Click here to load reader

Prof. Ravi Sandhu Executive Director and Endowed Introduction and Basic Concepts Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 1 [email protected] © Ravi Sandhu

  • View
    216

  • Download
    4

Embed Size (px)

Text of Prof. Ravi Sandhu Executive Director and Endowed Introduction and Basic Concepts Prof. Ravi Sandhu...

  • 1

    Introduction and Basic Concepts

    Prof. Ravi Sandhu

    Executive Director and Endowed Chair

    Lecture 1

    [email protected] www.profsandhu.com

    Ravi Sandhu World-Leading Research with Real-World Impact!

    CS 5323

  • Cyberspace will become orders of magnitude more complex and confused very quickly Cyber and physical distinction will blur Threats will go beyond money to physical harm and danger

    to life and body Overall this is a very positive development and

    will enrich human society It will be messy but need not be chaotic! Cyber security research and practice are

    loosing ground

    Ravi Sandhu 2 World-Leading Research with Real-World Impact!

    Prognosis

  • Ravi Sandhu 3 World-Leading Research with Real-World Impact!

    Security Objectives

    INTEGRITY modification

    AVAILABILITY access

    CONFIDENTIALITY disclosure

  • Ravi Sandhu 4 World-Leading Research with Real-World Impact!

    Security Objectives

    INTEGRITY modification

    AVAILABILITY access

    CONFIDENTIALITY disclosure

    Control of read and write is fundamental to all three

  • Ravi Sandhu 5 World-Leading Research with Real-World Impact!

    Security Objectives

    INTEGRITY modification

    AVAILABILITY access

    CONFIDENTIALITY disclosure

    Cannot have it all Need to compromise

  • Ravi Sandhu 6 World-Leading Research with Real-World Impact!

    Security is Secondary

    Cannot have it all Need to reconcile

    with non-Security Objectives

    CIA

    Cost

    Convenience

    Growth

    Safety

  • Ravi Sandhu 7 World-Leading Research with Real-World Impact!

    Security Objectives

    INTEGRITY modification

    AVAILABILITY access

    CONFIDENTIALITY disclosure

    USAGE purpose

  • Ravi Sandhu 8 World-Leading Research with Real-World Impact!

    Security Objectives

    INTEGRITY modification

    AVAILABILITY access

    CONFIDENTIALITY disclosure

    USAGE purpose

    Covers privacy and intellectual property

    protection

  • Ravi Sandhu 9 World-Leading Research with Real-World Impact!

    Security Objectives

    INTEGRITY modification

    AVAILABILITY access

    CONFIDENTIALITY disclosure

    USAGE purpose

    USAGE

  • Ravi Sandhu 10 World-Leading Research with Real-World Impact!

    Security Objectives

    Single Enterprise owns all the information employs all the users

    Multiple Interacting Parties no one owns all the

    information no one can unilaterally

    impose policy on all the users

  • Computer security Information security = Computer security + Communications security

    Information assurance Mission assurance Includes cyber physical

    Ravi Sandhu 11 World-Leading Research with Real-World Impact!

    Cyber Security Scope

  • Enable system designers and operators to say:

    This system is secure

    Ravi Sandhu 12 World-Leading Research with Real-World Impact!

    Cyber Security Goal

  • Enable system designers and operators to say:

    This system is secure

    Ravi Sandhu 13 World-Leading Research with Real-World Impact!

    Cyber Security Goal

  • Enable system designers and operators to say:

    This system is secure Conflicting objectives need political and social

    compromise There is an infinite and escalating supply of

    attacks

    Ravi Sandhu 14 World-Leading Research with Real-World Impact!

    Cyber Security Goal

    Not attainable

  • Enable system designers and operators to say:

    This system is secure enough

    Ravi Sandhu 15 World-Leading Research with Real-World Impact!

    Cyber Security Goal

    Many successful examples

  • The ATM (Automatic Teller Machine) system is secure enough global in scope

    Not attainable via current cyber security science, engineering, doctrine not studied as a success story

    Similar paradoxes apply to on-line banking e-commerce payments

    Ravi Sandhu 16 World-Leading Research with Real-World Impact!

    The ATM Paradox

  • US Presidents nuclear football Secret formula for Coca-Cola

    Ravi Sandhu 17 World-Leading Research with Real-World Impact!

    High Assurance Cyber Security

  • Ravi Sandhu 18 World-Leading Research with Real-World Impact!

    Security is Dynamic

    My dear, here we must run as fast as we can, just to stay in place. And if you wish to go anywhere you must run twice as fast as that. Lewis Carroll, Alice in Wonderland

  • 19 Ravi Sandhu World-Leading Research with Real-World Impact!

    Security Techniques

    Accept

    Protect Detect (and Respond)

  • 20 Ravi Sandhu World-Leading Research with Real-World Impact!

    Attack Process

    Attack 1 account

    Acquire privileged account

    Privilege escalation

  • Analog hole Inference Side channels Insider threat Detection is impossible Protection is impossible ..

    Ravi Sandhu 21 World-Leading Research with Real-World Impact!

    Limits on Security

    Slide Number 1Slide Number 2Slide Number 3Slide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8Slide Number 9Slide Number 10Slide Number 11Slide Number 12Slide Number 13Slide Number 14Slide Number 15Slide Number 16Slide Number 17Slide Number 18Slide Number 19Slide Number 20Slide Number 21