Courses/Computer Science/CPSC 203/CPSC 203 2008Winter L03/CPSC 203 2008Winter L03 Lectures/Lecture 19

From wiki.ucalgary.ca
Jump to: navigation, search
  • House Keeping
    • Text Reading -- Algorithms to Computers Associated Topics. Chapters 5/6 (see pages from last lecture): Understand -- Operating Systems, Computer Parts (CPU, RAM, Hard Drive)
    • Text Readings -- Security Associated Topics. Chapter 7 (see pages in TEXT READINGS below: Know basic networking and security jargon (see Security Glossary below for capsule definitions, and TEXT for more more complete discussion)
    • NOTE: Tutorial 1 the week of March 31st will be devoted to TA's working with you on Group Projects, while Tutorial 2 will be devoted to Assignment 2.



Lecture 19

Our final triad of lectures concern problem solving from various perspectives. In this lecture, we will introduce the burgeoning problem of security, particularly security in networked systems (e.g. your ATM, online financial transactions, medical databases, home-land security, ISPs). Our perspective is to take a high-level view of security issues (your text has a complimentary low level view) and to emphasize the interesting links between concepts developing in computer (technological) security, and those already developed in biological security (aka 'epidemiology').


OBJECTIVES:

  • You will be able to use basic security jargon
  • You will have a high level perspective of key security issues (such as privacy, anonymity, integrity etc.).
  • You will be able to understand how to view the security of a system from the perspective of an attack tree.
  • You will be able to think about security from a "network" perspective, using some basic biological ideas such as the Susceptible, Infected, Recovered model.


Security Glossary (see Chapter 7 of TEXT for more detail)

  • Computer Networks -- a set of computers able to share data (and processing).
    • Client/Server -- client makes a request, Server fullfills request. E.g. Firefox is the browser client. Apache is the web server.
    • Peer-to-Peer -- program can act as both a client and a server.
  • Computer Virus -- a piece of malicious software that attaches to a host-program and attempts to spread itself.
  • Trojan Horse Attacks -- a program that appears desireable, but with a secret malicious payload.
  • Denial of Service Attacks -- overloading a system, so it can not serve legitimate requests.
  • SQL Injection Attacks -- 'Taking over' the DB Query engine by inserting SQL into text, to obtain access to data and computer resources.
  • Buffer Overflow Attack -- Overflowing the buffer in a program, which often gives access to system internals at a higher priviledge level than authorized.
  • Computer Worm -- independently running programs that run through a network, causing damage.
  • Spam -- Email you don't want.
  • Firewalls -- Software or Hardware that prevents access to networks and the computers on it
    • Packet filtering -- filtering packets sent to specific logical ports, usually based on a list of allowed or denied IP addresses.
    • Packet blocking -- making certain logical ports inaccessible (nothing gets through)
  • Encryption and Security -- Encryption makes data unreadable except by authorized users (who have a key) and thus provides security in transmission between Alice and Bob from a middle-man Fred reading their transmission.
  • Privacy and Security -- An ongoing debate is the relationship between privacy and security. So these terms are under development.


Security and Privacy Concepts

Perspective

Security only exists within the context of a system, specifically an information system. So, to think about security, we can not simply think about computers, but we must think about the networks, organizations, and people who are all interacting in myriad complex ways which can either increase or compromise security.

System -- a group of elements that work together to accomplish some goal or objective.

We introduce high a high-level approach to thinking about security and privacy in terms of:

  1. Tension between technology and human concerns
  2. Violations of Privacy and Security
  3. Fundamental Security Needs
  4. Security Vulnerabilities
  5. Attack Methodology
  6. Attack Trees
    1. And/Or Statements in Attack Trees
    2. Possible/Impossible classifications in Attack Trees
    3. 'Dots and Arrows' perspective on Attack Trees
  7. Some security and Privacy Questions


Biological Security and Computer Security

While human beings have being doing computer systems security for only a few decades, biological systems have been doing security throughout evolutionary time. There is an odd overlap between the terminology developing in security for technological systems, and the existing terminology of biological systems. This suggests that a good place to look for solutions to technical systems security is to first look at the solutions biology has found over evolutionary time.

  1. Opening Example -- how Lyme Disease Avoids Detection
  • Lyme disease is caused by a spirochete, Borellia Burgdorferi
  • Lyme disease is very hard (a) to detect and (b) to treat
  • In particular, the host does not seem to recognize the disease.
  • There is a region in the spirochete's DNA that creates surface antigens 'VLS'
    • behindthe VLS region, seems to be some non-active cassettes of redundant DNA
    • It appears that these cassettes might be 'sampled' into the active coding VLS region -- thus changing it's antigen profile, and the host's ability to detect.
    • Not surprisingly, some virus designers have come up with similar schemes: adding variation to virus code, encrypting virus code.
  1. Notice Biological Terminology used in Computer Security
  • viruses and information
  • worms and bacteria
  1. Two Biological Approaches to Security
    1. Vertical Resistance -- the 'anti-virus' approach. Resistance is complete, or susceptibility is complete. Genetic Analogy: "Mendelian Resistance": example -- a single gene providing resistance to corn smut.
    2. Horizontal Resistance -- the 'fault-tolerant' approach. In this case, systems are able to "withstand" infection, and remain functional. Genetic Analogy: "Quantitative Resistance": example -- White Pine blister-rust tolerance due to infected needles falling off before the blister-rust reaches the stem.
  2. Network Security as Epidemiology
    1. How far can a virus spread through a network
    2. How fast can a virus spread through a network
    3. An old model from Epidemiology is now beginning to be applied to Network Security: Susceptible, Infected, Recovered(SIR).
  • Lets draw a few simple networks and trace out their patterns of infection.

TEXT READINGS

TIA 4th Edn: Chapter 7 pp 302-339

TIA 3rd Edn: Chapter 7 pp 290 - 325


Resources

Secrets and Lies. Digital Security in a Networked World. By Bruce Schneier

The Structure and Dynamics of Networks. Editted by Newman, Barbasi and Watts

Return to Resistance. Breeding Crops to Reduce Pesticide Dependence. By Raoul A. Robinson.

Retrieved from "http://wiki.ucalgary.ca/index.php?title=Courses/Computer_Science/CPSC_203/CPSC_203_2008Winter_L03/CPSC_203_2008Winter_L03_Lectures/Lecture_19&oldid=21804"