Control Computers
Studying Cyber Attacks
Attack Scenarios
Mostly study possible attacks
Study potential or actual attacks to show a new risk(likelihood & loss)
Goals, resources required, how it happened, collateral results, and recommended mitigation
Attack case studies
review actual attacks
attack reports
Resources Required:
Skills /Training
Personnel
Equipment
Preparation Time
Timing Constraint
Access Control Strategies
4 Strategies:
Islands: Resources are only accessible on that “island”
Vaults: A process has the right to use resources within a much larger repository; access control on a computer with checks its access permissions
Puzzles: A process uses secret or hidden information to retrieve particular data items. Cryptography; Kerckhoff/Shannon
Patterns: Data and programs made available to a process are compared against patterns associated.
An Island
Everything else is brought from elsewhere
A process can execute its instructions in RAM & modify variables in RAM
It can only use resources brought into its RAM
It can’t access anything else
A Vault
We gain things from the vault only if allowed
someone/something restricts access
Least privilege:
A bank safe box only we have a key
Can’t retrieve or modify any other boxes
Computer access control - a process can retrieve a file or print data if granted the right permissions.
Puzzles
Protect data by presenting a puzzle
Security through obscurity (relying on the secrecy of design or hidden details)
Strong puzzles use cryptography
Open Design: Basic Principle
We open our systems for third-party analysis to help ensure their effectiveness.
Kerckhoff’s Principle (attackers already know everything) and crypto design
Shannon’s Maxim: “The enemy knows the system.”
Pattern Matching
In Anti-Virus software
searches the computer for patterns found in viruses
Must be updated continuously for new viruses
Biometrics
Compare reading against a stored pattern
Problems: False Positives and false negatives
Chain of Control
We must never run programs that violate or bypass our security policy.
Subverting the Chain of Control
At BIOS, we may
Boot a different OS from a CD-ROM or a USB drive
The other OS doesn’t enforce access restrictions
Inside the OS, we may
install a privileged (admin) program
Trick an authorized user into leaking sensitive files.
Personal Computer Evolution
1970’s: PCs ran one program at a time
Microprocessor CPUs didn’t support multitasking
1980’s: Programs politely took turns
Allowed several windows to be open at once
Illusion of multitasking
1990’s: Multitasking in desktop computers
Microprocessor CPUs support multitasking
Unix on PCs Windows NT
Operating System Protections
Adapted to desktop OSes during 1990’s
OS security features
Processes much take turns
Processes are assigned differently from RAM
User-oriented Interface and access controls
Sharing Data
The problem: Allow two processes to share data stored in RAM
Isolate processes from each other
This prevents one process from damaging the other one.
OS provides a separate data section
All shared data resides in this separate section
Constructing a Security Plan
Security Plan is detailed assessment
The plan contains the details
List of assests
Full risk Assessment
Prioritized list of risks
Security Requirements
Implementation - a list of security controls
Security Plan: Process Protection
Goals
Processes share the CPU
Processes may share control sections
Processes don’t share RAM except by request
Risk
A process monopolizes the CPU
A process reads or writes RAM that shouldn’t
Policy and Implementation
Six policy statements
Specifies security to be arranged by the dispatcher
Specifies when things should happen
Security Controls
All are functional controls provided by software
Some are steps in the dispatcher procedure
Others are features of how security is applied.