Embed Size (px)
Citation preview
Introduction to Computer SecurityCourse Introduction
Pavel LaskovWilhelm Schickard Institute for Computer Science
Computer security in headlines
Motivation for security abuse
Intelligence and military use (5th century BC – 1980’s)“security by obscurity”, crypto-wars
Hacker spirit, fun and fame (1980’s – 2000’s)Pwnie, CCC, CTF
Cybercrime, monetary gain (2000’s – currently)Phishing, botnets, spam
Political goals, cyberconflict (2007 – currently)Attack on Estonia, Russian-Georgian conflict, Stuxnet
“Hacktivism” (2011 – currently)
Motivation for security abuse
Intelligence and military use (5th century BC – 1980’s)“security by obscurity”, crypto-wars
Hacker spirit, fun and fame (1980’s – 2000’s)Pwnie, CCC, CTF
Cybercrime, monetary gain (2000’s – currently)Phishing, botnets, spam
Political goals, cyberconflict (2007 – currently)Attack on Estonia, Russian-Georgian conflict, Stuxnet
“Hacktivism” (2011 – currently)
Motivation for security abuse
Intelligence and military use (5th century BC – 1980’s)“security by obscurity”, crypto-wars
Hacker spirit, fun and fame (1980’s – 2000’s)Pwnie, CCC, CTF
Cybercrime, monetary gain (2000’s – currently)Phishing, botnets, spam
Political goals, cyberconflict (2007 – currently)Attack on Estonia, Russian-Georgian conflict, Stuxnet
“Hacktivism” (2011 – currently)
Motivation for security abuse
Intelligence and military use (5th century BC – 1980’s)“security by obscurity”, crypto-wars
Hacker spirit, fun and fame (1980’s – 2000’s)Pwnie, CCC, CTF
Cybercrime, monetary gain (2000’s – currently)Phishing, botnets, spam
Political goals, cyberconflict (2007 – currently)Attack on Estonia, Russian-Georgian conflict, Stuxnet
“Hacktivism” (2011 – currently)
Motivation for security abuse
Intelligence and military use (5th century BC – 1980’s)“security by obscurity”, crypto-wars
Hacker spirit, fun and fame (1980’s – 2000’s)Pwnie, CCC, CTF
Cybercrime, monetary gain (2000’s – currently)Phishing, botnets, spam
Political goals, cyberconflict (2007 – currently)Attack on Estonia, Russian-Georgian conflict, Stuxnet
“Hacktivism” (2011 – currently)
Motivation for security abuse
Intelligence and military use (5th century BC – 1980’s)“security by obscurity”, crypto-wars
Hacker spirit, fun and fame (1980’s – 2000’s)Pwnie, CCC, CTF
Cybercrime, monetary gain (2000’s – currently)Phishing, botnets, spam
Political goals, cyberconflict (2007 – currently)Attack on Estonia, Russian-Georgian conflict, Stuxnet
“Hacktivism” (2011 – currently)
Computer security in numbers
New malicious code samples observed (Symantec)
Technische Universität Berlin
Gefährliches Internet
» Internet als Risikofaktor?
» Omnipräsenz von Angriffen, Würmern und Viren» Massive Schäden bei Unternehmen und Bürgern» Zunehmende Kriminalisierung von Schadsoftware
0
750.000
1.500.000
2.250.000
3.000.000
2002 2003 2004 2005 2006 2007 2008 2009
Neuer Schadcode pro Jahr (Symantec)
Why are computer systems insecure?
Growing complexity of computer systemslarge number of components, complex interaction
High competitionshort “time-to-market”, high ROI
Leveraging of risks through high connectivityworm outbreaks, botnets
Slow incident response“incident hiding”, manual handling
Human error
What can go wrong will go wrong!
Why are computer systems insecure?
Growing complexity of computer systemslarge number of components, complex interaction
High competitionshort “time-to-market”, high ROI
Leveraging of risks through high connectivityworm outbreaks, botnets
Slow incident response“incident hiding”, manual handling
Human error
What can go wrong will go wrong!
Why are computer systems insecure?
Growing complexity of computer systemslarge number of components, complex interaction
High competitionshort “time-to-market”, high ROI
Leveraging of risks through high connectivityworm outbreaks, botnets
Slow incident response“incident hiding”, manual handling
Human error
What can go wrong will go wrong!
Why are computer systems insecure?
Growing complexity of computer systemslarge number of components, complex interaction
High competitionshort “time-to-market”, high ROI
Leveraging of risks through high connectivityworm outbreaks, botnets
Slow incident response“incident hiding”, manual handling
Human error
What can go wrong will go wrong!
Why are computer systems insecure?
Growing complexity of computer systemslarge number of components, complex interaction
High competitionshort “time-to-market”, high ROI
Leveraging of risks through high connectivityworm outbreaks, botnets
Slow incident response“incident hiding”, manual handling
Human error
What can go wrong will go wrong!
Why are computer systems insecure?
Growing complexity of computer systemslarge number of components, complex interaction
High competitionshort “time-to-market”, high ROI
Leveraging of risks through high connectivityworm outbreaks, botnets
Slow incident response“incident hiding”, manual handling
Human error
What can go wrong will go wrong!
Why are computer systems insecure?
Growing complexity of computer systemslarge number of components, complex interaction
High competitionshort “time-to-market”, high ROI
Leveraging of risks through high connectivityworm outbreaks, botnets
Slow incident response“incident hiding”, manual handling
Human error
What can go wrong will go wrong!
Human error: a case study
Human error: a case study
Human error: a case study
Human error: a case study
Human error: a case study
Human error: a case study
Human error: lessons learned
Users make errorselaborate social engineering designtime pressure
Significant monetary motivationBusiness efficiency via Internet
Security instruments
Security instruments
Security instruments
Prevention
Detection
Reaction
Prevention instruments
Goal: enforce certain operational policies.Examples:
Encrypt messages during transmission over public networks.Require user authentication for certain services.Control access to different resources.
Limitations:Not always applicable, e.g. in open systems such as webservices.Strong assumptions, can be circumvented.
Detection instruments
Goal: detect violations of security policies.Examples:
Antivirus scanners: detection of malicious code or behavior.Intrusion detection systems: detection of attacks in networktraffic.Detection of malicious websites.
Limitations:Significant latency in decisions.Significant workload: a detection system without an operator isuseless.
Reaction instruments
Goals:Understand the root causes of successful attacks.Update prevention mechanisms.Real-time response, autonomous decisions.
Examples:Computer forensics: investigation of infected systems.Malware collection and analysis.Intelligent firewalls.
Limitations:Even larger latency, “post-mortem” operation.Significant risk of real-time response.
What will you learn?
Findamental concepts of computer securitydry, but important!
Basic security goals and mechanismsauthentication, access control, encryption, etc.
Practical security instrumentsWindows and Linux security
Further selected topicsnetwork securitysoftware securityweb application and browser security
Coarse administration
Lectures:Wed, 14:00 (ct) – 16:00, A301
Formalities:Credit hours (diploma): 2 SWS (lectures) + 1 SWS (exercises)Credit points (B.Sc.): 3 LP (lectures) + 1 LP (exercises)
Exams and grading:diploma: oral exam by appointment, graded certificate forexercisesB.Sc: written exam at the end of semester, 30% of the finalgrade from exercises
Office hours: by appointmentCourse web page:http://www.cogsys.cs.uni-tuebingen.de/lehre/ws12/it sicherheit.html
Homework assignments
Meetings:Thu, 14:00 (ct) – 16:00, F122, on selected datesFirst meeting: 08.11
3 written homework assignments2 lab meetings and practical assignmentsTeaching assistant: Nedim SrndicEvaluation and grade:
diploma: a grade reflects the percentage of points acquired.B.Sc.: a grade contributes 30% to the final grade.
Bibliography
Dieter Gollmann.Computer Security. 3rd edition.Wiley & Sons, 2010.
Ross Anderson.Security Engineering.Wiley & Sons, 2001.
Bruce Schneier.Secrets and Lies: Digital Security in a Networked World.Wiley & Sons, 2004. (fun to read)
A typical web application
Legitimate user
BrowserWebserver
Internet
Attack: interception of communication
Legitimate user
BrowserWebserver
Internet
Attacker
Credit card number
Security goal: confidentiality
Prevention of unauthorized reading of dataPrevention of unauthorized learning of informationPotential abuse scenarios:
Discovery of confidential information (e.g. details of a businesscontract)Discovery of authentication credentials (e.g. password sniffing)
Enforcement intruments:Symmetric or asymmetric cryptographyAnonymization techniques
A typical web application
Legitimate user
BrowserWebserver
Internet
Attack: identity spoofing
Legitimate user
BrowserWebserver
Internet
Fake webserver
Attacker
Security goal: authentication
Verification of an identity of a person or a computerPrerequisite for access controlAuthentication methods:
Shared secrets (e.g. password or PIN)Ticket systems (identity cards, digital certificates)Challenge-response techniquesBiometric techniquesHuman authentication: CAPTCHA’s, Turing test, etc.
Authentication risks: identity theft
A typical web application
Legitimate user
BrowserWebserver
Internet
Attack: injection of malicious code
Legitimate user
BrowserWebserver
Internet
Attacker
Malware
XSS attack
Security goal: integrity
Prevention of malicious tampering of dataPotential abuse scenarios:
Fraudulent modification of data (e.g. 100,000¤ instead of100¤ in an online transaction request)Injection of malicious code in downloaded softwareEvading detection by modification of a compromized operatingsystem
Enforcement instruments:Integrity checking using cryptographic hash functions
A typical web application
Legitimate user
BrowserWebserver
Internet
Attack: server overload
Legitimate user
Browser
Internet
Server overloaded
Security goal: availability
A joint objective of security and dependabilityMay be caused by attacks as well as natural phenomena,such as design errors or flash crouds.Enforcement instruments:
Detection of DoS-attacksRouter and firewall reconfigurationService redundancyVirtualization
A typical web application
Legitimate user
BrowserWebserver
Internet
Attack: transaction denial by a user
Legitimate user
BrowserWebserver
Internet
Credit card charded
Transaction cancelled
Security goal: accountability
An audit trail of security-related eventsA key instrument of detection/responseA stronger form of accountability is non-repudiation:unforgeable evidence that a certain action occurred.Similar attacks as integrityEnforcement instruments:
Integrity checksRead-only auditDigital certificates and trusted third parties
Summary
Security is not a solution but an ongoing process.Security can only be achieved by a combination of technicaland organizational measures.One of the biggest security risks is a user.Security is a big challenge but lots of fun as well: a greatfield of study and research.
Next lecture
The economics of computer securitySecurity threatsSecurity design principles
