CS 8803 Advanced System and Network Security

1
CS 8803 Advanced System and Network Security

• Dr. Wenke Lee
• wenke_at_cc.gatech.edu

2
Course Objectives

• Understand system and network security threats
  and countermeasures
• Gain hands-on experience in design and
  implementation of security mechanisms
• Obtain background for original research in system
  and network security

3
Course Styles

• Descriptive what is out there
• Critical what is wrong with ...
• Skill oriented papers and projects
• Explore!
• Interactive discussion and questions encouraged
  and considered in grade
• Students are encouraged to present their findings
• Information sharing home page and message
  board/email list

4
Course Outline

• Background
• Basics of system and network security
• Trustworthy computing
• Definition and components
• Intrusion detection and network monitoring
• Static and dynamic checking of programs
• Anomaly detection
• Adaptation
• Large-scale (Internet-wide) distributed intrusion
  detection
• Early sensing,
• Complex attack scenario analysis
• Automated response

5
Course Outline (contd)

• Intrusion tolerance
• Survivable systems and networks
• Worms and viruses
• Models of worm spreading, detection and response
• Distributed Denial-of-Service and traceback
• Routing security
• Wireless security
• Vulnerabilities of protocols
• Security measures in managed networks, ad-hoc
  networks, and sensor networks

6
Prerequisites

• Networking, operating systems, discrete
  mathematics, and programming (C or C, Java).
• The right motivations.

7
Course Materials

• Recent papers in academic conferences and
  journals
• In the first half of the semester, for each
  topic, the instructor will provide a list of
  papers and give an overview of the research
  problems
• Students are required to research for more papers
  and share their reports
• Listed on course Web site

8
Course Mechanics

• WWW page http//www.cc.gatech.edu/classes/AY2003/
  cs8803k_spring/
• For course materials, e.g., lecture slides,
  papers, tools, etc.
• Grading 65 project, 20 final, 15 course
  participation.

9
Course Project

• Topics
• One of the topic areas covered in this course
• But you can define your own with my approval.
• Can be (a combination of)
• Design of new algorithms and protocols.
• Or new attacks!
• Analysis/evaluation of existing algorithms,
  protocols, and systems.
• Vulnerabilities, efficiency, etc.
• Implementation and experimentation.
• Small team - one to three persons.
• Proposal, work, and final demo/write-up.

10
Motivating Examples
11
Secure Me

• Many organizations have heterogeneous and
  distributed networks
• What does security mean? What are the challenges?

Firewall/IDS/VPN
Untrusted Networks Servers
Trusted Networks
Untrusted Users
Internet
Router
Intranet
Public Accessible Servers Networks
Trusted Users
12
Information Security

• Security is a state of well-being of information
  and infrastructures in which the possibility of
  successful yet undetected theft, tampering, and
  disruption of information and services is kept
  low or tolerable
• Security rests on confidentiality, authenticity,
  integrity, and availability

13
The Basic Components

• Confidentiality is the concealment of information
  or resources.
• Authenticity is the identification and assurance
  of the origin of information.
• Integrity refers to the trustworthiness of data
  or resources in terms of preventing improper and
  unauthorized changes.
• Availability refers to the ability to use the
  information or resource desired.

14
Security Policy and Mechanism

• Policy a statement of what is, and is not
  allowed.
• Mechanism a procedure, tool, or method of
  enforcing a policy.
• Security mechanisms implement functions that help
  prevent, detect, and respond to recovery from
  security attacks.
• Security functions are typically made available
  to users as a set of security services through
  APIs or integrated interfaces.

15
Close-Knit Attack Family
Active Attacks
Passive attacks
jam/cut it
sniff for content
capture modify
traffic analysis - who is talking
pretend
who to impersonate
I need to be Bill
16
Defense-in-Depth
Security principles layered mechanisms
17
Taxonomy of Threats

• Taxonomy a way to classify and refer to threats
  (and attacks) by names/categories
• Benefits avoid confusion
• Focus/coordinate development efforts of security
  mechanisms
• No standard yet
• One possibility by results/intentions first,
  then by techniques, then further by targets, etc.
• Associate severity/cost to each threat

18
A Taxonomy Example

• By results then by (high-level) techniques
• Illegal root
• Remote, e.g., buffer-overflow a daemon
• Local, e.g., buffer-overflow a root program
• Illegal user
• Single, e.g., guess password
• Multiple, e.g., via previously installed
  back-door
• Denial-of-Service
• Crashing, e.g., teardrop, ping-of-death, land
• Resource consumption, e.g., syn-flood
• Probe
• Simple, e.g., fast/regular port-scan
• Stealth, e.g., slow/random port-scan