Security

The Security Problem

 System secure if resources used and accessed as
intended under all circumstances
 Unachievable
 Intruders (crackers) attempt to breach security
 Threat is potential security violation
 Attack is attempt to breach security
 Attack can be accidental or malicious
Security Violation Categories
 Breach of confidentiality
 Unauthorized reading of data
 Breach of integrity
 Unauthorized modification of data
 Breach of availability
 Unauthorized destruction of data
 Theft of service
 Unauthorized use of resources
 Denial of service (DOS)
 Prevention of legitimate use
Security Violation Methods
 Masquerading (breach authentication)
 Pretending to be an authorized user to escalate privileges
 Man-in-the-middle attack
 Intruder sits in data flow, masquerading as sender to
receiver and vice versa
 Session hijacking
 Intercept an already-established session to bypass
authentication
Standard Security Attacks
Security Measure Levels
 Impossible to have absolute security, but make cost to
perpetrator sufficiently high to deter most intruders
 Security must occur at four levels to be effective:
 Physical
 Data centers, servers, connected terminals
 Human
 Avoid social engineering, phishing
 Operating System
 Protection mechanisms, debugging
 Network
 Intercepted communications, interruption, DOS
 Security is as weak as the weakest link in the chain
 But can too much security be a problem?
Program Threats
 Many variations, many names
 Trojan Horse
 Code segment that misuses its environment
 Exploits mechanisms for allowing programs written by users to be
executed by other users
 Spyware, pop-up browser windows
 Up to 80% of spam delivered by spyware-infected systems
 Program Threats (Cont.)
 Logic Bomb
 Program that initiates a security incident under certain
circumstances
 Stack and Buffer Overflow
 Exploits a bug in a program (overflow either the stack or
memory buffers)
 Failure to check bounds on inputs, arguments
 When routine returns from call, returns to hacked address
 Pointed to code loaded onto stack that executes malicious
code
Great Programming Required?
 For the first step of determining the bug, and second step
of writing exploit code, yes
 Script kiddies can run pre-written exploit code to attack
a given system
 Attack code can get a shell with the processes’ owner’s
permissions
 Or open a network port, delete files, download a program, etc
 Depending on bug, attack can be executed across a
network using allowed connections, bypassing firewalls
A Boot-sector Computer Virus
The Threat Continues
 Attacks still common, still occurring
 Attacks moved over time from science experiments to tools of
organized crime
 Targeting specific companies
 Creating botnets to use as tool for spam and DDOS delivery
 Keystroke logger to grab passwords, credit card numbers
 Why is Windows the target for most attacks?
 Most common
System and Network Threats

 Denial of Service
 Overload the targeted computer preventing it from doing
any useful work
 Distributed denial-of-service (DDOS) come from
multiple sites at once
 Consider the start of the IP-connection handshake
 How many started-connections can the OS handle?
 Consider traffic to a web site
 How can you tell the difference between being a target and
being really popular?
 Accidental – CS students writing bad fork() code
 Purposeful – extortion, punishment
Cryptography as a Security Tool
 Broadest security tool available
 Internal to a given computer, source and destination of
messages can be known and protected
 OS creates, manages, protects process IDs, communication
ports
 Source and destination of messages on network cannot be
trusted without cryptography
 Local network – IP address?
 Consider unauthorized host added
 WAN / Internet – how to establish authenticity
 Not via IP address
Example: Windows 7
 Security is based on user accounts
 Each user has unique security ID
 Login to ID creates security access token
 Includes security ID for user, for user’s groups, and
special privileges
 Every process gets copy of token
 System checks token to determine if access allowed or
denied
 Uses a subject model to ensure access security
 A subject tracks and manages permissions for each
program that a user runs
 Each object in Windows has a security attribute defined by a
security descriptor
 For example, a file has a security descriptor that indicates
the access permissions for all users