SlideShare a Scribd company logo

Security in Software issues in software.ppt

Download as PPT, PDF
M
MrRRThirrunavukkaras

The document outlines a course on information security at Cambridge University, emphasizing the importance of understanding security technology, policy, and mechanisms. Students will learn to create threat models, formulate security policies, and design protection mechanisms, while also engaging in guest lectures and competitive exercises. Key topics include security engineering principles, terminology, and methodologies necessary to maintain security in evolving systems.

Engineering
1 of 21
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Security Ross Anderson Computer Science Tripos part 2 Cambridge University
Aims • Give you a thorough understanding of information security technology – Policy (what should be protected) – Mechanisms (cryptography, electrical engineering, …) – Attacks (malicious code, protocol failure …) – Assurance – how do we know when we’re done? • How do we make this into a proper engineering discipline?
Objectives By the end of the course, you should be able to tackle an information protection problem by drawing up a threat model, formulating a security policy, and designing specific protection mechanisms to implement the policy.
Outline • At least four guest lectures – Nov 4: Steven Murdoch, anonymity – Nov 9: Robert Watson, concurrency – Nov 20: Sergei Skorobogatov, physical security – Nov 23: Joe Bonneau, social networks • Two competitive class exercises – Nov 9: Black hat, Robert Watson – TBA: White hat, Steven Murdoch
Resources • My book “Security Engineering” – developed from lecture notes • Web page for course • Menezes, van Oorschot and Vanstone “Handbook of Applied Cryptography” (reference) • Stinson: “Cryptography: theory and practice” • Schneier “Applied cryptography” • Gollmann: “Computer Security”
Resources (2) • History: – David Kahn “The Codebreakers” – Gordon Welchmann “The Hut Six Story” • Specialist: – Biham and Shamir “Differential Cryptanalysis” – Koblitz “Course in number theory and cryptography” • Lab: – Security seminars, typically Tuesdays, 4.15 – Security group meetings, Fridays, 4
What is Security Engineering? Security engineering is about building systems to remain dependable in the face of malice, error and mischance. As a discipline, it focuses on the tools, processes and methods needed to design, implement and test complete systems, and to adapt existing systems as their environment evolves.
Design Hierarchy • What are we trying to do? • How? • With what? Policy Protocols … Hardware, crypto, …
Security vs Dependability • Dependability = reliability + security • Reliability and security are often strongly correlated in practice • But malice is different from error! – Reliability: “Bob will be able to read this file” – Security: “The Chinese Government won’t be able to read this file” • Proving a negative can be much harder …
Methodology 101 • Sometimes you do a top-down development. In that case you need to get the security spec right in the early stages of the project • More often it’s iterative. Then the problem is that the security requirements get detached • In the safety-critical systems world there are methodologies for maintaining the safety case • In security engineering, the big problem is often maintaining the security requirements, especially as the system – and the environment – evolve
Clarifying terminology • A system can be: – a product or component (PC, smartcard,…) – some products plus O/S, comms and infrastructure – the above plus applications – the above plus internal staff – the above plus customers / external users • Common failing: policy drawn too narrowly
Clarifying terminology (2) • A subject is a physical person • A person can also be a legal person (firm) • A principal can be – a person – equipment (PC, smartcard) – a role (the officer of the watch) – a complex role (Alice or Bob, Bob deputising for Alice) • The level of precision is variable – sometimes you need to distinguish ‘Bob’s smartcard representing Bob who’s standing in for Alice’ from ‘Bob using Alice’s card in her absence’. Sometimes you don’t
Clarifying terminology (3) • Secrecy is a technical term – mechanisms limiting the number of principals who can access information • Privacy means control of your own secrets • Confidentiality is an obligation to protect someone else’s secrets • Thus your medical privacy is protected by your doctors’ obligation of confidentiality
Clarifying terminology (4) • Anonymity is about restricting access to metadata. It has various flavours, from not being able to identify subjects to not being able to link their actions • An object’s integrity lies in its not having been altered since the last authorised modification • Authenticity has two common meanings – – an object has integrity plus freshness – you’re speaking to the right principal
Clarifying Terminology (5) • Trust is the hard one! It has several meanings: 1. a warm fuzzy feeling 2. a trusted system or component is one that can break my security policy 3. a trusted system is one I can insure 4. a trusted system won’t get me fired when it breaks • I’m going to use the NSA definition – number 2 above – by default. E.g. an NSA man selling key material to the Chinese is trusted but not trustworthy (assuming his action unauthorised)
Clarifying Terminology (6) • A security policy is a succinct statement of protection goals – typically less than a page of normal language • A protection profile is a detailed statement of protection goals – typically dozens of pages of semi-formal language • A security target is a detailed statement of protection goals applied to a particular system – and may be hundreds of pages of specification for both functionality and testing
What often passes as ‘Policy’ 1. This policy is approved by Management. 2. All staff shall obey this security policy. 3. Data shall be available only to those with a ‘need-to-know’. 4. All breaches of this policy shall be reported at once to Security. What’s wrong with this?
Policy Example – MLS • Multilevel Secure (MLS) systems are widely used in government • Basic idea: a clerk with ‘Secret’ clearance can read documents at ‘Confidential’ and ‘Secret’ but not at ‘Top Secret’ • 60s/70s: problems with early mainframes • First security policy to be worked out in detail following Anderson report (1973) for USAF which recommended keeping security policy and enforcement simple
Levels of Information • Levels include: – Top Secret: compromise could cost many lives or do exceptionally grave damage to operations. E.g. intelligence sources and methods – Secret: compromise could threaten life directly. E.g. weapon system performance – Confidential: compromise could damage operations – Restricted: compromise might embarrass? • Resources have classifications, people (principals) have clearances. Information flows upwards only
Information Flows Secret Confidential Unclassified
Formalising the Policy • Initial attempt – WWMCCS – had rule that no process could read a resource at a higher level. Not enough! • Bell-LaPadula (1973): – simple security policy: no read up – *-policy: no write down • With these, one can prove theorems etc. • Ideal: minimise the Trusted Computing Base (set of hardware, software and procedures that can break the security policy) in a reference monitor

More Related Content

PPTX
ITT408_Unit#1_InformationSecurity_Fundamentals_STUDENTS.pptx
srizvi9
 
PPT
15_526_topic01.ppt
Faiz Fanani
 
PPTX
ICS_Unit-I_Foundations of Information Security
KartikMaski
 
PDF
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
VishwanathMahalle
 
PPTX
Security in Computer System
Manesh T
 
PPTX
02-overview.pptx
EmanAzam
 
PDF
Security in computer systems fundamentals
Manesh T
 
PPTX
Cyber-security Vs Information Security.pptx
amnamahfooz615
 
ITT408_Unit#1_InformationSecurity_Fundamentals_STUDENTS.pptx
srizvi9
 
15_526_topic01.ppt
Faiz Fanani
 
ICS_Unit-I_Foundations of Information Security
KartikMaski
 
UNIT- I & II_ 3R-Cryptography-Lectures_2021-22_VSM.pdf
VishwanathMahalle
 
Security in Computer System
Manesh T
 
02-overview.pptx
EmanAzam
 
Security in computer systems fundamentals
Manesh T
 
Cyber-security Vs Information Security.pptx
amnamahfooz615
 

Similar to Security in Software issues in software.ppt (20)

PDF
MSc CS - I - 19PCSC203 - Cryptography and Network Security.pdf
Selvakanmani S
 
PDF
IS-Intro.pdf
wdwd10
 
PDF
Information Security basic introduction by professor
adityakatare35
 
PDF
Computer security
YUSRA FERNANDO
 
PDF
cryptograph and computer security lecture 1.pdf
AWELHAJI2
 
PPTX
Career In Information security
Anant Shrivastava
 
PPT
Cis326week1lesson1
Fahad_1
 
PPT
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
PPTX
Security Fundamentals Security Issues Earlier
mvk11
 
PPT
its a computer security based ppt which is very useful
SantoshChintawar
 
PPT
Network Security
Vipul Mosaic
 
PPT
Intro
JustineJohn3
 
PPT
Security.ppt
ssuser50c54b
 
PPTX
Internet Issues (How to Deal on Internet Security)
Hannah Jane del Castillo
 
PPTX
CISSP-Certified.pptx
ssuser645549
 
PPT
CNS UNIT 1 NEW NEW UNIT has been s 1.ppt
inaamulh66
 
PPTX
1_Introduction to security.pptx
diaa46
 
PDF
internet security and cyber lawUnit1
Royalzig Luxury Furniture
 
PPTX
Tsc2021 cyber-issues
Ernest Staats
 
PPTX
CS8792 - Cryptography and Network Security
vishnukp34
 
MSc CS - I - 19PCSC203 - Cryptography and Network Security.pdf
Selvakanmani S
 
IS-Intro.pdf
wdwd10
 
Information Security basic introduction by professor
adityakatare35
 
Computer security
YUSRA FERNANDO
 
cryptograph and computer security lecture 1.pdf
AWELHAJI2
 
Career In Information security
Anant Shrivastava
 
Cis326week1lesson1
Fahad_1
 
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
Security Fundamentals Security Issues Earlier
mvk11
 
its a computer security based ppt which is very useful
SantoshChintawar
 
Network Security
Vipul Mosaic
 
Intro
JustineJohn3
 
Security.ppt
ssuser50c54b
 
Internet Issues (How to Deal on Internet Security)
Hannah Jane del Castillo
 
CISSP-Certified.pptx
ssuser645549
 
CNS UNIT 1 NEW NEW UNIT has been s 1.ppt
inaamulh66
 
1_Introduction to security.pptx
diaa46
 
internet security and cyber lawUnit1
Royalzig Luxury Furniture
 
Tsc2021 cyber-issues
Ernest Staats
 
CS8792 - Cryptography and Network Security
vishnukp34
 
Ad

More from MrRRThirrunavukkaras (9)

PPTX
VLSI DESIGN BASICS TRANSISTOR THEORY AND MOS TRANSISTOR.pptx
MrRRThirrunavukkaras
 
PPTX
Combinational Circuits Design in Digital System Design.pptx
MrRRThirrunavukkaras
 
PPT
Electronics for basic engineers and .ppt
MrRRThirrunavukkaras
 
PPT
Verilog Hardware Description Language.ppt
MrRRThirrunavukkaras
 
PDF
Search-Beyond-Classical-no-exercise-answers.pdf
MrRRThirrunavukkaras
 
PDF
Adaptive Cruise Control.pdf
MrRRThirrunavukkaras
 
DOCX
certificate wordings.docx
MrRRThirrunavukkaras
 
PPTX
wearable_HAPTIC_TECHNOLOGY_pptx.pptx
MrRRThirrunavukkaras
 
PDF
8051instructionset-120412233627-phpapp01.pdf
MrRRThirrunavukkaras
 
VLSI DESIGN BASICS TRANSISTOR THEORY AND MOS TRANSISTOR.pptx
MrRRThirrunavukkaras
 
Combinational Circuits Design in Digital System Design.pptx
MrRRThirrunavukkaras
 
Electronics for basic engineers and .ppt
MrRRThirrunavukkaras
 
Verilog Hardware Description Language.ppt
MrRRThirrunavukkaras
 
Search-Beyond-Classical-no-exercise-answers.pdf
MrRRThirrunavukkaras
 
Adaptive Cruise Control.pdf
MrRRThirrunavukkaras
 
certificate wordings.docx
MrRRThirrunavukkaras
 
wearable_HAPTIC_TECHNOLOGY_pptx.pptx
MrRRThirrunavukkaras
 
8051instructionset-120412233627-phpapp01.pdf
MrRRThirrunavukkaras
 
Ad

Recently uploaded (20)

PPTX
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
PPTX
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
PPTX
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
DOCX
573137875-Attendance-Management-System-original
AYUSHMANAV
 
PDF
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
PDF
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
PDF
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
PPTX
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
PPTX
Construction Project Organization Group 2.pptx
vj5agdales
 
PPTX
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
PPTX
Sustainable Sites - Green Building Construction
mhdumerali
 
DOCX
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
PDF
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
PPTX
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
PPT
Project quality management in manufacturing
BarMusaTetik
 
PPTX
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PPTX
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
573137875-Attendance-Management-System-original
AYUSHMANAV
 
BMEC211 - INTRODUCTION TO MECHATRONICS-1.pdf
ryankakungu
 
PRIZ Academy - 9 Windows Thinking Where to Invest Today to Win Tomorrow.pdf
PRIZ Guru
 
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
Construction Project Organization Group 2.pptx
vj5agdales
 
Lecture Notes Electrical Wiring System Components
eedgecbhojpur
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
Sustainable Sites - Green Building Construction
mhdumerali
 
ASol_English-Language-Literature-Set-1-27-02-2023-converted.docx
AYUSHMANAV
 
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
Project quality management in manufacturing
BarMusaTetik
 
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 

Security in Software issues in software.ppt

  • 1. Security Ross Anderson Computer Science Tripos part 2 Cambridge University
  • 2. Aims • Give you a thorough understanding of information security technology – Policy (what should be protected) – Mechanisms (cryptography, electrical engineering, …) – Attacks (malicious code, protocol failure …) – Assurance – how do we know when we’re done? • How do we make this into a proper engineering discipline?
  • 3. Objectives By the end of the course, you should be able to tackle an information protection problem by drawing up a threat model, formulating a security policy, and designing specific protection mechanisms to implement the policy.
  • 4. Outline • At least four guest lectures – Nov 4: Steven Murdoch, anonymity – Nov 9: Robert Watson, concurrency – Nov 20: Sergei Skorobogatov, physical security – Nov 23: Joe Bonneau, social networks • Two competitive class exercises – Nov 9: Black hat, Robert Watson – TBA: White hat, Steven Murdoch
  • 5. Resources • My book “Security Engineering” – developed from lecture notes • Web page for course • Menezes, van Oorschot and Vanstone “Handbook of Applied Cryptography” (reference) • Stinson: “Cryptography: theory and practice” • Schneier “Applied cryptography” • Gollmann: “Computer Security”
  • 6. Resources (2) • History: – David Kahn “The Codebreakers” – Gordon Welchmann “The Hut Six Story” • Specialist: – Biham and Shamir “Differential Cryptanalysis” – Koblitz “Course in number theory and cryptography” • Lab: – Security seminars, typically Tuesdays, 4.15 – Security group meetings, Fridays, 4
  • 7. What is Security Engineering? Security engineering is about building systems to remain dependable in the face of malice, error and mischance. As a discipline, it focuses on the tools, processes and methods needed to design, implement and test complete systems, and to adapt existing systems as their environment evolves.
  • 8. Design Hierarchy • What are we trying to do? • How? • With what? Policy Protocols … Hardware, crypto, …
  • 9. Security vs Dependability • Dependability = reliability + security • Reliability and security are often strongly correlated in practice • But malice is different from error! – Reliability: “Bob will be able to read this file” – Security: “The Chinese Government won’t be able to read this file” • Proving a negative can be much harder …
  • 10. Methodology 101 • Sometimes you do a top-down development. In that case you need to get the security spec right in the early stages of the project • More often it’s iterative. Then the problem is that the security requirements get detached • In the safety-critical systems world there are methodologies for maintaining the safety case • In security engineering, the big problem is often maintaining the security requirements, especially as the system – and the environment – evolve
  • 11. Clarifying terminology • A system can be: – a product or component (PC, smartcard,…) – some products plus O/S, comms and infrastructure – the above plus applications – the above plus internal staff – the above plus customers / external users • Common failing: policy drawn too narrowly
  • 12. Clarifying terminology (2) • A subject is a physical person • A person can also be a legal person (firm) • A principal can be – a person – equipment (PC, smartcard) – a role (the officer of the watch) – a complex role (Alice or Bob, Bob deputising for Alice) • The level of precision is variable – sometimes you need to distinguish ‘Bob’s smartcard representing Bob who’s standing in for Alice’ from ‘Bob using Alice’s card in her absence’. Sometimes you don’t
  • 13. Clarifying terminology (3) • Secrecy is a technical term – mechanisms limiting the number of principals who can access information • Privacy means control of your own secrets • Confidentiality is an obligation to protect someone else’s secrets • Thus your medical privacy is protected by your doctors’ obligation of confidentiality
  • 14. Clarifying terminology (4) • Anonymity is about restricting access to metadata. It has various flavours, from not being able to identify subjects to not being able to link their actions • An object’s integrity lies in its not having been altered since the last authorised modification • Authenticity has two common meanings – – an object has integrity plus freshness – you’re speaking to the right principal
  • 15. Clarifying Terminology (5) • Trust is the hard one! It has several meanings: 1. a warm fuzzy feeling 2. a trusted system or component is one that can break my security policy 3. a trusted system is one I can insure 4. a trusted system won’t get me fired when it breaks • I’m going to use the NSA definition – number 2 above – by default. E.g. an NSA man selling key material to the Chinese is trusted but not trustworthy (assuming his action unauthorised)
  • 16. Clarifying Terminology (6) • A security policy is a succinct statement of protection goals – typically less than a page of normal language • A protection profile is a detailed statement of protection goals – typically dozens of pages of semi-formal language • A security target is a detailed statement of protection goals applied to a particular system – and may be hundreds of pages of specification for both functionality and testing
  • 17. What often passes as ‘Policy’ 1. This policy is approved by Management. 2. All staff shall obey this security policy. 3. Data shall be available only to those with a ‘need-to-know’. 4. All breaches of this policy shall be reported at once to Security. What’s wrong with this?
  • 18. Policy Example – MLS • Multilevel Secure (MLS) systems are widely used in government • Basic idea: a clerk with ‘Secret’ clearance can read documents at ‘Confidential’ and ‘Secret’ but not at ‘Top Secret’ • 60s/70s: problems with early mainframes • First security policy to be worked out in detail following Anderson report (1973) for USAF which recommended keeping security policy and enforcement simple
  • 19. Levels of Information • Levels include: – Top Secret: compromise could cost many lives or do exceptionally grave damage to operations. E.g. intelligence sources and methods – Secret: compromise could threaten life directly. E.g. weapon system performance – Confidential: compromise could damage operations – Restricted: compromise might embarrass? • Resources have classifications, people (principals) have clearances. Information flows upwards only
  • 21. Formalising the Policy • Initial attempt – WWMCCS – had rule that no process could read a resource at a higher level. Not enough! • Bell-LaPadula (1973): – simple security policy: no read up – *-policy: no write down • With these, one can prove theorems etc. • Ideal: minimise the Trusted Computing Base (set of hardware, software and procedures that can break the security policy) in a reference monitor