Security

Introduction
• System is secure if resources used and accessed as
intended under all circumstances
– Unachievable
• Intruders (crackers) attempt to breach security
• Threat is potential security violation
• Attack is attempt to breach security
• Attack can be accidental or malicious
• Easier to protect against accidental than malicious
misuse
 Security Measure Levels
• Impossible to have absolute security, but make cost to
perpetrator sufficiently high to deter most intruders
• Security must occur at four levels to be effective:
– Physical
• Data centers, servers, connected terminals
– Human
• Avoid social engineering
– Operating System
• Protection mechanisms, debugging
– Network
• Intercepted communications, interruption, DOS
• Security is as weak as the weakest link in the chain
 Computer System Assets
• Hardware
– Threats include accidental and deliberate damage
• Software
– Threats include deletion, alteration, damage
– Backups of the most recent versions can maintain
high availability
 Computer System Assets
• Communication Lines and Networks – Active Attacks
– Masquerade takes place when one entity pretends to be a
different entity
– Replay involves the passive capture of a data unit and its
subsequent retransmission to produce an unauthorized
effect
– Modification of messages means that some portion of a
legitimate message is altered, or that messages are
delayed or reordered, to produce an unauthorized effect
 Computer System Assets
• Communication Lines and Networks – Passive
Attacks
– Release of message contents for a telephone
conversion, an electronic mail message, and a
transferred file are subject to these threats
– Traffic analysis
• encryption masks the contents of what is transferred so
even if obtained by someone, they would be unable to
extract information
 Computer System Assets
• Data
– Involves files
– Security concerns are availability, secrecy, and
integrity
– Statistical analysis can lead to determination of
individual information which threatens privacy
Computer and Network Security Requirements

• Confidentiality
– Requires information in a computer system only be
accessible for reading by authorized parties
• Integrity
– Assets can be modified by authorized parties only
• Availability
– Assets be available to authorized parties
• Authenticity
– Requires that a computer system be able to verify the
identity of a user
 Types of Threats
• Interruption
– An asset of the system is destroyed and becomes
unavailable or unusable
– Attack on availability
– Destruction of hardware
– Cutting of a communication line
– Disabling the file management system
 Types of Threats
• Interception
– An unauthorized party gains access to an asset
– Attack on confidentiality
– Wiretapping to capture data in a network
– Illicit copying of files or programs
 Types of Threats
• Modification
– An unauthorized party not only gains
access but tampers with an asset
– Attack on integrity
– Changing values in a data file
– Altering a program so that it performs
differently
– Modifying the content of messages being
transmitted in a network
 Types of Threats
• Fabrication
– An unauthorized party inserts counterfeit objects
into the system
– Attack on authenticity
– Insertion of spurious messages in a network
– Addition of records to a file
 Protection
• Each object has a unique name and can be
accessed through a well-defined set of
operations
• Ensure that each object is accessed correctly
and only by those processes that are allowed to
do so by:
• No protection
– Sensitive procedures are run at separate times
• Isolation
– Each process operates separately from other
processes with no sharing or communication
 Protection
• Share all or share nothing
– Owner of an object declares it public or private
• Share via access limitation
– Operating system checks the permissibility of each
access by a specific user to a specific object
– Operating system acts as the guard
 Protection
• Share via dynamic capabilities
– Dynamic creation of sharing rights for objects
• Limit use of an object
– Limit no only access to an object but also the use to
which that object may be put
– Example: a user may be able to derive statistical
summaries but not to determine specific data
values
 User-Oriented Access Control
• Log on
– Requires both a user identifier (ID) and a
password
– System only allows users to log on if the ID is
known to the system and password associated
with the ID is correct
– Users can reveal their password to others either
intentionally or accidentally
– Hackers are skillful at guessing passwords
– ID/password file can be obtained
 Data-Oriented Access Control
• Associated with each user, there can be a user
profile that specifies permissible operations
and file accesses
• Operating system enforces these rules
• Database management system controls access
to specific records or portions of records
 Intrusion Techniques
• Objective of intruder is the gain access to the
system or to increase the range of privileges
accessible on a system
• Protected information that an intruder
acquires is a password
Techniques for Learning Passwords
• Try default password used with standard
accounts shipped with computer
• Exhaustively try all short passwords
• Try words in dictionary or a list of likely
passwords
• Collect information about users and use these
items as passwords
Techniques for Learning Passwords
• Try user’s phone numbers, social security
numbers, and room numbers
• Try all legitimate license plate numbers for
this state
• Use a Trojan horse to bypass restrictions on
access
• Tap the line between a remote user and the
host system
 ID Provides Security
• Determines whether the user is authorized to gain
access to a system
• Determines the privileges accorded to the user
– Guest or anonymous accounts have mover limited privileges
than others
• ID is used for discretionary access control
– A user may grant permission to files to others by ID
 Password Selection Strategies
• Computer generated passwords
– Users have difficulty remembering them
– Need to write it down
– Have history of poor acceptance
 Password Selection Strategies
• Reactive password checking strategy
– System periodically runs its own password cracker
to find guessable passwords
– System cancels passwords that are guessed and
notifies user
– Consumes resources to do this
– Hacker can use this on their own machine with a
copy of the password file
 Password Selection Strategies
• Proactive password checker
– The system checks at the time of selection if the
password is allowable
– With guidance from the system users can select
memorable passwords that are difficult to guess
 Intrusion Detection
• Assume the behavior of the intruder differs
from the legitimate user
• Statistical anomaly detection
– Collect data related to the behavior of legitimate
users over a period of time
– Statistical tests are used to determine if the
behavior is not legitimate behavior
 Intrusion Detection
• Rule-based detection
– Rules are developed to detect deviation form
previous usage pattern
– Expert system searches for suspicious behavior
 Intrusion Detection
• Audit record
– Native audit records
• All operating systems include accounting software that
collects information on user activity
– Detection-specific audit records
• Collection facility can be implemented that generates
audit records containing only that information required
by the intrusion detection system
 Malicious Programs
• Those that need a host program
– Fragments of programs that cannot exist
independently of some application program, utility,
or system program
• Independent
– Self-contained programs that can be scheduled and
run by the operating system
 Trapdoor
• Entry point into a program that allows
someone who is aware of trapdoor to gain
access
• used by programmers to debug and test
programs
– Avoids necessary setup and authentication
– Method to activate program if something wrong
with authentication procedure
 Logic Bomb
• Code embedded in a legitimate program that
is set to “explode” when certain conditions
are met
– Presence or absence of certain files
– Particular day of the week
– Particular user running application
 Trojan Horse
• Useful program that contains hidden code
that when invoked performs some unwanted
or harmful function
• Can be used to accomplish functions
indirectly that an unauthorized user could not
accomplish directly
– User may set file permission so everyone has
– Spyware, pop-up browser windows
 Viruses
• Program that can “infect” other programs by
modifying them
– Modification includes copy of virus program
– The infected program can infect other programs
 Worms
• Use network connections to spread form
system to system
• Electronic mail facility
– A worm mails a copy of itself to other systems
• Remote execution capability
– A worm executes a copy of itself on another system
• Remote log-in capability
– A worm logs on to a remote system as a user and then
uses commands to copy itself from one system to the
other
 Zombie
• Program that secretly takes over another
Internet-attached computer
• It uses that computer to launch attacks that
are difficult to trace to the zombie’s creator
 Virus Stages
• Dormant phase
– Virus is idle
• Propagation phase
– Virus places an identical copy of itself into other
programs or into certain system areas on the disk
 Virus Stages
• Triggering phase
– Virus is activated to perform the function for
which it was intended
– Caused by a variety of system events
• Execution phase
– Function is performed
 Types of Viruses
• Parasitic
– Attaches itself to executable files and replicates
– When the infected program is executed, it looks
for other executables to infect
• Memory-resident
– Lodges in main memory as part of a resident
system program
– Once in memory, it infects every program that
executes
 Types of Viruses
• Boot sector
– Infects boot record
– Spreads when system is booted from the disk
containing the virus
• Stealth
– Designed to hide itself from detection by antivirus
software
– May use compression
 Types of Viruses
• Polymorphic
– Mutates with every infection, making detection by
the “signature” of the virus impossible
– Mutation engine creates a random encryption key
to encrypt the remainder of the virus
• The key is stored with the virus
 E-mail Virus
• Activated when recipient opens the e-mail
attachment
• Activated by open an e-mail that contains the
virus
• Uses Visual Basic scripting language
• Propagates itself to all of the e-mail addresses
known to the infected host
 Macro Viruses
• A macro is an executable program embedded in a
word processing document or other type of file
• Autoexecuting macros in Word
– Autoexecute
• Executes when Word is started
– Automacro
• Executes when defined event occurs such as opening or closing a
document
– Command macro
• Executed when user invokes a command (e.g., File Save)
 Antivirus Approaches
• Detection
• Identification
• Removal
 Cryptography

• Means to constrain potential senders

(sources) and / or receivers (destinations) of
messages
– Based on secrets (keys)
– Enables
• Confirmation of source
• Receipt only by certain destination
• Trust relationship between sender and receiver
 Encryption
• Constrains the set of possible receivers of a message
• Encryption algorithm consists of
– Set K of keys
– Set M of Messages
– Set C of ciphertexts (encrypted messages)
– A function E : K → (M→C). That is, for each k  K, Ek is a
function for generating ciphertexts from messages
• Both E and Ek for any k should be efficiently computable
functions
– A function D : K → (C → M). That is, for each k  K, Dk is a
function for generating messages from ciphertexts
• Both D and Dk for any k should be efficiently computable
functions
 Encryption (Cont.)

• An encryption algorithm must provide this

essential property: Given a ciphertext c  C, a
computer can compute m such that Ek(m) = c
only if it possesses k
– Thus, a computer holding k can decrypt ciphertexts
to the plaintexts used to produce them, but a
computer not holding k cannot decrypt ciphertexts
– Since ciphertexts are generally exposed (for
example, sent on the network), it is important that it
be infeasible to derive k from the ciphertexts
 Symmetric Encryption

• Same key used to encrypt and decrypt

– Therefore k must be kept secret
• DES was most commonly used symmetric block-
encryption algorithm (created by US Govt)
 Asymmetric Encryption
• Public-key encryption based on each user having two
keys:
– public key – published key used to encrypt data
– private key – key known only to individual user used
to decrypt data
• Must be an encryption scheme that can be made public
without making it easy to figure out the decryption
scheme
– Most common is RSA block cipher