Upload
adah
View
48
Download
0
Tags:
Embed Size (px)
DESCRIPTION
IT Security: General Trends and Research Directions. Sherif El-Kassas Department of Computer Science The American University in Cairo. Outline. Practical considerations Academic and research perspective National perspective. Practical considerations. - PowerPoint PPT Presentation
Citation preview
IT Security: General Trends IT Security: General Trends and Research Directionsand Research Directions
Sherif El-KassasSherif El-Kassas
Department of Computer ScienceDepartment of Computer Science
The American University in CairoThe American University in Cairo
OutlineOutline
Practical considerationsPractical considerations
Academic and research perspectiveAcademic and research perspective
National perspectiveNational perspective
Practical considerationsPractical considerations
Types of attacks on the IT infrastructureTypes of attacks on the IT infrastructure
TechnicalTechnicalPhysicalPhysicalSocialSocial
Technical AttacksTechnical Attacks
~ 80% Considered the easiest to defend ~ 80% Considered the easiest to defend against (easiest doesn't mean easy)against (easiest doesn't mean easy)
The remaining ~ 20% are difficult!The remaining ~ 20% are difficult!Examples include forms of technical Examples include forms of technical
hacking, automated attacks, Malicious hacking, automated attacks, Malicious software, …etc.software, …etc.
Typical attackTypical attack
Incident and Vulnerability Trends,http://www.cert.org/present/cert-overview-trends/
Automated attacks viaAutomated attacks viaWorms, Trojans, & VirusesWorms, Trojans, & Viruses
The Slammer worm!The Slammer worm! The fastest mass The fastest mass
attack in historyattack in history It doubled in size It doubled in size
each 8.5 secondseach 8.5 seconds It infected 90% of It infected 90% of
vulnerable systems vulnerable systems in 10 minutes!in 10 minutes!
Slammer after a few minutesSlammer after a few minutes
D. Moore and others, Inside the Slammer Worm, IEEE Security & Privacy, July/August, 2003
Geographic DistributionGeographic Distribution
D. Moore and others, Inside the Slammer Worm, IEEE Security & Privacy, July/August, 2003
Flash WormsFlash Worms“[…] infecting 95% of hosts in 510ms, and 99% in 1.2s.”Staniford and others, The Top Speed of Flash Worms, www.caida.org/outreach/papers/2004/topspeedworms/
Google wormsGoogle worms
“inurl:id= filetype:asp site:gov” – 572,000 results
The Hacking Evolution: New Trends in Exploits and Vulnerabilities, www.sans.org
Physical AttacksPhysical Attacks
Combine physical and technical intrusionsCombine physical and technical intrusionsHigh risk for attacker, but may provide High risk for attacker, but may provide
quicker access to sensitive resourcesquicker access to sensitive resourcesExamples include: trashing, hardware Examples include: trashing, hardware
loggers, …etc.loggers, …etc.
http://keystroke-loggers.staticusers.net/
http://www.keyghost.com/
http://www.amecisco.com/hkstandalone.htm
http://www.littlepc.com/products_wireless.htm
Social & Semantic AttacksSocial & Semantic Attacks
Rely on attacking the users of the Rely on attacking the users of the systems, using social engineering, and systems, using social engineering, and possibly assisted with technical toolspossibly assisted with technical tools
Reported to be the most effective and low Reported to be the most effective and low risk (from the attacker’s point of view)risk (from the attacker’s point of view)
Examples include fake web sites, Examples include fake web sites, pphishing, ..etc.hishing, ..etc.
Phishing & Semantic AttacksPhishing & Semantic Attacks
Please update your billing information Please update your billing information by clicking […]:by clicking […]:
<a <a href="http://cgi4.ebay.com/ws/eBayISAPIhref="http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=.dll?MfcISAPICommand=
RedirectToDomain&DomainUrl=RedirectToDomain&DomainUrl=
http://goens.net/.www.ebay.com/" http://goens.net/.www.ebay.com/" onMouseOut="status='';return true" onMouseOut="status='';return true" target=_blanktarget=_blank
onMouseOver="status=‘onMouseOver="status=‘
https://billing.ebay.com/';return https://billing.ebay.com/';return true">true">
https://billing.ebay.com/</a>https://billing.ebay.com/</a>
http://avirubin.com/passport.html
Technologiesand
Tools
What are we doing about the threat!What are we doing about the threat!
Perspective to security:Perspective to security:
Prevention Prevention
What are we doing about the threat!What are we doing about the threat!
Perspective to security:Perspective to security:
Security = Security = Prevention + Prevention +
Detection + Detection +
ResponseResponse
What are we doing about the threat!What are we doing about the threat!
Layered view of information securityLayered view of information security
Network
System
Applications
Data & InformationSD
Products are Necessary, but not Sufficient!
Security is a Process
A Security ProcessA Security Process
Security Quality Standards
ISO17799 / BS 7799ISO17799 / BS 7799
1.1. Business Continuity PlanningBusiness Continuity Planning2.2. System Access ControlSystem Access Control3.3. System Development and MaintenanceSystem Development and Maintenance4.4. Physical and Environmental SecurityPhysical and Environmental Security5.5. ComplianceCompliance6.6. Personnel SecurityPersonnel Security7.7. Security OrganizationSecurity Organization8.8. Computer & Network ManagementComputer & Network Management9.9. Asset Classification and ControlAsset Classification and Control10.10. Security PolicySecurity Policy
Common Criteria for Information Common Criteria for Information Technology Security EvaluationTechnology Security Evaluation
Rooted in the Orange book or the DoD Rooted in the Orange book or the DoD Trusted Computer System Evaluation Trusted Computer System Evaluation CriteriaCriteria
ISO 15408ISO 15408
http://csrc.nist.gov/cc/http://csrc.nist.gov/cc/
Academic & research perspectiveAcademic & research perspective::
Future Directions and IssuesFuture Directions and Issues
www.cra.org/Activities/grand.challenges/security/home.html
www.cra.org/Activities/grand.challenges/security/home.html
National Perspective
T R U S T
Ken Thompson: on Trusting TrustKen Thompson: on Trusting Trust
The moral is obviousThe moral is obvious. . You can't trust You can't trust code that you did not totally create code that you did not totally create yourselfyourself. (. (Especially code from Especially code from companies that employ people like mecompanies that employ people like me.) .)
[…][…]
A well installed microcode bug will be A well installed microcode bug will be almost impossible to detectalmost impossible to detect..
www.acm.org/classics/sep95/
http://www.iwm.org.uk/online/enigma/eni-intro.htm
Research and DevelopmentResearch and Development
CryptologyCryptologyCryptographyCryptography
Theoretical research: number theory, Theoretical research: number theory, algebraic geometry, complexity theory, graph algebraic geometry, complexity theory, graph theory, …etc.theory, …etc.
Research for the development of new (or Research for the development of new (or bespokebespoke) cryptographic algorithms and ) cryptographic algorithms and protocolsprotocols
CryptanalysisCryptanalysis tools research (e.g., grid computing)tools research (e.g., grid computing)
Security Policy ModelsSecurity Policy Models
Fundamentals of security models (e.g., Fundamentals of security models (e.g., Multi level vs. multi lateral security)Multi level vs. multi lateral security)
National (possibly government) security National (possibly government) security policy modelspolicy models
Evaluating and auditing methodologies for Evaluating and auditing methodologies for national and established models (e.g., ISO national and established models (e.g., ISO 17799, and CC / ISO 15408)17799, and CC / ISO 15408)
Computing modelsComputing models
Failure resistant systemsFailure resistant systemsDigital immune systems (and anti virus Digital immune systems (and anti virus
systems)systems)http://www.research.ibm.com/antivirus/http://www.research.ibm.com/antivirus/http://www.ibm.com/autonomichttp://www.ibm.com/autonomic
AI and NN applicationsAI and NN applications
Security management and Security management and system development issuessystem development issues
Incremental and Agile development Incremental and Agile development methods (Iterative, XP)methods (Iterative, XP)
Threat modeling and risk analysis (threat Threat modeling and risk analysis (threat trees, ..etc.)trees, ..etc.)Good opportunity for interdisciplinary research Good opportunity for interdisciplinary research
with economicswith economicsApplications and use of formal methods in Applications and use of formal methods in
security (BAN logic, B, Z, ..etc.)security (BAN logic, B, Z, ..etc.)
Hardware and physical security Hardware and physical security related issuesrelated issues
Engineering embedded hardware security Engineering embedded hardware security devices (e.g., ARM processor core like devices (e.g., ARM processor core like systems)systems)
Tamper resistant/evident systemsTamper resistant/evident systemsEmission and tempest securityEmission and tempest securityResisting High-power microwaveResisting High-power microwave
Firewalls and network isolationFirewalls and network isolation
Distributed firewall systemsDistributed firewall systemsThe use of agent technologiesThe use of agent technologies
Application level firewalls for Web services Application level firewalls for Web services and similar technologiesand similar technologies
Firewalls to face challenges paused by Firewalls to face challenges paused by new technologies: IP telephony, wireless new technologies: IP telephony, wireless networks, …etc.networks, …etc.
Intrusion Detection and PreventionIntrusion Detection and Prevention
High performance IDS systemsHigh performance IDS systemsApplications of NNs, GAs, and other AI Applications of NNs, GAs, and other AI
techniquestechniquesApplications of data miningApplications of data miningStatistical modeling and correlationStatistical modeling and correlation
Authentication and access controlAuthentication and access control
BiometricsBiometrics
SmartcardsSmartcards
Other systems (secure hardware!)Other systems (secure hardware!)
Application securityApplication security
EducationEducation IDS/IPS for applicationsIDS/IPS for applicationsLibraries and design patternsLibraries and design patternsMore..More..
Research aimed at better Research aimed at better understanding attack understanding attack technologies and trends technologies and trends
National Honynet like projectNational Honynet like projectLarge scale data collection and statistical Large scale data collection and statistical
trend analysis researchtrend analysis researchVulnerability researchVulnerability research
Other issuesOther issues
Computer ForensicsComputer ForensicsTelecommunications securityTelecommunications security
Systems, Metering, Signaling, SwitchingSystems, Metering, Signaling, SwitchingMobile phone security (cloning, GSM security, Mobile phone security (cloning, GSM security,
…etc.)…etc.)Secure hardwareSecure hardwarePKI & PMIPKI & PMILegal issuesLegal issues
ConclusionsConclusions Security is a wide and challenging fieldSecurity is a wide and challenging field Developers:Developers:
Look for shiftsLook for shifts The phone is the computerThe phone is the computer The application is the security problemThe application is the security problem Web services and virtual computingWeb services and virtual computing Think servicesThink services
Researches:Researches: Risk modelingRisk modeling Fundamental issuesFundamental issues Don’t be swayed by fadsDon’t be swayed by fads
Government:Government: Adopt standards and security processAdopt standards and security process DiversifyDiversify Think in terms of threat pyramidsThink in terms of threat pyramids Manage trustManage trust Encourage R&D Encourage R&D
Questions?Questions?Links:Links:
[email protected]@aucegypt.eduwww.cs.aucegypt.edu/~skassas/ict-asrt/www.cs.aucegypt.edu/~skassas/ict-asrt/www.cert.orgwww.cert.orgwww.sans.orgwww.sans.org
IEEEIEEE16th IEEE Computer Security Foundations Workshop (CSFW'03)16th IEEE Computer Security Foundations Workshop (CSFW'03)19th Annual Computer Security Applications Conference19th Annual Computer Security Applications ConferenceFoundations of Intrusion Tolerant Systems (OASIS'03)Foundations of Intrusion Tolerant Systems (OASIS'03)2003 IEEE Symposium on Security and Privacy2003 IEEE Symposium on Security and Privacyhttp://csdl.computer.org/http://csdl.computer.org/
ACMACMConference on Computer and Communications SecurityConference on Computer and Communications SecurityNew Security Paradigms WorkshopNew Security Paradigms WorkshopWireless SecurityWireless SecurityWorkshop On Xml SecurityWorkshop On Xml Securityhttp://portal.acm.org/http://portal.acm.org/
Recent Advances in Intrusion DetectionRecent Advances in Intrusion Detectionhttp://www.raid-symposium.org/http://www.raid-symposium.org/