INTRO TO COMP SECURITY
INTRO TO COMP SECURITY CS 591
Popular in Course
Popular in ComputerScienence
This 36 page Class Notes was uploaded by Orrin Rutherford on Wednesday September 2, 2015. The Class Notes belongs to CS 591 at Portland State University taught by Staff in Fall. Since its upload, it has received 19 views. For similar materials see /class/168288/cs-591-portland-state-university in ComputerScienence at Portland State University.
Reviews for INTRO TO COMP SECURITY
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 09/02/15
CS 591 Introduction to Computer Security Lecture 6 Identiw and Data Mining James Hook Some material from Bishop 2004 41609 2117 Topics ClarkWilson Identity 0 Data mining 41609 2117 Clark Wilson Model Essentially there are two mechanisms at the heart of fraud and error control the wellformed transaction and separation of duty among employees A Comparison of Commercial and Military Computer Security Policies Clark and Wilson 1987 41 609 2117 CW Criteria 1 The system must separately authenticate and identify every user 2 The system must ensure that specified data items can be manipulated only by a restricted set of programs 3 The system must associate with each user a valid set of programs to be run controls must ensure Separation of duty 4 System must maintain an auditing log that records every program executed and the name of the authorizing user 4 609 2117 Additional Criteria 1 System must contain mechanisms to ensure that the system enforces is requirements 2 System must be protected against tampering or unauthorized change 41609 2117 ClarkWilson Integrity Model Integrity defined by a set of constraints Data in a consistent or valid state when it satisfies these Wellformed transact0n move system from one consistent state to another Issue who examines certifies transactions done correctly 41609 2117 Entities CDIs constrained data items Data subject to integrity controls UDIs unconstrained data items Data not subject to integrity controls IVPs integrity verification procedures Procedures that test the CD15 conform to the integrity constraints TPs Transformation procedures Procedures that take the system from one valid state to another 4 609 2117 Certification Rules 1 and 2 CR1 When any IVP is run it must ensure all CDIs are in a valid state CR2 For some associated set of CD15 a TP must transform those CD15 in a valid state into a possibly different valid state Defines relation certi ed that associates a set of CD15 with a particular TP Example TP balance CDIs accounts in bank example 4 609 2117 Enforcement Rules 1 and 2 ER1 The system must maintain the certified relations and must ensure that only TPs certified to run on a CD1 manipulate that CD1 ER2 The system must associate a user with each TP and set of CD15 The TP may access those CD15 on behalf of the associated user The TP cannot access that CD1 on behalf of a user not associated with that TP and CD1 System must maintain enforce certified relation System must also restrict access based on user ID allowed relation 4 609 2127 Users and Rules CR3 The allowed relations must meet the requirements imposed by the principle of separation of duty ER3 The system must authenticate each user attempting to execute a TP Type of authentication undefined and depends on the instantiation Authentication not required before use of the system but is required before manipulation of CD15 requires using TPs 41 609 2127 Logging CR4 All TPs must append enough information to reconstruct the operation to an appendonly CDI This CDI is the log Auditor needs to be able to determine what happened during reviews of transactions 41609 2127 Handling Untrusted Input CR5 Any TP that takes as input a UDI may perform only valid transformations or no transformations for all possible values of the UDI The transformation either rejects the UDI or transforms it into a CD1 In bank numbers entered at keyboard are UDIs so cannot be input to TPs TPs must validate numbers to make them a CD1 before using them if validation fails TP rejects UDI 41609 2127 Separation of Duw In Model ER4 Only the certifier of a TP may change the list of entities associated with that TP No certifier of a TP or of an entity associated with that TP may ever have execute permission with respect to that entity Enforces separation of duty with respect to certified and allowed relations 4 609 2127 Discussion 0 How can we apply CW to Voting Machine Constrained Data Items Integrity Constraints Unconstrained Data Items Transaction Procedures Integrity Verification Procedures 41609 2127 Constrained Data Items 0 Boot loader Operating System and Trusted Applications 0 Voting Application Ballot Definition 0 Vote Tally Completed Ballot 41 609 2127 Integriw constraints New images of the boot loader OS Trusted Applications and Voting Applications must include a certificate of origin signed by a trusted party The certificate must include a message digest of the image 0 The OS Trusted Applications and Voting Applications must pass an integrity check based on their certificate of origin before being executed The Ballot Definition must be signed digitally by an election official distinct from the official operating the voting machine 41609 2127 Transaction processes TPs Update Boot Loader 0 Update OS and Trusted Applications 0 Update Voting Application 0 Define Ballot Start Election 0 End Election 0 Vote 4 609 2127 Comparison to Biba Biba No notion of certification rules trusted subjects ensure actions obey rules Untrusted data examined before being made trusted ClarkWilson Explicit requirements that actions must meet Trusted entity must certify method to upgrade untrusted data and not certify the data itself 41609 2127 Sources 0 News stories on Surveillance NY Times article on NSA spying Dec 2005 httpwwwcommondreamsorgheadline505121601htm USA Today article on NSA phone records May 2006 httpwwwusatodavcomnewswashinqton2006 05 10 nsa xhtm Readings on Telephone Fraud detection Gary M Weiss 2005 Data Mining in Telecommunications httpstormcisfordhamedugweisspaperskluwer04 telecompdf Corinna Cortes Daryl Pregibon and Chris Volinsky quotCommunities of Interestquot httphomepagemaccom corinnacortespapersportugalps Anderson 20 and 24 17 and 21 in 1st edition 41609 2127 Identity 0 Mapping from abstract subjects and objects to real people and things 41609 2127 Principal A principal is a unique entity 0 An identity specifies a principal Authentication binds a principal to a representation of identity internal to a computer system 41609 2127 Uses of Identity 0 Access Control Accountability 41609 2127 Unix Users UNIX uses UID User identification number for Access Control UNIX uses Username for Accountability 0 Users provide a username and password to authenticate Password file maps usernames to UIDs Common for one principal to have multiple usernames and UIDs 41 609 2127 Object identity 0 Object sharing Eg unix files file names map to inodes inodes map to real files 41609 2127 Identity in distributed systems ljghookpdxedu PSU OIT windows boxes across campus hookcspdxedu PSU CS uniX boxes in CS department hooklinuxcecs PSU MCECSCAT linux boxes in pdxedu Engineering hookbeethoven laptop owned by user administered cspdxedu PSU laptop 41609 2127 Phone Systems 0 Phone fraud Attacks on metering Attacks on signaling attacks on switching and configuration insecure end systems dialthrough fraud feature interaction 41609 2127 Fraud detection problem 0 Subscription fraud customer opens account with the intention of never paying Superimposition fraud legitimate account some legitimate activity illegitimate activity superimposed by a person other than the account holder 4 609 2127 Fraud detection as identity 0 Both Subscription fraud and superimposition fraud are asking if we can identify a principal by their behavior and without their cooperation 41609 2127 Communities of Interest 0 On the telephone you are who you call Coretes Pregibon and Volinsky paper use top 9 lists of ingoing and outgoing calls to characterize a user s Community of Interest COI Define Overlap of two COIs to be a distance measure Overlap is highly effective at identifying fraudsters Record Linkage Using COI based matchingquot 0 NB Application not limited to phone networks 4 609 2127 Phone Fraud 0 Where does the data come from 0 Phone switches generate call detail records Weiss paper 0 These records can be harvested to yield CPV s top 9 lists Hancock is a DSL for writing code to read large volumes of data 4 609 2127 Telephone fraud detection Historically COIbased matching is used to detect a deadbeat customer who has assumed a new network identity Is this a legitimate business use Is there a potential privacy issue Discuss potential abuses 41 609 2127 Credit Card Fraud detection Credit Card companies have done nearly real time analysis of card usage Anomalies are flagged card holder is contacted Customers have come to expect this service It is considered a protection and an added value Discuss Abuse potential Does government have a role Why or why not 4 609 2127 NY Times Story 0 Revealed content of international phone calls between persons of interest were monitored outside of FISA What not use FISA What if identity is a surrogate not a name 0 Note I don t know if the COI papers and the news stories reference in this lecture are related 41609 2127 USA Today Story Several telephone companies providing call detail data to NSA Largest data base ever Asserts no content being monitored DiscussionConjecture What if they are calculating COI Or COI like data Could this serve as the source of the surrogate identitiesquot used for nonFISA wiretaps If it is reasonable for business to use this technology for fraud detection is it reasonable for the government to exploit it as well What other personal information could be obtained from this data 4 609 2127 US Constitution Amendment IV The right of the people to be secure in their persons houses papers and effects against unreasonable searches and seizures shall not be violated and no warrants shall issue but upon probable cause supported by oath or affirmation and particularly describing the place to be searched and the persons or things to be seized 41 609 2127 Discussion Is a COI a sufficient description to meet the requirement particularly describing the place to be searched and the persons or things to be seized 41 609 2127
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'