the security theme: an...

1

Advanced Computer Science: Security Theme

The Security Theme:an introduction

School of Computer Science

The University of Manchester

1


Your imagination… Your nightmares?

2

1

2

2


Outline

• Why do we need a Security Theme?

• Core Modules

– COMP61411Cryptography

– COMP61421Cyber security

• Some Research Activities

Ratio of hackers to security professionals~ 1000:1*

Communications security

Computer security

Information security

Information assurance

Cyber security

Quality…security…trustworthiness

The laws of thermodynamics**

But you can manage the risks . . .…disrupt and counter the kill chain…

. . . taking heed of the Security Theme!

**You can’t win . . . you can’t even break even3

*SANS (SysAdmin, Audit, Network, Security) Institute


Criminal ‘hacking’-as-a-service• Consulting services such as botnet setup

($350-$400)

• Infection/spreading services (~$100 per 1K installs)

• Botnets & Rentals [Direct Denial of Service (DDoS) $535 for 5 hours a day for one week], e-mail spam ($40 / 20K e-mails) and Web spam ($2/30 posts)

• Blackhat Search Engine Optimization (SEO) ($80 for 20K spammed backlinks)

• Inter-Carrier Money Exchange and Mule services (25% commission)

• Recruited CAPTCHA Breaking($1/1000 CAPTCHAs)

• Crimeware Upgrade Modules: Using Zeus Modules as an example, range anywhere from $500 to $10K 4

Source: Fortinet Cybercrime Report

3

4

3


So we need a fifth column…

5

…to protect the systems of today

and build tomorrow’s

systems safely


Security: topics• Threat and risk assessment

• Kill chain disruption and recovery from attack

• Requirement and policy specifications

• Solutions and countermeasures

– Cryptography

– Intrusion detection/prevention

– Trustworthy software

– Authentication and authorisation

– Virtual Private Networks

– Firewalls

– Digital certification and Public Key Infrastructures

– Real‐life exemplar security systems (cloud computing security, web security, email security wireless network security, electronic payment systems, etc)

• Audits, reviews, and penetration testing

• Digital forensics

6

https://www.ncsc.gov.uk/blog-post/cybok-scope

5

6

4


• Lectures

• Guest lectures Attend guest lectures on security

matters inCOMP60721 Systems Governance too

• Cryptography– Examination (60%)

– Coursework (40%)

• Cyber security– Coursework (2x25%)

• Groupwork

• Case studies

• Report

• Review/inspect

• Templates

– Risk treatment plan

– Examination (50%)

• Employment potential

How

7


Guest Lectures (TBC)• Tim Armit

Resilience

• Sarah ClarkeSupply chains

• Jo DaltonInternet of Things

• Shavana MusaCyber lawfare

• Jon NoelMalware Evolution

• Ian Thornton-TrumpCyber security futures

• Paul VlissidisAtt&cking standards

• Colin WilliamsCyber, psy and cyborgs

• Guest ‘pentesters’KPMG

• Detective ConstableMike Roberts Digital forensics

8

7

8

5


Who they gonna call?

9


Summary: the two laws of security

1.Never reveal everything you know.

And now Dr Zhang on some projects…

10

9

10

6


• Main research interests

– Applied Cryptography

– Covers a range of interests and activities

• Risk analysis and quantification

• Security solution designs (algorithms, methods, protocols and architectures)

• Make security provisioning smart (risk-aware and/or context-aware)

• Trust management

Cyber Security

Achieving security and privacy in distributed and networked environments


Application contextsOne

• Wireless sensor networks (ID privacy, compromised node detection, auto topology learning via data aggregation)

• Mobile ad hoc networks (routing protocols, achieving QoS in the presence of mobility and security attacks)

• Cloud computing (malicious VM detections, data integrity and confidentiality protection against both external and insider threats)

Two

• IoT (smart and context-aware security provisioning; secure but privacy-preserving data collections from roaming users; key management)

• Electricity smart grids (usage data collection from millions of households, secure billing for electricity charging by electric cars)

• e-/m-banking, e-/m-commerce, e-health

• Big data computation (security as a service to support distributed computation)

11

12

7


Example research activities…1User identification via touch dynamics

• Make use of users’ touch dynamic patterns for user identification

• Integrate such a biometric authentication method with knowledge-based methods to achieve a higher level of assurance

• This is a non-intrusive authentication method - users’ touch dynamic patterns are collected during their usual mobile phone usage/interactions.

• Currently working with WorldPay to exploit this idea on mobile phones

Smart security solutions

• For more sensitive data and/or higher value assets, we go for more stringent security protections and vice versa, thus balancing security with usability and costs.

• Build automatic solutions to estimate authentication assurance levels, not just based on users’ credentials but also their environmental dynamic attributes.

• Map assurance levels to the sensitivity of resources to achieve a more fine-grained access control.


VM1 VM2 VM3 VM4

VM6 VM7 VM8

VM10

VM11

VM9 VM5

Example research activities…2

Detect botVMs in a Cloud

• Neighbourhood watch

• Evidence collection

• Forensic analysis

13

14

8


Example research activities - 3Securing distributed computation on cloud that are managed by distributed providers

• Nodes/Clusters are in distributed locations and managed by different service providers

• Services running on the nodes/clusters

• Jobs submitted to the services, jobs process data, and data may be contributed or hosted by different organisations …

• Design solutions to ensure:• authorised use/access to data and• data integrity in this context with minimum trust

on the service providers

• This can minimise impacts of security incidents (either malicious or innocent) caused by authorised insiders.

Detecting integrity drifts in e-banking transactions (one of the threats imposed by authorised insiders)

• Insiders have privileges that outsiders do not have, so they can cause more significant financial loss.

• Observations in e-transactions

• One transaction often triggers a set of multiple related-transactions handled by multiple users in multiple systems/domains.

• The users are authorised users – they are traders, system administrators and even auditors.

• Generating and using ‘fingerprints’of the multiple related-transactions can help to detect integrity drifts in real-time.


Provisional schedule…

16

15

16

9


Module Leader/Lecturers• Dr Ning Zhang

[email protected]

Network information security

• Professor Daniel Dresner Finst.ISP*[email protected]

Cyber risk management

• Dr Richard [email protected]

Cryptography

• Professor Adam Kramerfrom Barclaysleading the Penetration Testing element

17*Ask about this…


Let’s disrupt the kill chain together…

18

Reconnaissance

Weaponisation

Delivery

Exploitation

Installation

Command and control

Action on objectives

Detect

Deny

Disrupt

Degrade

Deceive

Destroy

The 7th ‘D’?

17

18

10


Digital Cyber Academy

'Tech Assists’

The big picture

19

COMP61411 Cryptography

COMP61421 Cyber security

*COMP60721 Systems governance

COMP60990 Dissertation projects

COMP61421/60721* Guest lectures

August 2018

68 365

University of Manchester

254254371

19

the security theme: an...

Documents