Information Security

1
Information Security

• Xiangming Mu

2
What is Information Security

• About information policy, information privacy,
  information ownership
• About information integrity, accuracy,
  verifiability and qualities
• About encryption, data assurance, practices in
  organizations
• About techniques for assessing information value,
  risk assessment, scenarios
• About the Denial of a system service (so that its
  legitimate users are not able to use it)

3
Evolution of information security

• Ancient times (before 1990)
• Networking is limited
• Systems are trusting and open
• Hack only as engineers hobby
• Middle times (1990s)
• Growing network
• Many incidents of varying severity, but few that
  actually affected the "real" world
• Modern times (2000 after)
• Well-publicized security incidents that actually
  affected individuals
• Hacker becomes professional
• Support and recognition of security analyst as a
  separate professional category
• professional security certifications

4
Trust and Security

• Without trust, information systems cannot be
  builttoo complex
• Trust abuse
• security holes come from what you trust
• Trust in a system could be defined as the level
  of confidence in its integrity.
• Nevertheless, just like it is hard to provide
  computer security with reasonable guarantees, it
  is hard to have a system that can be trusted with
  a high level of confidence under all
  circumstances.
• Insiders are the most dangerous threats to
  systems.

5
Security threats

• Not all damages are related to security
• Incidental damage--happens "by itself" during
  legitimate use, could be a result of
• human error
• hardware or software bugs encountered
• power failure
• hardware failure
• Caused by natural disasters
• such as earthquakes, floods, hurricanes, rain,
  snow, storms, tornadoes, etc

6
What in the digital world?

• Viruses
• Worms
• Bacteria
• Trojan Horses
• Others

7
Other malicious programs and mechanisms

• Logic Bombs
• Backdoors
• Spyware
• Covert Channel
• Race Conditions
• Address Space Attacks
• Waste Searching
• File Vault on Mac OS X
• Design Flaws and Oversights

8
Viruses

• pieces of software that can attach themselves to
• executable files
• disk boot sectors
• documents (whose loading is likely to cause
  embedded code execution at some point)
• even additionally hide elsewhere in the operating
  system, including the kernel.
• These "infected" entities become carriers of a
  virus's malicious code, and thereby allow it to
  self-replicate.
• Viruses detection
• detect viruses by looking for known strings,
  unique code sequences, etc. in suspected code.
• signature-matching
• by executing it within a restricted, virtualized
  environment, such as a sandbox.
• others

9
Worms

• A worm also self-replicates like a virus, but
  usually over a network.
• Early and good worms intend to create useful
  programs that would utilize any otherwise idle
  machines.
• Worms infiltrate computers usually by exploiting
  holes in the security of networked systems.
• Worms usually attack programs that are already
  running.
• The attack might result in creation of new
  processes, after which a worm can run
  independently, and self-propagate.
• Unlike a virus, a worm may not change existing
  programs, but like a virus, a worm may have some
  "payload" code, which in turn may modify existing
  programs or system configuration.

10
Worms (cont)

• Causing denial ( or degradation) of service
• Sending emails allow spammers to use the
  victims machines for sending spam while hiding
  their own tacks
• Removing information on the victim system
• Installing backdoors for subsequent misuse

11
Bacteria and Trojan Horses

• Bacteria
• Programs that replicate themselves and feed off
  the host system by preempting system resources
  such as processor time and memory
• Trojan Horses
• Like the Greek Trojan horse, these programs have
  a hidden, negative, subversive, and thus
  potentially harmful aspect.
• Trojan horses are programs that masquerade as
  useful programs, but contain malicious code to
  attack the system or leak information. An
  unsuspecting user would typically run a Trojan
  horse willingly, to use its supposed (advertised)
  features.

12
Logic Bombs

• A logic bomb is a program that does something,
  usually malicious (it "explodes"), when some
  logical condition is satisfied.
• If the condition is time-related, such programs
  could also be termed time bombs.
• Some examples of logic bombs
• Introduction of a deliberate error in a program,
  say, by a disgruntled employee, that will result
  in disaster in the future usually after the
  employee is gone.
• A program that deletes your files on every
  full-moon night.
• A disgruntled administrator changes
  (administrator) passwords for certain systems,
  and leaves the company.

13
Backdoors

• A backdoor opens a system for access by an
  external entity
• by overthrowing, or bypassing, the local security
  policies.
• The goal of a backdoor usually is to allow remote
  access and control (over a network), although it
  may also work "locally".
• Backdoors are sometimes referred to as trapdoors.
  
• Backdoors may exist for various reasons
• Explicitly programmed by the creators of the
  system, perhaps even as an undocumented feature
  a debugging aid, perhaps.
• A result of a flaw in the design or
  implementation of a program.
• Planted by an attacker once he has infiltrated a
  system, to facilitate easy entry in future.
• Some specific, somewhat contrived, examples of
  backdoors
• A network server, such as the web server or the
  mail server, could be modified to provide a shell
  (interactive or otherwise), when a request with a
  specific signature is received.

14
Spyware

• Spyware is apparently useful software that
  transmits private user data to an external
  entity, without the user's consent or even
  knowledge.
• The external entity stands to gain from the
  information thus harvested.
• A common example is that it helps the external
  entity send targeted advertising to the user.
• Spyware constitutes malware because it makes
  unauthorized use of a system's resources and
  leaks information (that is, violates privacy).
• In certain cases, spyware may enter a system not
  through an apparently useful program, but as
  payload of another malicious program, such as a
  worm or a virus.

15
Covert Channel and Race Conditions

• Covert Channel
• an information channel might be used to transfer
  certain information, possibly malicious, in a way
  that was not intended by the system's designers.
• Such a covert channel can be an effective
  mechanism to help in subversive activities.
• Race Conditions
• are flaws, either in design or implementation,
  that involve an attacker exploiting a window of
  time in a sequence of (privileged) non-atomic
  operations.
• The window of time exists when a programs checks
  for a condition, and subsequently uses the result
  of the check, with the two being non-atomic.
• Such flaws are also called Time Of Check To Time
  Of Use (TOCTOU) flaws.

16
Waste Searching

• looking for sensitive information in areas that
  are traditionally unprotected, or weakly
  protected
• scavenge printer ribbons, tapes, disk drives,
  floppy diskettes, garbage paper, and so on.
• A system's swap space is another potentially
  lucrative area to look at for sensitive
  information.

17
Database security

• Security Objectives
• Confidentialityprevent/detect/deter improper
  disclosure of information or access to resource.
• Integrityprevent/detect/deter improper
  modification of information
• Availability prevent/detect/deter improper
  denial or access to resources provided by the
  system

18
Database security (cont)

• Mechanism to achieve security objectives
• Confidentiality
• Access control policy and its enforcement,
  authentication, inference prevention,
  cryptography
• Integrity
• Integrity policy and its enforcement, auditing,
  cryptography
• Availability
• Fault-tolerant, intrusion detection

19
Security and Surveillance

• Logging systems
• Keystroke loggers (hardware software)
• Backdoor
• Van Eck radiation/Tempest
• Network sniffing/wifi interception
• DCS 2000, cell-phone cameras
• Others?
• Tracks in your word?

20
Security and Surveillance (cont)

• Website Logs
• Web bugs
• Proxy logs
• Cookies
• Sniffers