![Page 1: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/1.jpg)
IT Security: General Trends IT Security: General Trends and Research Directionsand Research Directions
Sherif El-KassasSherif El-Kassas
Department of Computer ScienceDepartment of Computer Science
The American University in CairoThe American University in Cairo
![Page 2: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/2.jpg)
OutlineOutline
Practical considerationsPractical considerations
Academic and research perspectiveAcademic and research perspective
National perspectiveNational perspective
![Page 3: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/3.jpg)
Practical considerationsPractical considerations
Types of attacks on the IT infrastructureTypes of attacks on the IT infrastructure
TechnicalTechnicalPhysicalPhysicalSocialSocial
![Page 4: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/4.jpg)
Technical AttacksTechnical Attacks
~ 80% Considered the easiest to defend ~ 80% Considered the easiest to defend against (easiest doesn't mean easy)against (easiest doesn't mean easy)
The remaining ~ 20% are difficult!The remaining ~ 20% are difficult!Examples include forms of technical Examples include forms of technical
hacking, automated attacks, Malicious hacking, automated attacks, Malicious software, …etc.software, …etc.
![Page 5: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/5.jpg)
Typical attackTypical attack
Incident and Vulnerability Trends,http://www.cert.org/present/cert-overview-trends/
![Page 6: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/6.jpg)
Automated attacks viaAutomated attacks viaWorms, Trojans, & VirusesWorms, Trojans, & Viruses
![Page 7: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/7.jpg)
The Slammer worm!The Slammer worm! The fastest mass The fastest mass
attack in historyattack in history It doubled in size It doubled in size
each 8.5 secondseach 8.5 seconds It infected 90% of It infected 90% of
vulnerable systems vulnerable systems in 10 minutes!in 10 minutes!
![Page 8: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/8.jpg)
Slammer after a few minutesSlammer after a few minutes
D. Moore and others, Inside the Slammer Worm, IEEE Security & Privacy, July/August, 2003
![Page 9: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/9.jpg)
Geographic DistributionGeographic Distribution
D. Moore and others, Inside the Slammer Worm, IEEE Security & Privacy, July/August, 2003
![Page 10: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/10.jpg)
Flash WormsFlash Worms“[…] infecting 95% of hosts in 510ms, and 99% in 1.2s.”Staniford and others, The Top Speed of Flash Worms, www.caida.org/outreach/papers/2004/topspeedworms/
![Page 11: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/11.jpg)
Google wormsGoogle worms
“inurl:id= filetype:asp site:gov” – 572,000 results
The Hacking Evolution: New Trends in Exploits and Vulnerabilities, www.sans.org
![Page 12: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/12.jpg)
Physical AttacksPhysical Attacks
Combine physical and technical intrusionsCombine physical and technical intrusionsHigh risk for attacker, but may provide High risk for attacker, but may provide
quicker access to sensitive resourcesquicker access to sensitive resourcesExamples include: trashing, hardware Examples include: trashing, hardware
loggers, …etc.loggers, …etc.
![Page 13: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/13.jpg)
http://keystroke-loggers.staticusers.net/
http://www.keyghost.com/
http://www.amecisco.com/hkstandalone.htm
http://www.littlepc.com/products_wireless.htm
![Page 14: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/14.jpg)
Social & Semantic AttacksSocial & Semantic Attacks
Rely on attacking the users of the Rely on attacking the users of the systems, using social engineering, and systems, using social engineering, and possibly assisted with technical toolspossibly assisted with technical tools
Reported to be the most effective and low Reported to be the most effective and low risk (from the attacker’s point of view)risk (from the attacker’s point of view)
Examples include fake web sites, Examples include fake web sites, pphishing, ..etc.hishing, ..etc.
![Page 15: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/15.jpg)
Phishing & Semantic AttacksPhishing & Semantic Attacks
![Page 16: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/16.jpg)
![Page 17: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/17.jpg)
![Page 18: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/18.jpg)
![Page 19: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/19.jpg)
Please update your billing information Please update your billing information by clicking […]:by clicking […]:
<a <a href="http://cgi4.ebay.com/ws/eBayISAPIhref="http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=.dll?MfcISAPICommand=
RedirectToDomain&DomainUrl=RedirectToDomain&DomainUrl=
http://goens.net/.www.ebay.com/" http://goens.net/.www.ebay.com/" onMouseOut="status='';return true" onMouseOut="status='';return true" target=_blanktarget=_blank
onMouseOver="status=‘onMouseOver="status=‘
https://billing.ebay.com/';return https://billing.ebay.com/';return true">true">
https://billing.ebay.com/</a>https://billing.ebay.com/</a>
![Page 20: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/20.jpg)
http://avirubin.com/passport.html
![Page 21: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/21.jpg)
Technologiesand
Tools
![Page 22: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/22.jpg)
What are we doing about the threat!What are we doing about the threat!
Perspective to security:Perspective to security:
Prevention Prevention
![Page 23: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/23.jpg)
What are we doing about the threat!What are we doing about the threat!
Perspective to security:Perspective to security:
Security = Security = Prevention + Prevention +
Detection + Detection +
ResponseResponse
![Page 24: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/24.jpg)
What are we doing about the threat!What are we doing about the threat!
Layered view of information securityLayered view of information security
Network
System
Applications
Data & InformationSD
![Page 25: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/25.jpg)
Products are Necessary, but not Sufficient!
![Page 26: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/26.jpg)
Security is a Process
![Page 27: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/27.jpg)
A Security ProcessA Security Process
![Page 28: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/28.jpg)
Security Quality Standards
![Page 29: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/29.jpg)
ISO17799 / BS 7799ISO17799 / BS 7799
1.1. Business Continuity PlanningBusiness Continuity Planning2.2. System Access ControlSystem Access Control3.3. System Development and MaintenanceSystem Development and Maintenance4.4. Physical and Environmental SecurityPhysical and Environmental Security5.5. ComplianceCompliance6.6. Personnel SecurityPersonnel Security7.7. Security OrganizationSecurity Organization8.8. Computer & Network ManagementComputer & Network Management9.9. Asset Classification and ControlAsset Classification and Control10.10. Security PolicySecurity Policy
![Page 30: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/30.jpg)
Common Criteria for Information Common Criteria for Information Technology Security EvaluationTechnology Security Evaluation
Rooted in the Orange book or the DoD Rooted in the Orange book or the DoD Trusted Computer System Evaluation Trusted Computer System Evaluation CriteriaCriteria
ISO 15408ISO 15408
http://csrc.nist.gov/cc/http://csrc.nist.gov/cc/
![Page 31: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/31.jpg)
Academic & research perspectiveAcademic & research perspective::
Future Directions and IssuesFuture Directions and Issues
![Page 32: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/32.jpg)
www.cra.org/Activities/grand.challenges/security/home.html
![Page 33: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/33.jpg)
www.cra.org/Activities/grand.challenges/security/home.html
![Page 34: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/34.jpg)
National Perspective
![Page 35: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/35.jpg)
T R U S T
![Page 36: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/36.jpg)
Ken Thompson: on Trusting TrustKen Thompson: on Trusting Trust
The moral is obviousThe moral is obvious. . You can't trust You can't trust code that you did not totally create code that you did not totally create yourselfyourself. (. (Especially code from Especially code from companies that employ people like mecompanies that employ people like me.) .)
[…][…]
A well installed microcode bug will be A well installed microcode bug will be almost impossible to detectalmost impossible to detect..
www.acm.org/classics/sep95/
![Page 37: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/37.jpg)
http://www.iwm.org.uk/online/enigma/eni-intro.htm
![Page 38: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/38.jpg)
Research and DevelopmentResearch and Development
![Page 39: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/39.jpg)
CryptologyCryptologyCryptographyCryptography
Theoretical research: number theory, Theoretical research: number theory, algebraic geometry, complexity theory, graph algebraic geometry, complexity theory, graph theory, …etc.theory, …etc.
Research for the development of new (or Research for the development of new (or bespokebespoke) cryptographic algorithms and ) cryptographic algorithms and protocolsprotocols
CryptanalysisCryptanalysis tools research (e.g., grid computing)tools research (e.g., grid computing)
![Page 40: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/40.jpg)
Security Policy ModelsSecurity Policy Models
Fundamentals of security models (e.g., Fundamentals of security models (e.g., Multi level vs. multi lateral security)Multi level vs. multi lateral security)
National (possibly government) security National (possibly government) security policy modelspolicy models
Evaluating and auditing methodologies for Evaluating and auditing methodologies for national and established models (e.g., ISO national and established models (e.g., ISO 17799, and CC / ISO 15408)17799, and CC / ISO 15408)
![Page 41: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/41.jpg)
Computing modelsComputing models
Failure resistant systemsFailure resistant systemsDigital immune systems (and anti virus Digital immune systems (and anti virus
systems)systems)http://www.research.ibm.com/antivirus/http://www.research.ibm.com/antivirus/http://www.ibm.com/autonomichttp://www.ibm.com/autonomic
AI and NN applicationsAI and NN applications
![Page 42: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/42.jpg)
Security management and Security management and system development issuessystem development issues
Incremental and Agile development Incremental and Agile development methods (Iterative, XP)methods (Iterative, XP)
Threat modeling and risk analysis (threat Threat modeling and risk analysis (threat trees, ..etc.)trees, ..etc.)Good opportunity for interdisciplinary research Good opportunity for interdisciplinary research
with economicswith economicsApplications and use of formal methods in Applications and use of formal methods in
security (BAN logic, B, Z, ..etc.)security (BAN logic, B, Z, ..etc.)
![Page 43: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/43.jpg)
Hardware and physical security Hardware and physical security related issuesrelated issues
Engineering embedded hardware security Engineering embedded hardware security devices (e.g., ARM processor core like devices (e.g., ARM processor core like systems)systems)
Tamper resistant/evident systemsTamper resistant/evident systemsEmission and tempest securityEmission and tempest securityResisting High-power microwaveResisting High-power microwave
![Page 44: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/44.jpg)
Firewalls and network isolationFirewalls and network isolation
Distributed firewall systemsDistributed firewall systemsThe use of agent technologiesThe use of agent technologies
Application level firewalls for Web services Application level firewalls for Web services and similar technologiesand similar technologies
Firewalls to face challenges paused by Firewalls to face challenges paused by new technologies: IP telephony, wireless new technologies: IP telephony, wireless networks, …etc.networks, …etc.
![Page 45: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/45.jpg)
Intrusion Detection and PreventionIntrusion Detection and Prevention
High performance IDS systemsHigh performance IDS systemsApplications of NNs, GAs, and other AI Applications of NNs, GAs, and other AI
techniquestechniquesApplications of data miningApplications of data miningStatistical modeling and correlationStatistical modeling and correlation
![Page 46: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/46.jpg)
Authentication and access controlAuthentication and access control
BiometricsBiometrics
SmartcardsSmartcards
Other systems (secure hardware!)Other systems (secure hardware!)
![Page 47: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/47.jpg)
Application securityApplication security
EducationEducation IDS/IPS for applicationsIDS/IPS for applicationsLibraries and design patternsLibraries and design patternsMore..More..
![Page 48: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/48.jpg)
Research aimed at better Research aimed at better understanding attack understanding attack technologies and trends technologies and trends
National Honynet like projectNational Honynet like projectLarge scale data collection and statistical Large scale data collection and statistical
trend analysis researchtrend analysis researchVulnerability researchVulnerability research
![Page 49: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/49.jpg)
Other issuesOther issues
Computer ForensicsComputer ForensicsTelecommunications securityTelecommunications security
Systems, Metering, Signaling, SwitchingSystems, Metering, Signaling, SwitchingMobile phone security (cloning, GSM security, Mobile phone security (cloning, GSM security,
…etc.)…etc.)Secure hardwareSecure hardwarePKI & PMIPKI & PMILegal issuesLegal issues
![Page 50: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/50.jpg)
ConclusionsConclusions Security is a wide and challenging fieldSecurity is a wide and challenging field Developers:Developers:
Look for shiftsLook for shifts The phone is the computerThe phone is the computer The application is the security problemThe application is the security problem Web services and virtual computingWeb services and virtual computing Think servicesThink services
Researches:Researches: Risk modelingRisk modeling Fundamental issuesFundamental issues Don’t be swayed by fadsDon’t be swayed by fads
Government:Government: Adopt standards and security processAdopt standards and security process DiversifyDiversify Think in terms of threat pyramidsThink in terms of threat pyramids Manage trustManage trust Encourage R&D Encourage R&D
![Page 51: IT Security: General Trends and Research Directions](https://reader036.vdocument.in/reader036/viewer/2022081506/568148cc550346895db5e946/html5/thumbnails/51.jpg)
Questions?Questions?Links:Links:
[email protected]@aucegypt.eduwww.cs.aucegypt.edu/~skassas/ict-asrt/www.cs.aucegypt.edu/~skassas/ict-asrt/www.cert.orgwww.cert.orgwww.sans.orgwww.sans.org
IEEEIEEE16th IEEE Computer Security Foundations Workshop (CSFW'03)16th IEEE Computer Security Foundations Workshop (CSFW'03)19th Annual Computer Security Applications Conference19th Annual Computer Security Applications ConferenceFoundations of Intrusion Tolerant Systems (OASIS'03)Foundations of Intrusion Tolerant Systems (OASIS'03)2003 IEEE Symposium on Security and Privacy2003 IEEE Symposium on Security and Privacyhttp://csdl.computer.org/http://csdl.computer.org/
ACMACMConference on Computer and Communications SecurityConference on Computer and Communications SecurityNew Security Paradigms WorkshopNew Security Paradigms WorkshopWireless SecurityWireless SecurityWorkshop On Xml SecurityWorkshop On Xml Securityhttp://portal.acm.org/http://portal.acm.org/
Recent Advances in Intrusion DetectionRecent Advances in Intrusion Detectionhttp://www.raid-symposium.org/http://www.raid-symposium.org/