CS计算机代考程序代写 x86 distributed system cache Excel algorithm Week 1 – Part 2

Week 1 – Part 2

Deakin University CRICOS Provider Code: 00113B

SIT182 – Real World Practices For Cyber Security

Trimester 2 – 2021
Deakin College

Week 1 – Part 2

Deakin University CRICOS Provider Code: 00113B

Understanding
“Cybersecurity”

Deakin University CRICOS Provider Code: 00113B

What makes Cybersecurity a distinct subject?

3

What makes a problem a `computer security’ problem?

“Properties of a computer system must be maintained despite a resourced
strategic adversary”

As compared with:

• Safety,
• Robustness,
• Program Correctness

Deakin University CRICOS Provider Code: 00113B

What is Cybersecurity?

4

• Cybersecurity is the body of technologies, processes and practices designed to prevent,
detect, and recover networks, computers, programs and data from attack, damage or
unauthorized access.

No single solution exists for protecting assets against all possible threats.

→ Key concepts: Security Policy, Threat Model, Assumptions

Deakin University CRICOS Provider Code: 00113B

The Security Policy

5

– A high level description of the Principals (subjects), Assets (objects) and Security Properties that must
hold in the system.

– Usually requires the requirements & high-level architecture of the system to be somewhat defined.

Terminologies:

➢ Principals: people, computer programs, (entities with some
legitimate authority, may not contain the adversary).

➢ Assets: anything with value that needs to be protected.
➢ Security Properties: usually defined in relation to Principals

+ Assets.

Deakin University CRICOS Provider Code: 00113B

Security Properties

6

• Traditional properties – (The CIA Triad)

– Confidentiality – Concealment of information or resources.
(eg. The adversary should not be able to read my emails)

– Integrity – Trustworthiness of data or resources (provenance).
(eg. The adversary should not be able to change my bank balance)

– Availability – Ability to use information or resource by “authorized” parties
only.
(eg. The adversary should not prevent me accessing this news website)

• Other:

– Authenticity – Mechanisms to establish identity.

– Non-repudiation – Non-deniability of actions.

https://www.thesecurityawarenesscompany.com/2015/05/14/the-cia-triad/

Deakin University CRICOS Provider Code: 00113B

Where do Security Policies come from?

7

• Factors in formulating security policy:

– Security Engineering,

– Business,

– Risk Management,

– Legal and Compliance.

• Must be revised as the above change.
Image from https://www.shutterstock.com/image-illustration/security-policy-word-tag-cloud-on-195043955

Deakin University CRICOS Provider Code: 00113B

The Adversary – Who are they?

8

Some examples:
• Script kiddies : lacks knowledge necessary to attack on their own. Use automated software,

purchases `exploit kit’.
• Brokers : excellent computer skills, sell their knowledge of a vulnerability to other attackers or

governments.
• Insiders : An organization’s own employees, contractors, and business partners. In 2018, most

of the data breaches were reported to be related to Insiders.
• Cyberterrorists : Ideologically motivated, unpredictable, Attack to incite panic.
• Hacktivists: Ideologically motivated, targets specific websites.
• State-sponsored : “cyberwar”, governments attacking their own citizen or foreign

governments.

Possibly many motives: fame, money, commercial advantage, military advantage, political …

Deakin University CRICOS Provider Code: 00113B

The Adversary – “Resourced strategic adversary”

9

• Key concept: “Threat Model”:
“What are the resources available to the adversary?”

• Adversary resources and capabilities:
E.g. parts of the system that can be observed, parts of the system that
can be influenced / modified, entities that they can corrupt to extract
secrets or act on behalf of the adversary.

• Strategic:
The adversary will choose to commit resources optimally to violate the
security properties.

Image from https://www.csoonline.com/article/3257672/us-cybersecurity-threat-
risk-remains-high-no-signs-of-lessening.html

Deakin University CRICOS Provider Code: 00113B

Threat vs. Threat Model

10

• Threat: “What bad thing can happen”, “What the adversary wants to achieve, or how”.

– End goal or means of attack.

– E.g. Threat: the adversary steals the password, the adversary steals some money, the adversary
disrupts a service.

• Threat model: “An adversary capability”

– Technical term (usage from cryptography)

– E.g. The adversary can eavesdrop on traffic, the adversary controls a server and can make it act
arbitrarily.

Deakin University CRICOS Provider Code: 00113B

Example 1: The State Level Adversary

11

• What is the security policy?

– What is the system under attack?

– Who are the principals?

– What are their assets?

– What are the security properties they try to maintain?

• What is the threat model?

Deakin University CRICOS Provider Code: 00113B

Example 2: The Teenage Adversary

12

• What is the security policy?

– System, Principals, Assets, Security Properties

• What is the threat model?

Deakin University CRICOS Provider Code: 00113B

Reflection ..

13

• Consider the security policies and threat models of the two previous examples.

– “The State Level Adversary”, where a national telecommunication carrier tries to
prevent a national security agency from eavesdropping on customer calls.

– “The Teenage Adversary”, where the education authorities are trying to
prevent teenagers accessing Facebook from a device given to them.

• Which of the two security systems is most likely to preserve its security policy?

(And why?)

Deakin University CRICOS Provider Code: 00113B

Why is Cybersecurity hard?

14

• Attacker: needs to find one way to violate one security property.

– Given the resources in the threat model.

– Any one: “lowest hanging fruit”.

• Defender: needs to ensure that no adversary strategy can violate the security policy.

– Much harder job!

Thinking through all possible threat scenarios is difficult

Security often comes with a price, requiring trade-offs

Security ultimately is about risk management

Future-proofing, uniform security policy

Usability, efficacy, security is expensive

How much you are willing to invest?,
Continuous reassessment

Deakin University CRICOS Provider Code: 00113B

Why is Cybersecurity hard?

15

Deakin University CRICOS Provider Code: 00113B

Why is Cybersecurity hard?

16

We will see many cybersecurity cases in the following lectures, where the level of `stupidity’ may be even worse ☺ !!

Assumptions, Assumptions, Assumptions …

Deakin University CRICOS Provider Code: 00113B

Why is Cybersecurity hard?

17

Cybersecurity is multi-layered. It involves a range of different (in many cases) conflicting requirements.

Deakin University CRICOS Provider Code: 00113B

When is a system `Secure’?

18

A system is “secure” if an adversary constrained by a specific threat model cannot
violate the security policy.

– Question: Can a system be “more secure” than another?

“Is this systems secure?” – meaningless question unless …

• Useless threat model: “The adversary can see all traffic, steal all user devices, past
and future, and control all third parties. The adversary is a quasi-supernatural.” –
No room for a security argument.

• Useful Threat Model: “The adversary can observe all network traffic, but does not
control the mail server”.

Deakin University CRICOS Provider Code: 00113B

Security Mechanisms

19

• “Security Mechanism” / (“Controls”)

– A Technical mechanism used to ensure that the security policy is not violated by an adversary within
the threat model.

• “Security Argument”

– A rigorous argument that the security mechanisms are indeed effective in maintaining the
security policy (verbal or mathematical).

– Subject to the assumptions of the threat model.

• These mechanisms are the essence of the technical side of computer security.

– We get to know about some of the Security Mechanisms in this unit.

Deakin University CRICOS Provider Code: 00113B

Security Mechanisms

20

• They are not made of magic pixie dust – you can design them.

• A combination of

– Software (programs), Hardware, Maths (cryptography).

– Distributed systems, people & procedures.

• Example:

– Policy: ensure the log of transactions is not tampered with by a single employee.

– Mechanism: keep a copy of the log on multiple computers, such that no single
employee has access to all of them.

(One more step: what if the logs also need to be secret from any one employee?)

Deakin University CRICOS Provider Code: 00113B

A Systematic approach to engineering secure systems

21

1) High-level specification:

– Define the architecture of the system! (high level block diagram)

– Define the security policy (principals, assets, security properties)

– Define the threat model

2) Security design:

– Define / Design security mechanisms / controls

– State your security argument: which controls maintain which
properties?

3) Secure implementation:

– Implement mechanisms

– Ensure they conform to the design model

– Security testing

Deakin University CRICOS Provider Code: 00113B

Failure

22

• Failure in specification

• Failure in design,

• Failure in implementation.

(see how it maps to previous slide ☺?)

Deakin University CRICOS Provider Code: 00113B

A few key principles
when designing
protection
mechanisms

Deakin University CRICOS Provider Code: 00113B

Least Privilege

24

Every “module” (such as a process, a user or a program) should be able to access only
such information and resources that are necessary to its legitimate purpose.

Examples:

• (Integrity) DB program, can only write the DB.

• (Privacy) Data minimization principle.

Image from https://en.wikipedia.org/wiki/Principle_of_least_privilege#/media/File:Priv_rings.svg

privilege rings for the Intel x86

https://en.wikipedia.org/wiki/Intel_x86

Deakin University CRICOS Provider Code: 00113B

Separation of Privileges

25

The principle of separation of privilege states that a system should not grant permission
based upon a single condition.

• E.g. Company checks for over $75,000 must be signed by two officers of the company. If either does
not sign, the check is not valid. The two conditions are the signatures of both officers.

• Downside?

– Availability.

– Complexity of orchestration.

Deakin University CRICOS Provider Code: 00113B

Least Common Mechanism

26

Mechanisms used to access resources should not be shared.

– Restrictive principle!

– If everybody depends on it, failure will have a higher impact.

– One user can do a DOS attack.

– Shared service [or resource such as CPU cache] can provide side channels.

– A mechanism serving all users must be designed to the satisfaction of every user, harder than
satisfying more specialized requirements

Deakin University CRICOS Provider Code: 00113B

Psychological Acceptability

27

• “It is essential that the human interface be designed for ease of use, so that users routinely and
automatically apply the protection mechanisms correctly” [SS75]

• Mental model of the (honest) users must match security policy and security mechanisms.

• Cultural acceptability:

– (Authentication) Photographs that must uncover faces.

– (Safety) Register of everyone who sleeps in a dorm.

Deakin University CRICOS Provider Code: 00113B

Fail-safe Defaults

28

Unless a subject is given explicit access to an object, it should be denied access to that object
(default DENY)

• Base access decisions on permission rather than exclusion:
• A conservative design must be based on arguments why objects should be

accessible, rather than why they should not.

Deakin University CRICOS Provider Code: 00113B

Open Design Principle

29

The principle of open design states that the security of a mechanism should not depend on
the secrecy of its design or implementation.

• “Security through obscurity” is not a good
principle.

• This principles does not apply to information such
as passwords or cryptographic keys (these are
data and not algorithms).
• Only very specific passwords / keys should be

assumed secret. (Kerckhoffs’ principle from
1883) Image from https://www.codepunker.com/smile/security-through-obscurity

Deakin University CRICOS Provider Code: 00113B

Composition of Security Mechanisms

• Big security systems are build from smaller ones:

– “Composition” of secure systems

– It is not always secure to compose two secure systems.

– Two models for composition of secure systems:

Weakest link: if any sub-system is broken the security policy is
violated.
Bruce Schneier: “security is only as strong as the weakest link.”

Defense in depth (military): if any sub-system
remains secure, the security policy is enforced.

Deakin University CRICOS Provider Code: 00113B

Example of Defence-in-depth (multi-layer)

Image from: https://www.nist.gov/itl/applied-cybersecurity/tig/back-basics-multi-factor-authentication

Deakin University CRICOS Provider Code: 00113B

Example of Weakest link

Image from: https://www.netpresenter.com/blog/cybersecurity-human-firewall/

Human are the weakest link in
cybersecurity.

Social Engineering, …

Deakin University CRICOS Provider Code: 00113B

Assume the worst (or `Average’ case)

• How to measure the degree of protection afforded by a security system:

– In general: Important open question!

• On the basis of the worse case:

– Take the inputs from both the honest users, and the adversary that produces the worse
outcomes (in terms of violating the security policy).

• On the basis of the average case:

– Given the actions of a “typical” / “average” user, and the worse actions of an adversary measure
the outcome.

Deakin University CRICOS Provider Code: 00113B

Pros and Cons

• “Worse case” security measure:

– Makes no assumptions on the user behaviour within the security policy.

– Strong guarantee

– Pessimistic – low performance.

– Examples: Cryptographic primitives

• “Average case” security measures:

– What is a typical user?

– Difficult to second guess which actions are more important to protect within the security
policy.

– More fragile.

– Examples: data anonymization, network anonymization.

Deakin University CRICOS Provider Code: 00113B

References

• Chapter 1 and 13 – Introduction To Computer Security [Matt Bishop].
• Chapter 1 – M. Ciampa, “Security Awareness Applying Practical Security In Your World”, Fifth Edition, Cengage

Learning, 2016.

Deakin University CRICOS Provider Code: 00113B

Acknowledgement

Acknowledging the kind support and contribution of:
Dr Arash Shaghaghi (Deakin University, Australia), Prof. Chang-Tsun Li (Deakin University, Australia), Prof. Sanjay
Jha (The University of New South Wales, Australia), Dr. Nicolas Courtois (University College London, UK), Dr George
Danezis (University College London, UK), and Dr Michael March (University of Maryland, USA).