline reservations 105 of seconds These numbers are notional 33008 1737 Access and Quality of Service 0 Behavior of service under load may be important Graceful degradation QoS threshold 0 When is it better to do a few things quickly than all things slowly 33008 1737 Dimensions of Policy 0 Policy defines security objective Confidentiality Protect Information and Resources I from X Integrity in a manner trusted by Y Availability to be accessible to Z Mechanisms can be evaluated to determine if they help meet the objective 33008 1737 Does this model match reality 0 Recall PSU AUP What facets focus on Confidentiality what is I whowhat is X Integrity I X Availability I X o What facets are outside of this model 33008 1737 PSU Computer amp Network Acceptable Use Policy c This acceptable use policy governs the use of computers and networks at Portland State University PSU As a user of these resources you are responsible for reading and understanding this document 0 Portland State University encourages the use and application of information technologies to support the research instruction and public service mission of the institution PSU computers and networks can provide access to resources on and off campus as well as the ability to communicate with other users worldwide Such open access is a privilege and requires that individual users act responsibly Users must respect the rights of other users respect the integrity of systems and related physical resources and observe all relevant laws regulations and contractual obligations 33008 1737 PSU AUP cont Acceptable use terms and conditions The primary purpose of electronic systems and communications resources is for University related activities only Users do not own accounts on University computers but are granted the privilege of exclusive use Users may not share their accounts with others and must keep account passwords confidential Each account granted on a University system is the responsibility of the individual who applies for the account Groups seeking accounts must select an individual with responsibility for accounts that represent groups The University cannot guarantee that messages or files are private or secure The University may monitor and record usage to enforce its policies and may use information gained in this way in disciplinary and criminal proceedings Users must adhere strictly to licensing agreements and copyright laws that govern all material accessed or stored using PSU computers and networks When accessing remote systems from PSU systems users are responsible for obeying the policies set forth herein as well as the policies of other organizations Misuse of University computing networking or information resources may result in the immediate loss of computing andor network access Any violation of this policy or local state or federal laws may be referred to appropriate University offices andor as appropriate law enforcement authorities 33008 1737 PSU AUP cont Conduct which violates this policy includes but is not limited to the following Unauthorized attempts to view andor use another person s accounts computer files programs or data Using PSU computers accounts andor networks to gain unauthorized access to University systems or other systems Using PSU computers accounts andor networks for threat of imminent physical harm sexual or other harassment stalking forgery fraud generally offensive conduct or any criminal activity Attempting to degrade performance of University computers andor networks Attempting to deprive other users of University technology resources or access to systemsnetworks Using University resources for commercial activity such as creating products or services for sale Copying storing sharing installing or distributing software movies music and other materials currently protected by copyright except as permitted by licensing agreements or fair use laws Unauthorized mass e mailings to newsgroups mailing lists or individuals ie spamming or propagating electronic chain letters Unauthorized broadcasting of unsolicited mail material or information using University computersnetworks 33008 1737 Policies and the world 0 What about Obey the law Organizational consequences 33008 1737 Policy model vs reality 0 Consider password policies eg Sans model policy httpwwwsansorgresourcespolicies What dimension of security do password polices primarily address 33008 1737 Policy informed by experience 0 Most organizations have a policy that has evolved Reflects understanding of threat environment or at least threat history 0 Can reveal critical assumptions 33008 1737 Policy vs Mechanism 0 Policy says what is allowed and what isn t Mechanism is an entity or procedure that enforces some part of the policy 0 Discuss List some mechanisms Facets of policy for which mechanisms are appropriate Facets of policy for which mechanisms are unlikely to be appropriate 33008 1737 Security Model 0 A security model is a model that represents a particular policy or set of policies 0 Abstracts from the policy We will see various security models Bell LaPadula for Confidentiality ClarkWillson Integrity Chinese Wall Model 33008 1737 Families of Policies 0 Military Security Policy Governmental Primary goal confidentiality Commercial Security Policy Primary goal integrity Common mechanism transactions transaction oriented integrity security policies When you buy a book from Amazon you want to get exactly what you ordered and pay for it exactly once 33008 1737 Assumptions and Trust 0 All policies have assumptions 0 Typically something is trusted Hardware will faithfully execute the program Patch is uncorrupted from vendor Vendor tested patch appropriately Vendor s environment similar to system being patched Patch is installed correctly 33008 1737 Trust 0 What are some assumptions of the PSU AUP The sans password policy 33008 1737 Access Control Policies Discretionary Access Control DAC An individual user can set allow or deny access to an object Mandatory Access Control MAC System mechanism controls access User cannot alter that access Originator Controlled Access Control ORCON Access control set by creator of information Owner if different can t alter AC 0 Like copyright 33008 1737 Conclusions Policy declares security goal Policy can be understood in terms of security components Confidentiality Integrity Availability Policy is based on assumptions about the environment It is critical to understand what entitle the policy trusts 33008 1737 Looking Forward BellLaPadula Model Military style classification of information Confidentiality Reading 0 Bell retrospective 0 Bishop Chapter 5 start 6 as well 0 RA Chapter 7 0 Background What is a lattice Reading Chapter 27 33008 1737