Teacher: Rob Johnson
CSE 409/509
Office Hours:
Wednesday 10-12 CS2313D
Class Notes 1/26/09
Assignments: Write 1/2 page review of papers each week
Course Website: www.cs.sunysb.edu/~rob/teaching/cse509-sp09
What do you think about when you hear security?
Break into systems
Crypto
Privilege
Privacy
Trust
Authentication
Denial of Service (DOS)
There are 3 goals of System Security:
| Confidentiality | Integerity | Availability |
|---|---|---|
| Crypto | Crypto | Denial of Service Attacks |
| Privacy | Client Info | Web Site Availability |
| Eavesdropper(reading other people's mail) | Pricing Info | Input/Output - swap storm |
| Man In the Middle Attack | RAM | fill disk |
| Secrecy/Anonymity | Cookies | Crashes/Reboots |
| Timing Formation | Passwords | Performance Degradation |
| User Database |
Security: What we try to prevent the adversary from doing
Threat Models: Describe the capabilities and limitations of adversary
1. Adversary has limited CPU time:
| One comp has 2.6 GHz | 2^32 instructions per sec on CPU |
|---|---|
| A year requires pi x 10^7 | 2^23 seconds/year |
| An adversary can use | 2^20 cpus |
| Which makes it so that a secure password would have to be secure enough for | 2^75 instructions/year |
2. Local vs. Remote: Generally, initial set of privileges
remote : send packets to victim system. an adversary will strive to achieve local permissions and then admin.
local : login, run un-privilieged arbitrary code. an adversary will strive to achieve admin permissions.
3. Bandwidth: -56kbs -a botnet of 100k machines would create 5.6Gbs
4. Time limits on attacker: If an attacker wanted to find out a message that the sender sends that states: "attack at dawn" the attacker only has until dawn to find out.
5. Physics: Physical Boundary
Verify location of person depending on how fast a message is sent.
Propagation delay/ limits including infrared connection in the same room may be harder to hack into from far away.
6. Knowledge:
Known:
a. they know your hardware configuration
b. know your OS configuration
c. know your software/source code
d. knows your usernames but not passwords
e. knows your open ports
Unknown:
a. passwords
b. secret keys
c. Random Number Generator (RNG)
Advantages of Full Disclosure:
a. Manufacturers build better locks and fix bugs
b. users can mitigate risks
c. Users can buy a different lock
d. No back doors
e. Deterrent
Non Disclosure
a. Allow manufacturers to correct bugs before exploiters use bug.
b. Prevent exploitation
c. Prevents script-kiddies
d. Preserve manufactuerers image
e. Less stress
Trust is bad in Computer Science: Trust really means dependence(if the things we trust fails, we won't achieve security: attacker wins)
Trusted computing Base includes almost everything related to a computer(anything connected to it).
The only way to check and raise the trust of something is by buying 2 products of the same thing from different competing companies and check summing the difference to see that they are the same.
The only real way to trust something is to make it yourself but that is unrealistic.