Introduction to Computer Security

Course Introduction

Pavel Laskov
Wilhelm Schickard Institute for Computer Science
Computer security in headlines
Motivation for security abuse
 Motivation for security abuse

Intelligence and military use (5th century BC – 1980’s)

“security by obscurity”, crypto-wars
 Motivation for security abuse

Intelligence and military use (5th century BC – 1980’s)

“security by obscurity”, crypto-wars
Hacker spirit, fun and fame (1980’s – 2000’s)
Pwnie, CCC, CTF
 Motivation for security abuse

Intelligence and military use (5th century BC – 1980’s)

“security by obscurity”, crypto-wars
Hacker spirit, fun and fame (1980’s – 2000’s)
Pwnie, CCC, CTF
Cybercrime, monetary gain (2000’s – currently)
Phishing, botnets, spam
 Motivation for security abuse

Intelligence and military use (5th century BC – 1980’s)

“security by obscurity”, crypto-wars
Hacker spirit, fun and fame (1980’s – 2000’s)
Pwnie, CCC, CTF
Cybercrime, monetary gain (2000’s – currently)
Phishing, botnets, spam
Political goals, cyberconflict (2007 – currently)
Attack on Estonia, Russian-Georgian conflict, Stuxnet
 Motivation for security abuse

Intelligence and military use (5th century BC – 1980’s)

“security by obscurity”, crypto-wars
Hacker spirit, fun and fame (1980’s – 2000’s)
Pwnie, CCC, CTF
Cybercrime, monetary gain (2000’s – currently)
Phishing, botnets, spam
Political goals, cyberconflict (2007 – currently)
Attack on Estonia, Russian-Georgian conflict, Stuxnet
“Hacktivism” (2011 – currently)
» Internet als Risikofaktor?
» Omnipräsenz von Angriffen,security
Computer Würmern in und Viren
numbers
» Massive Schäden bei Unternehmen und Bürgern
» Zunehmende Kriminalisierung von Schadsoftware

NewNeuer Schadcode
malicious pro observed
code samples Jahr (Symantec)
(Symantec)
3.000.000

2.250.000

1.500.000

750.000

0
2002 2003 2004 2005 2006 2007 2008 2009

Technische Universität B
Why are computer systems insecure?
 Why are computer systems insecure?

Growing complexity of computer systems

large number of components, complex interaction
 Why are computer systems insecure?

Growing complexity of computer systems

large number of components, complex interaction
High competition
short “time-to-market”, high ROI
 Why are computer systems insecure?

Growing complexity of computer systems

large number of components, complex interaction
High competition
short “time-to-market”, high ROI
Leveraging of risks through high connectivity
worm outbreaks, botnets
 Why are computer systems insecure?

Growing complexity of computer systems

large number of components, complex interaction
High competition
short “time-to-market”, high ROI
Leveraging of risks through high connectivity
worm outbreaks, botnets
Slow incident response
“incident hiding”, manual handling
 Why are computer systems insecure?

Growing complexity of computer systems

large number of components, complex interaction
High competition
short “time-to-market”, high ROI
Leveraging of risks through high connectivity
worm outbreaks, botnets
Slow incident response
“incident hiding”, manual handling
Human error
 Why are computer systems insecure?

Growing complexity of computer systems

large number of components, complex interaction
High competition
short “time-to-market”, high ROI
Leveraging of risks through high connectivity
worm outbreaks, botnets
Slow incident response
“incident hiding”, manual handling
Human error

What can go wrong will go wrong!

Human error: a case study
Human error: a case study
Human error: a case study
Human error: a case study
Human error: a case study
Human error: a case study
 Human error: lessons learned

Users make errors

elaborate social engineering design
time pressure
Significant monetary motivation
Business efficiency via Internet
Security instruments
Security instruments
 Security instruments

Reaction

Detection

Prevention
 Prevention instruments

Goal: enforce certain operational policies.

Examples:
Encrypt messages during transmission over public networks.
Require user authentication for certain services.
Control access to different resources.
Limitations:
Not always applicable, e.g. in open systems such as web
services.
Strong assumptions, can be circumvented.
 Detection instruments

Goal: detect violations of security policies.

Examples:
Antivirus scanners: detection of malicious code or behavior.
Intrusion detection systems: detection of attacks in network
traffic.
Detection of malicious websites.
Limitations:
Significant latency in decisions.
Significant workload: a detection system without an operator is
useless.
 Reaction instruments

Goals:
Understand the root causes of successful attacks.
Update prevention mechanisms.
Real-time response, autonomous decisions.
Examples:
Computer forensics: investigation of infected systems.
Malware collection and analysis.
Intelligent firewalls.
Limitations:
Even larger latency, “post-mortem” operation.
Significant risk of real-time response.
 What will you learn?

Findamental concepts of computer security

dry, but important!
Basic security goals and mechanisms
authentication, access control, encryption, etc.
Practical security instruments
Windows and Linux security
Further selected topics
network security
software security
web application and browser security
 Coarse administration

Lectures:
Wed, 14:00 (ct) – 16:00, A301
Formalities:
Credit hours (diploma): 2 SWS (lectures) + 1 SWS (exercises)
Credit points (B.Sc.): 3 LP (lectures) + 1 LP (exercises)
Exams and grading:
diploma: oral exam by appointment, graded certificate for
exercises
B.Sc: written exam at the end of semester, 30% of the final
grade from exercises
Office hours: by appointment
Course web page:
http://www.cogsys.cs.uni-tuebingen.de/lehre/ws12/it sicherheit.html
 Homework assignments

Meetings:
Thu, 14:00 (ct) – 16:00, F122, on selected dates
First meeting: 08.11
3 written homework assignments
2 lab meetings and practical assignments
Teaching assistant: Nedim Šrndić
Evaluation and grade:
diploma: a grade reflects the percentage of points acquired.
B.Sc.: a grade contributes 30% to the final grade.
 Bibliography

Dieter Gollmann.
Computer Security. 3rd edition.
Wiley & Sons, 2010.

Ross Anderson.
Security Engineering.
Wiley & Sons, 2001.

Bruce Schneier.
Secrets and Lies: Digital Security in a Networked World.
Wiley & Sons, 2004. (fun to read)
 A typical web application

Legitimate user

Internet

Browser
Webserver
 Attack: interception of communication

Legitimate user

Internet

Browser
Webserver

Credit card number

Attacker
 Security goal: confidentiality

Prevention of unauthorized reading of data

Prevention of unauthorized learning of information
Potential abuse scenarios:
Discovery of confidential information (e.g. details of a business
contract)
Discovery of authentication credentials (e.g. password sniffing)
Enforcement intruments:
Symmetric or asymmetric cryptography
Anonymization techniques
 A typical web application

Legitimate user

Internet

Browser
Webserver
 Attack: identity spoofing

Legitimate user

Internet

Browser
Webserver

Attacker
Fake webserver
 Security goal: authentication

Verification of an identity of a person or a computer

Prerequisite for access control
Authentication methods:
Shared secrets (e.g. password or PIN)
Ticket systems (identity cards, digital certificates)
Challenge-response techniques
Biometric techniques
Human authentication: CAPTCHA’s, Turing test, etc.
Authentication risks: identity theft
 A typical web application

Legitimate user

Internet

Browser
Webserver
 Attack: injection of malicious code

Legitimate user

Internet
Malware

Browser XSS
Webserver attack

Attacker
 Security goal: integrity

Prevention of malicious tampering of data

Potential abuse scenarios:
Fraudulent modification of data (e.g. 100,000¤ instead of
100¤ in an online transaction request)
Injection of malicious code in downloaded software
Evading detection by modification of a compromized operating
system
Enforcement instruments:
Integrity checking using cryptographic hash functions
 A typical web application

Legitimate user

Internet

Browser
Webserver
 Attack: server overload

Server overloaded
Legitimate user

Internet

Browser
 Security goal: availability

A joint objective of security and dependability

May be caused by attacks as well as natural phenomena,
such as design errors or flash crouds.
Enforcement instruments:
Detection of DoS-attacks
Router and firewall reconfiguration
Service redundancy
Virtualization
 A typical web application

Legitimate user

Internet

Browser
Webserver
 Attack: transaction denial by a user

Legitimate user

Internet

Browser
Webserver

Transaction cancelled

Credit card charded

 Security goal: accountability

An audit trail of security-related events

A key instrument of detection/response
A stronger form of accountability is non-repudiation:
unforgeable evidence that a certain action occurred.
Similar attacks as integrity
Enforcement instruments:
Integrity checks
Read-only audit
Digital certificates and trusted third parties
 Summary

Security is not a solution but an ongoing process.

Security can only be achieved by a combination of technical
and organizational measures.
One of the biggest security risks is a user.
Security is a big challenge but lots of fun as well: a great
field of study and research.
 Next lecture

The economics of computer security

Security threats
Security design principles