Chapter 15: Security

Dr. Zeeshan Rafi

PhD MIS, MPhil IT,
Former Software Engineer
Department of Computing and
Information Systems
Istanbul University, TR
KHAS University, TR
 Chapter 15: Security
• The Security Problem
• Program Threats
• System and Network Threats
• Cryptography as a Security Tool
• User Authentication
• Implementing Security Defenses
• Firewalling to Protect Systems and Networks
• Computer-Security Classifications
• An Example: Windows XP
 Objectives
• To discuss security threats and attacks
• To explain the fundamentals of encryption, authentication, and hashing
• To examine the uses of cryptography in computing
• To describe the various countermeasures to security attacks
 The Security Problem
• Security must consider external environment of the system, and protect the
system resources
• Intruders (crackers) attempt to breach security
• Threat is potential security violation
• Attack is attempt to breach security
• Attack can be accidental or malicious
• Easier to protect against accidental than malicious misuse
 Security Violations
• Categories
– Breach of confidentiality
– Breach of integrity
– Breach of availability
– Theft of service
– Denial of service
• Methods
– Masquerading (breach authentication)
– Replay attack
• Message modification
– Man-in-the-middle attack
– Session hijacking
Standard Security Attacks
 Security Measure Levels
• Security must occur at four levels to be effective:
– Physical
– Human
– Operating System
– Network
• Security is as week as the weakest chain
 Program Threats
• Trojan Horse
– Code segment that misuses its environment
– Exploits mechanisms for allowing programs written by users to be executed by other
users
– Spyware, pop-up browser windows, covert channels
• Trap Door
– Specific user identifier or password that circumvents normal security procedures
– Could be included in a compiler
• Logic Bomb
– Program that initiates a security incident under certain circumstances
• Stack and Buffer Overflow
– Exploits a bug in a program (overflow either the stack or memory buffers)
 Program Threats (Cont.)
• Viruses
– Code fragment embedded in legitimate program
– Very specific to CPU architecture, operating system, applications
– Usually borne via email or as a macro
• Visual Basic Macro to reformat hard drive
Sub AutoOpen()
Dim oFS
Set oFS =
CreateObject(’’Scripting.FileSystemObject’’)
vs = Shell(’’c:command.com /k format c:’’,vbHide)
End Sub
 Program Threats (Cont.)
• Virus dropper inserts virus onto the system
• Many categories of viruses, literally many thousands of viruses
– File
– Boot
– Macro
– Source code
– Polymorphic
– Encrypted
– Stealth
– Tunneling
– Multipartite
– Armored
A Boot-sector Computer Virus
 System and Network Threats
• Worms – use spawn mechanism; standalone program
• Internet worm
– Exploited UNIX networking features (remote access) and bugs in finger and
sendmail programs
– Grappling hook program uploaded main worm program
• Port scanning
– Automated attempt to connect to a range of ports on one or a range of IP
addresses
• Denial of Service
– Overload the targeted computer preventing it from doing any useful work
– Distributed denial-of-service (DDOS) come from multiple sites at once
 Cryptography as a Security Tool
• Broadest security tool available
– Source and destination of messages cannot be trusted without cryptography
– Means to constrain potential senders (sources) and / or receivers
(destinations) of messages
• Based on secrets (keys)
Secure Communication over Insecure Medium
 Encryption
• Encryption algorithm consists of
– Set of K keys
– Set of M Messages
– Set of C ciphertexts (encrypted messages)
– A function E : K → (M→C). That is, for each k  K, E(k) is a function for generating ciphertexts from
messages.
• Both E and E(k) for any k should be efficiently computable functions.
– A function D : K → (C → M). That is, for each k  K, D(k) is a function for generating messages from
ciphertexts.
• Both D and D(k) for any k should be efficiently computable functions.
• An encryption algorithm must provide this essential property: Given a ciphertext c  C, a computer can
compute m such that E(k)(m) = c only if it possesses D(k).
– Thus, a computer holding D(k) can decrypt ciphertexts to the plaintexts used to produce them, but a
computer not holding D(k) cannot decrypt ciphertexts.
– Since ciphertexts are generally exposed (for example, sent on the network), it is important that it be
infeasible to derive D(k) from the ciphertexts
 Symmetric Encryption

• Same key used to encrypt and decrypt

– E(k) can be derived from D(k), and vice versa
• DES is most commonly used symmetric block-encryption algorithm
(created by US Govt)
– Encrypts a block of data at a time
• Triple-DES considered more secure
• Advanced Encryption Standard (AES), twofish up and coming
 Asymmetric Encryption

• Public-key encryption based on each user having two keys:

– public key – published key used to encrypt data
– private key – key known only to individual user used to decrypt data
 User Authentication
• Crucial to identify user correctly, as protection systems depend on user ID
• User identity most often established through passwords, can be considered a
special case of either keys or capabilities
– Also can include something user has and /or a user attribute
• Passwords must be kept secret
– Frequent change of passwords
– Use of “non-guessable” passwords
– Log all invalid access attempts

• Passwords may also either be encrypted or allowed to be used only once

 Implementing Security Defenses
• Defense in depth is most common security theory – multiple layers of security
• Security policy describes what is being secured
• Vulnerability assessment compares real state of system / network compared to
security policy
• Intrusion detection endeavors to detect attempted or successful intrusions
– Signature-based detection spots known bad patterns
– Anomaly detection spots differences from normal behavior
• Can detect zero-day attacks
– False-positives and false-negatives a problem
• Virus protection
• Auditing, accounting, and logging of all or specific system or network activities
 Firewalling to Protect Systems and Networks

• A network firewall is placed between trusted and untrusted hosts

– The firewall limits network access between these two security domains
• Can be tunneled or spoofed
– Tunneling allows disallowed protocol to travel within allowed protocol (i.e.
telnet inside of HTTP)
– Firewall rules typically based on host name or IP address which can be
spoofed
• Personal firewall is software layer on given host
– Can monitor / limit traffic to and from the host
• Application proxy firewall understands application protocol and can control them
(i.e. SMTP)
• System-call firewall monitors all important system calls and apply rules to them
(i.e. this program can execute that system call)
 Example: Windows XP
• Security is based on user accounts
– Each user has unique security ID
– Login to ID creates security access token
• Includes security ID for user, for user’s groups, and special privileges
• Every process gets copy of token
• System checks token to determine if access allowed or denied
• Uses a subject model to ensure access security. A subject tracks and
manages permissions for each program that a user runs
• Each object in Windows XP has a security attribute defined by a security
descriptor
– For example, a file has a security descriptor that indicates the access
permissions for all users
End of Chapter 15