What are the classes of Threats?

Interruption: Malicious destruction of h/w

Interception: Illicit copying of program

Modification: Alter data being transmitted electronically

Fabricate: Additional pixel(can be defected as forgery)

What are Vulnerabilities?

Human Borne: Social Engineering, Malicious code and employee, Bribes/blackmail

System Borne: Holes in network infrascture hardware/software, Holes in application

• Trojan Horse
• Programs that replicate
• Programs that bypass authentication
• Programs that cause server damage

Any program that has been deliberately modified to do something other than what the user expects it to do

VIRUS: Program that infects other programs with a (possibly evolved) copy of itself
WORM: Program that spreads copies of itself over a network

RABBIT: Program that replicates itself in memory so as to cause exhaustion of some resource       CHAIN LETTER: Program embedded in an email
message that causes copies to be further mailed to other users

[image][image]BACK DOOR: Program that allows entry into the
system bypassing the usual authentication
sequence
TRAP DOOR: Back door installed by an intruder
SPOOFER: Program that mimics usual login
sequence to capture legitimate user id’s and

passwords

SNOOPER: Program that observes traffic in a
network, usually to capture legitimate user id’s and
passwords

• Logic bomb: Malicious code that is activated when some set of circumstances arises
• Time bomb: A logic bomb timed to activate at certain dates

• Confidentiality
• Integrity
• Usage
• Availability

• Only authorized people can see protected data
• Prevention/detect/deter improper disclosure of information
• Keeping data and resources hidden

Special Access

Classified

Sensitive

Unclassified

X set of entities, I information repository

I has confidentiality property with respect to X if no x within Xcan obtain information from I

Example:

• X set of students
• I final exam answer key
• I is confidential with respect to X if students cannot obtain final
  exam answer key

Prevention/detect/deter improper modification of information:

Precise

Accurate

Unmodified

Modified only in acceptable way

Modified by authorized subject

Consistent

Data integrity

Origin integrity(authenticatication)

Comprehensive

Basic

Rubimentary

None

Exact

Approximate

N/A

Prevention: prevent attackers from violating security policy

Detection: detect attackers' violation of security policy

Recovery: stop attack, assess and repair damage

*continue to function correctly even if attack succeeds

Secure

precise

broad

If  we hide the inner workings of a system it will be secure

Less and less applicable due to:

• widespread vendor-independent open standards
• widespread computer knowledge and expertise
• widespread transfer of information

says that if we instruct our users on how to behave we can secure our systems:

• do not share passwords
• do not write down passwords

• A process Not a turn key product
• No silver bullet
• Absolute security does not exist
• security in most systems can be improved 
• Absolute security is impossibel does not mean absolute insecurity is acceptable

• Security: Confidentiality, Integrity, avaibility, usage
• Cost: Functionally, Ease of use

• Fundamental requirement for security of information systems
• The First Gate: Front-end of information systems

Most common
Several problems:
 Inherent vulnerabilities
easy to guess
easy to snoop
easy to lose
no control on sharing

Practical vulnerabilities:
visible in the clear in distributed and networked systems
susceptible to replay attacks if encrypted naively
Susceptible to dictionary attacks even if encrypted
Require proactive management

Goal: find a of every A such that:

• For some f of every F, f(a) = c of every C
• c is associated with entity

Two ways to determine whether a meets these requirements:

• Direct approach: as above, compute f(a)
• Indirect approach: as I(a) succeeds ifff(a) = c of every C for some c associated with an entity, compute I(a)

Hide one a, f, or c

Prevents obvious attack from above

Example: UNIX/Linux shadow password files

hides c's

Block access to all l of every ILor result of l(a)

Prevents attacker from knowing if guess succeeded

Example: preventing any logins to an account from a network

prevents knowing results of l (or accessing l)

Tokens operate in a variety of different ways

• Storage tokens
• Synchronous One-Time Password Generator
• Digital Signature Token
• Challenge-Response

Tokens come in a variety of physical forms

• Human-Interface Token
• Smart Card
• PCMCIA Card

Cannot be replayed

Originating Address

• Useful for secondary filtering in support of other mechanisms
• Problems

Reliability

Entitlement

• Location signatures:
• Generated by Global Positioning Systems
• Compare this signatures to the computed expected location of the client system

Biometrics Based Authentication

Biometrics are automated methods of recognizing a person based on a physiogical or behavioral characteristics

• Enrollment: a sample of the biometric trait is taken, processed by a computer, and stored for later comparison
• Template: a mathematical representation of biometric data stored during the enrollment process
• Identification mode: The biometric system identifies a person from the entire enrolled population by searching a database for a match, One to Many
• Verifaction mode: the biometric system matches a person's claimed identity to his or her perviously enrolled pattern, One to One

• False Acceptance Rate (FAR): The percentage of impostors wrongly matched
• False Rejection Rate (FRR): The percentage of valid users wrongly rejected
• Equal Error Rate (EER): The false match rate (or FAR) equals the false
  non-match rate (or FRR)
• Threshold: Typically a numerical setting used by a
  biometric system to adjust the FAR and FRR

Features
Ubiquity : anywhere, anytime w/telephone Convenient: natural, unobtrusive
Security: channel robustness is the key
Challenge
Channel variability
Less speech data/ shorter utterances

Speaker variability
Recording/synthesis

Authentication: Establishes WHO you are

Authorization: Establishes WHAT you can do

• The system authenticates the user in context of a particualar principal
• There should be a one to many mapping from users to principlas: A user may have many principlas, but each principal is associated with an uniques user
• This ensures accountability of a user's actions: It implies that shared accounts are bad for accountability

• A Trojan Horse is rogue software installed,
  perhaps unwittingly, by duly authorized users
• A Trojan Horse does what a user expects it to
  do, but in addition exploits the user's
  legitimate privileges to cause a security
  breach

• It contains security classes of all objects and
  subjects
• Whenever a subject accesses an object, it
  must do so via the reference monitor
• It enforces the two MAC requirements
• It is always running, cannot be bypassed,
  and cannot be tampered with

• Access Control Lists
• Capabilities
• Relations

Objects

An object is anything on which a subject can perform operation

Most cases, objects are passive: file, directory, and memory segement

However, subjects can also be objects itself, with operations: kill, suspend, and resume

• Usually
  Each subject is associated with a unique principal
  All subjects of a principal have identical rights
• This case can be modeled by a one-to-one
  mapping between subjects and principals
• For simplicity, a principal and subject can be
  treated a identical concepts. On the other
  hand, a user should always be viewed as
  multiple principals

• 2 permission bits for each file, logically grouped
  into 4 sets of three bits each
  _ _ _ _ _ _ _ _ _ _ _ _
  going left to right
• irst 3 bits: SUID SGID Sticky-bit
• next 3 bit sets apply to file’s owner, users in
  file’s group and all users respectively
  read write execute