* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download PPT - pantherFILE
Survey
Document related concepts
Airport security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Wireless security wikipedia , lookup
Distributed firewall wikipedia , lookup
Medical privacy wikipedia , lookup
Unix security wikipedia , lookup
Information security wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Security-focused operating system wikipedia , lookup
Cyberattack wikipedia , lookup
Mobile security wikipedia , lookup
Computer security wikipedia , lookup
Transcript
Information Security Xiangming Mu What is Information Security • About information policy, information privacy, information ownership • About information integrity, accuracy, verifiability and qualities • About encryption, data assurance, practices in organizations • About techniques for assessing information value, risk assessment, scenarios • About the Denial of a system service (so that its legitimate users are not able to use it) Evolution of information security • Ancient times (before 1990) – Networking is limited – Systems are trusting and open – “Hack” only as engineers’ hobby • Middle times (1990s) – Growing network – Many incidents of varying severity, but few that actually affected the "real" world • Modern times (2000 after) – Well-publicized security incidents that actually affected individuals – “Hacker” becomes professional – Support and recognition of security analyst as a separate professional category – professional security certifications Trust and Security • Without trust, information systems cannot be built—too complex • Trust abuse – security holes come from what you trust – Trust in a system could be defined as the level of confidence in its integrity. – Nevertheless, just like it is hard to provide computer security with reasonable guarantees, it is hard to have a system that can be trusted with a high level of confidence under all circumstances. • Insiders are the most dangerous threats to systems. Security threats • Not all damages are related to security – Incidental damage--happens "by itself" during legitimate use, could be a result of • • • • human error hardware or software bugs encountered power failure hardware failure – Caused by natural disasters • such as earthquakes, floods, hurricanes, rain, snow, storms, tornadoes, etc What in the digital world? • • • • • Viruses Worms Bacteria Trojan Horses Others Other malicious programs and mechanisms • • • • • • • • • Logic Bombs Backdoors Spyware Covert Channel Race Conditions Address Space Attacks Waste Searching File Vault on Mac OS X Design Flaws and Oversights Viruses • pieces of software that can attach themselves to – executable files – disk boot sectors – documents (whose loading is likely to cause embedded code execution at some point) – even additionally hide elsewhere in the operating system, including the kernel. • These "infected" entities become carriers of a virus's malicious code, and thereby allow it to self-replicate. • Viruses detection – detect viruses by looking for known strings, unique code sequences, etc. in suspected code. – signature-matching – by executing it within a restricted, virtualized environment, such as a sandbox. – others Worms • A worm also self-replicates like a virus, but usually over a network. • Early and good worms: intend to create useful programs that would utilize any otherwise idle machines. • Worms infiltrate computers usually by exploiting holes in the security of networked systems. • Worms usually attack programs that are already running. – The attack might result in creation of new processes, after which a worm can run independently, and self-propagate. • Unlike a virus, a worm may not change existing programs, but like a virus, a worm may have some "payload" code, which in turn may modify existing programs or system configuration. Worms (cont’) • Causing denial ( or degradation) of service • Sending emails: allow spammers to use the victims’ machines for sending spam while hiding their own tacks • Removing information on the victim system • Installing backdoors for subsequent misuse Bacteria and Trojan Horses • Bacteria – Programs that replicate themselves and feed off the host system by preempting system resources such as processor time and memory • Trojan Horses – Like the Greek Trojan horse, these programs have a hidden, negative, subversive, and thus potentially harmful aspect. – Trojan horses are programs that masquerade as useful programs, but contain malicious code to attack the system or leak information. An unsuspecting user would typically run a Trojan horse willingly, to use its supposed (advertised) features. Logic Bombs • A logic bomb is a program that does something, usually malicious (it "explodes"), when some logical condition is satisfied. • If the condition is time-related, such programs could also be termed time bombs. • Some examples of logic bombs: – Introduction of a deliberate error in a program, say, by a disgruntled employee, that will result in disaster in the future — usually after the employee is gone. – A program that deletes your files on every full-moon night. – A disgruntled administrator changes (administrator) passwords for certain systems, and leaves the company. Backdoors • A backdoor opens a system for access by an external entity: – by overthrowing, or bypassing, the local security policies. – The goal of a backdoor usually is to allow remote access and control (over a network), although it may also work "locally". – Backdoors are sometimes referred to as trapdoors. • Backdoors may exist for various reasons: – Explicitly programmed by the creators of the system, perhaps even as an undocumented feature — a debugging aid, perhaps. – A result of a flaw in the design or implementation of a program. – Planted by an attacker once he has infiltrated a system, to facilitate easy entry in future. • Some specific, somewhat contrived, examples of backdoors: – A network server, such as the web server or the mail server, could be modified to provide a shell (interactive or otherwise), when a request with a specific signature is received. Spyware • • • Spyware is apparently useful software that transmits private user data to an external entity, without the user's consent or even knowledge. The external entity stands to gain from the information thus harvested. • A common example is that it helps the external entity send targeted advertising to the user. • Spyware constitutes malware because it makes unauthorized use of a system's resources and leaks information (that is, violates privacy). • In certain cases, spyware may enter a system not through an apparently useful program, but as payload of another malicious program, such as a worm or a virus. Covert Channel and Race Conditions • Covert Channel: – an information channel might be used to transfer certain information, possibly malicious, in a way that was not intended by the system's designers. – Such a covert channel can be an effective mechanism to help in subversive activities. • Race Conditions: – are flaws, either in design or implementation, that involve an attacker exploiting a window of time in a sequence of (privileged) non-atomic operations. – The window of time exists when a programs checks for a condition, and subsequently uses the result of the check, with the two being non-atomic. – Such flaws are also called Time Of Check To Time Of Use (TOCTOU) flaws. Waste Searching • looking for sensitive information in areas that are traditionally unprotected, or weakly protected • scavenge printer ribbons, tapes, disk drives, floppy diskettes, garbage paper, and so on. • A system's swap space is another potentially lucrative area to look at for sensitive information. Database security • Security Objectives – Confidentiality—prevent/detect/deter improper disclosure of information or access to resource. – Integrity—prevent/detect/deter improper modification of information – Availability– prevent/detect/deter improper denial or access to resources provided by the system Database security (cont’) • Mechanism to achieve security objectives – Confidentiality • Access control policy and its enforcement, authentication, inference prevention, cryptography – Integrity • Integrity policy and its enforcement, auditing, cryptography – Availability • Fault-tolerant, intrusion detection Security and Surveillance • • • • • • • Logging systems Keystroke loggers (hardware & software) Backdoor Van Eck radiation/Tempest Network sniffing/wifi interception DCS 2000, cell-phone cameras Others? – Tracks in your word? Security and Surveillance (cont’) • • • • • Website Logs Web bugs Proxy logs Cookies Sniffers