Beruflich Dokumente
Kultur Dokumente
Prof. Dr. Konrad Rieck Institute for Computer Science University of Gttingen
GEORG-AUGUST-UNIVERSITT GTTINGEN
Security @ Gttingen
New research group for computer security Prof. Dr. Konrad Rieck (junior professor) http://www.sec.informatik.uni-goettingen.de Teaching and research on applied security Different courses on computer security Research on analysis and detection of threats Intelligent security systems Several topics for student projects and master theses
GEORG-AUGUST-UNIVERSITT GTTINGEN
Overview
Introduction to computer security What you will learn today Overview of the course Why security matters Basic Terminology Security goals and mechanisms
GEORG-AUGUST-UNIVERSITT GTTINGEN
GEORG-AUGUST-UNIVERSITT GTTINGEN
The Lecture
Course: Computer and Network Security (CNS) Lecture + Exercise (6 ECTS) Weekly schedule Day and time: Tuesday, 10:00-12:00 Location: Room 1.101; Informatik building Web page http://www.uni-goettingen.de/de/301521.html Slides, recordings user: cns password: ...
GEORG-AUGUST-UNIVERSITT GTTINGEN
The Exercises
Exercises posted every week on the web page Meetings every ~3 weeks (next 10.11.) Day and time: Thursday, 10:00-12:00 Location: Room 1.101; Informatik building Updates and discussion Mailing list: sec-lehre@gwdg.de https://listserv.gwdg.de/mailman/listinfo/sec-lehre Exam at end of course (oral or written)
GEORG-AUGUST-UNIVERSITT GTTINGEN
Principles of computer and network security Basics of applied cryptography Computer and network attacks Countermeasures and defenses Overview of the current security landscape Todays security threats Security standards, software and tools Best practice and open problems
GEORG-AUGUST-UNIVERSITT GTTINGEN
Hacker spirit Eagerness to understand how things work Network protocols, operating systems, ... Power of endurance Good programming skills Python as a basic language for exercises Excursions to C and assembler
GEORG-AUGUST-UNIVERSITT GTTINGEN 8
(Preliminary) Topics
1. Basic concepts of security 2. Symmetric-key cryptography 3. Public-key cryptography 4. Authentication and authorization 5. Network attacks and defenses 6. Vulnerabilities and exploits 7. Web security 8. Intrusion detection 9. Malicious software 10. Privacy and anonymity
GEORG-AUGUST-UNIVERSITT GTTINGEN 9
defensive aspects
offensive aspects
GEORG-AUGUST-UNIVERSITT GTTINGEN
10
Valuable data
GEORG-AUGUST-UNIVERSITT GTTINGEN
Private data
Dangerous data
11
GEORG-AUGUST-UNIVERSITT GTTINGEN
12
Further Examples
Stuxnet Worm Computer worm detected in January 2010 Capability of disrupting industrial systems Possible sabotage against Iran Rustock Botnet Network of 1.7 million infected systems (zombies) Capability of sending 22 million spam messages per day Active from around 2007 to March 2010
GEORG-AUGUST-UNIVERSITT GTTINGEN
13
GEORG-AUGUST-UNIVERSITT GTTINGEN
14
Who is who?
Informal terminology of attackers
Oldschool Phreaker Hacker Cracker Lamer
Newschool Cracker Hacker Reverser Script kiddie Bot herder Spammer Hacktivist
Description Someone manipulating telephone systems Someone breaking into computer systems Computer enthusiast Someone reverse engineering programs Unexperienced and naive attacker Maintainer of a bot network Someone sending unsolicited emails Politically motivated attacker
GEORG-AUGUST-UNIVERSITT GTTINGEN
15
Security is different from other disciplines Established concepts are put into questions Intersection with many areas of computer science Often, its a game of good and evil players Practice and theory of security are often fun Monitoring, detection and analysis of real attacks Reasoning about limits of attacks and defenses
GEORG-AUGUST-UNIVERSITT GTTINGEN
16
GEORG-AUGUST-UNIVERSITT GTTINGEN
17
A Formal View
Prevention Disclosure Confidentiality Deception Integrity
co Re
GEORG-AUGUST-UNIVERSITT GTTINGEN
Availability
n
Disruption Ursupation
De tec tio
Security goals
Security Threats
ry ve
Security mechanisms
18
Security Goals
Security goals (memory hook: CIA) Confidentiality of information and resources Integrity of information and resources Availability of information and resources Basic definitions Threat = potential violation of a protective goal Security = protection from intentional threats Safety = protection from accidental threats
GEORG-AUGUST-UNIVERSITT GTTINGEN
19
Confidentiality
Confidentiality Protection of resources from unauthorized disclosure Check: Who is authorized to access which resources?
Security measures Encryption of data, resource hiding Examples An attacker eavesdrop a telephone conversation An attacker reads the emails on your computer
GEORG-AUGUST-UNIVERSITT GTTINGEN
20
Integrity
Integrity Protection of resources from unauthorized manipulation Check: Who has does what on which resources?
Security measures Authorization, checksums, digital fingerprints Examples An attacker changes the receipt of a bank transaction An attacker tampers with files on your computer
GEORG-AUGUST-UNIVERSITT GTTINGEN
21
Availability
Availability Protection of resources from unauthorized disruption Check: When and how are which resources used?
Security Measures Restriction, redundancy, load balancing Examples An attacker crashes the web server of a company An attacker formats the hard disk of your computer
GEORG-AUGUST-UNIVERSITT GTTINGEN
22
Basic classes of threats Disclosure = unauthorized access to information Deception = acceptance of false data (e.g. masquerading) Disruption = interruption or prevention of correct operation Ursupation = unauthorized control of resources Attack = attempt to violate a security goal (intentional threat) Often combinations of different threat classes
GEORG-AUGUST-UNIVERSITT GTTINGEN
23
Examples of Attacks
Snooping = passive eavesdropping of information disclosure network sniffing, keyboard logging Manipulation = active modification of information deception, disruption and ursupation redirection of control flow, man-in-the-middle attacks Spoofing = impersonation of one entity by another deception and ursupation address spoofing, phishing attacks
GEORG-AUGUST-UNIVERSITT GTTINGEN
24
Security Mechanisms
Security policies and mechanisms Policy = statement of what is and what is not allowed Mechanism = method or tool enforcing a security policy Strategies for security mechanisms Prevention of attacks Detection of attacks Recovery from attacks
Prevention Detection Recovery
GEORG-AUGUST-UNIVERSITT GTTINGEN
25
Prevention
Prevention of attacks Prevention of attacks prior to violation of security goals Examples Data reduction and separation Removal or separation of information and resources Authentication and encryption Restriction of access to information and resources Limitations Inapplicable in many settings, e.g. open services
GEORG-AUGUST-UNIVERSITT GTTINGEN
26
Detection
Detection of attacks Detection of attacks during violation of security goals Examples Anti-virus scanners Detection of malicious code on computers Network intrusion detection Detection of attacks in computer networks Limitations Ineffective against unknown and invisible attacks
GEORG-AUGUST-UNIVERSITT GTTINGEN
27
Recovery
Recovery Recovery from attacks after violation of security goals Examples Computer forensics Investigation and analysis of security incidents Malware analysis Observation and analysis of malicious software Limitations Severe damage might have already occurred
GEORG-AUGUST-UNIVERSITT GTTINGEN
28
Coverage
False negative (fn) Not allowed Allowed True negative (tn)
Security mechanism
Coverage of security mechanisms Two types of errors: false positives and false negatives Often one type more important than the other Note: tp = #not-allowed - fn and tn = #allowed - fp
GEORG-AUGUST-UNIVERSITT GTTINGEN 29
Further Concepts
Authenticity = truthfulness of information and resources May be viewed as an aspect of integrity Accountability = linking of actions and users Realization of non-repudiation in computer systems Privacy = Security and control of personal information Property of individuals and not of data
GEORG-AUGUST-UNIVERSITT GTTINGEN
30
Summary
GEORG-AUGUST-UNIVERSITT GTTINGEN
31
Summary
Security central issue of computer science Omnipresence of threats and attacks Increasing importance due to cybercrime Key concepts of security Basic security goals: confidentiality, integrity, availability Various types of threats and attacks Security mechanisms for prevention, detection, recovery Next lecture: symmetric-key cryptography
GEORG-AUGUST-UNIVERSITT GTTINGEN
32