Introduction to Cybersecurity - Systems Security: Part 1 - Prof. Dr. Michael Backes Director, CISPA – Center for IT Security, Privacy, and Accountability Chair for IT-security & Cryptography
General Information Correct formatting (Tutorial group 1, Exercise 1): [1][Exercise 1] No additional whitespaces! No <>! New submission mail address to avoid confusion: submissions-cysec16@cs.uni-saarland.de - Different prefix than regular mailing list - Old submission addresses still work Exercise groups start on Wednesday Foundations of Cybersecurity 2016 1
Last Lecture Organizational matters Commercialization of cyber attacks What is cyber security and what has to be protected - Hardware, software stack, crypto, network - Software exploits, hardware hacks, side- channels, … Intro to cryptography - Ancient ciphers: Caesar, Substitution cipher, Vigenère cipher, Enigma - Cryptanalysis of ancient ciphers Foundations of Cybersecurity 2016 2
Part I: System Security http://dilbert.com/strips/comic/2005-09-12/ Foundations of Cybersecurity 2016 3
The Programmer’s Blues Foundations of Cybersecurity 2016 4
Heartbleed Serious vulnerability in the popular OpenSSL cryptographic software library - Missing bounds check before a memory copy operation that uses non-sanitized user input as the length parameter - Not a crypto error, but an implementation error! Allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of OpenSSL - Private keys - In-memory decrypted packets received via SSL connection - Etc. Foundations of Cybersecurity 2016 5
How Heartbleed works http://xkcd.com/1354/ Foundations of Cybersecurity 2016 6
Chapter “System Security” Overview This lecture: Security Principles & Authentication User 2 nd lecture: Access Control & Malware 3 rd lecture: Hijacking control flows Software Crypto OS Hardware Foundations of Cybersecurity 2016 7
Chapter “System Security” Overview Practical security (How to exploit vulnerabilities?) - Security principles - Basic design of (in-)secure systems - Basics of access control, malware - How to hijack control in computer systems? - How to defend against such control hijacking attacks? - Authentication methods Project: Learn about basic control-flow hijacking Some advanced topics are part of follow-up lectures (Security, Security Engineering) Foundations of Cybersecurity 2016 8
Recommended Literature William Stallings, Lawrie Brown. “Computer Security: Principles and Practice.” ISBN-13: 978-0135137116 (third, international edition) - Chapter 1: Overview Chapter 3: Authentication - - Chapter 4: Access Control Only Sections 4.1-4.5 - - Chapter 6: Malicious Software - Chapter 10: Buffer Overflow - Chapter 13: Trusted Computing and Multilevel Security • Only Sections 13.1 and 13.3 David Basin, Patrick Schaller, Michael Schläpfer . “Applied Information Security: A Hands - On Approach.” ISBN: 978-3-642-43632-1 - Chapter 1: Security Principles - Chapter 4: Authentication and Access Control Chapter 6: Web Application Security - Jerome Saltzer , Michael Schroeder. “The Protection of Information in Computer System.” In Proceedings of the IEEE, volume 63, pages 1278 — 1308, 1975 Foundations of Cybersecurity 2016 9
Security Principles Prof. Dr. Michael Backes 11.11.2016
General Notions Subject - Active entity (e.g., user or a system acting on behalf of a user) Object - Passive entity (e.g., data container like files, directories, etc.) - General assumption: Access to an object gives access to the objects’ data content ( information ) • Information is encoded/represented as various forms of data Subject Object If authorized: (e.g., User (e.g., Resource Accesses and operates on process) like File) Subject is Authorized : Allowed by security policy to access object Foundations of Cybersecurity 2016 11
Refresher: Classic Information Security Goals Confidentiality Assure that information is not disclosed to unauthorized principals - Integrity - Data: Prevent unauthorized modification of programs and information System: Assure that system performs its intended function in an unimpaired manner, - free from unauthorized manipulation Availability - Guarantee reliable access to information and services by authorized principals Further important goals: - Accountability: Trace actions of an entity uniquely back to that entity - Authenticity: Property of being genuine and being able to be verified and trusted - Privacy, Non-repudiation, Anonymity, Unlinkability Depending on context, not always easy to define precisely Sometimes contradicting and not easy to combine - Anonymity vs accountability Foundations of Cybersecurity 2016 12
12 Security Principles High level goals - Security best practices - Applicability depends on concrete context Especially applies to secure software design - Emphasizes clean and secure design Often requires trade-offs Foundations of Cybersecurity 2016 13
VS https://cdn1.coolstuff.com/autogen/preset/aspectThumb/960x720/6305517763ac93f87c1e5babc5d657c7.jpg http://www.richter-spielgeraete.de/tl_system/content/de/01_Produkte/xx_Piktogramme/3.63390.gif Foundations of Cybersecurity 2016 14
Simplicity Keep it simple. Applies to any engineering and implementation task: The simpler the solution - the easier to understand, analyze, and review - less likely to contain flaws Negative examples: Monolithic operating systems, browser, email clients 10 1400 Thunderbird Linux kernel WEIGHTED CVSS SCORE Firefox 1200 # VULNERABILITIES 8 Firefox Win Xp Chrome 1000 OS X Chrome Bash 6 Thunderbird 800 OS X Tiger Win Xp 600 4 Linux kernel 400 2 200 Bash 0 0 0 50 100 0 50 100 LINES OF CODE (MILLIONS) LINES OF CODE (MILLIONS) Sources: cvedetails.com openhub.net Foundations of Cybersecurity 2016 15
http://www.surface-generation.com/wp-content/uploads/2015/03/Question-mark-box-620-x-350.jpg Foundations of Cybersecurity 2016 16
Open Design The security of a system should not depend on the secrecy of its protection mechanisms. Avoid “Security by obscurity” In crypto a.k.a. Kerckhoffs ’ principle Security should depend on possession of secrets only (passwords, keys, …) - Simply not possible to maintain secrecy of a system that should be distributed (e.g., reverse engineering) Intuitive example: Securing a door does not rely on attacker’s ignorance to operating a door, but on possession of the key and security of lock mechanism - Today’s de -facto crypto mechanisms all developed with open design Counter examples: DRM mechanisms (e.g. DVD, Playstation ,…), KeeLoq, Windows NT LAN Manager, Mifare classic (basis for old UdS card) Foundations of Cybersecurity 2016 17
http://uncrate.com/p/2008/03/oxo-pop-containers.jpg Foundations of Cybersecurity 2016 18
Compartmentalization Organize resources into isolated groups of similar needs. Groups (or compartments) isolated from each other with limited communication between compartments over controlled channel Facilitates simplification of design (“divide -and- conquer” approach); attacks or errors contained to affected compartment; security-sensitive functionality can be in dedicated hardened compartment Compartmentalization at different levels: - User-space vs kernel space Memory space (between processes; data vs code) - - Modularization of software - µKernel Network Network - Virtual machines User input User device System - Network zones File system File system Problem: Not always possible to completely isolate Monolithic design resources/functionality - Tightly control channel between compartments Network Network and compartment interfaces User input User display Intuitive Example: Compartmentalized submarine design File system File system Example: µKernel vs monolithic kernel µKernel with compartmentalization Foundations of Cybersecurity 2016 19
https://www.google.de/maps/@48.8547067,2.3438011,17z Foundations of Cybersecurity 2016 20
Minimum Exposure Minimize the attack surface a system presents to the adversary. Reduce external interfaces to a minimum - E.g., network-listening services of a computer system http://www.bryanandrews.org/wp-content/uploads/2001/11/nmap-banner-scan-example.png Limit amount of information given away that can help an adversary - E.g., error pages of webservers provide information about the software versions http://articles.slicehost.com/assets/2008/12/5/apache-404-footer.jpg Minimize the window of opportunity for an adversary to attack - E.g., limit the number of failed password attempts before locking account http://cache.clickonf5.org/wp-content/uploads/2009/12/twitterlocked_thumb.png Foundations of Cybersecurity 2016 21
http://melaniejor.typepad.com/.a/6a00e54fd1fc4388340133f2f9498f970b-pi http://www.keyring.com/images/products/detail/92400_Split_key_ring.jpg http://thumbs.dreamstime.com/t/blue-house-22708798.jpg http://cliparts.co/cliparts/qcB/X7G/qcBX7Ga4i.jpg Foundations of Cybersecurity 2016 22
Recommend
More recommend