INTRO TO COMP SECURITY
INTRO TO COMP SECURITY CS 591
Popular in Course
Popular in ComputerScienence
This 61 page Class Notes was uploaded by Orrin Rutherford on Wednesday September 2, 2015. The Class Notes belongs to CS 591 at Portland State University taught by Staff in Fall. Since its upload, it has received 22 views. For similar materials see /class/168288/cs-591-portland-state-university in ComputerScienence at Portland State University.
Reviews for INTRO TO COMP SECURITY
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 09/02/15
CS 591 Introduction to Computer Security Lecture 1 Overview James Hook 927071112 Course Mechanics Course web page httpwebcecspdxeduhookcs491fO7indexhtml Contains My contact information Term paper handout Grading guidelines Topics and Reading Assignments for each lecture Links to lecture notes 92707 1 112 Texts Bishop Encyclopedic sometimes dry 0 Anderson Sometimes anecdotal a good read Available online for free 0 Original materials linked on web page Some materials in the ACM library are only accessible when using a PSU IP address license is based on internet address 92707 1 112 Grading Midterm 100 points Final 100 points Term paper title abstract outline and annotated bibliography 50 points Term paper 100 points Quizzes Discussion and Class participation 50 points These mechanisms will be used primarily to evaluate mastery of the reading assignments 927071112 Academic Integrity Be truthful Always hand in your own work 0 Never present the work of others as your own 0 Give proper credit to sources 0 Present your data accurately Violations of academic integrity will be taken very seriously Grade of O on the assignment Reported to the university in a manner consistent with university policy 927071112 Term Paper 0 Select a topic of your choice on computer security 0 Explore Problem space Solution space 0 Identify original sources Integrate knowledge organize critique 927071112 Term Paper Midterm Title Abstract short description of paper Outline identifies structure of paper Annotated bibliography Author 0 Title 0 Complete bibliographic reference 0 Short description of contribution of paper in your own words 927071112 Term Paper 0 Due at beginning of last class Final paper 10 15 pages no more than 20 Paper should have a proper biliography references and should be presented in a manner similar to papers appearing in conferences Paper is not expected to present original research results but is to be written in your own words and represent what you believe based on your study of the literature 927071112 Plagiarism Copying text or presenting ideas without attribution is plagiarism Plagiarism is a violation of academic integrity If you commit plagiarism you will get a grade of O and be reported to the university I know how to use google I will accept no excuses There will be no second chances 927071112 Exams Midterm will cover first half of the class Probably similar to past midterms I will prepare it Blue book exam Study questions in advance Real questions partially overlap study questions 0 Final will cover second half of the class The final will be prepared by Professor Binkley It will not be a blue book exam 927071112 Readings Reading assignments are on the web page 0 Please come to class prepared to discuss the readings You will learn more The person sitting next to you will learn more 0 I may institute pop quizzes at any time to evaluate your preparation for class 927071112 Class Mailing List 0 Please sign up for the class mailing list 0 Details will be posted on the web page tomorrow 927071112 Objectives 0 Discuss the scope of Computer Security 0 Introduce a vocabulary to discuss security 0 Sketch the course 92707 1 112 CS as Engineering 0 Is Computer Science or Computer Security an engineering discipline 0 Are we meeting the reasonable expectations of society to Codify best practices Not repeat mistakes Appropriately apply relevant science to the construction of artifacts 927071112 Case Study 0 Voting 0 Do electronic voting machines meet the reasonable expectations of society to provide a technology that is trustworthy and cost effective Trustworthy Worthy of con dence dependable Webster s on line 927071112 Expectations of Voting Vote is by secret ballot Con dentlahty l o The vote should be correctly tallied all votes cast should be counted in the election Integrity 0 Every eligible voter who presents themselves at the polling place should be able to vote l Availability l 927071112 Security or Computer Security 0 Are the expectations of integrity confidentiality and availability specific to computers 0 Can the properties of the computer system be considered independently of its use 92707 1 112 Voting Policies and Mechanisms Who can vote Legal requirements for eligibility Must be a citizen residing in the precinct Must be of voting age Administrative requirements to register to vote Fill out an application 0 Present evidence of residence can be by mail or fax Voting Mechanisms Paper ballot in a ballot box or mail May be implemented as a scan form 0 Punch cards 0 Mechanical voting machines 0 Direct Recording Electronic Voterverifiable paper audit trail 927071112 Evaluating mechanisms 0 How do we evaluate these options 0 Evaluation must be relevant to a threat model 927071112 Voting threat models Correlating ballot with voter Ballot stuffing Casting multiple votes Losing ballot boxes Ballot modification Incorrect reporting of results Denial of access to polls Vandalism Physical intimidation 92707 1 112 Electronic voting in the news 0 After the 2000 election in Florida there has been a national initiative to improve automation in voting Access must improve accessibility of polls Mechanism must improve the repeatability of vote counting ambiguity of the hanging chad or pregnant chad Electronic voting was suggested as solution 927071112 Voting in news 0 Computer hardware manufacturers brought forward Direct Recording Electronic voting machines 0 Computer Scientists questioned this including David Dill Stanford httpwwwverifiedvotianoundationorq Matt Bishop UC Davis httpnobcsucdavisedubishopnotes2006 interZindexhtml Ed Felten httpitoolicvDrincetoneduvotinci 927071112 Felten s paper 0 Security Analysis of the Diebold AccuVoteTS Voting Machine Felton s team injected malware in a voting machine that could alter the outcome of an election or disable a voting machine during an election Malware was spread by sharing memory cards 927071112 WM quot212 Voting Machine Architecture Removable On board Flash Punter EPROM Key Access 92707 1112 Boot Process 0 Boot device specified by hardware jumpers inside box EPROM onboard flash default ext flash 0 On Boot Copy bootloader into RAM init hardware Scan Removable flash for special files fbootnb0quot gt replace bootloader in onboard flash nkbinquot gt replace OS in onboard flash EraseFFXbsqquot gt erase file system on onboard flash If no special files uncompress OS image Jump to entry point of OS 92707 1112 Boot continued 0 On OS start up run Filesysexe o unpacks registry 0 runs programs in HKEYLOCALMACHINEInit shellexe debug shell deviceexe Device manager gwesexe graphics and event taskmanexe Task Manager Deviceexe mounts file systems 0 root RAM only 0 FFX mount point for onboard flash 0 Storage Card mount point for removable flash 927071112 Boot continued 0 Customized taskmanexe Check removable flash explorerglb gt launch windows explorer ins gt run proprietary scripts script language has buffer overflow vulnerabilities used to configure election data default gt launch BallotStation FFXBinBallotStationexe 927071112 BallotStation Four modes predownload pre election testing election postelection Mode recorded in election results file Storage CardCurrentElectionelectionbrs 927071112 Stealing Votes Malicious processes runs in parallel with BallotStation Polls election results file every 15 seconds If election mode and new results temporarily suspend Ballot Station steal votes resume Ballot Station 927071112 Viral propagation Malicious bootloader Infects host by replacing existing bootloader in onboard flash subsequent bootloader updates print appropriate messages but do nothing fbootnb0 package contains malicious boot loader and vote stealing software 927071112 mm I121 Goals of the class 0 Provide a vocabulary to discuss issues relevant to the trustworthiness of systems that include computers 0 Provide a set of models and design rules to assist in building and assessing trustworthy systems 0 Introduce mechanisms that when used correctly can increase trust eg crypto access control 0 Survey common exploitable vulnerabilities my stack attacks malware bots Components 0 Confidentiality Keeping secrets Integrity Bank the balances sum to zero only authorized actions change the balance 0 Availability Bank making balances available to ATMs 927071112 Confidentiality Concealment of information or resources GovernmentMilitary Need to Know Mechanisms Access Control 0 Sometimes existence of data is as confidential as content You don t need to read LayoffListdoc to know something bad is going to happen 927071112 Integrity Trustworthiness of data or resources Data Integrity Integrity of content balances sum to zero Origin Integrity Source of data is known audit trail identifying all changes to bank balances Mechanisms Prevention block unauthorized changes Detection analyze data to verify expected properties eg file system consistency check 92707 1 112 Availability 0 If an adversary can cause information or resources to become unavailable they have compromised system security Denial of Service attacks compromise Availability 927071112 Who can you trust 0 What is trust 0 What is trusted What is trustworthy if an NSA employee is observed in a toilet stall at BWI selling key material to a foreign diplomat then assuming his operation was not authorized he can be described as trusted but not trustworthy Ross Anderson p910 927071112 Threats Potential violation of security 0 Classes Disclosure unauthorized access Deception acceptance of false data Disruption interruption or prevention of safe operation Usurpation unauthorized control of some part of a system 927071112 Classic Threats Snooping passive wiretapping Modification alteration Disclosure Deception Disruption Usurpation Active wiretapping maninthemiddle Masquerading spoofing Impersonation with intent to deceive Cf Delegation one entity authorizes another to perform functions on its behalf 927071112 Disclosure Deception More Classic Threats Dismp on Usurpation Repudiation of Origin A false denial that an entity sent something Denial of Receipt A false denial that an entity received something Delay Temporary inhibition of a service Denial of Service A long term inhibition of a service 927071112 Policy and Mechanism 0 Security Policy A statement of what is and what is not allowed 0 Security Mechanism A method tool or procedure for enforcing a security policy 927071112 PSU Computer amp Network Acceptable Use Policy 0 This acceptable use policy governs the use of computers and networks at Portland State University PSU As a user of these resources you are responsible for reading and understanding this document 0 Portland State University encourages the use and application of information technologies to support the research instruction and public service mission of the institution PSU computers and networks can provide access to resources on and off campus as well as the ability to communicate with other users worldwide Such open access is a privilege and requires that individual users act responsibly Users must respect the rights of other users respect the integrity of systems and related physical resources and observe all relevant laws regulations and contractual obligations 927071112 PSU AUP cont Acceptable use terms and conditions The primary purpose of electronic systems and communications resources is for University related activities only Users do not own accounts on University computers but are granted the privilege of exclusive use Users may not share their accounts with others and must keep account passwords confidential Each account granted on a University system is the responsibility of the individual who applies for the account Groups seeking accounts must select an individual with responsibility for accounts that represent groups The University cannot guarantee that messages or files are private or secure The University may monitor and record usage to enforce its policies and may use information gained in this way in disciplinary and criminal proceedings Users must adhere strictly to licensing agreements and copyright laws that govern all material accessed or stored using PSU computers and networks When accessing remote systems from PSU systems users are responsible for obeying the policies set forth herein as well as the policies of other organizations Misuse of University computing networking or information resources may result in the immediate loss of computing andor network access Any violation of this policy or local state or federal laws may be referred to appropriate University offices andor as appropriate law enforcement authorities 927071112 PSU AUP cont Conduct which violates this policy includes but is not limited to the following Unauthorized attempts to view andor use another person s accounts computer files programs or data Using PSU computers accounts andor networks to gain unauthorized access to University systems or other systems Using PSU computers accounts andor networks for threat of imminent physical harm sexual or other harassment stalking forgery fraud generally offensive conduct or any criminal activity Attempting to degrade performance of University computers andor networks Attempting to deprive other users of University technology resources or access to systemsnetworks Using University resources for commercial activity such as creating products or services for sale Copying storing sharing installing or distributing software movies music and other materials currently protected by copyright except as permitted by licensing agreements or fair use laws Unauthorized mass e mailings to newsgroups mailing lists or individuals ie spamming or propagating electronic chain letters Unauthorized broadcasting of unsolicited mail material or information using University computersnetworks 927071112 Goals of Security 0 Prevention Guarantee that an attack will fail Detection Determine that a system is under attack or has been attacked and report it 0 Recovery Offline recovery stop an attack assess and repair damage OnIine recovery respond to an attack reactively to maintain essential services 92707 1 112 Assumptions 0 Since the adversary or attacker is unconstrained the security problem is always open Assumptions either explicit or implicit are the only constraints on the adversary 927071112 Trust Every system must trust something Trust is an underlying assumption To understand a system we must know what it trusts Typical examples of trusted entities We trust the system administrator to not abuse the ability to bypass mechanisms that enforce policy eg access control We trust the hardware to behave as expected 927071112 Minimizing what we trust 0 How little can we trust 0 If we trust the processor do we have to trust the boot loader Can we verify that we have the expected operating system before executing it 927071112 Relating Policy and Mechanism 0 Formally policy can be seen as identifying a subset of system states that are secure State space P Secure States Q o Mechanisms can be identified with restrictions of the state space Reachable states R 0 Policy classification Secure All reachable states are secure R Q Q Precise The reachable states are exactly the secure states RQ Broad There are reachable states that are not secure ElrERR EQ 927071112 Assurance An attempt to quantify how muchquot to trust a system Baseline What you expect it to do Why you expect it to do that a Trust the process Studied the artifact Expe ence 927071112 Why do you trust an Airplane NASA images from web site httpWWWdfrcnasagovGalleryPhoto Boeing images from web site httpWWWboeingcomcompany0f cesga11ery ashhtml Framework for Assurance Specification What the system does May be formal or informal Says what but not how Design An approach to solving the problem typically identifies components of the solution Design satisfies specification if it does not permit implementations that violate the spec Software design might include component communication and component specifications Implementation A system satisfying the design transitively the specification Software Might be implementations of components described in design in a programming language 92707 1 112 Operational Issues 0 Policy and Mechanism must be appropriate for context 0 Consider policy on vehicle keys in urban and rural settings In urban settings you always take your keys discourage joy ridingtheft In some rural settings people leave keys in vehicles so they are available to someone if they need to move or use the vehicle 0 How do you make these decisions rationally 927071112 CostBenefit Analysis 0 What does it cost to provide a security mechanism or to adopt a security policy 0 What are the benefits 92707 1 112 Risk Analysis 0 What is the likelihood of an attack Risk is a function of the environment Risks change with time Some risks are sufficiently remote to be acceptable Avoid analysis paralysis 927071112 People Ultimately it is the system in use by people that must be secure 0 If security mechanisms are more trouble than they are worth then users will circumvent them 0 Security must be a value of the organization 0 Policy and mechanism must be appropriate to the context as perceived by members of the organization 927071112 People as threatweak link Insider threat Release passwords Release information Untrained personnel Accidental insider threat Unheeded warnings System administrators can fail to notice attacks even if mechanisms report them User error Even experts commit user error Misconfiguration is a significant risk 927071112 Conclusions Vocabulary for Security Confidentiality Integrity Availability Threats and Attacks Policy and Mechanism Assumptions and Trust Prevention Detection Recovery Assurance Operational issues costbenefit risk 0 Ultimate goal A system used by people in an organization to achieve security goals appropriate to their situation 927071112 Next Lecture 0 Access Control amp Foundational Results 0 Reading Felten paper on voting machines Bishop chapters 1 2 and 3 Anderson chapter 1 927071112
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'