Vulnerability
weakness that could exploited to cause harm/attack surface - need to be controlled
Threats
Circumstances that could cause harm - is limited - are blocked by control of vulnerabilities
Controls
prevents threats from exercising vulnerabilities
3 properties of security
Confidentiality, Integrity, Availability
Confidentiality
asset is viewed by authorized parties
who + what + how
Integrity
asset is modified only by authorized parties
availability
asset can be used by any authorized parties
types of attackers
terrorist, hacker, individual, group
Securing Weakest Link
attackers are more likely to attack a weak spot - Risk = Probability X Impact ; eg. admins, users, tech support are the weakest
Defense in Depth
Layer security defenses with multiple mechanisms
Failing Securely
unless given explicit access, deny user access. when system fails, undo changes and secure defaults to deny information
Separation of Privilege
system should not be granted permission based on a single condition - multiple security checks
Economy of Mechanism
mechanisms should be as simple as possible, reduce number of choke points - bridge
Least Common Mechanism
mechanisms used to access resources should not be shared
Reluctance To Trust
assume environment is insecure, not trustworthy
Never Assuming that your secret are safe
design should not be secret, don’t depend on attackers not knowing
Complete Mediation
all accesses to object to be checked to ensure that they are allowed, system wide view of access control
Psychological Acceptability
security cannot hinder usability of app and should be transparent
Promoting Privacy
prevent attackers from accessing private information
3 types of tools
authentication, access control (authorization), cryptography
identification
who the person is (username)
authentication
proving an asserted identify (password)
ACL - Access Control Lists
list of permissions attached to an object - token created
ACD - access control directory
one directory pointing to ACL per user
ACM - access control matrix
matrix containing all permissions and all users - inefficient to search
Symmetric Keys
using the same key to encrypt and decrypt
Asymmetric keys
using different keys to encrypt and decrypt - public and private
Stream Cipher
encrypts each unit of data of stream + speed, low error
Block Ciphers
encypts groups of data as a block, fixed in size + high diffusion, can insert
AES
substitution, shift, mix, permutation, XOR
1999
128 bits block size
128,192,256 bits key
operations: 10,12,14
open design/rationale
dutch
symmetric 128 bit block cipher
public key (assymmetric)
same symmetric key, one user has public and private key
n * (n-1)/2 = number of keys
unlimited key size
slower algo
MITM
intercepts and substitutes a return address meant for the other person
Hash Codes/Checksum/Message Digest
computed with every change of the message to detect if the message was tampered with
SHS/SHA algorithm to compute
Digital Signatures
authentic/unforgeable and not alterable or reusable
public key cryptography + message digest
Need: file, proof of non alteration (hash), identification of signer (private key), validation, connection of signature to file
Certificate
public key + identity and signed by certificate authority
certificate authority
who accurately verifies identities before generating certificates
Buffer Overflow
When data is written beyond the space allocated for it
Command Injection
User input intended to be data is instead interpreted as a command
cross site scripting
Unique to web-based applications where a user's data tied to a vulnerable web server (e.g. a cookie) is disclosed to a malicious third party - command injection with html and get requests
Format String Problems
a string that formats data for display or storage - not specificied and allows attacker to read from or write to specific memory location
Integer Range Errors
arithmetic operation creates a value too large to be stored
SQL Injection
Using an input as a SQL command to get information from the dataset
Trusting Network Name Resolution
Resolution of website names to IP addresses, usually through Domain Name System (DNS)
Failing to Protect Network Traffic
Network attacks can come in many forms • Eavesdropping - Listening and/or recording conversations • Replay - Replaying information such as providing authentication information • Spoofing - Mimicking a party • Tampering - Manipulating data • Hijacking - Cutting out one of the parties
Failing to store and protect data
Protected data in the system not in transit, ACLs, privileges, allow vs. deny
Weak Random Numbers
improper seeding to create predictable seeds and numbers - throws off crypto algos
Improper File Access
Three types of errors: • A race condition where a window of vulnerability is exploited between Time Of Check and the Time Of Use (TOCTOU • Opening a file without regard for the nature of the file; it could actually be a simlink placed by an attacker • Giving attackers some control of filenames so they can updated and access sensitive information
Improper Use of SSL and TLS
server authentication performed poorly using public key infrastructure through ssl and tls
Use of weak password based systems
not using social engineering, side channel problems
Unauthenticated key exchange
man in the middle attack
Signal Race Conditions
two executions are changing a resources and interfering with each other
Use of magic URLS and hidden forms
urls storing important data
Failure to handle errors
failing securely
Poor usability
presenting security info to users, not being simple and clear
Information leakages
side channels, timing ang storage providing too much info .
3 Types of Malware
virus, worm, trojan horse
transient virus
has a life span dependent on its host program
resident virus
resides in memory and can run as a standalone program
virus
program that can replicate itself and pass on malicious code by modifying other programs
worm
A program that spreads copies of itself through a network
trojan horse
program with no apparent effect but second hidden effect
Zero-Day Attacks
active malware that exploits a product vulnerability where the software provider has no countermeasure available or has not been implemented
Four Aspects (Properties) of Malicious Code
Harm (How they affect users and systems), Transmission and Propagation (How they are transmitted and replicated), Activation (How they gain control and install themselves so they can reactivate), Stealth (How they avoid detection)
3 Types of Harm
Nondestructive, Destructive, Commercial or criminal intent
Man-in-the-Browser
Trojan horse, reads, copies and redirects data when user enters browser; attack on a browser
Keystroke-logger
hardware or software recording keystrokes (malware)
Page-in-the-middle
directed to a different page than intended; attack on a website.
Program download substitution
page with programs to download, installs malware
User-in-the-middle
clickbait to trick users into solving captcha’s
Substitute Content (malicious)
type of malicous web content that replaces parts of a web site with malicious intent in a way that doesn’t attract attention.
Web Bug
similar to cookies to send data to web bug owner
Clickjacking
pop-up adds that have the user click on them
Drive-By Download
code downloaded without user knowing, through clickjacking, fake code, program download substitution
OS Loading
BIOS, Bootstrap
Virtualization
OS presents each user with just the resources that user should see
Fence
Confine a user to one side of a boundary
Separation and Sharing
keeping one user’s objects seperate from another user. physical, temporal, logical, cryptographic
Base Registers
identify the starting address for a program
Bounds register
upper bound if necessary to manage allocation of memory - prevents programs from overwriting code
Paged Segementation
dividing programs into logical segments and physically storing them in fixed size pages
Rootkits
taking advange of identity of the most powerful user, owning all sensitive system resources - part of the os
OSI Model (Open System Interconnection)
APSTNDP → how senders and receivers process messages
Dos Attacks
Denial of Service → targets availability through high, rapid attacks → ping of death, smurf attack (echo request), echo-chargen (looping echo packet), teardrop attack(inconsistent fragments), dns spoofing, rerouting routing (all traffic one node), session hijacking (src address change)
Botnets
isolates attacker from attacks, continuous attacks from an hierarchy
WEP
client and access points have a pre-shared key → encrypts a key, AP decrypts and client is authenticated
SSL Session
request on SSL session with a server, responds with a public key cert, returns a symmetric session key encrypted server’s public key
Onion Routing
knows immediate/last sender, next recipient
Packet Filtering Gateway
examines the control information of every packet - src, dest,
Stateful Inspection Firewall
judges multiple packets (ping to multiple ports)
Application Proxy
looks at messages (app layer) and runs pseudo-apps to inspect
Circuit-Level Gateway
one network is extension of another through virtual gateway - establishes vpns through circuits
Guard
interprets data and responds - implements rules (emails, bandwidth, filters docs)
Personal Firewalls
enforces set policies and works with other firewalls
DMZ
containing firewall, web page, email, ftp services
FldM Process Sequence
federated identity management access requestauthentication/authorization requestauthentication requestauthentication credentialsauthorization responseaccess response
SaML
security assertion markup language web browser single sign on to exchange user identity and privileged information - authentication standard → browsers
OAuth
allows 3rd party apps to access API’s and account resources → native apps
OIDC
single set of credentials for all internet sites - better support for native apps + identity token; requires TLS
Copyrights
expression of ideas
made public to promote publication
requirement to distribute
75-100 years
Patent
invention
made public for design at patent office
19 years