IntroductionCS461/ECE422 — Computer Security I — Spring 2012

Nikita Borisov — UIUC 2

What is Computer Security?

Computing in the presence of an adversary

Adversary (threat agent)An entity that attacks, or is a threat to, a system.

AttackAn assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system.[source: RFC 2828]

2012-01-17

Nikita Borisov — UIUC 3

More definitions

Security Services Prevent “bad” things from happening Mechanism

Security Policies Define what is “bad” and what is “good” Policy

2012-01-17

Nikita Borisov — UIUC 4

New Perspective

Area Usual perspective Security perspective

Reliability Random failures Deliberate failures

Usability User confusion User deception

Programming languages (memory safety)

Crashes Entrance vector

Software engineering (bugs)

Software quality Attack vectors

2012-01-17

Nikita Borisov — UIUC 5

Holistic Perspective

Security only as good as weakest link

Must understand all parts of the system O/S Networking Devices Physical security People

We will cover some of these topics2012-01-17

Nikita Borisov — UIUC 6

Exercise

Task: log into online bank account to transfer funds

What are the vulnerabilities?

2012-01-17

Nikita Borisov — UIUC

Computer Security Concepts Confidentiality

Keeping data and resources hidden Privacy

Integrity Data integrity (integrity) Origin integrity (authentication)

Availability Enabling access to data and resources

2012-01-17Slide #1-7

Nikita Borisov — UIUC 8

A couple more security concepts• Authenticity• Property of being genuine. Can be

verified and trusted• Accountability • Actions of an entity can be traced

uniquely to that entity• Nonrepudiation or “you can’t escape

your past”.

2012-01-17

Nikita Borisov — UIUC

Threat Terms

Threat – Set of circumstances that has the potential to cause loss or harm. Or a potential violation of security.

Vulnerability – Weakness in the system that could be exploited to cause loss or harm

Attack – When an entity exploits a vulnerability on system

Control or Countermeasure – A means to prevent a vulnerability from being exploited

Slide #1-92012-01-17

Nikita Borisov — UIUC 10

Concept Diagram

Security entails: Identifying assets Identifying

vulnerabilities Designing

countermeasures Assessing risk

[Figure 1.2 from Stallings & Brown]2012-01-17

Nikita Borisov — UIUC

Example

Slide #1-112012-01-17

Nikita Borisov — UIUC

Classes of Threats

Disclosure – Unauthorized access to information

Deception – Acceptance of false data Disruption – Interruption or

prevention of correct operation Usurpation – Unauthorized control of

some part of a system

Slide #1-122012-01-17

Nikita Borisov — UIUC

Some common threats

Snooping or interception Unauthorized interception of information

Falsification Unauthorized change of information

Masquerading or spoofing An impersonation of one entity by

another Repudiation

A false denial that an entity received some information.

Slide #1-132012-01-17

Nikita Borisov — UIUC

Defining Security

Policy A statement of what is and what is not

allowed Divides the world into secure and non-

secure states A secure system starts in a secure state.

All transitions keep it in a secure state. Mechanism or Implementation

A method, tool, or procedure for enforcing a security policy

Prevent, detect, response, or recovery Slide #1-142012-01-17

Nikita Borisov — UIUC

Is this situation secure?

Web server accepts all connections No authentication required Self-registration Connected to the Internet

Slide #1-152012-01-17

Nikita Borisov — UIUC

Trust and Assumptions

Locks prevent unwanted physical access. What are the assumptions this

statement builds on?

Slide #1-162012-01-17

Nikita Borisov — UIUC

Policy Assumptions

Policy correctly divides world into secure and insecure states.

Mechanisms prevent transition from secure to insecure states.

Slide #1-172012-01-17

Nikita Borisov — UIUC

Another Policy Example

Bank officers may move money between accounts.

Any flawed assumptions here?

Slide #1-182012-01-17

Nikita Borisov — UIUC

Assurance

Evidence of how much to trust a system

Evidence can include System specifications Design Implementation

Slide #1-192012-01-17

Nikita Borisov — UIUC

Aspirin Assurance Example

Why do you trust Aspirin from a major manufacturer? FDA certifies the aspirin recipe Factory follows manufacturing standards Safety seals on bottles

Analogy to software assurance

Slide #1-202012-01-17

Nikita Borisov — UIUC

Key Points

Must look at the big picture when securing a system

Main components of security Confidentiality Integrity Availability

Differentiating Threats, Vulnerabilities, Attacks and Controls

Policy vs mechanism Assurance

Slide #1-212012-01-17

Nikita Borisov — UIUC

Administrivia

Staff Nikita Borisov, instructor Qiyan Wang, TA

Communications Class web page

http://www.cs.illinois.edu/class/sp12/cs461

Newsgroupclass.sp12.cs461

More to come next classSlide

#1-222012-01-17

Nikita Borisov — UIUC 23

Two lectures / week Each lecture:

Starts 8am sharp i-Clicker review questions 5-minute break halfway through

Active learning exercises ~1 per week Help keep you awake! Bring pen, paper

Class Format

2012-01-17

Nikita Borisov — UIUC

Grading

Midterm: 20% Final: 40% Homework: 15%

Every 1-2 weeks Security analysis: 15%

See next slide Participation: 10% Extra project worth 20% for grad

students taking for 4 credits

Slide #1-242012-01-17

Nikita Borisov — UIUC 25

Security is all around

Last few days of Slashdot

2012-01-17

Nikita Borisov — UIUC 26

Your tasks

Analyze a current event Report what happened Describe threats, vulnerabilities, assets,

and risks involved Identify lessons

Analyze an existing system Perhaps one you encounter in daily life▪ Pictures are great

Describe threats, vulnerabilities, assets, and risks involved

2012-01-17

Nikita Borisov — UIUC 27

Analysis Requirements

Total requirements: 3 in a semester At least one current event and one

existing system Due Feb 14, Mar 13, Apr 17

May be done in groups 1-3 students per group

Posted in forum TBA

2012-01-17

Nikita Borisov — UIUC 28

Participation Requirements

i-Clicker participation Comments / questions in class, on

newsgroup Discussion of security analyses

100% participation not required for 100% of grade

2012-01-17

Nikita Borisov — UIUC

A Few Words on Class Integrity Review department and university

cheating and honor codes: https://agora.cs.illinois.edu/display/under

gradProg/Honor+Code http://admin.illinois.edu/policy/code/artic

le1_part4_1-402.html This has been an issue in the past Expectations for exams, homeworks,

projects, and papers

Slide #1-292012-01-17

Nikita Borisov — UIUC

Class Readings

Main text: Computer Security: Principles and

Practice by William Stallings and Lawrie Brown

Additional readings provided via compass or public links

Books on reserve at the library

Slide #1-302012-01-17

Nikita Borisov — UIUC

Security Classes at UIUC

Three introductory courses Computer Security I (CS461/ECE422)▪ Covers NSA 4011 security professional requirements▪ Taught every semester (mostly)

Computer Security II (CS463/ECE424)▪ Continues in greater depth on more advanced security

topics▪ Taught every 1-2 semesters

Applied Computer Security Lab (CS460/ECE419)▪ With CS461 covers NSA 4013 system administrator

requirements Two of the three courses will satisfy the

Security Specialization in the CS track for Computer Science majors.

Slide #1-312012-01-17

Nikita Borisov — UIUC

More Security Classes at UIUC Cryptography

Theoretical foundations (Prabhakaran) Applied cryptography (Prabahkaran &

Borisov) Number theory (Blahut)

Security Reading Group CS591RHC Advanced Computer Security CS563 Local talks

http://www.iti.illinois.edu/content/seminars-and-events

ITI Security Roadmap http://www.iti.illinois.edu/content/security

Slide #1-322012-01-17