Foundations of Computer SecurityLecture 2: Why Security is HardDr. Bill YoungDepartment of Computer SciencesUniversity of Texas at AustinLecture 2: 1 Why Security is HardIs Cyber Security Particularly Hard?Question: Why would security be any more difficult than mosttechnological problems?Answer 1: Most technology-related efforts are concerned withensuring that something good happens. Security is all aboutensuring thatbad things never happen.In security, not only do you have to find “bugs” that make thesystem behave differently than expected, you have to identify anyfeatures of the system that are susceptible to misuse and abuse,even if your programs behave exactly as you expect them to.Lecture 2: 2 Why Security is HardWhat Bad Things?Answer 2: If security is all about ensuring that bad things neverhappen, that means we have to know what those bad things are.The hardest thing about security is convincing yourself that you’vethought of all possible attack scenarios, before the attacker thinksof them.“A good attack is one that the engineers never thought of.”–Bruce SchneierLecture 2: 3 Why Security is HardProgramming Satan’s ComputerAnswer 3: Unlike most technology problems, you have to defeatone or more actively malicious adversaries.Ross Anderson characterizes this as “Programming Satan’sComputer.” The environment in which your program is deployedworks with malice and intelligence to defeat your every effort.The defender has to find and eliminate all exploitablevulnerabilities; the attacker only needs to find one!Lecture 2: 4 Why Security is HardEasiest PenetrationAnswer 4: Information management systems are a complex,“target-rich” environment comprising: hardware, software, storagemedia, peripheral devices, data, people.Principle of Easiest Penetration: an intruder will use anyavailable means to subvert the security of a system.“If one overlooks the basement windows while assessing the risksto one’s house, it does not matter how many alarms are put on thedoors and upstairs windows.”–Melissa DanforthLecture 2: 5 Why Security is HardSecurity Isn’t the PointAnswer 5: Security is often an afterthought. No-one builds adigital system for the purpose of being secure. They build digitalsystems to do something useful.Security mechanisms may be viewed as a nuisance to be subverted,bypassed, or disabled.Lecture 2: 6 Why Security is HardUpshot: Perfect Security Ain’t HappeningPerfect security is probably impossible in any useful system.“The three golden rules to ensure computer security are: do notown a computer; do not power it on; and do not use it.”–RobertH. Morris, former Chief Scientist of the National ComputerSecurity Center (early 1980’s)“Unfortunately the only way to really protect [your computer] rightnow is to turn it off, disconnect it from the Internet, encase it incement and bury it 100 feet below the ground.” –Prof. FredChang, former director of research at NSA (2009)Lecture 2: 7 Why Security is HardIf Security Gets in the WaySecurity is meant to prevent bad things from happening; oneside-effect is often to prevent useful things from happening.Typically, a tradeoff is necessary between security and otherimportant project goals: functionality, usability, efficiency,time-to-market, and simplicity.Lecture 2: 8 Why Security is HardSome LessonsHe who defends everything defends nothing. –old military adageSecurity is difficult for several reasons.Since you can never achieve perfect security, there is always atradeoff between security and other system goals.Next lecture: Security as Risk ManagementLecture 2: 9 Why Security is
View Full Document
Unlocking...