the security theme: an...
TRANSCRIPT
1
Advanced Computer Science: Security Theme
The Security Theme:an introduction
School of Computer Science
The University of Manchester
1
Advanced Computer Science: Security Theme
Your imagination… Your nightmares?
2
1
2
2
Advanced Computer Science: Security Theme
Outline
• Why do we need a Security Theme?
• Core Modules
– COMP61411Cryptography
– COMP61421Cyber security
• Some Research Activities
Ratio of hackers to security professionals~ 1000:1*
Communications security
Computer security
Information security
Information assurance
Cyber security
Quality…security…trustworthiness
The laws of thermodynamics**
But you can manage the risks . . .…disrupt and counter the kill chain…
. . . taking heed of the Security Theme!
**You can’t win . . . you can’t even break even3
*SANS (SysAdmin, Audit, Network, Security) Institute
Advanced Computer Science: Security Theme
Criminal ‘hacking’-as-a-service• Consulting services such as botnet setup
($350-$400)
• Infection/spreading services (~$100 per 1K installs)
• Botnets & Rentals [Direct Denial of Service (DDoS) $535 for 5 hours a day for one week], e-mail spam ($40 / 20K e-mails) and Web spam ($2/30 posts)
• Blackhat Search Engine Optimization (SEO) ($80 for 20K spammed backlinks)
• Inter-Carrier Money Exchange and Mule services (25% commission)
• Recruited CAPTCHA Breaking($1/1000 CAPTCHAs)
• Crimeware Upgrade Modules: Using Zeus Modules as an example, range anywhere from $500 to $10K 4
Source: Fortinet Cybercrime Report
3
4
3
Advanced Computer Science: Security Theme
So we need a fifth column…
5
…to protect the systems of today
and build tomorrow’s
systems safely
Advanced Computer Science: Security Theme
Security: topics• Threat and risk assessment
• Kill chain disruption and recovery from attack
• Requirement and policy specifications
• Solutions and countermeasures
– Cryptography
– Intrusion detection/prevention
– Trustworthy software
– Authentication and authorisation
– Virtual Private Networks
– Firewalls
– Digital certification and Public Key Infrastructures
– Real‐life exemplar security systems (cloud computing security, web security, email security wireless network security, electronic payment systems, etc)
• Audits, reviews, and penetration testing
• Digital forensics
6
https://www.ncsc.gov.uk/blog-post/cybok-scope
5
6
4
Advanced Computer Science: Security Theme
• Lectures
• Guest lectures Attend guest lectures on security
matters inCOMP60721 Systems Governance too
• Cryptography– Examination (60%)
– Coursework (40%)
• Cyber security– Coursework (2x25%)
• Groupwork
• Case studies
• Report
• Review/inspect
• Templates
– Risk treatment plan
– Examination (50%)
• Employment potential
How
7
Advanced Computer Science: Security Theme
Guest Lectures (TBC)• Tim Armit
Resilience
• Sarah ClarkeSupply chains
• Jo DaltonInternet of Things
• Shavana MusaCyber lawfare
• Jon NoelMalware Evolution
• Ian Thornton-TrumpCyber security futures
• Paul VlissidisAtt&cking standards
• Colin WilliamsCyber, psy and cyborgs
• Guest ‘pentesters’KPMG
• Detective ConstableMike Roberts Digital forensics
8
7
8
5
Advanced Computer Science: Security Theme
Who they gonna call?
9
Advanced Computer Science: Security Theme
Summary: the two laws of security
1.Never reveal everything you know.
And now Dr Zhang on some projects…
10
9
10
6
Advanced Computer Science: Security Theme
• Main research interests
– Applied Cryptography
– Covers a range of interests and activities
• Risk analysis and quantification
• Security solution designs (algorithms, methods, protocols and architectures)
• Make security provisioning smart (risk-aware and/or context-aware)
• Trust management
Cyber Security
Achieving security and privacy in distributed and networked environments
Advanced Computer Science: Security Theme
Application contextsOne
• Wireless sensor networks (ID privacy, compromised node detection, auto topology learning via data aggregation)
• Mobile ad hoc networks (routing protocols, achieving QoS in the presence of mobility and security attacks)
• Cloud computing (malicious VM detections, data integrity and confidentiality protection against both external and insider threats)
Two
• IoT (smart and context-aware security provisioning; secure but privacy-preserving data collections from roaming users; key management)
• Electricity smart grids (usage data collection from millions of households, secure billing for electricity charging by electric cars)
• e-/m-banking, e-/m-commerce, e-health
• Big data computation (security as a service to support distributed computation)
11
12
7
Advanced Computer Science: Security Theme
Example research activities…1User identification via touch dynamics
• Make use of users’ touch dynamic patterns for user identification
• Integrate such a biometric authentication method with knowledge-based methods to achieve a higher level of assurance
• This is a non-intrusive authentication method - users’ touch dynamic patterns are collected during their usual mobile phone usage/interactions.
• Currently working with WorldPay to exploit this idea on mobile phones
Smart security solutions
• For more sensitive data and/or higher value assets, we go for more stringent security protections and vice versa, thus balancing security with usability and costs.
• Build automatic solutions to estimate authentication assurance levels, not just based on users’ credentials but also their environmental dynamic attributes.
• Map assurance levels to the sensitivity of resources to achieve a more fine-grained access control.
Advanced Computer Science: Security Theme
VM1 VM2 VM3 VM4
VM6 VM7 VM8
VM10
VM11
VM9 VM5
Example research activities…2
Detect botVMs in a Cloud
• Neighbourhood watch
• Evidence collection
• Forensic analysis
13
14
8
Advanced Computer Science: Security Theme
Example research activities - 3Securing distributed computation on cloud that are managed by distributed providers
• Nodes/Clusters are in distributed locations and managed by different service providers
• Services running on the nodes/clusters
• Jobs submitted to the services, jobs process data, and data may be contributed or hosted by different organisations …
• Design solutions to ensure:• authorised use/access to data and• data integrity in this context with minimum trust
on the service providers
• This can minimise impacts of security incidents (either malicious or innocent) caused by authorised insiders.
Detecting integrity drifts in e-banking transactions (one of the threats imposed by authorised insiders)
• Insiders have privileges that outsiders do not have, so they can cause more significant financial loss.
• Observations in e-transactions
• One transaction often triggers a set of multiple related-transactions handled by multiple users in multiple systems/domains.
• The users are authorised users – they are traders, system administrators and even auditors.
• Generating and using ‘fingerprints’of the multiple related-transactions can help to detect integrity drifts in real-time.
Advanced Computer Science: Security Theme
Provisional schedule…
16
15
16
9
Advanced Computer Science: Security Theme
Module Leader/Lecturers• Dr Ning Zhang
Network information security
• Professor Daniel Dresner Finst.ISP*[email protected]
Cyber risk management
• Dr Richard [email protected]
Cryptography
• Professor Adam Kramerfrom Barclaysleading the Penetration Testing element
17*Ask about this…
Advanced Computer Science: Security Theme
Let’s disrupt the kill chain together…
18
Reconnaissance
Weaponisation
Delivery
Exploitation
Installation
Command and control
Action on objectives
Detect
Deny
Disrupt
Degrade
Deceive
Destroy
The 7th ‘D’?
17
18
10
Advanced Computer Science: Security Theme
Digital Cyber Academy
'Tech Assists’
The big picture
19
COMP61411 Cryptography
COMP61421 Cyber security
*COMP60721 Systems governance
COMP60990 Dissertation projects
COMP61421/60721* Guest lectures
August 2018
68 365
University of Manchester
254254371
19