0% found this document useful (0 votes)
86 views268 pages

CH 01

Uploaded by

Mo Sa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
86 views268 pages

CH 01

Uploaded by

Mo Sa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 268

1

SECURITY IN
COMPUTING,
FIFTH EDITION
Chapter 1: Introduction

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
2

Objectives for Chapter 1


• Define computer security as well as basic computer
security terms
• Introduce the C-I-A Triad
• Introduce basic access control terminology
• Explain basic threats, vulnerabilities, and attacks
• Show how controls map to threats

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
3

What Is Computer Security?


• The protection of the assets of a computer
system
• Hardware
• Software
• Data

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
4

Assets

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
5

Values of Assets

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
6

Basic Terms
• Vulnerability_‫ق ابلية ا الصابة‬
• Threat_‫ا لتهديد‬
• Attack_‫ا لهجوم‬
• Countermeasure or control_‫اجراء مضاد‬

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Vulnerabilities, Threats, Attacks, Controls
• Vulnerability is a weakness in the security system
• (i.e., in procedures, design, or implementation), that might be exploited
to cause loss or harm.

• Threat to a computing system is a set of circumstances that


has the potential to cause loss or harm.
• a potential violation of security

• A human (criminal) who exploits a vulnerability perpetrates an


attack on the system.

• How do we address these problems?


• We use a control as a protective measure.
• That is, a control is an action, device, procedure, or technique that
removes or reduces a vulnerability.
8

Threat and Vulnerability


Relationship among threats, controls, and vulnerabilities:
• A threat is blocked by control of a vulnerability.
• To devise controls, we must know as much about threats as possible.

The fact that the


violation might occur
means that the actions
that might cause it
should be guarder
against.

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
9

C-I-A Triad
• Confidentiality_‫ا لسرية‬
• Integrity_‫ا لسالمة‬
• Availability_‫ا لتوفر‬
• Sometimes two other desirable characteristics:
• Authentication_‫ا لمصادقة‬
• the process or action of proving or showing something to be true,
genuine, or valid.
• Nonrepudiation_‫عدم ا النكار‬
• is the assurance that someone cannot deny something. 
• i.e. nonrepudiation refers to the ability to ensure that a party to a
contract or a communication cannot deny the authenticity of their
signature on a document or the sending of a message that they
originated
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
10

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
11

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
12

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
13

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
14

Access Control

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
15

Types of Threats

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
16

Advanced Persistent Threat (APT)


• Organized_‫منظم‬
• Directed_‫موجه‬
• Well financed_‫جيد ا لتمويل‬
• Patient_‫ص بور‬
• Silent_
‫ص امت‬

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
17

Types of Attackers

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
18

Types of Harm

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Threats
• In an interception_‫ مضايقة‬means that some unauthorized
party has gained access to an asset.

• In an interruption_‫ت خريب‬, an asset of the system becomes


lost, unavailable, or unusable.

• If an unauthorized party not only accesses but


tampers_‫( ي عبث‬forges) with an asset, the threat is a
modification.

• Finally, an unauthorized party might create a fabrication


of counterfeit _
‫ ت زيف‬objects on a computing system.
20

Method—Opportunity—Motive (MOM)
‫ لدافع‬-‫ لفرصة ا‬-‫ا لطريقة ا‬

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Method, Opportunity, and Motive
• A malicious attacker must have three things (MOM):

• method: the skills, knowledge, tools, and other things with


which to be able to pull off the attack
• Knowledge of systems are widely available

• opportunity: the time and access to accomplish the attack


• Systems available to the public are accessible to them

• motive: a reason to want to perform this attack against this


system
22

Controls/Countermeasures

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Security Goals
• When we talk about computer security, we mean that we are addressing three
important aspects of any computer-related system: confidentiality, integrity, &
availability (CIA)

• Confidentiality ensures that computer-related assets are accessed only


by authorized parties.
• i.e. reading, viewing, printing, or even knowing their existence
• Secrecy or privacy

• Integrity means that assets can be modified only by authorized parties


or only in authorized ways.
• i.e. writing, changing, deleting, creating

• Availability means that assets are accessible to authorized parties at


appropriate times.
• i.e. often, availability is known by its opposite, denial of service.
Relationship between Confidentiality
Integrity and Availability
• In fact, these three characteristics can be independent,
can overlap, and can even be mutually exclusive.

Confidentiality

Secure
Integrity Availability
Slide #1-25

Goals of Security
• Prevention
• Prevent attackers from violating security policy

• Detection
• Detect attackers’ violation of security policy

• Recovery
• Stop attack, assess and repair damage
• Continue to function correctly even if attack succeeds
Slide #1-26

Trust and Assumptions


• Trust underlies all aspects of security

• Policies
• Unambiguously partition system states
• Correctly capture security requirements

• Mechanisms
• Assumed to enforce policy
• Support mechanisms work correctly
27

Different Types of Controls

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Controls Available
• Encryption
• We take data in their normal, unscrambled state, called:
• cleartext or plaintext, and transform them so that they are unintelligible
to the outside observer; the transformed data are called enciphered
text or ciphertext.

• Encryption clearly addresses the need for confidentiality of data.

• Additionally, it can be used to ensure integrity;


• data that cannot be read generally cannot easily be changed in a
meaningful manner.
Controls Available
• Encryption does not solve all computer security
problems, and other tools must complement its use.
• if encryption is not used properly, it may have no effect on security
or could even degrade the performance of the entire system.

• Weak encryption can actually be worse than no


encryption at all,
• because it gives users an unwarranted sense of protection.

• Therefore, we must understand those situations in which


encryption is most useful as well as ways to use it
effectively.
Controls Available
• Software/Program Controls
• Programs must be secure enough to prevent outside attack
• They must also be developed and maintained so that we can be confident of
the programs' dependability.

• Program controls include the following:


• Internal program controls: parts of the program that enforce security
restrictions,
• i.e. access limitations in a database management program

• Operating system and network system controls: limitations enforced by


the operating system or network to protect each user from all other users
• i.e. chmod on UNIX: (Read, Write, Execute) vs. (Owner, Group, Other)

• Independent control programs: application programs,


• i.e. password checkers, intrusion detection utilities, or virus scanners, that protect
against certain types of vulnerabilities
Controls Available
• Development controls:
• quality standards under which a program is designed, coded
(implementation), tested, and maintained to prevent software
faults from becoming exploitable vulnerabilities
• i.e. Penetration testing (pen testing or ethical hacking), is the practice
of testing a computer system, network or web application to find security
vulnerabilities that an attacker could exploit.

• Software controls frequently affect users directly ?


• i.e. when the user is interrupted and asked for a password before
being given access to a program or data.
• Because they influence the usability of the system, software
controls must be carefully designed.
• Ease of use and capabilities are often competing goals in the design of
a collection of software controls.
Controls Available
• Hardware Controls
• Numerous hardware devices have been created to
assist in providing computer security. These devices
include a variety of means, such as
• hardware or smart card implementations of encryption
• locks or cables limiting access or deterring theft
• devices to verify users' identities
• firewalls
• intrusion detection systems
• circuit boards that control access to storage media
Controls Available
• Policies and Procedures
• Sometimes, we can rely on agreed-on procedures or policies
among users rather than enforcing security through hardware or
software means
• i.e. frequent changes of passwords
• We must not forget the value of community standards and
expectations when we consider how to enforce security.

• Physical Controls
• i.e. locks on doors,
• guards at entry points,
• backup copies of important software and data, and
• physical site planning that reduces the risk of natural disasters.
Effectiveness of Controls
• Awareness of Problem
• People using controls must be convinced of the need for security.
That is, people will willingly cooperate with security requirements
only if they understand
• why security is appropriate in a given situation.
Effectiveness of Controls
• Likelihood of Use
• Of course, no control is effective unless it is used

• Principle of Effectiveness:
• Controls must be used properly to be effective.
• They must be efficient, easy to use, and appropriate.

• This principle implies that computer security controls


• must be efficient enough, in terms of time, memory space,
human activity, or other resources used,
• using the control does not seriously affect the task being
protected.
• Controls should be selective so that they do not exclude
legitimate accesses.
Effectiveness of Controls
• Overlapping Controls
• Several different controls may apply to address a single
vulnerability. 

• Periodic Review
• Just when the security specialist finds a way to secure assets
against certain kinds of attacks, the opposition doubles its efforts in
an attempt to defeat the security mechanisms. Thus, judging the
effectiveness of a control is an ongoing task.
Principle of Weakest Link
• Security can be no stronger than its weakest link !!!
• Whether it is the power supply that powers the firewall or the
operating system under the security application or the human who
plans, implements, and administers controls, a failure of any
control can lead to a security failure.
38

SECURITY IN
COMPUTING,
FIFTH EDITION
Chapter 2: Toolbox: Authentication, Access
Control, and Cryptography

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
39

Objectives for Chapter 2


• Survey authentication mechanisms
• List available access control implementation options
• Explain the problems encryption is designed to solve
• Understand the various categories of encryption tools as
well as the strengths, weaknesses, and applications of
each
• Learn about certificates and certificate authorities

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
40

• security professionals have tools they use frequently.


• Three of these security tools are authentication, access
control, and cryptography.
• In this chapter we introduce these tools, and in later
chapters we use these tools repeatedly to address a wide
range of security issues.

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
41

SECURITY IN
COMPUTING,
FIFTH EDITION
Chapter 3: Programs and Programming

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
42

Objectives for Chapter 3


• Learn about memory organization, buffer
overflows, and relevant countermeasures
• Common programming bugs, such as off-by-one
errors, race conditions, and incomplete mediation
• Survey of past malware and malware capabilities
• Virus detection
• Tips for programmers on writing code for security

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
43

Memory Structure

- The code section contains your bytecode.


- The Static section contains Static data/methods.
- The Stack section of memory contains methods, local variables, and reference variables.
- The Heap section contains Objects (may also contain reference variables).

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
44

SECURITY IN
COMPUTING,
FIFTH EDITION
Chapter 5: Operating Systems

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
45

Chapter 5 Objectives
• Basic security functions provided by operating systems
• System resources that require operating system
protection
• Operating system design principles
• How operating systems control access to resources
• The history of trusted computing
• Characteristics of operating system rootkits

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
46

Operating System Functions

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
47

History of Operating Systems


• Single-user systems, no OS
• Multiprogrammed OS, aka monitors
• Multiple users
• Multiple programs
• Scheduling, sharing, concurrent use
• Personal computers

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
48

Protected Objects
• Memory
• Sharable I/O devices, such as disks
• Serially reusable I/O devices, such as printers
• Sharable programs and subprocedures
• Networks
• Sharable data

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
49

OS Layered Design

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
50

Functions Spanning Layers

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
51

Modular OS Design

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
52

Virtualization
• With virtualization, the OS presents each user with just
the resources that user should see
• The user has access to a virtual machine (VM), which
contains those resources
• The user cannot access resources that are available to
the OS but exist outside the VM
• A hypervisor, or VM monitor, is the software that
implements a VM, ex. Vmware or virtualbox
• Translates access requests between the VM and the OS
• Can support multiple OSs in VMs simultaneously
• Honeypot: A VM meant to lure
‫ف لىجذب‬
‫ ت هد ا‬an attacker into
an environment that can be both controlled and monitored
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
53

Separation and Sharing


• Methods of separation:
• Physical
• Temporal
• Logical
• Cryptographic
• Methods of supporting separation/sharing:
• Do not protect
• Isolate
• Share all or share nothing
• Share but limit access
• Limit use of an object

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
54

Hardware Protection of Memory

• In this section we describe several ways of protecting a


memory space:
- Fence
- Fence Registers
- Base/Bounds Registers
- Two Pairs of Base/Bounds Registers
- Tagged Architecture
• Virtual memory:
- Segmentation
- Paging

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
55

Fence ‫س ياج‬

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
56

Fence Registers

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
57

Base/Bounds Registers

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
58

Two Pairs of Base/Bounds Registers

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
59

Tagged Architecture

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
60

Segmentation

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
61

Segment Address Translation

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
62

Paging

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
63

Paged Segmentation

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
64

Principles of Secure OS Design


• Simplicity of design
• OSs are inherently complex, and any unnecessary complexity only
makes them harder to understand and secure
• Layered design
• Enables layered trust
• Layered trust
• Layering is both a way to keep a design logical and understandable
and a way to limit risk
• Example: very tight access controls on critical OS functions, fewer
access controls on important noncritical functions, and few if any
access controls on functions that aren’t important to the OS

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
65

Kernelized Design
• A kernel is the part of the OS that performs the lowest-
level functions
• Synchronization
• Interprocess communication
• Message passing
• Interrupt handling
• A security kernel is responsible for enforcing the security
mechanisms of the entire OS
• Typically contained within the kernel

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
66

Reference Monitor

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
67

Trusted Systems
• A trusted system is one that has been shown to warrant
some degree of trust that it will perform certain activities
faithfully
• Characteristics of a trusted system:
• A defined policy that details what security qualities it enforces
• Appropriate measures and mechanisms by which it can enforce
security adequately
• Independent scrutiny or evaluation to ensure that the mechanisms
have been selected and implemented properly

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
68

History of Trusted Systems

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
69

Trusted Computing Base (TCB)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
70

Other Trusted System Characteristics


• Secure startup
• System startup is a tricky time for security, as most systems load
basic I/O functionality before being able to load security functions
• Trusted path
• An unforgeable connection by which the user can be confident of
communicating directly with the OS
• Object reuse control
• OS clears memory before reassigning it to ensure that leftover data
doesn’t become compromised
• Audit
• Trusted systems track security-relevant changes, such as
installation of new programs or OS modification
• Audit logs must be protected against tampering and deletion

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
71

Rootkits
• A rootkit is a malicious software package that
attains and takes advantage of root status or
effectively becomes part of the OS
• Rootkits often go to great length to avoid being
discovered or, if discovered and partially
removed, to reestablish themselves
• This can include intercepting or modifying basic OS
functions

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
72

Rootkit Evading Detection

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
73

Summary
• OSs have evolved from supporting single users and single
programs to many users and programs at once
• Resources that require OS protection: memory, I/O
devices, programs, and networks
• OSs use layered and modular designs for simplification
and to separate critical functions from noncritical ones
• Resource access control can be enforced in a number of
ways, including virtualization, segmentation, hardware
memory protection, and reference monitors
• Rootkits are malicious software packages that attain root
status or effectively become part of the OS

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
74

SECURITY IN
COMPUTING,
FIFTH EDITION
Chapter 6: Networks

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
75

Objectives for Chapter 6


• Networking basics
• Network threats and vulnerabilities
• WiFi security
• Denial-of-service attacks
• Network encryption concepts and tools
• Types of firewalls and what they do
• Intrusion detection and prevention systems
• Security information and event management tools

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
76

Network Transmission Media


• Cable
• Optical fiber
• Microwave
• WiFi
• Satellite communication

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
77

Communication Media Vulnerability

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
78

Communication Media Pros/Cons

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
79

The OSI Model

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
80

The OSI Model

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
81

The OSI Model

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
82

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
83

Threats to Network Communications


• Interception, or unauthorized viewing
• Modification, or unauthorized change
• Fabrication, or unauthorized creation
• Interruption, or preventing authorized
access

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
84

Security Perimeters‫حدود ا ألمن‬

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
85

What Makes a Network Vulnerable to Interception?


• Anonymity
• An attacker can attempt many attacks, anonymously, from thousands of miles away
• Many points of attack
• Large networks mean many points of potential entry
• Sharing
• Networked systems open up potential access to more users than do single computers
• System complexity
• One system is very complex and hard to protect; networks of many different systems,
with disparate OSs, vulnerabilities, and purposes are that much more complex
• Unknown perimeter
• Networks, especially large ones, change all the time, so it can be hard to tell which
systems belong and are behaving, and impossible to tell which systems bridge
networks
• Unknown path
• There may be many paths, including untrustworthy ones, from one host to another

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
86

Unknown Perimeter

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
87

Unknown Path

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
88

Modification and Fabrication: Data corruption


Data corruption‫ف لبيانات‬
‫ ت ل ا‬May be intentional‫ متعمد‬or unintentional, malicious or
non malicious, directed or random. In this section we describe some of the
modification failures to which communications are vulnerable.
• Sequencing
• A sequencing attack or problem involves permuting‫ ت بديل‬the order of data, sequencing
error occurs when a later fragment of a data stream arrives before a previous one:
Packet 2 arrives before packet 1. Network protocols such as the TCP suite ensure the
proper ordering of traffic.
• Substitution
• Replacement of one piece of a data stream with another. The obvious countermeasure
against substitution attacks is encryption.
• Insertion
• A form of substitution in which data values are inserted into a stream
• Replay
• Legitimate data are intercepted and reused

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
89

Sources of Data Corruption

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
90

Simple Replay Attack

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
91

Interruption: Loss of Service


The final class of network attacks we consider involves
availability, the third leg of the C-I-A triad.
• Routing
• Internet routing protocols are complicated, and one
misconfiguration can poison the data of many routers
• Excessive demand‫ا الفراط ف يا لطلب‬
• Network capacity is finite and can be exhausted‫ ;استنفاذها‬an attacker
can generate enough demand to overwhelm ‫ال فساد‬a critical part of a
network
• Component failure
• Being hardware devices, components fail , these failures tend to be
sporadic‫ متقطع ة‬and unpredictable, and will cause loss of service if
not planned for
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
92

Port Scanning

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
93

WiFi Background
• Wireless communication will never be as secure as wired, because the
exposed signal is more vulnerable.
• Each device must have a network interface card, or NIC, that communicates
radio signals with the access point. The NIC is identified by a unique 48- or
64-bit hardware address called a medium access code, or MAC.
• WiFi Access Range

• WiFi Frames.

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
94

WiFi Background
• Management Frames
The most significant management frame types are these:
- Beacon.
- Authentication.
- Association request and response: A NIC requests a connection by
sending an authentication frame.

• SSID:
An SSID is a string to identify a wireless access point.

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
95

Vulnerabilities in Wireless Networks


• Confidentiality
• Integrity
• Availability
• Unauthorized WiFi access
• WiFi protocol weaknesses
• Picking up the beacon
• SSID in all frames
• Association issues

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
96

Failed Countermeasure: WEP


• Wired equivalent privacy, or WEP, was
designed at the same time as the original 802.11
WiFi standards as the mechanism for securing
those communications
• Weaknesses in WEP were first identified in 2001,
four years after release
• More weaknesses were discovered over the
course of years, until any WEP-encrypted
communication could be cracked in a matter of
minutes
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
97

How WEP Works


• Client and access point (AP) have a pre-shared key
• AP sends a random number to the client, which the client
then encrypts using the key and returns to the AP
• The AP decrypts the number using the key and checks
that it’s the same number to authenticate the client
• Once the client is authenticated, the AP and client
communicate using messages encrypted with the key

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
98

WEP Weaknesses
• Weak encryption key
• WEP allows to be either 64- or 128-bit, but 24 of those bits are
reserved for initialization vectors (IV), thus reducing effective key
size to 40 or 140 bits
• Keys were either alphanumeric or hex phrases that users typed in
and were therefore vulnerable to dictionary attacks
• Static key
• Since the key was just a value the user typed in at the client and
AP, and since users rarely changed those keys, one key would be
used for many months of communications
• Weak encryption process
• A 40-bit key can be brute forced easily ‫ي مكناختراقه ب سهولة‬. Flaws that
were eventually discovered in the RC4 encryption algorithm WEP
uses made the 104-bit keys easy to crack as well
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
99

WEP Weaknesses (cont.)


• Weak encryption algorithm
• WEP used RC4(encryption algorithm) in a strange way (always a bad
sign), which resulted in a flaw‫ خلل‬that allowed attackers to decrypt large
portions of any WEP communication
• IV collisions
• There were only 16 million possible values of IV, which, in practice, is not
that many‫ ل يسب ا لكافي‬to cycle through for cracking ‫عند ا لدورانف يعا لم ا لكراك‬. Also,
they were not as randomly selected as they should have been, with some
values being much more common than others
• Faulty integrity check ‫ف لسالمة‬‫ف حصض ع ا‬
• WEP messages included a checksum to identify transmission errors but did
not use one that could address malicious modification
• No authentication
• Any client that knows the AP’s SSID and MAC address is assumed to be
legitimate
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
100

WPA (WiFi Protected Access)


• WPA was designed in 2003 as a replacement for WEP
and was quickly followed in 2004 by WPA2, the algorithm
that remains the standard today
• Non-static encryption key
• WPA uses a hierarchy of keys: New keys are generated for
confidentiality and integrity of each session, and the encryption
key is automatically changed on each packet
• This way, the keys that are most important are used in very few
places and indirect ways, protecting them from disclosure ‫ل حماية هذه‬
‫ا لمفاتيح منا النكشاف‬
• Authentication
• WPA allows authentication by password, token, or certificate

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
101

WPA (cont.)
• Strong encryption
• WPA adds support for AES (Advanced Encryption Standard), a
much more reliably strong encryption algorithm
• Integrity protection
• WPA includes a 64-bit cryptographic integrity check
• Session initiation
• WPA sessions begin with authentication and a four-way handshake
that results in separate keys for encryption and integrity on both
ends
• While there are some attacks against WPA, they are
either of very limited effectiveness or require weak
passwords

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
102

Denial of Service (DoS)


• DoS attacks are attempts to defeat a system’s
availability
• Volumetric attacks
• Application-based attacks
• Disabled communications
• Hardware or software failure

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
103

DoS Attack: Ping Flood

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
104

DoS Attack: Smurf Attack

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
105

DoS Attack: Echo-Chargen

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
106

DoS Attack: Teardrop Attack

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
107

DoS Attack: DNS Spoofing

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
108

DoS Attack: Rerouting Routing

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
109

DoS Attack: Session Hijacking


‫ا الختطاف‬

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
110

Distributed Denial of Service (DDoS)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
111

Botnets

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
112

Link Encryption

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
113

End-to-End Encryption

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
114

Link vs. End-to-End

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
115

Secure Shell (SSH)


• Originally developed for UNIX but now available on most
OSs
• Provides an authenticated, encrypted path to the OS
command line over the network
• Replacement for insecure utilities such as Telnet,
rlogin, and rsh
• Protects against spoofing attacks and modification of data
in communication

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
116

SSL and TLS


• Secure Sockets Layer (SSL) was designed in the 1990s
to protect communication between a web browser
and server
• In a 1999 upgrade to SSL, it was renamed Transport
Layer Security (TLS)
• While the protocol is still commonly called SSL, TLS
is the modern, and much more secure, protocol
• SSL is implemented at OSI layer 4 (transport) and
provides
• Server authentication
• Client authentication (optional)
• Encrypted communication

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
117

SSL Cipher Suites‫أجنحةا لتشفير‬


• At the start of an SSL session, the client and server
negotiate encryption algorithms, known as the
“cipher suite”
• The server sends a list of cipher suite options, and the
client chooses an option from that list
• The cipher suite consists of
• A digital signature algorithm for authentication
• An encryption algorithm for confidentiality
• A hash algorithm for integrity

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
118

SSL Cipher Suites (Partial List)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
119

SSL Session Established

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
120

SSL Certificate

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
121

Chain of Certificates

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
122

Onion Routing
• Onion routing prevents an eavesdropper
‫ ا لمتنصت‬from
learning source, destination, or content of data in transit in
a network
• This is particularly helpful for evading authorities‫ا لتهربمن‬
‫ ا لسلطات‬, such as when users in oppressive countries‫ا لدول‬
‫ ا لجائرة‬want to communicate freely with the outside world.
• Uses asymmetric cryptography, as well as layers of
intermediate hosts, so that
• The intermediate host that sends the message to the ultimate
destination‫ف لنهائي‬
‫ا لهد ا‬cannot determine the original sender, and
• The host that received the message from the original sender
cannot determine the ultimate destination

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
123

Virtual Private Networks (VPN)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
124

VPN (cont.)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
125

Firewalls
• A device that filters all traffic between a protected or
“inside” network and less trustworthy or “outside” network
• Most firewalls run as dedicated devices
• Easier to design correctly and inspect for bugs
• Easier to optimize‫ ت حسين‬for performance
• Firewalls implement security policies, or set of rules that
determine what traffic can or cannot pass through
• A firewall is an example of a reference monitor, which
means it should have three characteristics:
• Always invoked ‫(ي تم ا الحتماء ب ه دائما‬cannot be circumvented
‫منا لصعب‬
‫)ا لتحايلعليه‬
• Tamperproof‫محميمنا لعبث‬
• Small and simple enough for rigorous analysis‫ا لتحليلا لدقيق‬
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
126

Firewall Security Policy

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
127

Types of Firewalls
• Packet filtering gateways or screening routers
• Stateful inspection firewalls
• Application-level gateways, also known as proxies
• Circuit-level gateways
• Guards
• Personal or host-based firewalls

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
128

Packet-Filtering Gateways

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
129

Packet-Filtering Gateways (cont.)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
130

Stateful Inspection Firewall

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
131

Application Proxy

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
132

Circuit-Level Gateway

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
133

Guard
• A sophisticated firewall that, like an application proxy, can
interpret data at the protocol level and respond
• The distinction between a guard and an application proxy
can be fuzzy ‫ ;غير واضح‬the more protection features an
application proxy implements, the more it becomes like a
guard
• Guards may implement any programmable set of rules;
for example:
• Limit the number of email messages a user can receive
• Limit users’ web bandwidth
• Filter documents containing the word “Secret”
• Pass downloaded files through a virus scanner

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
134

Personal Firewalls

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
135

Comparison of Firewall Types

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
136

Demilitarized Zone (DMZ)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
137

What Firewalls Can and Cannot Do


• Firewalls can protect an environment only if they control the
entire perimeter
• Firewalls do not protect data outside the perimeter
• Firewalls are the most visible part of an installation to the
outside, so they are an attractive target for attack
• Firewalls must be correctly configured, that configuration
must be updated as the environment changes, and firewall
activity reports must be reviewed periodically for evidence
of attempted or successful intrusion
• Firewalls exercise only minor control over the content
admitted to the inside, meaning that inaccurate or malicious
code must be controlled by means inside the perimeter

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
138

Network Address Translation (NAT)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
139

Data Loss Prevention (DLP)


• DLP is a set of technologies that can detect and possibly
prevent attempts to send sensitive data where it is not
allowed to go
• Can be implemented as
• Agent installed as an OS rootkit
• Guard
• Indicators DLP looks for:
• Keywords
• Traffic patterns
• Encoding/encryption
• DLP is best for preventing accidental incidents, as
malicious users will often find ways to circumvent it
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
140

Intrusion Detection Systems (IDS)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
141

Types of IDS
• Detection method
• Signature-based
• Heuristic
• Location
• Front end
• Internal
• Scope
• Host-based IDS (HIDS)
• Network-based IDS (NIDS)
• Capability
• Passive
• Active, also known as intrusion prevention systems (IPS)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
142

Security Information and Event Management (SIEM)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
143

Summary
• Networks are threatened by attacks aimed at interception,
modification, fabrication, and interruption
• WPA2 has many critical security advantages over WEP
• DoS attacks come in many flavors, but malicious ones are
usually either volumetric in nature or exploit a bug
• Network encryption can be achieved using specialized tools—
some for link encryption and some for end-to-end—such as
VPNs, SSH, and the SSL/TLS protocols
• A wide variety of firewall types exist, ranging from very basic
IP-based functionality to complex application-layer logic, and
both on networks and hosts
• There are many flavors of IDS, each of which detects different
kinds of attacks in very different parts of the network
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
144

SECURITY IN
COMPUTING,
FIFTH EDITION
Chapter 7: Databases

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
145

Objectives for Chapter 7


• Basic database terminology and concepts
• Security requirements for databases
• Implementing access controls in databases
• Protecting sensitive data
• Data mining and big data

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
146

Database Terms
• Database administrator
• Database management system (DBMS)
• Record
• Field/element
• Schema
• Subschema
• Attribute
• Relation

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
147

Database Example

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
148

Schema Example

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
149

Queries
• A query is a command that tells the
database to retrieve, modify, add, or delete
a field or record
• The most common database query
language is SQL

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
150

Example SQL Query


• SELECT ZIP=‘43210’

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
151

Database Security Requirements


• Physical integrity
• Logical integrity
• Element integrity
• Auditability
• Access control
• User authentication
• Availability

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
152

Reliability and Integrity


• Reliability: in the context of databases, reliability is the
ability to run for long periods without failing
• Database integrity: concern that the database as a whole
is protected against damage
• Element integrity: concern that the value of a specific data
element is written or changed only by authorized users
• Element accuracy: concern that only correct values are
written into the elements of a database

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
153

Two-Phase Update
• Phase 1: Intent
• DBMS does everything it can, other than making changes to the
database, to prepare for the update
• Collects records, opens files, locks out users, makes calculations
• DBMS commits by writing a commit flag to the database
• Phase 2: Write
• DBMS completes all write operations
• DBMS removes the commit flag
• If the DBMS fails during either phase 1 or phase 2, it can
be restarted and repeat that phase without causing harm

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
154

Other Database Security Concerns


• Error detection and correction codes to protect data
integrity
• For recovery purposes, a database can maintain a
change log, allowing it to repeat changes as necessary
when recovering from failure
• Databases use locks and atomic operations to maintain
consistency
• Writes are treated as atomic operations
• Records are locked during write so they cannot be read in a
partially updated state

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
155

Sensitive Data
• Inherently sensitive
• Passwords, locations of weapons
• From a sensitive source
• Confidential informant
• Declared sensitive
• Classified document, name of an anonymous donor
• Part of a sensitive attribute or record
• Salary attribute in an employment database
• Sensitive in relation to previously disclosed information
• An encrypted file combined with the password to open it

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
156

Types of Disclosure‫ت لمستنتجةمنق اعدة ا لبيانات‬


‫أنواع ا لمكونا ا‬
There are many ways to deduce ‫ استنتاج‬the content of a database listed on this slide, and all of them
must be considered when protecting sensitive database information.

It is important to understand both the range of possible contents of each attribute and the data
available to potential attackers in order to apply the appropriate protection mechanisms.

• Exact data
• Bounds
• Negative result
• Existence
• Probable value
• Direct inference ‫ل لمباشر‬
‫ا الستدال ا‬
• Inference by arithmetic
• Aggregation
• Hidden data attributes
• File tags
• Geotags

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
157

Preventing Disclosure
• Suppress ‫اخفاء‬obviously sensitive
information
• Keep track of what each user knows based
on past queries
• Disguise ‫ ت مويه‬the data

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
158

Security‫ ا ألمان‬vs. Precision ‫ا لدقة‬

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
159

Suppression Techniques ‫ت الخفاء‬


‫ت قنيا ا‬
• Limited response suppression
• Eliminates certain low-frequency elements from being displayed
• Combined results
• Ranges, rounding, sums, averages
• Random sample
• Blocking small sample sizes
• Random data perturbation ‫ت لعشوائية‬ ‫ت لبيانا ا‬
‫اضطرابا ا‬
• Randomly add or subtract a small error value to/from actual values
• Swapping
• Randomly swapping values for individual records while keeping
statistical results the same

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
160

Data Mining
• Data mining uses statistics, machine learning,
mathematical models, pattern recognition, and other
techniques to discover patterns and relations on large
datasets
• The size and value of the datasets present an important
security and privacy challenge, as the consequences‫عواقب‬
of disclosure are naturally high

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
161

Data Mining Challenges


• Correcting mistakes in data
• Preserving privacy
• Granular access control
• Secure data storage
• Transaction logs
• Real-time security monitoring

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
162

Summary
• Database security requirements include:
• Physical integrity
• Logical integrity
• Element integrity
• Auditability
• Access control
• User authentication
• Availability
• There are many subtle ways for sensitive data to be
inadvertently disclosed, and there is no single answer for
prevention
• Data mining and big data have numerous open security
and privacy challenges
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
163

SECURITY IN
COMPUTING,
FIFTH EDITION
Chapter 8: Cloud Computing

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
164

Objectives for Chapter 8


• Define cloud services, including types and service models
• How to define cloud service requirements and identify
appropriate services
• Survey cloud-based security capabilities and offerings
• Discuss cloud storage encryption considerations
• Protection of cloud-based applications and infrastructures
• Explain the major federated identity management
standards and how they differ
165

What Is Cloud Computing?


• On-demand self-service
• Add or subtract resources as necessary
• Broad network access ‫وصولواسع ل لشبكة‬
• Mobile, desktop, mainframe
• Resource pooling ‫ت جميع ا لمصادر‬
• Multiple tenants‫ ا لمستأجرين‬share resources that can be reassigned‫ي مكن‬
‫ اعادة ت عينها‬dynamically according to need and invisibly to the tenants
• Rapid elasticity ‫مرونة س ريع ة‬
• Services can quickly and automatically Services can quickly and
automatically scale up or down ‫ ت وسيع او ت ضيقن طاقا لخدمة‬to meet customer
need
• Measure service
• Like water, gas, or telephone service, usage can be monitored for billing
166

Service Models
• Software as a service (SaaS)
• The cloud provider gives the customer access to applications
running in the cloud
• Platform as a service (PaaS)
• The customer has his or her own applications, but the cloud
provides the languages and tools for creating and running them
• Infrastructure as a service (IaaS)
• The cloud provider offers processing, storage, networks, and other
computing resources that enable customers to run any kind of
software
167

Service Models
Read this article
168

Service Models
169

Deployment‫ ت عين‬Models
• Private cloud
• Infrastructure that is operated exclusively by and for the
organization that owns it
• Community cloud
• Shared by several organizations with common needs‫احتياجاتواهتمامات‬
‫مشتركة‬, interests, or goals
• Public cloud
• Owned by a cloud service provider and offered to the general
public
• Hybrid cloud
• Composed of two or more types of clouds, connected by
technology that enables data and applications to balance loads
among those clouds
170

Cloud Migration Risk Analysis


• Identify assets
• Determine vulnerabilities
• Estimate likelihood of exploitation
• Compute expected loss
• Survey ‫ا الستقصاء‬and select new controls
• Project savings
171

Cloud Provider Assessment ‫ت قييم مزود ا لخدمة‬


• Security issues to consider:
• Authentication, authorization, and access control options
• Encryption options
• Audit‫ا لتدقيق‬logging capabilities
• Incident response capabilities‫ت لتع املف يحا لة ا لحوادث‬
‫ق درا ا‬
• Reliability and uptime ‫ا لوثوقية وا لجهوزية‬
• Resources to help with assessment:
• FedRAMP
• PCI DSS
• CSA STAR
172

Switching Cloud Providers


• Switching cloud providers is expensive and difficult but
sometimes becomes necessary and urgent
• It is best to have backup options in place in case a
migration away from a cloud provider is necessary, but
many cloud providers make that practically impossible
• SaaS providers are generally hardest to migrate away
from, followed by PaaS, then IaaS
173

Security Benefits of Cloud Services


• Geographic diversity‫ا لتنوع ا لجغ رافي‬
• Many cloud providers run data centers in disparate geographic
locations and mirror data across locations, providing protection
from natural and other local disasters.
• Platform and infrastructure diversity ‫ت نوع ا لمنصاتوا لبنية ا لتحتية‬
• Different platforms and infrastructures mean different bugs and
vulnerabilities, which makes a single attack or error less likely to
bring a system down. Using cloud services as part of a larger
system can be a good way to diversify your technology stack.
174

Cloud-Based Security Functions


• Some security functions may be best handled by cloud
service providers:
• Email filtering
• Since email is already hopping ‫ ي قفز‬through a variety of SMTP servers,
adding a cloud-based email filter is as simple as adding another hop
‫ك اضافة ق فزة اخرى‬.
• Distributed Denial of Service (DDoS) protection
• Cloud-based DDoS protection services update your DNS records to
insert their servers as proxies in front of yours. They maintain sufficient
bandwidth to handle the flood of attack traffic.
• Network monitoring
• Cloud-based solutions can help customers deal with steep‫ب اهض‬
hardware requirements and can provide monitoring and incident
response expertise.
175

Cloud Storage
• By default, most cloud storage solutions either store
users’ data unencrypted or encrypt all data for all
customers using a single key and therefore don’t provide
strong confidentiality
• Some cloud services provide better confidentiality by
generating keys on a per-user basis ‫ ل كلمستخدم علىحد‬based
on that user’s password or some other secret
• For maximum confidentiality, some cloud providers
embrace‫ ت تبنى‬a trust no one (TNO) model in which even
the provider does not have the keys to decrypt user data
176

Lastpass TNO Implementation


177

Boxcryptor TNO Implementation


178

Data Loss Prevention (DLP)


• DLP is more difficult in cloud environments than on-
premise environments, as cloud customers have much
less control over data ingress and egress points‫ن قاط دخول‬
‫وخروج ا لبيانات‬
• DLP options for cloud-based corporate data:
• Force users to work through the corporate virtual private network
(VPN) to access corporate-contracted cloud resources‫ل لوصولا لى‬
‫موارد ا لشبكة ا لمتع اقد عليها مع ا لشركة‬
• Install DLP agents on users’ corporate systems ‫علىأنظمة ا لشركة ا لخاصة‬
‫ب ا لمستخدمين‬
• In IaaS environments, insert a DLP server as a proxy between user
systems and other corporate cloud servers
179

Cloud Application Security


• Attacks against shared resources
• Shared computing resources change the threat landscape. Sharing
a system with a vulnerable application may result in those shared
resources becoming compromised and consequently spreading
attacks to your applications. There are also attacks, such as
cryptographic side-channel attacks, that specifically target shared
resource environments.
• Attacks against insecure APIs
• Cloud vendors have a history of using known broken APIs. A recent
survey of cloud security incidents over a 5-year period found that
almost one-third of those incidents were caused by insecure
interfaces and APIs.1 A separate study found major security
weaknesses in SSL libraries used by major cloud service
providers, including Amazon and PayPal.2
180

Federated Identity Management (FIdM)


181

Security Assertion Markup Language (SAML)


• An XML-based standard that defines a way for systems to
securely exchange user identity and privilege information
• Commonly used when a company wants to give its
employees access to corporate cloud service
subscriptions ‫ت لسحابية ل لشركة‬‫ت لخدما ا‬
‫اشتراكا ا‬
• If an employee leaves the company, his corporate login
credentials ‫ ب ياناتت سجيلا لدخولا لخاصة ب ه‬are disabled and, by
extension, so are his login rights to the cloud service
182

SAML Authentication Process


183

OAuth
• Whereas SAML is an authentication standard, OAuth is
an authorization standard
• OAuth enables a user to allow third-party applications to
access APIs on that user’s behalf
• When Facebook asks a user if a new application can have
access to his photos, that’s OAuth
• OAuth allows users to give third-party applications access
to only the account resources they need, and to do so
without sharing passwords; users can revoke access at
any time
184

OAuth Authorization
185

OpenID Connect (OIDC)


• OAuth has been extended to support authentication in the
form of OIDC
• OIDC is a relatively new standard for FIdM
• OIDC provides much better support for native applications
(versus web applications) than does SAML
• Works by adding an identity token to the existing
authorization tokens, essentially treating identity
information as another authorization right
• ‫ ويتعامل بشكل‬، ‫يعمل عن طريق إضافة رمز هوية إلى رموز التفويض الحالية‬
‫أساسي مع معلومات الهوية على أنها حق تفويض آخر‬
186

OIDC Authentication
187

Securing IaaS
• Shared storage
• When you deallocate ‫ ا لغ اء ا لتخصيص‬shared storage, it gets reallocated to other
users, potentially exposing your data ‫ايي جعلا لبياناتمكشوفة‬. Encrypted storage
volumes are the most reliable mitigation ‫ت لتخزينا لمشفرة هيوسيلة ا لتخزينا ألكثر موثوقية‬
‫وحدا ا‬..
• Shared network
• Typical practice among IaaS providers prevents users from sniffing one another’s
network traffic, but the safest bet is to encrypt all network traffic to and from
virtual machines whenever possible
• Host access
• Require two-factor authentication
• Do not use shared accounts
• Enforce the principle of least privilege‫ت ألقل‬
‫استخدم مبدأ ا لصالحيا ا‬
• Use OAuth rather than passwords to give applications access to API interfaces
• Use FIdM wherever possible so as to only manage one set of accounts ‫وذلكإل دارة‬
‫مجموعة واحدة ف قط منا لحسابات‬
188

IaaS Security Architecture


189

Summary
• When considering a move to cloud infrastructure, a full
risk assessment will reveal critical requirements and bring
up important unexpected issues
• Cloud storage encryption options vary widely—
confidentiality requirements are a key consideration
• FIdM, including SAML, OAuth, and OIDC, provides strong
security benefits by centralizing account and authorization
management
• In IaaS infrastructures, use server specialization, security
enclaves, and application whitelisting to greatly limit the
potential attack surface
190

Memory Allocation

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
191

Data vs. Instructions

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
192

Buffer Overflows
• Occur when data is written beyond the space allocated for
it, such as a 10th byte in a 9-byte array
• In a typical exploitable buffer overflow, an attacker’s inputs
are expected to go into regions of memory allocated for
data, but those inputs are instead allowed to overwrite
memory holding executable code
• The trick for an attacker is finding buffer overflow
opportunities that lead to overwritten memory being
executed, and finding the right code to input

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
193

How Buffer Overflows Happen


char sample[10];

int i;

for (i=0; i<=9; i++)


sample[i] = ‘A’;

sample[10] = ‘B’;

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
194

Memory Organization

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
195

Where a Buffer Can Overflow

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
196

The Stack

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
197

The Stack after Procedure Calls

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
198

Compromised(‫ )ا لمخترق‬Stack

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
199

Overwriting Memory for Execution


• Overwrite the program counter stored in the
stack
• Overwrite part of the code in low memory,
substituting new instructions
• Overwrite the program counter and data in
the stack so that the program counter
points to the stack

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
200

Harm from Buffer Overflows


• Overwrite:
• Another piece of your program’s data
• An instruction in your program
• Data or code belonging to another program
• Data or code belonging to the operating system
• Overwriting a program’s instructions gives attackers that
program’s execution privileges
• Overwriting operating system instructions gives attackers
the operating system’s execution privileges

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
201

Overflow Countermeasures
• Staying within bounds
• Check lengths before writing
• Confirm that array subscripts are within limits
• Double-check boundary condition code for off-by-one errors
• Limit input to the number of acceptable characters
• Limit programs’ privileges to reduce potential harm
• Many languages have overflow protections
• Code analyzers can identify many overflow vulnerabilities
• Canary values in stack to signal modification

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
202

Incomplete Mediation
• Mediation: Verifying that the subject is
authorized to perform the operation on an
object
• Preventing incomplete mediation:
• Validate all input
• Limit users’ access to sensitive data and
functions
• Complete mediation using a reference monitor

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
203

Time-of-Check to Time-of-Use
• Mediation performed with a “bait and switch” in the middle

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
204

Race Conditions

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
205

Race Conditions

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
206

Other Programming Oversights


• Undocumented access points (backdoors)
• Off-by-one errors
• Integer overflows
• Unterminated null-terminated string
• Parameter length, type, or number errors
• Unsafe utility libraries

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
207

Malware
• Programs planted by an agent with malicious intent to
cause unanticipated or undesired effects
• Virus
• A program that can replicate itself and pass on malicious code to
other nonmalicious programs by modifying them
• Worm
• A program that spreads copies of itself through a network
• Trojan horse
• Code that, in addition to its stated effect, has a second,
nonobvious, malicious effect

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
208

Types of Malware

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
209

Types of Malware (cont.)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
210

History of Malware

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
211

History of Malware (cont.)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
212

Harm from Malicious Code


• Harm to users and systems:
• Sending email to user contacts
• Deleting or encrypting files
• Modifying system information, such as the Windows registry
• Stealing sensitive information, such as passwords
• Attaching to critical system files
• Hide copies of malware in multiple complementary locations
• Harm to the world:
• Some malware has been known to infect millions of systems,
growing at a geometric rate
• Infected systems often become staging areas for new infections

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
213

Transmission and Propagation


• Setup and installer program
• Attached file
• Document viruses
• Autorun
• Using nonmalicious programs:
• Appended viruses
• Viruses that surround a program
• Integrated viruses and replacements

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
214

Malware Activation
• One-time execution (implanting)
• Boot sector viruses
• Memory-resident viruses
• Application files
• Code libraries

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
215

Virus Effects

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
216

Countermeasures for Users


• Use software acquired from reliable sources
• Test software in an isolated environment
• Only open attachments when you know them to be safe
• Treat every website as potentially harmful
• Create and maintain backups

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
217

Virus Detection
• Virus scanners look for signs of malicious code infection
using signatures in program files and memory
• Traditional virus scanners have trouble keeping up with
new malware—detect about 45% of infections
• Detection mechanisms:
• Known string patterns in files or memory
• Execution patterns
• Storage patterns

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
218

Virus Signatures

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
219

Countermeasures for Developers


• Modular code: Each code module should be
• Single-purpose
• Small
• Simple
• Independent
• Encapsulation
• Information hiding
• Mutual Suspicion
• Confinement
• Genetic diversity

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
220

Code Testing
• Unit testing
• Integration testing
• Function testing
• Performance testing
• Acceptance testing
• Installation testing
• Regression testing
• Penetration testing

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
221

Design Principles for Security


• Least privilege
• Economy of mechanism
• Open design
• Complete mediation
• Permission based
• Separation of privilege
• Least common mechanism
• Ease of use

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
222

Other Countermeasures
• Good
• Proofs of program correctness—where possible
• Defensive programming
• Design by contract
• Bad
• Penetrate-and-patch
• Security by obscurity

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
223

Summary
• Buffer overflow attacks can take advantage of the fact that
code and data are stored in the same memory in order to
maliciously modify executing programs
• Programs can have a number of other types of
vulnerabilities, including off-by-one errors, incomplete
mediation, and race conditions
• Malware can have a variety of harmful effects depending
on its characteristics, including resource usage, infection
vector, and payload
• Developers can use a variety of techniques for writing and
testing code for security

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
224

Authentication
• The act of proving that a user is who she says she is
• Methods:
• Authentication mechanisms use any of three
qualities to confirm a user’s identity:
• Something the user knows: Passwords, PIN numbers..
• Something the user is: biometrics
• Something user has: driver’s license, bank card….

• Two or more forms can be combined; for example, a bank


card and a PIN combine something the user has (the card)
with something the user knows (the PIN).
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
225

Something You Know


• Passwords
• Security questions
• Attacks on “something you know” (approaches to
know passwords or security questions):
• Dictionary attacks
• Inferring likely passwords/answers
• Guessing
• Defeating concealment ‫هزيمة ا الخفاء‬
• Exhaustive or brute-force attack‫هجوم عنيفأو ق وة غاشمة‬
• Rainbow tables

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
226

Inferring likely passwords/answers


Distribution of Password Types

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
227

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
228

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
229

Defeating concealment
(Password Storage)

Plaintext Concealed

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
230

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
231

Biometrics: Something You Are

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
232

Problems with Biometrics


• Intrusive‫ت لغير‬
‫ا لتدخلف يخصوصيا ا‬
• Expensive (Every user’s workstation with a reader can be expensive
for a large company with many employees.)
• Single point of failure (I can always pull out a second card, but if
my fingerprint is not recognized, I have only that one finger.)
• Sampling error (if your face is tilted, if you press one side of a finger
more than another, or if your voice is affected by a sinus infection.)
• False readings
• Speed (The user understandably wants to get past the gate and
becomes frustrated and irritated if authentication takes too long.)
• Forgery (The most famous fake was an artificial fingerprint produced
by researchers in apan using cheap and readily available gelatin.)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
233

Tokens: Something You Have

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
234

Federated Identity Management

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
235

Single Sign-On

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
236

Access Control

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
237

Access Policies
• Protecting objects involves several complementary Goals:
• Check every access‫ت حققمنك لوصول‬
• Enforce least privilege ‫ف رضأقلامتياز‬
• Verify acceptable usage‫ت حققمنا الستخدام ا لمقبول‬
• Track users’ access
• Has someone been around for a long time and so has acquired a large number of no-longer-needed rights?............ Administrators
need to consider these kinds of questions on occasion to determine whether the policy and implementation are doing what they should.

• Enforce at appropriate granularity ‫ف رضب دقة ا لتفاصيلا لمناسبة‬


• A file, a program, or a data space is the smallest unit to which access is controlled. However, note that applications can
implement their own access control.
• Hardware devices, blocks of memory, the space on disk where program code is stored,
• specific applications, all these are likely objects over which access is controlled.

• Use audit logging to track accesses ‫استخدام ت سجيلا لتدقيقل تتبع ا لوصول‬
• Systems also record which accesses have been permitted, creating what is called an audit log.
• Records of accesses can help plan for new or upgraded equipment, by showing which items have had heavy use.
• If the system fails, these records can show what accesses were in progress and perhaps help identify the cause of failure.
• If a user misuses objects, the access log shows exactly which objects the user did access.
• In the event of an external compromise‫ا لهجوم ا لخارجي‬, the audit log may help identify how the assailant ‫ا لمهاجم‬gained access
and which data items were accessed (and therefore revealed or compromised). These data for after-the-fact forensic analysis
have been extremely helpful in handling major incidents‫ا لحوادثا لكبرى‬.

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
238

Implementing Access Control


• Reference monitor
• Access control directory
• Access control matrix
• Access control list
• Privilege list
• Capability
• Procedure-oriented access control
• Role-based access control

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
239

Reference Monitor

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
240

Access Control Directory

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
241

Access Control Matrix

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
242

Access Control List

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
243

Problems Addressed by Encryption


• Suppose a sender wants to send a message to a
recipient. An attacker may attempt to
• Block the message
• Intercept the message
• Modify the message
• Fabricate an authentic-looking alternate message

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
244

Encryption Terminology
• Sender
• Recipient
• Transmission medium
• Interceptor/intruder
• Encrypt, encode, or encipher
• Decrypt, decode, or decipher
• Cryptosystem
• Plaintext
• Ciphertext

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
245

Encryption/Decryption Process

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
246

Symmetric vs. Asymmetric

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
247

Stream Ciphers‫ا لتشفير ا لمتصل‬

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
248

Block Ciphers‫ا لتشفير ا لمقطعي‬

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
249

Stream vs. Block

Stream Block
Advantages  Sp eed o f  High d iffu s io n
t r a n s fo r m a t ion
 Im m u n it y t o
 Lo w er r or in s er t io n o f
p r o p a ga t io n s ym b o l
Disadvantages  Lo w d iffu s ion  Slo wn es s o f
en cr yp t io n
 Su s cep t ibilit y t o
m a liciou s  Pa d d in g
in s er t io n s a n d
 Er r or
m o d ifica t ion s
p r o p a ga t io n

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
250

DES: The Data Encryption Standard


• Symmetric block cipher
• Developed in 1976 by IBM for the US National Institute of
Standards and Technology (NIST)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
251

AES: Advanced Encryption System


• Symmetric block cipher
• Developed in 1999 by
independent Dutch
cryptographers
• Still in common use

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
252

DES vs. AES

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
253

Public Key (Asymmetric) Cryptography


• Instead of two users sharing one secret
key, each user has two keys: one public
and one private
• Messages encrypted using the user’s
public key can only be decrypted using the
user’s private key, and vice versa

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
254

Secret Key vs. Public Key Encryption

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
255

Public Key to Exchange Secret Keys

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
256

Key Exchange Man in the Middle

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
257

Error Detecting Codes


• Demonstrates that a block of data has been modified
• Simple error detecting codes:
• Parity checks
• Cyclic redundancy checks
• Cryptographic error detecting codes:
• One-way hash functions
• Cryptographic checksums
• Digital signatures

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
258

Parity Check

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
259

One-Way Hash Function

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
260

Digital Signature

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
261

Certificates: Trustable Identities and Public Keys

• A certificate is a public key and an


identity bound together(Public key+ID)
and signed by a certificate authority.
• A certificate authority is an authority that
users trust to accurately verify identities
before generating certificates that bind
those identities to keys.

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
262

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
263

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
264

Certificate Signing and Hierarchy

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
265

Cryptographic Tool Summary

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
266

Summary
• Users can authenticate using something they know,
something they are, or something they have
• Systems may use a variety of mechanisms to implement
access control
• Encryption helps prevent attackers from revealing,
modifying, or fabricating messages
• Symmetric and asymmetric encryption have
complementary strengths and weaknesses
• Certificates bind identities to digital signatures

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
267

Summary
• Vulnerabilities are weaknesses in a system;
• threats exploit those weaknesses;
• controls protect those weaknesses from exploitation
• Confidentiality, integrity, and availability are the three
basic security primitives
• Different attackers pose different kinds of threats based
on their capabilities and motivations
• Different controls address different threats; controls come
in many flavors and can exist at various points in the
system

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
268

Objectives for Chapter 2


• Survey authentication mechanisms
• List available access control implementation options
• Explain the problems encryption is designed to solve
• Understand the various categories of encryption tools as
well as the strengths, weaknesses, and applications of
each
• Learn about certificates and certificate authorities

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

You might also like