intro security concepts
TRANSCRIPT
-
8/10/2019 Intro Security Concepts
1/35
Network Security
Part I: Introduction
Introductory SecurityConcepts
-
8/10/2019 Intro Security Concepts
2/35
SECURITY INNOVATION 2003
2
Outline
1. Introduction
2. Security domains and policies
3. Security threats
4. Security services
5. Security mechanisms
-
8/10/2019 Intro Security Concepts
3/35
SECURITY INNOVATION 2003
3
1 Introduction
ISO 7498-2: provides standard definitions of security
terminology,
provides standard descriptions for securityservices and mechanisms,
defines where in OSI reference model securityservices may be provided,
introduces security management concepts.
-
8/10/2019 Intro Security Concepts
4/35
SECURITY INNOVATION 2003
4
Security Life-Cycle
Model is as follows: define security policy,
analyze security threats (according to policy),
define security services to meet threats, define security mechanisms to provide services,
provide on-going management of security.
-
8/10/2019 Intro Security Concepts
5/35
SECURITY INNOVATION 2003
5
Threats, Services andMechanisms
A security threat is a possible means by which asecurity policy may be breached (e.g. loss of integrityor confidentiality).
A security service is a measure which can be put inplace to address a threat (e.g. provision ofconfidentiality).
A security mechanism is a means to provide a service(e.g. encryption, digital signature).
-
8/10/2019 Intro Security Concepts
6/35
SECURITY INNOVATION 2003
6
2 Security Domains and Policies
In a secure system, the rules governingsecurity behavior should be made explicit inthe form of a Security policy.
Security policy: the set of criteria for theprovision of security services.
Security domain: the scope of a single security
policy.
-
8/10/2019 Intro Security Concepts
7/35SECURITY INNOVATION 2003
7
Generic Security Policy
ISO 7498-2 generic authorization policy: Information may not be given to, accessed by, nor
permitted to be inferred by, nor may any resource
be used by, those not appropriately authorized. Possible basis for more detailed policy.
It does not cover availability (e.g. denial ofservice) issues.
-
8/10/2019 Intro Security Concepts
8/35SECURITY INNOVATION 2003
8
Policy Types
ISO 7498-2 distinguishes between 2 types ofsecurity policy: identity-based: where access to and use of
resources are determined on the basis of theidentities of users and resources,
rule-based: where resource access is controlled byglobal rules imposed on all users, e.g. using
security labels.
-
8/10/2019 Intro Security Concepts
9/35SECURITY INNOVATION 2003
9
3 Security Threats
A threat is: a person, thing, event or idea which poses some danger to an
asset (in terms of confidentiality, integrity, availability orlegitimate use).
An attack is a realization of a threat.
Safeguards = measures (e.g. controls, procedures) toprotect against threats.
Vulnerabilities = weaknesses in safeguards.
-
8/10/2019 Intro Security Concepts
10/35SECURITY INNOVATION 2003
10
Risk
Risk is a measure of the cost of a vulnerability(taking into account probability of a successfulattack).
Risk analysis determines whether expenditureon (new/better) safeguards is warranted.
-
8/10/2019 Intro Security Concepts
11/35
-
8/10/2019 Intro Security Concepts
12/35SECURITY INNOVATION 2003
12
Fundamental Threat Examples
Integrity violation USA Today, falsified reports of missile attacks on
Israel, 7/2002
Denial of service Yahoo, 2/2000, 1Gbps
Information Leakage
Prince Charles mobile phone calls, 1993 Illegitimate use
Vladimir Levin, Citibank, $3.7M, 1995
-
8/10/2019 Intro Security Concepts
13/35SECURITY INNOVATION 2003
13
Primary Enabling Methods
Realization of any of these threats can leaddirectly to a realization of a fundamentalthreat:
Masquerade, Bypassing controls,
Authorization violation,
Trojan horse,
Trapdoor.
-
8/10/2019 Intro Security Concepts
14/35SECURITY INNOVATION 2003
14
Primary Enabling Methods:Examples
Masquerade Royal Opera House web site, 8/2002 Information Leakage Bypassing controls
ADSL modem passwords Illegitimate Use
Authorization violation Cross site scripting Information Leakage
Trojan horse PWSteal.Trojan, 1999 Information Leakage
Trapdoor
Ken Thompson, Unix login Reflections on Trusting Trust,1975 - Illegitimate Use
-
8/10/2019 Intro Security Concepts
15/35
-
8/10/2019 Intro Security Concepts
16/35
SECURITY INNOVATION 2003
16
Security Service Classification
ISO 7498-2 defines 5 main categories ofsecurity service: Authentication (including entity authentication
and origin authentication), Access control,
Data confidentiality,
Data integrity,
Non-repudiation.
-
8/10/2019 Intro Security Concepts
17/35
SECURITY INNOVATION 2003
17
Authentication
Entity authentication provides checking of aclaimed identity at a point in time.
Typically used at start of a connection.
Addresses masquerade and replay threats.
Origin authentication provides verification ofsource of data.
Does not protect against duplication ormodification of data.
GSM, web servers
-
8/10/2019 Intro Security Concepts
18/35
SECURITY INNOVATION 2003
18
Access Control
Provides protection against unauthorized useof resource, including: use of a communications resource,
reading, writing or deletion of an informationresource,
execution of a processing resource.
Remote users
-
8/10/2019 Intro Security Concepts
19/35
SECURITY INNOVATION 2003
19
Data Confidentiality
Protection against unauthorized disclosure ofinformation.
Four types:
Connection confidentiality, Connectionless confidentiality,
Selective field confidentiality,
Traffic flow confidentiality.
Internet banking session Encrypting routers as part of Swift funds transfer
network
-
8/10/2019 Intro Security Concepts
20/35
SECURITY INNOVATION 2003
20
Data Integrity
Provides protection against active threats tothe validity of data.
Five types:
Connection integrity with recovery, Connection integrity without recovery,
Selective field connection integrity,
Connectionless integrity,
Selective field connectionless integrity. MD5 hashes
http://www.apache.org/dist/httpd/binaries/linux/
http://www.apache.org/dist/httpd/binaries/linux/http://www.apache.org/dist/httpd/binaries/linux/ -
8/10/2019 Intro Security Concepts
21/35
SECURITY INNOVATION 2003
21
Non-repudiation
Protects against a sender of data denying thatdata was sent (non-repudiation of origin).
Protects against a receiver of data denying
that data was received (non-repudiation ofdelivery).
Analogous to signing a letter and sending recorded
delivery
-
8/10/2019 Intro Security Concepts
22/35
SECURITY INNOVATION 2003
22
5 Security mechanisms
Exist to provide and support security services.
Can be divided into two classes: Specific security mechanisms, used to provide
specific security services, and Pervasive security mechanisms, not specific to
particular services.
-
8/10/2019 Intro Security Concepts
23/35
SECURITY INNOVATION 2003
23
Specific Security Mechanisms
Eight types: encryption,
digital signature,
access control mechanisms, data integrity mechanisms,
authentication exchanges,
traffic padding,
routing control,
notarization.
-
8/10/2019 Intro Security Concepts
24/35
SECURITY INNOVATION 2003
24
Specific Mechanisms I
Encryption mechanisms = encryption orcipher algorithms. Can provide data and traffic flow confidentiality.
Digital signature mechanisms signing procedure (private),
verification procedure (public).
Can provide non-repudiation, originauthentication and data integrity services.
Both can be basis of some authenticationexchange mechanisms.
-
8/10/2019 Intro Security Concepts
25/35
SECURITY INNOVATION 2003
25
Specific Mechanisms II
Access Control mechanisms A server using client information to decide
whether to grant access to resources E.g. access control lists, capabilities, security labels.
Data integrity mechanisms Protection against modification of data. Provide data integrity and origin authentication services.
Also basis of some authentication exchange mechanisms.
Authentication exchange mechanisms Provide entity authentication service.
-
8/10/2019 Intro Security Concepts
26/35
SECURITY INNOVATION 2003
26
Specific Mechanisms III Traffic padding mechanisms
The addition of pretend data to conceal real volumes of datatraffic.
Provides traffic flow confidentiality.
Routing control mechanisms Used to prevent sensitive data using insecure channels.
E.g. route might be chosen to use only physically securenetwork components.
Notarization mechanisms Integrity, origin and/or destination of data can be
guaranteed by using a 3rd party trusted notary.
Notary typically applies a cryptographic transformation to thedata.
-
8/10/2019 Intro Security Concepts
27/35
SECURITY INNOVATION 2003
27
Pervasive Security Mechanisms
Five types identified: trusted functionality,
security labels,
event detection, security audit trail,
security recovery.
-
8/10/2019 Intro Security Concepts
28/35
SECURITY INNOVATION 200328
Pervasive Mechanisms I Trusted functionality
Any functionality providing or accessing securitymechanisms should be trustworthy.
May involve combination of software and hardware.
Security labels
Any resource (e.g. stored data, processing power,communications bandwidth) may have security labelassociated with it to indicate security sensitivity.
Similarly labels may be associated with users. Labels mayneed to be securely bound to transferred data.
-
8/10/2019 Intro Security Concepts
29/35
SECURITY INNOVATION 200329
Pervasive Mechanisms II Event detection
Includes detection of attempted security violations,
legitimate security-related activity.
Can be used to trigger event reporting (alarms), eventlogging, automated recovery.
Security audit trail Log of past security-related events.
Permits detection and investigation of past security breaches.
-
8/10/2019 Intro Security Concepts
30/35
SECURITY INNOVATION 200330
Pervasive Mechanisms II
Security recovery Includes mechanisms to handle requests to recover from
security failures.
May include immediate abort of operations, temporary
invalidation of an entity, addition of entity to a blacklist.
-
8/10/2019 Intro Security Concepts
31/35
SECURITY INNOVATION 200331
Services Versus Mechanisms
ISO 7498-2 indicates which mechanisms canbe used to provide which services.
Illustrative NOT definitive.
Omissions include: use of integrity mechanisms to help provide
authentication services,
use of encryption to help provide non-repudiationservice (as part of notarization).
-
8/10/2019 Intro Security Concepts
32/35
SECURITY INNOVATION 200332
Service/Mechanism Table I
SSeerrvviiccee//MMeecchhaanniissmm EEnnccrryyppttiioonn DDiiggiittaallSSiiggnnaattuurree
AAcccceessssCCoonnttrrooll
DDaattaaIInntteeggrriittyy
Entity authentication Y YOrigin authentication Y YAccess control YConnection confidentiality YConnectionless confidentiality YSelective field confidentiality YTraffic flow confidentiality YConnection integrity with recovery Y YConnection integrity without recovery Y YSelective field connection integrity Y YConnectionless integrity Y Y Y
Selective field connectionless integrity Y Y YNon-repudiation of origin Y YNon-repudiation of delivery Y Y
-
8/10/2019 Intro Security Concepts
33/35
SECURITY INNOVATION 200333
Service/Mechanism Table II
SSeerrvviicceeMMeecchhaanniissmm AAuutthhoorriizzaattiioonneexxcchhaannggee
TTrraaffffiiccppaaddddiinngg
RRoouuttiinnggCCoonnttrrooll
NNoottaarriissaattiioonn
Entity authentication YOrigin authentication
Access control
Connection confidentiality YConnectionless confidentiality YSelective field confidentiality
Traffic flow confidentiality Y YConnection integrity with recovery
Connection integrity without recovery
Selective field connection integrity
Connectionless integrity
Selective field connectionless integrity
Non-repudiation of origin YNon-repudiation of delivery Y
-
8/10/2019 Intro Security Concepts
34/35
SECURITY INNOVATION 200334
Services Versus Layers
ISO 7498-2 lays down which security servicescan be provided in which of the 7 layers.
Layers 1 and 2 may only provide
confidentiality services. Layers 3/4 may provide many services.
Layer 7 may provide all services.
-
8/10/2019 Intro Security Concepts
35/35
35
Service/Layer Table
SSeerrvviiccee//LLaayyeerr LLaayyeerr11 LLaayyeerr22 LLaayyeerr33 LLaayyeerr44 LLaayyeerr55//66 LLaayyeerr77Entity authentication Y Y YOrigin authentication Y Y YAccess control Y Y YConnection confidentiality Y Y Y Y YConnectionless confidentiality Y Y Y Y
Selective field confidentiality YTraffic flow confidentiality Y Y YConnection integrity with recovery Y YConnection integrity without recovery Y Y YSelective field connection integrity YConnectionless integrity Y Y YSelective field connectionless integrity YNon-repudiation of origin YNon-repudiation of delivery Y
http://localhost/var/www/apps/conversion/Software%20Protection%20Initiative%20TOC.ppt