systems security part 1
play

- Systems Security: Part 1 - Prof. Dr. Michael Backes Director, - PowerPoint PPT Presentation

Introduction to Cybersecurity - Systems Security: Part 1 - Prof. Dr. Michael Backes Director, CISPA Center for IT Security, Privacy, and Accountability Chair for IT-security & Cryptography General Information Correct formatting


  1. Introduction to Cybersecurity - Systems Security: Part 1 - Prof. Dr. Michael Backes Director, CISPA – Center for IT Security, Privacy, and Accountability Chair for IT-security & Cryptography

  2. General Information  Correct formatting (Tutorial group 1, Exercise 1): [1][Exercise 1]  No additional whitespaces! No <>!  New submission mail address to avoid confusion: submissions-cysec16@cs.uni-saarland.de - Different prefix than regular mailing list - Old submission addresses still work  Exercise groups start on Wednesday Foundations of Cybersecurity 2016 1

  3. Last Lecture  Organizational matters  Commercialization of cyber attacks  What is cyber security and what has to be protected - Hardware, software stack, crypto, network - Software exploits, hardware hacks, side- channels, …  Intro to cryptography - Ancient ciphers: Caesar, Substitution cipher, Vigenère cipher, Enigma - Cryptanalysis of ancient ciphers Foundations of Cybersecurity 2016 2

  4. Part I: System Security http://dilbert.com/strips/comic/2005-09-12/ Foundations of Cybersecurity 2016 3

  5. The Programmer’s Blues Foundations of Cybersecurity 2016 4

  6. Heartbleed  Serious vulnerability in the popular OpenSSL cryptographic software library - Missing bounds check before a memory copy operation that uses non-sanitized user input as the length parameter - Not a crypto error, but an implementation error!  Allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of OpenSSL - Private keys - In-memory decrypted packets received via SSL connection - Etc. Foundations of Cybersecurity 2016 5

  7. How Heartbleed works http://xkcd.com/1354/ Foundations of Cybersecurity 2016 6

  8. Chapter “System Security” Overview  This lecture: Security Principles & Authentication User  2 nd lecture: Access Control & Malware  3 rd lecture: Hijacking control flows Software Crypto OS Hardware Foundations of Cybersecurity 2016 7

  9. Chapter “System Security” Overview  Practical security (How to exploit vulnerabilities?) - Security principles - Basic design of (in-)secure systems - Basics of access control, malware - How to hijack control in computer systems? - How to defend against such control hijacking attacks? - Authentication methods  Project: Learn about basic control-flow hijacking  Some advanced topics are part of follow-up lectures (Security, Security Engineering) Foundations of Cybersecurity 2016 8

  10. Recommended Literature  William Stallings, Lawrie Brown. “Computer Security: Principles and Practice.” ISBN-13: 978-0135137116 (third, international edition) - Chapter 1: Overview Chapter 3: Authentication - - Chapter 4: Access Control Only Sections 4.1-4.5 - - Chapter 6: Malicious Software - Chapter 10: Buffer Overflow - Chapter 13: Trusted Computing and Multilevel Security • Only Sections 13.1 and 13.3  David Basin, Patrick Schaller, Michael Schläpfer . “Applied Information Security: A Hands - On Approach.” ISBN: 978-3-642-43632-1 - Chapter 1: Security Principles - Chapter 4: Authentication and Access Control Chapter 6: Web Application Security -  Jerome Saltzer , Michael Schroeder. “The Protection of Information in Computer System.” In Proceedings of the IEEE, volume 63, pages 1278 — 1308, 1975 Foundations of Cybersecurity 2016 9

  11. Security Principles Prof. Dr. Michael Backes 11.11.2016

  12. General Notions  Subject - Active entity (e.g., user or a system acting on behalf of a user)  Object - Passive entity (e.g., data container like files, directories, etc.) - General assumption: Access to an object gives access to the objects’ data content ( information ) • Information is encoded/represented as various forms of data Subject Object If authorized: (e.g., User (e.g., Resource Accesses and operates on process) like File)  Subject is Authorized : Allowed by security policy to access object Foundations of Cybersecurity 2016 11

  13. Refresher: Classic Information Security Goals  Confidentiality Assure that information is not disclosed to unauthorized principals -  Integrity - Data: Prevent unauthorized modification of programs and information System: Assure that system performs its intended function in an unimpaired manner, - free from unauthorized manipulation  Availability - Guarantee reliable access to information and services by authorized principals  Further important goals: - Accountability: Trace actions of an entity uniquely back to that entity - Authenticity: Property of being genuine and being able to be verified and trusted - Privacy, Non-repudiation, Anonymity, Unlinkability  Depending on context, not always easy to define precisely  Sometimes contradicting and not easy to combine - Anonymity vs accountability Foundations of Cybersecurity 2016 12

  14. 12 Security Principles  High level goals - Security best practices - Applicability depends on concrete context  Especially applies to secure software design - Emphasizes clean and secure design  Often requires trade-offs Foundations of Cybersecurity 2016 13

  15. VS https://cdn1.coolstuff.com/autogen/preset/aspectThumb/960x720/6305517763ac93f87c1e5babc5d657c7.jpg http://www.richter-spielgeraete.de/tl_system/content/de/01_Produkte/xx_Piktogramme/3.63390.gif Foundations of Cybersecurity 2016 14

  16. Simplicity Keep it simple.  Applies to any engineering and implementation task:  The simpler the solution - the easier to understand, analyze, and review - less likely to contain flaws  Negative examples: Monolithic operating systems, browser, email clients 10 1400 Thunderbird Linux kernel WEIGHTED CVSS SCORE Firefox 1200 # VULNERABILITIES 8 Firefox Win Xp Chrome 1000 OS X Chrome Bash 6 Thunderbird 800 OS X Tiger Win Xp 600 4 Linux kernel 400 2 200 Bash 0 0 0 50 100 0 50 100 LINES OF CODE (MILLIONS) LINES OF CODE (MILLIONS) Sources: cvedetails.com openhub.net Foundations of Cybersecurity 2016 15

  17. http://www.surface-generation.com/wp-content/uploads/2015/03/Question-mark-box-620-x-350.jpg Foundations of Cybersecurity 2016 16

  18. Open Design The security of a system should not depend on the secrecy of its protection mechanisms.  Avoid “Security by obscurity”  In crypto a.k.a. Kerckhoffs ’ principle  Security should depend on possession of secrets only (passwords, keys, …) - Simply not possible to maintain secrecy of a system that should be distributed (e.g., reverse engineering)  Intuitive example: Securing a door does not rely on attacker’s ignorance to operating a door, but on possession of the key and security of lock mechanism - Today’s de -facto crypto mechanisms all developed with open design  Counter examples: DRM mechanisms (e.g. DVD, Playstation ,…), KeeLoq, Windows NT LAN Manager, Mifare classic (basis for old UdS card) Foundations of Cybersecurity 2016 17

  19. http://uncrate.com/p/2008/03/oxo-pop-containers.jpg Foundations of Cybersecurity 2016 18

  20. Compartmentalization Organize resources into isolated groups of similar needs.  Groups (or compartments) isolated from each other with limited communication between compartments over controlled channel  Facilitates simplification of design (“divide -and- conquer” approach); attacks or errors contained to affected compartment; security-sensitive functionality can be in dedicated hardened compartment  Compartmentalization at different levels: - User-space vs kernel space Memory space (between processes; data vs code) - - Modularization of software - µKernel Network Network - Virtual machines User input User device System - Network zones File system File system  Problem: Not always possible to completely isolate Monolithic design resources/functionality - Tightly control channel between compartments Network Network and compartment interfaces  User input User display Intuitive Example: Compartmentalized submarine design File system File system  Example: µKernel vs monolithic kernel µKernel with compartmentalization Foundations of Cybersecurity 2016 19

  21. https://www.google.de/maps/@48.8547067,2.3438011,17z Foundations of Cybersecurity 2016 20

  22. Minimum Exposure Minimize the attack surface a system presents to the adversary.  Reduce external interfaces to a minimum - E.g., network-listening services of a computer system http://www.bryanandrews.org/wp-content/uploads/2001/11/nmap-banner-scan-example.png  Limit amount of information given away that can help an adversary - E.g., error pages of webservers provide information about the software versions http://articles.slicehost.com/assets/2008/12/5/apache-404-footer.jpg  Minimize the window of opportunity for an adversary to attack - E.g., limit the number of failed password attempts before locking account http://cache.clickonf5.org/wp-content/uploads/2009/12/twitterlocked_thumb.png Foundations of Cybersecurity 2016 21

  23. http://melaniejor.typepad.com/.a/6a00e54fd1fc4388340133f2f9498f970b-pi http://www.keyring.com/images/products/detail/92400_Split_key_ring.jpg http://thumbs.dreamstime.com/t/blue-house-22708798.jpg http://cliparts.co/cliparts/qcB/X7G/qcBX7Ga4i.jpg Foundations of Cybersecurity 2016 22

Recommend


More recommend