AS
Uploaded byAndy Sutherland
PDF, PPTX17 views

Berkeley University CS161 Computer Security lecture 2 - security analysis

Describes threat models and approaches to security analysis

Education
Related topics:
Computer Security

Embed presentation

Download as PDF, PPTX
Dawn  Song   Introduc/on   Security  Analysis  &  Threat  Models  
Dawn  Song   Administrivia   • Piazza  –  Primary  point  of  contact   • Course  text  book  –  None!   • No  office  hours,  discussion  this  week   – Starts  Sept  5th   • If  you  cant  make  discussion…   • No  lecture  next  Monday,  Sept  3rd  
Dawn  Song   What  is  Computer  Security?   • Allow  intended  use  of  computer  systems     • Prevent  unintended  use  that  may  cause  harm  
Dawn  Song   Personal  Data  &  Files           Grant  authorized  users  access  to  read,  create  personal  files   Prevent  unauthorized  users  from  reading,  modify,  or  dele/ng  personal  
Dawn  Song   Banking  Funds           Allow  customer  to  view  balance,  transfer  funds,  make  payments   Prevent  third  party  access  to  account;  customers  defrauding  bank   Prevent  other  browser  tabs,  applica/ons  from  reading  banking  info  
Dawn  Song   Personal  Privacy           Allow  friends  to  view  status  updates,  photos,  loca/on  data     Prevent  strangers,  adver/sers  from  accessing  profile   Prevent  strangers,  applica/ons  from  pos/ng  updates  as  you  
Dawn  Song   Threats  
Dawn  Song   Explora/on,  Disrup/on,  Personal  Reputa/on   • 1990s:   – Phone  phreaking,  free  calls   • Early  2000s:   – Email  worms   – CodeRed,  MyDoom,  Sobig  
Dawn  Song   Financially  Mo/vated   • ShiZ  in  late  2000s   • Spam   – Pharmaceu/cals   – Fake  products   • Carding/Fraud   – Iden/fy  theZ,  credit  fraud  
Dawn  Song   Poli/cally  Mo/vated   • Stuxnet,  Flame,  Gauss   – Iranian  nuclear   infrastructure   – Lebanese  banking   informa/on   – Wiretapping  
Dawn  Song   Poli/cally  Mo/vated  
Dawn  Song   Other  Mo/ves?  
Dawn  Song   Current  Vulnerability  Trends  
Dawn  Song   MITRE  tracks  vulnerability  disclosures   Source:  IBM  X-­‐Force,  Mar  2011   Data:  hap://cve.mitre.org/     Cumula/ve  Disclosures             Percentage  from  Web  applica/ons   2010    
Dawn  Song   Opera/ng  system  vulnerabili/es  
Dawn  Song   Trends  in  client-­‐side  vulnerabili/es   primarily  Flash,   aZer  2008   Source:  IBM  X-­‐Force,  Mar  2011   browser  security  improving  
Dawn  Song   Reported  Web  Vulnerabili/es  "In  the  Wild"   Data from aggregator and validator of NVD-reported vulnerabilities
Dawn  Song   Web  vs  System  vulnerabili/es   XSS peak
Dawn  Song   Mobile  Opera/ng  Systems   Mobile  OS  Vulnerabili/es   Mobile  OS  Exploits                             Compare  number  of  vulnerabili/es  with  exploits.    What  can  you  expect  next  year?   Source:  IBM  X-­‐Force,  Mar  2011  
Dawn  Song   Summary   • Many  current  aaacks  are  financially  mo/vated   • Vulnerabili/es  prevalent,  half  related  to  the  Web   – Browser  vulnerabili/es  decreasing,  but  plug-­‐ins  pose   risk   – Some  improvements  in  defending  against  common   aaacks   • Mobile  plaeorms  receiving  increasing  aaen/on    
Dawn  Song   Payloads  
Dawn  Song   Why  own  machines:                1.    IP  address  and  bandwidth  stealing   Aaacker’s  goal:      look  like  a  random  Internet  user   Use  the  infected  machine’s  IP  address  for:   • Spam        (e.g.  the  storm  botnet)      Spamaly/cs:        1:12M    pharma  spams  leads  to  purchase        1:260K  gree/ng  card  spams  leads  to  infec/on   • Denial  of  Service:            Services:      1  hour  (20$),      24  hours  (100$)   • Click  fraud    (e.g.  Clickbot.a)  
Dawn  Song   Why  own  machines:              2.    Steal  user  creden/als   keylog  for  banking  passwords,      web  passwords,      gaming  pwds.   Example:    SilentBanker  (2007)     Bank   Malware  injects   Javascript   Bank  sends  login  page   needed  to  log  in   When  user  submits   informa/on,  also  sent   to  aaacker   User  requests  login  page   Similar  mechanism  used     by  Zeus  botnet  
Dawn  Song   Why  own  machines:              3.  Spread  to  isolated  systems     Example:    Stuxtnet                      Windows  infec/on      ⇒                Siemens  PCS  7  SCADA  control  soZware  on  Windows    ⇒        Siemens  device  controller  on  isolated  network        More  on  this  later  in  course  
Dawn  Song   Server-­‐side  aaacks   • Financial  data  theZ:      oZen  credit  card  numbers   – example:        malicious  soZware  installed  on  servers  of  a                single  retailer  stole  45M  credit  card    (2007)   • Poli/cal  mo/va/on:      Aurora,    Tunisia  Facebook    (Feb.   2011)     • Infect  visi/ng  users  
Dawn  Song   Example: Mpack (2007) • PHP-­‐based  tools  installed  on  compromised  web   sites   – Embedded  as  an  iframe  on  infected  page   – Infects  browsers  that  visit  site   • Features   – management  console  provides  stats  on  infec/on  rates   – Sold  for  several  100$   – Customer  care  can  be  purchased,  one-­‐year  support   contract   • Impact:      500,000  infected  sites      (compromised  via  SQL  injec/on)   – Several  defenses:        e.g.    Google  safe  browsing  
Dawn  Song   Insider  aaacks:    example   Hidden  trap  door  in  Linux    (nov  2003)   – Allows  aaacker  to  take  over  a  computer   – Prac/cally  undetectable  change    (uncovered  via  CVS  logs)     Inserted  line  in  wait4()     Looks  like  a  standard  error  check,  but  …   if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) retval = -EINVAL; ! See: http://lwn.net/Articles/57135/
Dawn  Song   Many  more  examples   • Access  to  SIPRnet  and  a  CD-­‐RW:            260,000  cables     ⇒    Wikileaks     • SysAdmin  for  city  of  SF  government.        Changed  passwords,  locking  out  city  from   router  access   • Inside  logic  bomb  took  down  2000  UBS  servers  
Dawn  Song   Mone/za/on  
Dawn  Song   Marketplace  for  Vulnerabili/es   Op9on  1:      bug  bounty  programs   • Google  Vulnerability  Reward  Program:      3K  $     • Mozilla  Bug  Bounty  program:    500$   • Pwn2Own  compe//on:      15K  $   Op9on  2:         • ZDI,    iDefense:      2K  –  25K    $  
Dawn  Song   Marketplace  for  Vulnerabili/es   Op9on  3:      black  market   Source:    Charlie  Miller        (securityevaluators.com/files/papers/0daymarket.pdf)  
Dawn  Song   Marketplace  for  owned  machines     Pay-­‐per-­‐install  (PPI)  services     PPI  opera9on:   1. Own  vic/m’s  machine   2. Download  and  install  client’s  code   3. Charge  client   Source:    Cabalerro  et  al.      (www.icir.org/vern/papers/ppi-­‐usesec11.pdf)   spam   bot   keylogger   clients   PPI  service   Vic9ms  
Dawn  Song   Marketplace  for  owned  machines   Source:    Cabalerro  et  al.      (www.icir.org/vern/papers/ppi-­‐usesec11.pdf)   spam   bot   keylogger   clients   PPI  service   Vic9ms   Cost:        US          -­‐    100-­‐180$  /  1000  machines    Asia    -­‐      7-­‐8$  /  1000  machines  
Dawn  Song   The  computer  security  problem   Two  factors:   • Lots  of  buggy  soNware        (and  gullible  users)   • Money  can  be  made  from  finding  and  exploi9ng   vulns.   1. Marketplace  for  vulnerabili/es   2. Marketplace  for  owned  machines  (PPI)   3. Many  methods  to  profit  from  owned  client  machines   current  state  of  computer  security  
Dawn  Song   Formally  Defining  Security  
Dawn  Song   What  is  Computer  Security  About?   • General  goals:   – Allow  intended  use  of  computer  systems   – Prevent  unintended  use  that  may  cause  harm   • More  precisely…    
Dawn  Song   Basic  Security  Proper/es  (I)   • Confiden/ality:     – Informa/on  is  only  disclosed  to  authorized  people  or   systems   – E.g.,  aaackers  cannot  learn  your  banking  info  
Dawn  Song   Basic  Security  Proper/es  (II)   • Integrity:   – Informa/on  cannot  be  tampered  with  in  an   unauthorized  way     – E.g.,  aaacker  cannot  change  the  balance  of  your  bank   account  
Dawn  Song   Basic  Security  Proper/es  (III)   • Availability:   – Informa/on  and  services  are  accessible  in  a  /mely   fashion  to  authorized  people  or  systems   – E.g.,  you  should  be  able  to  login  and  perform   transac/ons  on  your  online  banking  account  when   you  want  to  
Dawn  Song   Basic  Security  Proper/es:  CIA   • Confiden9ality   • Integrity   • Availability  
Dawn  Song   Security  Analysis   • Given  a  computer  system,  one  may  ask:     Is  the  computer  system  secure?  
Dawn  Song   Is  the  House  Secure?  
Dawn  Song   It  Depends  …   • What  are  the  assets?  What  are  the  goals?    
Dawn  Song   It  Depends  …   • Threat  model   – In  SafeLand,  you  don’t  need  to  lock  the  door   – Aaackers  who  pick  locks   – Aaackers  who  drive  a  bull-­‐dozer   – Aaackers  who  have  super  advanced  technology   – Aaackers  who  may  know  you  well  
Dawn  Song   Is  the  House  Secure?   • Is  the  house’s  protec/on  mechanism  strong   enough  to  protect  the  assets  from  aaackers  in   a  certain  threat  model?  
Dawn  Song   Which  Threat  Model  Should  You  Choose?   ?
Dawn  Song   Cost  of  Security   • Should  you  always  build  &  evaluate  a  system   secure  against  the  strongest  aaacker?   – A  student  may  simply  not  be  able  to  afford  an  alarm   system   • Not  about  perfect  security   Perfect  Security   Risk  Analysis  
Dawn  Song   Is  the  Computer  System  Secure?   • Is  the  system’s  protec/on  mechanism  strong   enough  to  protect  the  assets  &  achieve   security  goals  against  aaackers  in  a  certain   threat  model?  
Dawn  Song   Key  Elements  to  Security  Analysis   Security   proper/es   Threat   Model   ?   Security   Analysis  
Dawn  Song   Threat  Model   • Assump/ons  on  aaackers’  abili/es  and  resources   0Day   DDoS   Network   Eavesdropper   MITM  Aaack   DES  Cracker  
Dawn  Song   Which  Threat  Models  to  Choose?   • For  the  grade  database  system  for  your  class?   • For  your  phone?     • For  a  major  online  banking  site?   • For  the  system  to  control  nuclear  weapon  launch?  
Dawn  Song   Cost  of  Security   • There’s  no  free  lunch.   • There’s  no  free  security.   • Cost  of  security   – Expensive  to  develop   – Performance  overhead   – Inconvenience  to  users  
Dawn  Song   Priori/ze  Your  Security  Solu/on   according  to  Your  Threat  Model   • No  one  wants  to  pay  more  for  security  than   what  they  have  to  lose   • Not  about  perfect  security   – Risk  analysis   Perfect  Security   Risk  Analysis  
Dawn  Song   Changing  Threat  Model   • Be  careful  when  your  threat  model  changes   – E.g.,  online  account   New  account,  nothing  of  value;     No  incen/ve  for  aaackers   Over  /me….   Account  accumulates  value;   More  incen/ve  for  aaackers    
Dawn  Song   Design  Impacts  Cost  of  Security   • Good  system  design  &  architecture  can  reduce   cost  of  security    
Dawn  Song   Design  Impacts  Cost  of  Security   Browser   Known  unpatched  vulnerabili/es   Secunia   SecurityFocus   Extremely  cri/cal   (number  /  oldest)   Highly  cri/cal   (number  /  oldest)   Moderately  cri/cal   (number  /  oldest)   Less  cri/cal   (number  /  oldest)   Not  cri/cal   (number  /  oldest)   Total   (number  /  oldest)   Google  Chrome  16   0   0   0   0   0   1   13  December  2011   Internet  Explorer  6   0   0   4   17  November  2004   8   27  February  2004   12   5  June  2003   534   20  November  2000   Internet  Explorer  7   0   0   1   30  October  2006   4   6  June  2006   9   5  June  2003   213   15  August  2006   Internet  Explorer  8   0   0   0   1   26  February  2007   7   5  June  2003   123   14  January  2009   Internet  Explorer  9   0   0   0   0   1   6  December  2011   26   5  March  2011   Firefox  3.6   0   0   0   0   0   1   20  December  2011   Firefox  9   0   0   0   0   0   0   Opera  11   0   0   0   0   1   6  December  2011   2   6  December  2011   Safari  5   0   0   0   1   8  June  2010   0   2   13  December  2011   "Vulnerabili/es."  SecurityFocus.  Web.  18  Jan.  2012.  <hap://www.securityfocus.com/>.   "Advisories."  Secunia.  Web.  18  Jan.  2012.  <haps://secunia.com/community/advisories/>.  
Dawn  Song   End  of  Segment  

More Related Content

PDF
Storytelling For The Web: Integrate Storytelling in your Design Process
byChiara Aliotta
 
PDF
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
byOECD Directorate for Financial and Enterprise Affairs
 
PDF
2024 Trend Updates: What Really Works In SEO & Content Marketing
bySearch Engine Journal
 
PDF
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
bySocialHRCamp
 
PDF
Berkeley CS 161 computer security lectures - overview
byAndy Sutherland
 
PDF
lect01--intro.pdf
byAndy Sutherland
 
PDF
lect02--memory.pdf
byAndy Sutherland
 
PDF
Memory safety and vulnerabilities: attacks and defenses
byAndy Sutherland
 
Storytelling For The Web: Integrate Storytelling in your Design Process
byChiara Aliotta
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
byOECD Directorate for Financial and Enterprise Affairs
 
2024 Trend Updates: What Really Works In SEO & Content Marketing
bySearch Engine Journal
 
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
bySocialHRCamp
 
Berkeley CS 161 computer security lectures - overview
byAndy Sutherland
 
lect01--intro.pdf
byAndy Sutherland
 
lect02--memory.pdf
byAndy Sutherland
 
Memory safety and vulnerabilities: attacks and defenses
byAndy Sutherland
 

Featured

PDF
Everything You Need To Know About ChatGPT
byExpeed Software
 
PDF
2024 State of Marketing Report – by Hubspot
byMarius Sescu
 
PDF
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
bymarketingartwork
 
PDF
How Race, Age and Gender Shape Attitudes Towards Mental Health
byThinkNow
 
PDF
How to have difficult conversations
byRajiv Jayarajah, MAppComm, ACC
 
PDF
Social Media Marketing Trends 2024 // The Global Indie Insights
byKurio // The Social Media Age(ncy)
 
PDF
Product Design Trends in 2024 | Teenage Engineerings
byPixeldarts
 
PDF
Trends In Paid Search: Navigating The Digital Landscape In 2024
bySearch Engine Journal
 
PDF
Introduction to Data Science
byChristy Abraham Joy
 
PDF
5 Public speaking tips from TED - Visualized summary
bySpeakerHub
 
PDF
Getting into the tech field. what next
byTessa Mero
 
PDF
Google's Just Not That Into You: Understanding Core Updates & Search Intent
byLily Ray
 
PDF
Skeleton Culture Code
bySkeleton Technologies
 
PDF
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
byRachelPearson36
 
PDF
PEPSICO Presentation to CAGNY Conference Feb 2024
byNeil Kimberley
 
PDF
Content Methodology: A Best Practices Report (Webinar)
bycontently
 
PDF
ChatGPT and the Future of Work - Clark Boyd
byClark Boyd
 
PDF
The six step guide to practical project management
byMindGenius
 
PPTX
How to Prepare For a Successful Job Search for 2024
byAlbert Qian
 
PDF
Time Management & Productivity - Best Practices
byVit Horky
 
Everything You Need To Know About ChatGPT
byExpeed Software
 
2024 State of Marketing Report – by Hubspot
byMarius Sescu
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
bymarketingartwork
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
byThinkNow
 
How to have difficult conversations
byRajiv Jayarajah, MAppComm, ACC
 
Social Media Marketing Trends 2024 // The Global Indie Insights
byKurio // The Social Media Age(ncy)
 
Product Design Trends in 2024 | Teenage Engineerings
byPixeldarts
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
bySearch Engine Journal
 
Introduction to Data Science
byChristy Abraham Joy
 
5 Public speaking tips from TED - Visualized summary
bySpeakerHub
 
Getting into the tech field. what next
byTessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
byLily Ray
 
Skeleton Culture Code
bySkeleton Technologies
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
byRachelPearson36
 
PEPSICO Presentation to CAGNY Conference Feb 2024
byNeil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
bycontently
 
ChatGPT and the Future of Work - Clark Boyd
byClark Boyd
 
The six step guide to practical project management
byMindGenius
 
How to Prepare For a Successful Job Search for 2024
byAlbert Qian
 
Time Management & Productivity - Best Practices
byVit Horky
 

Berkeley University CS161 Computer Security lecture 2 - security analysis

  • 1.
    Dawn  Song   Introduc/on   Security  Analysis  &  Threat  Models  
  • 2.
    Dawn  Song   Administrivia   • Piazza  –  Primary  point  of  contact   • Course  text  book  –  None!   • No  office  hours,  discussion  this  week   – Starts  Sept  5th   • If  you  cant  make  discussion…   • No  lecture  next  Monday,  Sept  3rd  
  • 3.
    Dawn  Song   What  is  Computer  Security?   • Allow  intended  use  of  computer  systems     • Prevent  unintended  use  that  may  cause  harm  
  • 4.
    Dawn  Song   Personal  Data  &  Files           Grant  authorized  users  access  to  read,  create  personal  files   Prevent  unauthorized  users  from  reading,  modify,  or  dele/ng  personal  
  • 5.
    Dawn  Song   Banking  Funds           Allow  customer  to  view  balance,  transfer  funds,  make  payments   Prevent  third  party  access  to  account;  customers  defrauding  bank   Prevent  other  browser  tabs,  applica/ons  from  reading  banking  info  
  • 6.
    Dawn  Song   Personal  Privacy           Allow  friends  to  view  status  updates,  photos,  loca/on  data     Prevent  strangers,  adver/sers  from  accessing  profile   Prevent  strangers,  applica/ons  from  pos/ng  updates  as  you  
  • 7.
  • 8.
    Dawn  Song   Explora/on,  Disrup/on,  Personal  Reputa/on   • 1990s:   – Phone  phreaking,  free  calls   • Early  2000s:   – Email  worms   – CodeRed,  MyDoom,  Sobig  
  • 9.
    Dawn  Song   Financially  Mo/vated   • ShiZ  in  late  2000s   • Spam   – Pharmaceu/cals   – Fake  products   • Carding/Fraud   – Iden/fy  theZ,  credit  fraud  
  • 10.
    Dawn  Song   Poli/cally  Mo/vated   • Stuxnet,  Flame,  Gauss   – Iranian  nuclear   infrastructure   – Lebanese  banking   informa/on   – Wiretapping  
  • 11.
  • 12.
  • 13.
    Dawn  Song   Current  Vulnerability  Trends  
  • 14.
    Dawn  Song   MITRE  tracks  vulnerability  disclosures   Source:  IBM  X-­‐Force,  Mar  2011   Data:  hap://cve.mitre.org/     Cumula/ve  Disclosures             Percentage  from  Web  applica/ons   2010    
  • 15.
    Dawn  Song   Opera/ng  system  vulnerabili/es  
  • 16.
    Dawn  Song   Trends  in  client-­‐side  vulnerabili/es   primarily  Flash,   aZer  2008   Source:  IBM  X-­‐Force,  Mar  2011   browser  security  improving  
  • 17.
    Dawn  Song   Reported  Web  Vulnerabili/es  "In  the  Wild"   Data from aggregator and validator of NVD-reported vulnerabilities
  • 18.
    Dawn  Song   Web  vs  System  vulnerabili/es   XSS peak
  • 19.
    Dawn  Song   Mobile  Opera/ng  Systems   Mobile  OS  Vulnerabili/es   Mobile  OS  Exploits                             Compare  number  of  vulnerabili/es  with  exploits.    What  can  you  expect  next  year?   Source:  IBM  X-­‐Force,  Mar  2011  
  • 20.
    Dawn  Song   Summary   • Many  current  aaacks  are  financially  mo/vated   • Vulnerabili/es  prevalent,  half  related  to  the  Web   – Browser  vulnerabili/es  decreasing,  but  plug-­‐ins  pose   risk   – Some  improvements  in  defending  against  common   aaacks   • Mobile  plaeorms  receiving  increasing  aaen/on    
  • 21.
  • 22.
    Dawn  Song   Why  own  machines:                1.    IP  address  and  bandwidth  stealing   Aaacker’s  goal:      look  like  a  random  Internet  user   Use  the  infected  machine’s  IP  address  for:   • Spam        (e.g.  the  storm  botnet)      Spamaly/cs:        1:12M    pharma  spams  leads  to  purchase        1:260K  gree/ng  card  spams  leads  to  infec/on   • Denial  of  Service:            Services:      1  hour  (20$),      24  hours  (100$)   • Click  fraud    (e.g.  Clickbot.a)  
  • 23.
    Dawn  Song   Why  own  machines:              2.    Steal  user  creden/als   keylog  for  banking  passwords,      web  passwords,      gaming  pwds.   Example:    SilentBanker  (2007)     Bank   Malware  injects   Javascript   Bank  sends  login  page   needed  to  log  in   When  user  submits   informa/on,  also  sent   to  aaacker   User  requests  login  page   Similar  mechanism  used     by  Zeus  botnet  
  • 24.
    Dawn  Song   Why  own  machines:              3.  Spread  to  isolated  systems     Example:    Stuxtnet                      Windows  infec/on      ⇒                Siemens  PCS  7  SCADA  control  soZware  on  Windows    ⇒        Siemens  device  controller  on  isolated  network        More  on  this  later  in  course  
  • 25.
    Dawn  Song   Server-­‐side  aaacks   • Financial  data  theZ:      oZen  credit  card  numbers   – example:        malicious  soZware  installed  on  servers  of  a                single  retailer  stole  45M  credit  card    (2007)   • Poli/cal  mo/va/on:      Aurora,    Tunisia  Facebook    (Feb.   2011)     • Infect  visi/ng  users  
  • 26.
    Dawn  Song   Example:Mpack (2007) • PHP-­‐based  tools  installed  on  compromised  web   sites   – Embedded  as  an  iframe  on  infected  page   – Infects  browsers  that  visit  site   • Features   – management  console  provides  stats  on  infec/on  rates   – Sold  for  several  100$   – Customer  care  can  be  purchased,  one-­‐year  support   contract   • Impact:      500,000  infected  sites      (compromised  via  SQL  injec/on)   – Several  defenses:        e.g.    Google  safe  browsing  
  • 27.
    Dawn  Song   Insider  aaacks:    example   Hidden  trap  door  in  Linux    (nov  2003)   – Allows  aaacker  to  take  over  a  computer   – Prac/cally  undetectable  change    (uncovered  via  CVS  logs)     Inserted  line  in  wait4()     Looks  like  a  standard  error  check,  but  …   if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) retval = -EINVAL; ! See: http://lwn.net/Articles/57135/
  • 28.
    Dawn  Song   Many  more  examples   • Access  to  SIPRnet  and  a  CD-­‐RW:            260,000  cables     ⇒    Wikileaks     • SysAdmin  for  city  of  SF  government.        Changed  passwords,  locking  out  city  from   router  access   • Inside  logic  bomb  took  down  2000  UBS  servers  
  • 29.
  • 30.
    Dawn  Song   Marketplace  for  Vulnerabili/es   Op9on  1:      bug  bounty  programs   • Google  Vulnerability  Reward  Program:      3K  $     • Mozilla  Bug  Bounty  program:    500$   • Pwn2Own  compe//on:      15K  $   Op9on  2:         • ZDI,    iDefense:      2K  –  25K    $  
  • 31.
    Dawn  Song   Marketplace  for  Vulnerabili/es   Op9on  3:      black  market   Source:    Charlie  Miller        (securityevaluators.com/files/papers/0daymarket.pdf)  
  • 32.
    Dawn  Song   Marketplace  for  owned  machines     Pay-­‐per-­‐install  (PPI)  services     PPI  opera9on:   1. Own  vic/m’s  machine   2. Download  and  install  client’s  code   3. Charge  client   Source:    Cabalerro  et  al.      (www.icir.org/vern/papers/ppi-­‐usesec11.pdf)   spam   bot   keylogger   clients   PPI  service   Vic9ms  
  • 33.
    Dawn  Song   Marketplace  for  owned  machines   Source:    Cabalerro  et  al.      (www.icir.org/vern/papers/ppi-­‐usesec11.pdf)   spam   bot   keylogger   clients   PPI  service   Vic9ms   Cost:        US          -­‐    100-­‐180$  /  1000  machines    Asia    -­‐      7-­‐8$  /  1000  machines  
  • 34.
    Dawn  Song   The  computer  security  problem   Two  factors:   • Lots  of  buggy  soNware        (and  gullible  users)   • Money  can  be  made  from  finding  and  exploi9ng   vulns.   1. Marketplace  for  vulnerabili/es   2. Marketplace  for  owned  machines  (PPI)   3. Many  methods  to  profit  from  owned  client  machines   current  state  of  computer  security  
  • 35.
    Dawn  Song   Formally  Defining  Security  
  • 36.
    Dawn  Song   What  is  Computer  Security  About?   • General  goals:   – Allow  intended  use  of  computer  systems   – Prevent  unintended  use  that  may  cause  harm   • More  precisely…    
  • 37.
    Dawn  Song   Basic  Security  Proper/es  (I)   • Confiden/ality:     – Informa/on  is  only  disclosed  to  authorized  people  or   systems   – E.g.,  aaackers  cannot  learn  your  banking  info  
  • 38.
    Dawn  Song   Basic  Security  Proper/es  (II)   • Integrity:   – Informa/on  cannot  be  tampered  with  in  an   unauthorized  way     – E.g.,  aaacker  cannot  change  the  balance  of  your  bank   account  
  • 39.
    Dawn  Song   Basic  Security  Proper/es  (III)   • Availability:   – Informa/on  and  services  are  accessible  in  a  /mely   fashion  to  authorized  people  or  systems   – E.g.,  you  should  be  able  to  login  and  perform   transac/ons  on  your  online  banking  account  when   you  want  to  
  • 40.
    Dawn  Song   Basic  Security  Proper/es:  CIA   • Confiden9ality   • Integrity   • Availability  
  • 41.
    Dawn  Song   Security  Analysis   • Given  a  computer  system,  one  may  ask:     Is  the  computer  system  secure?  
  • 42.
    Dawn  Song   Is  the  House  Secure?  
  • 43.
    Dawn  Song   It  Depends  …   • What  are  the  assets?  What  are  the  goals?    
  • 44.
    Dawn  Song   It  Depends  …   • Threat  model   – In  SafeLand,  you  don’t  need  to  lock  the  door   – Aaackers  who  pick  locks   – Aaackers  who  drive  a  bull-­‐dozer   – Aaackers  who  have  super  advanced  technology   – Aaackers  who  may  know  you  well  
  • 45.
    Dawn  Song   Is  the  House  Secure?   • Is  the  house’s  protec/on  mechanism  strong   enough  to  protect  the  assets  from  aaackers  in   a  certain  threat  model?  
  • 46.
    Dawn  Song   Which  Threat  Model  Should  You  Choose?   ?
  • 47.
    Dawn  Song   Cost  of  Security   • Should  you  always  build  &  evaluate  a  system   secure  against  the  strongest  aaacker?   – A  student  may  simply  not  be  able  to  afford  an  alarm   system   • Not  about  perfect  security   Perfect  Security   Risk  Analysis  
  • 48.
    Dawn  Song   Is  the  Computer  System  Secure?   • Is  the  system’s  protec/on  mechanism  strong   enough  to  protect  the  assets  &  achieve   security  goals  against  aaackers  in  a  certain   threat  model?  
  • 49.
    Dawn  Song   Key  Elements  to  Security  Analysis   Security   proper/es   Threat   Model   ?   Security   Analysis  
  • 50.
    Dawn  Song   Threat  Model   • Assump/ons  on  aaackers’  abili/es  and  resources   0Day   DDoS   Network   Eavesdropper   MITM  Aaack   DES  Cracker  
  • 51.
    Dawn  Song   Which  Threat  Models  to  Choose?   • For  the  grade  database  system  for  your  class?   • For  your  phone?     • For  a  major  online  banking  site?   • For  the  system  to  control  nuclear  weapon  launch?  
  • 52.
    Dawn  Song   Cost  of  Security   • There’s  no  free  lunch.   • There’s  no  free  security.   • Cost  of  security   – Expensive  to  develop   – Performance  overhead   – Inconvenience  to  users  
  • 53.
    Dawn  Song   Priori/ze  Your  Security  Solu/on   according  to  Your  Threat  Model   • No  one  wants  to  pay  more  for  security  than   what  they  have  to  lose   • Not  about  perfect  security   – Risk  analysis   Perfect  Security   Risk  Analysis  
  • 54.
    Dawn  Song   Changing  Threat  Model   • Be  careful  when  your  threat  model  changes   – E.g.,  online  account   New  account,  nothing  of  value;     No  incen/ve  for  aaackers   Over  /me….   Account  accumulates  value;   More  incen/ve  for  aaackers    
  • 55.
    Dawn  Song   Design  Impacts  Cost  of  Security   • Good  system  design  &  architecture  can  reduce   cost  of  security    
  • 56.
    Dawn  Song   Design  Impacts  Cost  of  Security   Browser   Known  unpatched  vulnerabili/es   Secunia   SecurityFocus   Extremely  cri/cal   (number  /  oldest)   Highly  cri/cal   (number  /  oldest)   Moderately  cri/cal   (number  /  oldest)   Less  cri/cal   (number  /  oldest)   Not  cri/cal   (number  /  oldest)   Total   (number  /  oldest)   Google  Chrome  16   0   0   0   0   0   1   13  December  2011   Internet  Explorer  6   0   0   4   17  November  2004   8   27  February  2004   12   5  June  2003   534   20  November  2000   Internet  Explorer  7   0   0   1   30  October  2006   4   6  June  2006   9   5  June  2003   213   15  August  2006   Internet  Explorer  8   0   0   0   1   26  February  2007   7   5  June  2003   123   14  January  2009   Internet  Explorer  9   0   0   0   0   1   6  December  2011   26   5  March  2011   Firefox  3.6   0   0   0   0   0   1   20  December  2011   Firefox  9   0   0   0   0   0   0   Opera  11   0   0   0   0   1   6  December  2011   2   6  December  2011   Safari  5   0   0   0   1   8  June  2010   0   2   13  December  2011   "Vulnerabili/es."  SecurityFocus.  Web.  18  Jan.  2012.  <hap://www.securityfocus.com/>.   "Advisories."  Secunia.  Web.  18  Jan.  2012.  <haps://secunia.com/community/advisories/>.  
  • 57.
    Dawn  Song   End  of  Segment