(special topics in computer security)securesw.dankook.ac.kr/iss20-1/stincs_02_2020_intro(cs).pdf ·...
TRANSCRIPT
컴퓨터보안특론(Special Topics in Computer Security)
조성제 (Cho, Seong-je)
Spring, 2020
Computer Security & OS Lab.
Dankook University
References
Computer Security, Doaa Abousen
● http://www.contrib.andrew.cmu.edu/~dabousen/Default%20-%20Copy%20(4).html
Computer Security: Course (Fall 2019), Rutgers.EDU● https://www.cs.rutgers.edu/~pxk/419/notes/index.html
● Introduction to Computer Security, (Thinking about Security), Paul Krzyzanowski
− https://www.cs.rutgers.edu/~pxk/419/notes/intro.html
Du, X., Chen, B., Li, Y., Guo, J., Zhou, Y., Liu, Y., & Jiang, Y. (2019, May). Leopard: Identifying vulnerable code for vulnerability assessment through program metrics. In 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE) (pp. 60-71). IEEE.
Ronald Rivest, Network and Computer Security, MIT course number 6.857, 2014
● https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-857-network-and-computer-security-spring-2014/index.htm
CSE484: Introduction to Computer and Network Security
● http://www.cis.syr.edu/~wedu/Teaching/IntrCompSec/lecturenotes.html
Wikipedia
Security Fundamentals ● https://wangmj1.gitbooks.io/owasp-devguid/01-Foundations/01-Security%20Fundamentals.html
2Computer Security & OS Lab, DKU
What is Computer Security?
Computer security, also known as cybersecurity or IT security, is the protection of information systems ● from theft or damage to H/W, S/W, and to the information on them, as
well as
● from disruption or misdirection of the services they provide.
It includes controlling physical access to the H/W, as well as protecting against harm that may come ● via network access, data and code injection, and
● due to malpractice by operators, whether intentional, accidental, or
● due to them being tricked into deviating from secure procedures.
malpractice: 위법[부정]행위, 의료과실[사고]
deviate: (일상.예상등을) 벗어나다.
3Computer Security & OS Lab, DKU
What is Security?
“Security” relates to “computing or communicating in the presence of adversaries.”
● Who is adversary? (Know your enemy!)
− May be insider/outsider, vendor, …
Security relates to a “security objective” or “security policy”:
● What is being prevented?
● What activities or events should be prevented/detected?
Security policies (goals) often fall into one of three classic categories (“CIA”):
● Confidentiality: information should not be disclosed to unauthorized parties
● Integrity: information should not be modified in an unauthorized manner
● Availability: system or resource shall be available for use as intended
4Computer Security & OS Lab, DKU
What are the concerns of computer security?
Computer Security is concerned with four main areas: Confidentiality: “Keeping stuff secret”, “Protecting privacy”
● Only authorized users can access the data resources and information.
Integrity: “Stop tampering”
● Only authorized users should be able to modify the data when needed.
Availability:
● Data should be available to users when needed.
Authentication: “Who are you?”
● are you really communicating with whom you think you are communicating with
● validate that a system is accessing by the right person
☞ Non-repudiation
☞ Authorization
☞ Code validation
5Computer Security & OS Lab, DKU
source: https://parkgrounds.tistory.com/42
CIA Triad
Source: https://twitter.com/glenn_axelrod/status/1090449316706160643
6Computer Security & OS Lab, DKU
What are the concerns of computer security?
Authorization
● Authorization is about specifying access rights to secure resources (data, services, files, applications, etc.). − Readable / Writable (Modify, Append) / Executable / Printable
● These rights describe the privileges or access levels related to the resources in question.
● It is normally preceded by Authentication.
7Computer Security & OS Lab, DKU
• Authentication‒ Who are you?
• Authorization‒ What can you do?‒ What permissions do you
have?
What are the concerns of computer security?
Non-Repudiation● “You did that”
● Cryptographic signing, Audit trails, …
Auditing
● “What happened, when?”
● Auditing is about keeping track of implementation-level events, as well as domain-level events taking place in a system.
● It can provide not only technical information about the running system, but also proof that particular actions have been performed.
● The typical questions that are answered by auditing are "Who did What? When? Where? Why? And potentially How?“
● Effective auditing and logging is the key to non-repudiation.
8Computer Security & OS Lab, DKU
Why is computer security important? (1/2)
Prevention of data theft such as bank account numbers, credit card information, passwords, work related documents or sheets, etc. is essential in today’s communications
since many of our day to day actions depend on the security of the data paths.
Data present in a computer can also be misused by unauthorized intrusions.
● An intruder can modify and change the program source codes and can also use your pictures or email accounts
to create derogatory content such as pornographic images, fake misleading and offensive social accounts.
Derogatory: 경멸적인, 비판적인(=insulting)
9Computer Security & OS Lab, DKU
Why is computer security important? (2/2)
Malicious intents can also be a factor in computer security.
● Intruders often use your computers for attacking other computers or websites or networks for creating havoc.
● Vengeful hackers might crash someone’s computer system to create data loss.
● DDoS attacks can be made to prevent access to websites by crashing the server.
Above factors imply that your data should remain safe and confidential.
● Therefore, it is necessary to protect your computer and hence the need for Computer Security arises.
Havoc: 대파괴, 큰혼란[피해]
Vengeful: 복수심에불타는, 복수심을보이는
10Computer Security & OS Lab, DKU
What do firewalls do to ensure these concerns issues are solved?
Also known as a 'packet filter'.
Basically, software which monitors network traffic and connection attemptsinto and out of a network or computer and determines whether or not to allow it to pass.
Depending on the sophistication, this can be limited to simple IP/port combinations or do full content-aware scans.
A firewall can be thought of as a screen or sieve that categorically strains out potentially harmful data.
Sieve: 체(가루물등을거르는데쓰는부엌도구), 체로치다[거르다], 체질하다
Strain: (체같은것을받쳐) 물기를빼다[거르다]
11Computer Security & OS Lab, DKU
What does anti-malware do to ensure these concerns issues are solved?
Anti-viruses
A software which will find programs/files/software/etc that might compromise your computer, either by being executable or by exploiting a vulnerability in the program normally supposed to process them -- types of malware.
It detects these kinds of harmful programs that are already installed on your computer or about to be installed.
It can perform various protective measures (based on the security settings in the Anti-virus software) such as quarantine, permanent removal, fix, etc.
It will also look for potentially harmful files that are download.
Quarantine: (전염병확산을막기위한동물사람의) 검역 (예방접종포함), 방역, 격리
12Computer Security & OS Lab, DKU
Thinking about Security
base on real-world threats/attacks and the issues
Computer Security & OS Lab, DKU 13
Thinking about Security (1/9)
Security is not about simply adding encryption to a program, enforcing the use of complex passwords, or placing your systems behind a network firewall.● Security is a systems issue and is based on all the components of the system: the H/W,
firmware, OSes, application S/W, networking components, and the people.
Consider the problems that arose from the Spectre vulnerability● Spectre was discovered in 2018 and affected the security of practically every modern
microprocessor designed over the past several decades.
− On most processors, the speculative execution resulting from a branch misprediction may leave observable side effects that may reveal private data to attackers.
− For example, if the pattern of memory accesses performed by such speculative execution depends on private data, the resulting state of the data cache constitutes a side channel through which an attacker may be able to extract information about the private data using a timing attack
● A low-level side-effect in a processor could lead to a JavaScript exploit that allows a website to read a browser’s memory, including data stored from visits to other websites.
※ source: https://www.cs.rutgers.edu/~pxk/419/notes/intro.html
14Computer Security & OS Lab, DKU
Thinking about Security (2/9)
Security needs are based on people, their relationships with each other, and their interactions with machines.
● Hence, security also includes processes, procedures and policies.
● Security also has to address detection of intruders and the ability to perform forensics: that is, figure out what damage was done and how.
● “Security is a chain: it’s only as secure as the weakest link” — Bruce Schneier
15Computer Security & OS Lab, DKU
Security is difficult.● If it was not, we would not see near-daily occurrences of
successful attacks on systems, including high-value systems such as banks, governments, hospitals, large retailers, and high-profile websites.
● Unfortunately, security is often an afterthought, something that is added onto a system after it is developed.
Afterthought: (흔히미리세심히계획한것이아니라) 나중에생각한[덧붙인] 것
Thinking about Security (3/9)
Recent high-profile examples where computer security was an issue include:
In 2018, the city of Atlanta, Georgia, had its computers frozen by ransomware.● New Haven, Connecticut was attacked by ransomware in October of that year
● In March 2019, municipal computer systems in Jackson County, Georgia were rendered inoperable by ransomware.
● Georgia paid $400,000 in ransom.
● This was followed by a ransomware attack on Albany, New York.
● The ransomware attacks continued: Augusta, Maine, Greenville, North Carolina, and Imperial County, California were all hit in April.
● Baltimore, Maryland was hit by ransomware in May of 2019 and Riviera Beach, Florida was attacked in June, paying the attackers $600,000 in Bitcoin.
Unreleased episodes of the Orange Is The New Black Netflix TV series were posted online by The Dark Overlord hacking group even after Netflix paid a $50,000 ransom. ● Serbian police later arrested a suspected member of the group but the group continued to assert its
existence.
In 2016, ransomware spread through email attachments targeted Microsoft Windows systems. ● It infected the master boot record of the file system and encrypted the file system, preventing Windows
from booting and users from recovering files on the computer.
● It installed a boot-level program that would demand payment in Bitcoin.
16Computer Security & OS Lab, DKU
Thinking about Security (4/9)
Recent high-profile examples where computer security was an issue include:
2016 U.S. Elections, which included infiltrating Democratic National Committee servers, private email hacking, and alleged voting machine hacking.
77 million Sony PlayStation Network accounts were hacked, causing the site to go down for 1 month and resulting in a $171 million loss. ● Twelve million of those accounts had unencrypted credit card numbers
Iranian nuclear power plants, which were attacked in 2010 by Stuxnet, a computer worm that targeted Windows systems running Siemens software and compromised connected PLCs to destroy centrifuges.
Yahoo, who in 2016 announced that over a billion accounts were compromised in 2013 and 2014, revealing names, telephone numbers, dates of birth, encrypted passwords and unencrypted security questions that could be used to reset a password.
TJX, the parent company of TJ Maxx, announced in March 2007 that it had 45.6 million credit cards stolen over a period of 18 months. ● Court filings later revealed that at least 94 million customers were affected.
● The incident cost the company $256 million.
Infiltrate: 잠입[침투]하다[시키다], allege: (증거없이) 혐의를제기하다[주장하다]
centrifuge: 원심분리기 court filings: 법원서류, 법원문서
17Computer Security & OS Lab, DKU
Thinking about Security (5/9)
Recent high-profile examples where computer security was an issue include:
In June 2017, a variation of Petya malware surfaced and attacked banks, newspapers, companies, and government offices in Ukraine.● These infections spread to Australia, France, Germany, Italy, Poland, Russia, the United Kingdom, and
the US. Even through the malware purported to be ransomware, it actually destroyed files.
● Damage from the malware was estimated to be in excess of $10 billion.
● The virus propagated through an exploit called EternalBlue, that was developed by the U.S. NSA.
● The CIA attributed the creation and deployment of NotPetya to Russia’s GRU spy agency but the actual authors are unknown.
744,408 BTC ($350 million at the time) was stolen in 2010 from one of the first and largest Bitcoin exchanges, Japan’s Mt. Gox.● In 2016, more than $60M worth of bitcoin (119,756 BTC) was stolen from Bitfinex (= trading platform
for cryptocurrencies= 암호화폐거래소).
The October 2016 DDoS attack on NDS provider Dyn was the largest of its type in history and made a vast number of sites unreachable.
In 2016, MedSec, a vulnerability research company focused on medical technology, claimed it found serious vulnerabilities in implantable pacemakers and defibrillators.
18Computer Security & OS Lab, DKU
Thinking about Security (6/9)
At a software level Security is difficult because so much of the software we use is incredibly complex.
Microsoft Windows 10 has been estimated to comprise approximately 50 million lines of code.
A full Linux Fedora distribution comprises around 200 million lines of code, and all Google services have been counted as taking up around two billion lines of code.
It is not feasible to audit all this code and there is no doubt that there are many bugs lurking in it, many of which may have an impact on security.
In 2018, over two million lines of code have been added to the Linux kernel (and over two million lines deleted, for a net increase of over 200,000 lines of code).● Even if you could audit the code, the code base would be different by the time you are done.
● Contributions to the kernel came from over 3,000 authors.
● How do you have confidence that none of them are malicious?
Lurk: (특히나쁜짓을하려고기다리며) 숨어있다[도사리다]
19Computer Security & OS Lab, DKU
At a software level How vulnerable are you at glance,
SullyTech, Aug. 2018 (community.spiceworks.com/topic)
20Computer Security & OS Lab, DKU
Source: LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment through Program Metrics, https://arxiv.org/pdf/1901.11479.pdf
Thinking about Security (7/9)
Thinking about Security (8/9)
But security is about systems, not a single program.
Systems themselves are complex with many components ranging from firmware on various pieces of hardware to servers, load balancers, networks, clients, and other components.
Systems often interact with cloud services and programs often make use of third-party libraries (you didn’t write your own compiler or JSON parser).
There are complex interaction models that make it essentially impossible to test every possible permutation of inputs to a system.
Moreover, all components are often not under the control of one administrator.
A corporate administrator may have little or no control of the software employees put on their phones or laptops or the security in place at various cloud services that might be employed by the organization (e.g., Slack, Dropbox, Office365).
Security must permeate the system — all of its components: hardware, software, networking, and people.
Permeate: 스며들다, 침투하다
21Computer Security & OS Lab, DKU
Thinking about Security (9/9)
People themselves are a huge — and dominant – problem in building a secure system.
They can be careless, unpredictable, overly-trusting, bribable, and malicious.
Most security problems are not based in algorithms but in the underlying system and people that use it.
The human factor, and social engineering in particular, is the biggest problem and top threat to systems.
● Social engineering is a set of techniques aimed at deceiving humans to obtain needed information.
● It often relies on pretexting, where a person or a program pretends to be someone else to obtain the needed data.
Bribable: 뇌물로매수할수있는,
Pretexting: 구실, 변명, (전화로개인정보를얻기위한) 위장용건.
22Computer Security & OS Lab, DKU
Security Policy & Mechanism
(Defense Mechanisms = Goals of Security System)
Source: • https://www.cs.rutgers.edu/~pxk/419/notes/intro.html
• http://www.cis.syr.edu/~wedu/Teaching/IntrCompSec/lecturenotes.html
• https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-857-network-and-computer-security-spring-2014/lecture-notes-and-readings/
Computer Security & OS Lab, DKU 23
Policies & Mechanisms
Policies determine what will be done● Statement that divides system into authorized and unauthorized states
Mechanisms determine how to do something● Entity or procedure that enforces some part of a security policy
☞ Policy: People shouldn’t drive that fast in my neighborhood
☞ Mechanism: Set the sign “Speed Limit 25” if violated, the police take a ticket
A Security policy defines what needs to be done
● Security policy: a precise specification to describe appropriate levels of security
E.g.) All passwords must be updated on a regular basis and every one must include at least one embedded non-alphabetic symbol.
A Security mechanism defines how to do it
● Security mechanism: an implementation of a given security policy
Separation gives flexibility
24Computer Security & OS Lab, DKU
Policies & Mechanisms
Security policy usually stated in terms of: ● Principals (actors or participants, perhaps in terms of their roles, 접근제어에서사람/주체)
● Giving permissible (or impermissible) actions or operations
● On (classes of) objects
Examples:
● “Each registered voter may vote at most once.”
● “Only an administrator may modify this file.”
● “The recipient of an email shall be able to authenticate its sender.”
Security mechanism (aka “security control”) is a component, technique, or method for (attempting to) achieve or enforce security policy.
Examples:
● smart card for voter
● password for sysadmin
● digital signature on email
● locked cabinet for server
25Computer Security & OS Lab, DKU
Policies & Mechanisms
Policies and mechanisms are at the core of designing secure systems.
A policy specifies what is or is not allowed.
E.g.) only people in the human resources department have access to certain files, or only people in the IT group can reboot a system.
● Policies can be expressed in natural language, such as a policy document.
● Policies can be defined more precisely in mathematical notation but that is rarely useful for most humans or software.
● Policies are often described in a policy language for specific components of the system.
− This language provides a high degree of precision along with the ability of being readable by humans.
− Web Service Security Policy Language is an example of a security policy language that defines constraints and requirements for SOAP-based web services.
A mechanism refers to the components that implement and enforce policies.
E.g.) A policy might dictate that users have names and passwords.
A mechanism will implement the interface for asking for a password and authenticating it.
26Computer Security & OS Lab, DKU
Some Principles (원칙)
Be skeptical and paranoid
Don’t aim for perfection (“there are no secure systems, only degrees of insecurity…”)
Tradeoff cost/security (“to halve the risk, double the cost…” – Adi Shamir)
Be prepared for loss
“KISS” (“keep it simple, stupid!”)
Ease of use is important
Separation of privilege – require 2 people to perform action
Defense in depth (layered defense)
Complete mediation (all requests checked for authorization)
Least privilege (don’t give some more permissions than they need)
Education
Transparency (no security through obscurity)
Skeptical: 의심이많은, 회의적인, 신용하지않는 paranoid: 피해망상적인, 편집증적인
27Computer Security & OS Lab, DKU
Security mechanisms may involve:
Identification of principals (e.g. “user name”)● Principal ≠ Principle
Authentication of principals (e.g. password, biometric)
Authorization: checking to see if principal is authorized for requested action
Physical protection: locks, enclosures
Cryptography: math in service of security (hard computational problems)
Economics: (note model change here: parties are self-interested, e.g. spammer, …)
Deception: to get adversary to reveal himself or waste his efforts (e.g. honeypot)
Randomness, unpredictability: e.g. for passwords and crypto keys
28Computer Security & OS Lab, DKU
Security Mechanisms are typically one of two forms:
1. Prevention: keep security policy from being violated
● Examples: fence, password, encryption, memory bounds check, …
2. Detection: detect when policy is violated
● Examples: motion sensor, tamper-evident seal, stored fingerprint (“hash”) of executables, intrusion detection on network, virus scanner,…
Detection mechanism often comes with recovery mechanism (remove intruder, remove virus, load files from backup, …)
Detection may involve deterrence (adversary risks being identified and being held accountable for security breach) and so plays a role in prevention. ● Example of adversary: (1) Voter may wish to sell his vote. (2) Election official may be corrupt,
(3) Vender may install “backdoor” in system. (4) Eavesdropper may manipulate communications
Deterrence: 전쟁억제(력), 제지, 저지
29Computer Security & OS Lab, DKU
Defense Mechanisms
There are three lines of defense.
1. Prevention:
● prevent it: make it impossible
● deter it: make it harder
● deflect it: make other targets more attractive
2. Detection
● monitoring
● intrusion detection
3. Recovery
● recover the data
● identify the damage
● find the culprit: forensics
30Computer Security & OS Lab, DKU
Deflect: (관심·비판 등을) 피하다[모면하다] (=divert) (~하지 못하도록) ~를 막다
Culprit: 범인, (문제를 일으킨) 장본인
Defense Mechanisms (= Goals of Security System)
There are three lines of defense.
Prevention: aims at preventing attackers from violating your security policy.
● Implementing this requires creating mechanisms that users cannot override.
● A simple example of prevention requiring software to accept and validate a password.
− Without the correct password, an intruder cannot proceed.
Detection: attempts to detect and report security attacks.
● It is particularly important as a safeguard when prevention fails.
● Detection will allow us to find where the weaknesses were in the mechanism that was supposed to enforce prevention.
● Detection is also useful in detecting active attacks even if the prevention mechanisms are working properly.
● It allows us to know that an attack is being attempted, identify where it is originating from, and what it is trying to do.
Recovery: has the goals of stopping any active attack and repairing any damage that was done
by an attack.
● A simple but common example of recovery is restoring a system from a backup.
● Recovery includes forensics, which is the gathering of evidence to understand exactly what happened and what was damaged.
31Computer Security & OS Lab, DKU
How does prevention work?
Policies
Cryptography
● Cryptography is not just for encryption; it can be used to achieve many security-related objectives, such as digital cash, timestamping, secure multiparty computation, e-voting, e-bidding, etc.
Control
● Examples: make sure that only those with security clearance can read a file.
● Hardware control
● Software control
※ Security control:
‒ A safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and to meet a set of defined security requirements.
‒ safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets.
32Computer Security & OS Lab, DKU
Why is prevention difficult?
How could prevention not work correctly?● Vulnerabilities
● Malicious program: virus, trap doors, etc.
● Incorrect use of controls
● Users’ mistakes
☞ No mechanism is perfect
We build fences, not impenetrable walls (how high is a fence?)
How to achieve correct prevention?● Security engineering principles
● Awareness of risk
● Secure programming
33Computer Security & OS Lab, DKU
Security Engineering
• What is Security Engineering?
• https://media.wiley.com/product_data/excerpt/23/04700685/0470068523.pdf
Security engineering is about building systems to remain dependable in the face of malice, error, or mischance. As a discipline, it focuses on the tools, processes, and methods needed to design, implement, and test complete systems, and to adapt existing systems as their environment evolves.
Computer Security & OS Lab, DKU 34
Terms
“vulnerability” = weakness that might be exploited by an adversary ● A design flaw or poor coding that may allow an attacker to exploit software for a malicious
purpose
● Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
● e.g. poor password, buffer overflow possibility
“threat” = potential violation of security policy ● An event or condition that has the potential for causing asset loss and the undesirable
consequences or impact from such loss
● e.g. by exploiting a vulnerability
“risk” = likelihood that threat will materialize
“risk management” = balancing one risk against another, or other factors, such as cost, ease-of-use, understandability, availability, …
Visit https://csrc.nist.gov/glossary/
35Computer Security & OS Lab, DKU
Security Engineering (by NIST)
An interdisciplinary approach and means to enable the realization of secure systems.
It focuses on
● defining customer needs, security protection requirements, and required functionality early in the systems development life cycle,
● documenting requirements, and
● proceeding with design, synthesis, and system validation while considering the complete problem.
36Computer Security & OS Lab, DKU
Security Engineering
We have to address security architecture: how do we design a secure system and
identify potential weaknesses in that system?
Security engineering is the task of implementing the necessary mechanisms and defining policies across all the components of the system.
An important aspect of any form of engineering is understanding risks and making compromises.● For example, a structural engineer does not set out to build the ultimate earthquake-proof and storm-
proof building when designing a skyscraper in New York City but instead follows the wind load recommendations set forth in the New York City Building Code.
● Similarly, there is no such thing as an unbreakable or fireproof vault or safe.
● Safes are rated by how much fire or attack they can sustain. For instance, a class 150 safe can sustain an internal temperature of less than 150° F (66° C) and 85% humidity for a specific amount of time (e.g., 1 hour). A class TL–30 combination safe will resist abuse from mechanical and electrical tools for 30 minutes.
● Watches are another example. No watch is truly waterproof. Instead, they are rated for water resistance at a specific depth (pressure), although watches such as the Rolex Deepsea are waterproof for all practical purposes — but even the Deapsea is rated not to infinite depth but to 3,900 meters (12,800 feet).
37Computer Security & OS Lab, DKU
Security Engineering
Engineering tradeoffs relate to economic needs. ● Do you need to spend $10,150 on the Rolex Deepsea or will the Sea-Dweller, which is rated for only
1,200 meters and costs around $1,000 less, be good enough?
● All safes can be opened. A safe with a rating of TL–15 from Underwriters Laboratories has a door that successfully resists entry for a working time of 15 minutes while a safe rated TL–30 resists entry for 30 minutes when attacked with various hand tools, lock picking tools, portable electric tools, cutting wheels, power saws, grinders, and carbide drills.
● Do you buy an Amvault CF–2518 safe for $3,338, which is rated TL–30, or spend over $400 less and get the identical-looking Amvault CE–2518 that is only rated TL–15?
The same applies to computer security.
No system is 100% secure against all attackers for all time.
If someone is determined enough and smart enough, they will get in.
The engineering challenge is to understand the tradeoffs and balance security vs.cost, performance, acceptability, and usability.
● It may be cheaper to recover from certain attacks than to prevent the attack.
38Computer Security & OS Lab, DKU
Security Engineering
We want to secure our systems … but what do we secure them against or from whom?
There is a wide range of possible attackers that you may want to guard against.
For example, you may want to secure yourself against:● Yourself accidentally deleting important system files.
● Your colleagues, so they not being able to look at your files on a file server.
● An adversary trying to find out about you and get personal data.
● A phone carrier tracking your movements.
● An enemy who plans to throw a grenade on your computer.
● The NSA?
Protecting yourself from accidentally destroying critical system files is a far easier task than defending your system from the NSA if the agency is determined to look for something there.
● Assessing a threat is called risk analysis.
● We want to determine what parts of the system need to be protected, to what degree, and how much effort (and expense) we should expand into protecting them.
Phone carrier: 폰통신사
Grenade: 수류탄
39Computer Security & OS Lab, DKU
Security Engineering
As part of risk analysis, we may need to consider laws and customs and assess whether any types of security measures are illegal.● That can restrict how we design our system.
● For example, certain forms of cryptography were illegal to export outside the U.S. and some restrictions still exist.
We also need to consider user acceptability, or customs. ● Will people put up with the security measures, try to bypass them, or revolt altogether?
● For instance, we may decide to authenticate a user by performing a retina scan (which requires looking into an eyepiece of a scanner) along with a DNA test, which requires swabbing the mouth and waiting 90 minutes when using the a solid-state DNA testing chip.
● While these mechanisms are proven techniques for authentication, few people would be willing to put up with the inconvenience.
On the systems side, one would also need to consider need for and the expense of any special equipment needed.
We thus need to balance security with effort, convenience, and cost.
Custom: 관습, 풍습, 습관 customs: 세관, 관세
put up with: 참다, 견디다, 받아들이다. Revolt: 반란[봉기]을일으키다, 들고일어나다, 반란/봉기/저항
Swab: (상처등을) 면봉[탈지면]으로닦다, (면봉으로채취한) 표본[샘플]
40Computer Security & OS Lab, DKU
Summary
Computer Security
● Confidentiality
− Secrecy, Privacy
● Integrity
− Data integrity, Origin integrity (authentication), System integrity
● Availability
− Protect systems and data against DoS or DDoS attacks
● Authentication
Thinking about security● Security is a system issue & is based on all the components
Security System Goals
● Prevention/Detection/Recovery
● Policies & Mechanisms
● Security Engineering
41Computer Security & OS Lab, DKU
Any questions?
Hardships, The way of suffering ● Passion, An unremitting effort, Sincerity, Diligence
------------------------------------------------------------------
Expert, Specialist
Black hat vs. White hat
Computer Security & OS Lab.