Docstoc

class1

Document Sample
class1 Powered By Docstoc
					Welcome to EECS 450
 Internet Security
           Why Internet Security
• The past decade has seen an explosion in the
  concern for the security of information
  – Malicious codes (viruses, worms, etc.) caused over $28
    billion in economic losses in 2003 and $67 billion in
    2006!
• Security specialists markets are expanding !
  – “Salary Premiums for Security Certifications
    Increasing” (Computerworld 2007)
     • Up to 15% more salary
     • Demand is being driven not only by compliance and government
       regulation, but also by customers who are "demanding more
       security" from companies
  – US Struggles to recruit compute security experts
    (Washington Post Dec. 23 2009)             2
  Why Internet Security (cont’d)
• Internet attacks are increasing in frequency,
  severity and sophistication
  – The number of scans, probes, and attacks reported to
    the DHS has increased by more than 300 percent
    from 2006 to 2008.
  – Karen Evans, the Bush administration's information
    technology (IT) administrator, points out that most
    federal IT managers do not know what advanced skills
    are required to counter cyberattacks.



                                            3
      Why Internet Security (cont’d)
• Virus and worms faster and powerful
  – Cause over $28 billion in economic losses in 2003,
    growing to over $75 billion in economic losses by 2007.
  – Code Red (2001): 13 hours infected >360K machines -
    $2.4 billion loss
  – Slammer (2003): 15 minutes infected > 75K machines -
    $1 billion loss
• Spams, phishing …
• New Internet security landscape emerging:
  BOTNETS !
  – Conficker/Downadup (2008): infected > 10M machines
     • MSFT offering $250K reward              4
         The History of Computing
• For a long time, security was largely ignored in the
  community
  – The computer industry was in “survival mode”, struggling
    to overcome technological and economic hurdles
  – As a result, a lot of comers were cut and many
    compromises made
  – There was lots of theory, and even examples of systems
    built with very good security, but were largely ignored
    or unsuccessful
     • E.g., ADA language vs. C (powerful and easy to use)
Computing Today is Very Different
• Computers today are far from “survival mode”
  – Performance is abundant and the cost is very cheap
  – As a result, computers now ubiquitous at every facet
    of society
• Internet
  – Computers are all connected and interdependent
  – This codependency magnifies the effects of any
    failures
               Biological Analogy
• Computing today is very homogeneous.
  – A single architecture and a handful of OS dominates
• In biology, homogeneous populations are in danger
  – A single disease or virus can wipe them out overnight
    because they all share the same weakness
  – The disease only needs a vector to travel among hosts
• Computers are like the animals, the Internet
  provides the vector.
  – It is like having only one kind of cow in the world, and
    having them drink from one single pool of water!
The Spread of Sapphire/Slammer
            Worms
               The Flash Worm
• Slammer worm infected 75,000 machines in <15
  minutes
• A properly designed worm, flash worm, can take
  less than 1 second to compromise 1 million
  vulnerable machines in the Internet
  – The Top Speed of Flash Worms. S. Staniford, D.
    Moore, V. Paxson and N. Weaver, ACM WORM
    Workshop 2004.
  – Exploit many vectors such as P2P file sharing,
    intelligent scanning, hitlists, etc.
                      Logistics
• Instructor
  Yan Chen (ychen@northwestern.edu), Associate
  Professor
• Location and time
  Mon and Wed 10:30am-11:50pm, M166Tech
              Course Overview
• Seminar class: paper reading + a big project
• Start with overview of Internet attack landscape
• Major attack force: botnet
• Most important emerging threat:
  – Web security
  – Mobile system security (Android)
  – Social network security
• Major network defense mechanism: network
  intrusion detection/prevention system
  Prerequisites and Course Materials
• Required: EECS340 (Intro to computer
  networking) or any introductory networking
  course, or talk to me
• Highly Recommended: EECS350/354


• No required textbook – paper reading!
• Recommended books on computer security (see
  webpage for a complete list)
                       Grading
• No exams for this class
• Class participation 10%
• Paper reading summary 10%
• In class paper presentation and debate 25%
• Project 55%
  – Proposal and survey 5%
  – Midterm presentation and report 10%
  – Weekly report and meeting 10%
  – Final presentation 10%
  – Final report 20%
                 Paper Reading
• Write a very brief summary of each paper, to be
  emailed to me before the class
• Summary should include:
  – Paper title and its author(s)
  – Brief one-line summary
  – A paragraph of the one or two most significant new
    insight(s) you took away from the paper
  – A paragraph of at least two most significant flaw(s) of
    the paper
  – A last paragraph where you state the relevance of the
    ideas today, potential future research suggested by
    the article
      Class Format - Presentation
• Student presentations of one paper or two closely
  related papers
  – Background, basic problems, survey of the related work,
    give overview to the general problems (30 minutes)
  – 40 minutes for particular solutions presented in these
    two papers
  – Each non-speaker are strongly recommended to ask
    questions
• Summarize with the last 10 minutes
     Format of the Presentation
• Presentation should include the following
  – Motivation and background
  – Classification of related work/background
  – Main idea
  – Evaluation and results
  – Open issues
• Send the slides to the instructors for review at
  least 24 hours ahead of the class
• Guidelines online
  – Make sure the font size is no smaller than 20
                           Projects
• The most important part of class
   Group of 2~3 people (Undergrads will be paired w/ a grads)
• Project list to be discussed soon
• Proposal – 4/7
   – 3-4 pages describing the purpose of the project, work to be done,
     expected outcome/results and related work
• Weekly Meeting and Progress Report – 4/8 – 6/2
   – Each team will schedule a weekly meeting (30 minutes) with the
     mentor. An accumulative work-in-progress report (with 1-2 page
     new content) is due 24 hours ahead of the meeting.
• Midterm presentation – 4/30
• Project Presentation – 5/23 and 5/30
• Final Report – 6/6
                            Next …
• Sign up for Presentation
• Symantec Internet Threat Report
• Discussion of potential projects (and mentor)
   – Transformation Attacks against the Latest Cisco IPS and Its
     Defense (Xitao)
   – Comparing Different JavaScript Engines for Web Security Analysis
     (Yinzhi)
   – Developing Symbolic Execution of Dalvik Bytecode for Android
     Vulnerability and Malware Analysis (Vaibhav)
   – Crowdsourcing for Malicious URL Detection (Hongyu)
 The Definition of Computer Security
• Security is a state of well-being of information
  and infrastructures in which the possibility of
  successful yet undetected theft, tampering,
  and disruption of information and services is
  kept low or tolerable
• Security rests on confidentiality, authenticity,
  integrity, and availability




                                         19
            The Basic Components
• Confidentiality is the concealment of information or
  resources.
   – E.g., only sender, intended receiver should “understand” message
     contents
• Authenticity is the identification and assurance of the
  origin of information.
• Integrity refers to the trustworthiness of data or
  resources in terms of preventing improper and
  unauthorized changes.
• Availability refers to the ability to use the information
  or resource desired.


                                                       20
    Security Threats and Attacks
• A threat/vulnerability is a potential violation of
  security.
  – Flaws in design, implementation, and operation.
• An attack is any action that violates security.
  – Active adversary
• An attack has an implicit concept of “intent”
  – Router mis-configuration or server crash can also
    cause loss of availability, but they are not attacks


                                                21
 Friends and enemies: Alice, Bob, Trudy
• well-known in network security world
• Bob, Alice (lovers!) want to communicate “securely”
• Trudy (intruder) may intercept, delete, add messages

 Alice                                                       Bob
                             data, control
                   channel
                              messages


data      secure                              secure          data
          sender                             receiver


                     Trudy
                                                        22
Eavesdropping - Message Interception
     (Attack on Confidentiality)
   • Unauthorized access to information
   • Packet sniffers and wiretappers
   • Illicit copying of files and programs



             A                         B



                      Eavesdropper
                                       23
   Integrity Attack - Tampering
          With Messages
• Stop the flow of the message
• Delay and optionally modify the message
• Release the message again



             A                       B



                      Perpetrator
                                      24
Authenticity Attack - Fabrication
• Unauthorized assumption of other’s identity
• Generate and distribute objects under this
  identity




             A                          B



                      Masquerader: from A
                                            25
            Attack on Availability
• Destroy hardware (cutting fiber) or software
• Modify software in a subtle way (alias commands)
• Corrupt packets in transit




                  A                               B




• Blatant denial of service (DoS):
   – Crashing the server
   – Overwhelm the server (use up its resource)   26
     Classify Security Attacks as
• Passive attacks - eavesdropping on, or
  monitoring of, transmissions to:
  – obtain message contents, or
  – monitor traffic flows
• Active attacks – modification of data stream to:
  – masquerade of one entity as some other
  – replay previous messages
  – modify messages in transit
  – denial of service
                                             27
             Group Exercise
Please classify each of the following as a
  violation of confidentiality, integrity,
  availability, authenticity, or some combination
  of these
• John copies Mary’s homework.
• Paul crashes Linda’s system.
• Gina forges Roger’s signature on a deed.



                                        28

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:1/18/2013
language:English
pages:28