CPSC 4200 Midterm

Adversary

Know your enemy

Security Mindset

attackers perspective
- look for weakest links (easiest to attack)
- identify assumptions that security depends on (are they false, can I make them false?)
- think outside the box (not constrained by system designer’s worldview)
defenders perspective
- security policy
  - what assets trying to protect
  - what properties trying to enforce
- threat model
  - who are the attackers, capabilities, motivations
  - what kinds of attack are we trying to prevent
- risk assessment
  - what are the weaknesses of the system
  - what will successful attacks cost us
  - how likely
- countermeasures
  - costs vs benefits
  - technical vs nontechnical

Security Policies

What assets are we trying to protect?
- assets - any data, device, or other components of the environment that supports information-related activities
- software, hardware, confidential info
what properties are we trying to enforce?: CIA
- ex. two parties want to communicate across untrusted intermediary
- Confidentiality - info has not been disclosed in an unauthorized way
  - problem: ensure that only trusted parties (bob) can read the message
  - attack: eavesdropping
  - countermeasure: encryption
- Integrity - info has not been altered in an unauthorized way
  - problem: ensure message received by bob is sent by alice
  - attack: spoofing (altering the message)
  - countermeasure: message authentication code (MAC)
- Availability - assure that systems work promptly and service is not denied to authorized users
  - problem: alice needs to access email server at all times (~100% uptime)
  - attack: denial of service (DoS)
  - countermeasure: intrusion detection system
- other: authenticity, anonymity, accountability (AAA)

Terminology and Recap

threat - any potential occurrence, malicious or not, that could harm an asset (can be software bug)
vulnerability - a weakness that makes a threat possible
- reason: poor design, config mistakes, or insecure coding techniques
attack - an action that exploits a vulnerability or enacts a threat
- implicit concept of intent (intentional threat)
- server crash can also cause loss of availability, but it is not an attack

Other Security Properties (AAA)

authenticity - ability to determine that statement, policies, and permissions issued by persons/systems are genuine
anonymity - certain records/transactions cannot be attributable to any individual
accountability - requirement for actions of an entity to be traced uniquely to that individual to support non-repudiation

Taxonomy of Attacks

passive vs active
- passive - eavesdropping on message
- active - modification of message (masquerading, replay, spoofing, DoS)
inside vs outside
- inside - initiated by authorized entity inside security perimeter (insider)
- outside - initiated by unauthorized entity outside the perimeter (outsider)
attack surface
- network (weak crypto for digital signature)
- software (buffer overflow)
- human (social engineering)

Why are there security vulnerabilities?

State of the security