• No results found

Introduction to Information Security

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Introduction to Information Security"

Copied!
39
0
0

Loading.... (view fulltext now)

Download now ( 39 Page )

Full text

(1)

Information Security

Winter 2015/2016

(2)
(3)

Security vs. Safety

(4)
(5)

Information Security

… always starts with assets.

• An asset is anything (e.g. an information, a service or a device) that has value to an entity (e.g. an organization or a person).

(6)

Security Properties

• Security properties of assets define what makes the asset valueable • The three central security properties are

• Confidentiality • Integrity

(7)

Confidentiality

• Confidentiality

is a property that applies to information. Preserving the confidentiality of information means that is not made available or disclosed to unauthorized entities.

• Example

(8)

Integrity

• Integrity

• can apply to information or a service/system. Preserving the integrity means that changes can only be done in a specified and authorized manner.

• Example

(9)

Availability

• Availability

• can apply to information or a service/system. Ensuring availability means that there is timely and reliable access to the information or service.

• Example

(10)

More Security Properties

There are many more security properties in literature on IT security that

partly overlap with the three main properties Prominent examples

• Authenticity: to assure that information is from the source it claims to be from. • Non-Repudiation: to assure that someone cannot deny something (e.g. having

received some information).

• Privacy, anonymity: typically map to other security properties, such as the confidentiality of personal information.

(11)

Assets and Security Properties

• Assets and security properties define “what we care about”

• Finding the assets and their security properties is a crucial first step of every security analysis

• You should always dig for the low-level assets  don’t simply state “the mobile phone is an asset”, but determine what assets on your mobile phone make your phone an asset

(12)

What assets do you have on your mobile

(13)

Threats

• Threats define “what can go wrong”

• A threat describes a potential violation of security. The sum of all

threats describes everything that can lead to a violation of a security property of the asset.

• Typically threats can be grouped to hierarchical classes of a threats that form an attack tree

(14)

An Attack Tree for a Safe

• Assume we place a confidential document in a safe

• What are the threats?

(15)

Attack Surface

• The larger, the attack tree, the larger is the attack surface

• How would the attack tree look like, if you placed the document not in a safe, but in a room of your apartment/your car/your garden/your work place?

(16)

Attacks Trees for Large Systems can become

and Complex

Asset Example branch that could lead to the disclosure of a

confidential file on a mobile phone • Attack via network vs. local attack

• Software bug vs. side-channel vs. trojan vs. …. • Application level vs. OS level

(17)

When Threats Become Reality …

• Vulnerability: A concrete flaw or weakness in system security that can be exploited by one or more threats

• Attack: A concrete attempt to violate one of the security properties of an asset.

(18)

The Path From an Asset to an Attack

Asset with a certain value and certain security properties

Threats Vulnerabilities Attack

Minimize the attack surface

Verification and checks

(19)

Do We have to Break All Links?

No

• Each link is associated with a certain probability

• The sum of the probabilities for the paths that lead from an asset to an attack constitute the risk of a security violation

(20)

Secure Systems

(21)
(22)
(23)

Fort Knox, Kentucky, USA

(24)
(25)

General Guidelines

General guidelines to breaking the links from assets to attacks in practice • Asset  Threat

• Design systems with security in mind  adding security on top of an existing design typically leads to a large attack surface

• Threat  Vulnerability

• Use established standardized security mechanisms and use them correctly • Proofing, verification, testing of security features

(26)

The Typical Design Is an Iterative System

Definition

System definition

Identification of assets,

threat modeling and rating of risks

Threats including risk rating

update of security mechanisms

Accept risks

(27)

The Nature of Security Mechanisms

• Security mechanisms shift the problem of protecting one asset to

protecting another (new) asset that is more easy to protect • Example

• Asset is a confidential file

• Security mechanism is to protect the access by a password  New assets: password, password checking function • Security mechanism is to encrypt the files

(28)

Threat Modeling

• The process of collecting all assets, threats and risks is called “Threat Modeling” • Threat modeling takes a lot of time

 it is worth the time! Do not start implementing security mechanisms without having done threat modeling

• Threat modeling can be done at different levels of abstraction

• Security requirements definition • System level

• Device level • Software • Hardware

(29)

Tools

• Microsoft offers the free tool “SDL Threat Modeling Tool” • STRIDE Threat Model

• Spoofing

• Tampering

• Repudiation

• Information Disclosure

(30)

Checklist for Threat Modeling

• List of assets complete?

• Where are the assets processed (which devices)?

• Does the threat modeling indeed fit to the implementation? • Are all standard threats (STRIDE) mitigated?

• Are mitigations done right? • …

(31)

Security Policy

• A security policy is a statement of what is allowed and of what is not

allowed

• Security policies for persons

• Define what the person is allowed to do or not • Example:

• The password must be at least 10 characters long and include numbers, lowercase and uppercase letters and a punctuation mark

• Don’t write down your password

• Lock confidential documents in a safe when leaving the work place

• Printed confidential documents must not leave the workplace (e.g. to work at home) • …

(32)

Security Policy

• Security policies can also be technical and formal

• Formal definitions of a security policy are used to do a formal verification of the security of software/hardware

• Examples

• Access to this file must only be granted, if …

• The content of register xy must always be cleared, when there is a task switch • …

(33)

Security Mechanisms and Policies

When designing security mechanisms and policies, do not forget about the humans!

(34)

Security Mechanisms and Policies

When designing security mechanisms and policies, do not forget about the humans!

(35)

Security Mechanisms in a Typical System

Computation (the CPUs) Communication (e.g. network) Storage (e.g. hard disk,

Computer Security (Part 2 of IIS)

(36)
(37)

Supplementary Material

Books

• Matt Bishop: “Computer Security: Art and Science”, ISBN-13: 078-5342440997

• William Stallings and Lawrie Brown: “Computer Security – Principles and Practice”, ISBN-13: 978-1-292-06617-2

Web

(38)
(39)

Images

[1] Fort Knox: By Cliff [CC BY 2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons [2] Crypto Nerd Comic: via xkcd http://xkcd.com/538/

References

Download now ( PDF - 39 Page - 1.53 MB )

Related documents