New version page

Introduction to Computer Security and Privacy

Upgrade to remove ads

This preview shows page 1-2-24-25 out of 25 pages.

Save
View Full Document
Premium Document
Do you want full access? Go Premium and unlock all 25 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 25 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 25 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 25 pages.
Access to all documents
Download any document
Ad free experience

Upgrade to remove ads
Unformatted text preview:

1Introduction to Computer Security andPrivacySimson L. Garfinkel, [email protected]://www.simson.net/© 2005 Simson Garfinkel2Today’s TutorialHour 1: Thinking about Security and Privacy.Hour 2: Crypto Theory and ApplicationsHour 3: Information Disclosure and Capture2Computer SecurityComputer Security© 2005 Simson Garfinkel4What is Computer Security?COMPUTER SECURITY:“A computer is secure if you can depend on itand its software to behave as you expect.”(Garfinkel & Spafford, 1991)3© 2005 Simson Garfinkel5Computer security traditionally has 5 goals.AvailabilityConfidentialityData IntegrityControlAudit© 2005 Simson Garfinkel6Availability:Make sure you can use your systemTypically achieved by:– Hardening– Redundancy– Reference checks on people4© 2005 Simson Garfinkel7Confidentiality:Keep your secrets secret!Typically achieved by:– Physical isolation– Cryptography– Background checks on people© 2005 Simson Garfinkel8Data Integrity:Prevent others from modifying your dataTypically achieved by:– Redundancy (2 or 3 copies?)– Backups– Checksums and digital signatures5© 2005 Simson Garfinkel9Control:Regulate the use of your system.Typically achieved by:– Access control lists– Physical security© 2005 Simson Garfinkel10Audit:What happened? How do we undo it?Typically achieved by:– Log files– Human auditors & expert systems6© 2005 Simson Garfinkel11Different environments have differentprioritiesBanking environment:– integrity, control and audit are more critical thanconfidentiality and availabilityIntelligence service:– confidentiality may come first, availability last.Military on the battlefield:– availability may come first, audit may come lastUniversity:– Integrity and availability come first.© 2005 Simson Garfinkel12Most security texts focus on bad-guy attackersand malicious programs (worms & viruses).Most continuity problems arise from:– Operator, software, and configuration errors.– Environmental problems.The best security measures protect againstboth inadvertent and malicious threats.7© 2005 Simson Garfinkel13A Security policy defines what you want tosecure, from whom, and how you will do it.Security perimeterBecause youcan’t secureeverything© 2005 Simson Garfinkel14A Security policy defines what you want tosecure, from whom, and how you will do it.Security perimeterStandards codify the what should be doneGuidelines explain how it will be done8© 2005 Simson Garfinkel15How do you create a policy?Option #1 Risk Assessment:– Identify assets and their value– Identify the threats– Calculate the risks– Conduct a Cost-Benefit AnalysisOption #2: Adopt “Best Practices.”© 2005 Simson Garfinkel16Techniques For Drafting PoliciesAssign a specific “owner” to everything that isto be protected.Be positiveBe realistic in your expectationsConcentrate on education and prevention9© 2005 Simson Garfinkel17Threats to Consider:Human error“Hackers”– technical gurus, script kiddies, criminals looking for gain.Disgruntled employeesOrganized crime– increasingly a threat! Breaking into hospitals, e-commerce sites, etc.Foreign espionage (it happens!)Cyber terrorists (it hasn’t happened yet)Information warfare attacks (depends on how you count)Microsoft / RIAA / MPAAMom© 2005 Simson Garfinkel18Risk Cannot Be EliminatedYou can purchase a UPS…– But the power failure may outlast the batteries– But the UPS may fail– But the cleaning crew may unplug it– But the UPS may crash due to a software error.10© 2005 Simson Garfinkel19Spaf’s first principle of securityadministration:“If you have responsibility for security,but have no authority to set rules or punish violators,your own role in the organization is to take the blamewhen something big goes wrong.”(Garfinkel & Spafford, 1991)Saltzer & SchroederSaltzer & Schroeder’’ssDesign PrinciplesDesign Principles11© 2005 Simson Garfinkel21“The Protection of Information in ComputerSystems,” (Saltzer & Schroeder, 1975)– Economy of mechanism– Fail-safe defaults– Complete mediation– Open design– Separation of privilege– Least Privilege– Least Common Mechanism– Psychological AcceptabilityCreating forsecuringoperatingsystems,but generallyapplicable.© 2005 Simson Garfinkel22Economy of mechanism“The design of the system should be small andsimple so that it can be verified and correctlyimplemented.”– Example: A mechanical lock.12© 2005 Simson Garfinkel23Fail-safe defaults“Base access decisions on permission ratherthan exclusion.”By default, do not grant access.– Example: Disabling services on a web serverwhen the program is first installed..© 2005 Simson Garfinkel24Complete Mediation“Every access should be checked for properauthorization.”Example: Access control inside the corporatefirewall.13© 2005 Simson Garfinkel25Open Design“Security should not depend upon theignorance of the attacker. This criterionprecludes back doors in systems, which giveaccess to users who know about them.”Example: Linux.© 2005 Simson Garfinkel26Separation of privilege“Where feasible, a protection mechanism thatrequires two keys to unlock it is more robustand flexible than one that allows access to thepresenter of only a single key.”Counter-example: root14© 2005 Simson Garfinkel27Principle of Least Privilege“Every user and process should have theminimum amount of access rights necessary.Least privilege limits the damage that can bedone by malicious attackers and errors alike.”Example: A key for the cleaning closet.© 2005 Simson Garfinkel28Least Common Mechanism“Minimize the amount of mechanism commonto more than one user and depended on by allusers… Users should be isolated from oneanother by the system. This limits both covertmonitoring and cooperative efforts to overridesystem security mechanisms.”Example: The operating system kernel.15© 2005 Simson Garfinkel29Psychological acceptability“The security controls must be easy to use sothat users routinely and automatically apply theprotection mechanisms correctly…”Also, mental models should match theunderlying mechanisms.Example:PrivacyPrivacy16© 2005 Simson Garfinkel31The word “privacy” means different thingsin different contexts.Freedom from intrusion.Control of personal information.(“False light.”)Control of one’s image or name.(“Misappropriation.”)© 2005 Simson Garfinkel32The nature of the privacy threat haschanged over the past 50 years.Threat #1: The


Download Introduction to Computer Security and Privacy
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Introduction to Computer Security and Privacy and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Introduction to Computer Security and Privacy 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?