COP 4020 meeting -*- Outline -*- * the course itself ** What is this course about? *** Overall goals of security and assurance ------------------------------------------ OVERALL GOALS (Computer) systems should be in the face of malicious attacks ------------------------------------------ ... trustworthy and reliable Q: What would that mean for a self-driving car? Q: For Florida's electrical grid? Q: For a fighter jet or UAV? Q: For a heart pacemaker? Q: For a word processor? Q: For a medical doctor's patient database? Q: For the white house web site? *** Assurance and Trust from Bishop, chapter 18 **** trustworthy ------------------------------------------ TRUST def: A system is *trustworthy* iff there is ------------------------------------------ ... sufficient credible evidence for believing that it will meet its given requirements. (p. 478) Q: So what is "trust"? a degree of trustworthiness Q: Why is evidence important? we can't just believe assertions that something is trustworthy **** security assurance ------------------------------------------ SECURITY ASSURANCE def: *Security assurance* is ------------------------------------------ ... confidence that a system meets its security requirements, based on specific evidence. (p. 478) Q: How would you give evidence for assurance? documentation of carefully following a process/methodology mathematics (formal methods), testing *** Basic concepts of security Chapter 1 of Bishop ------------------------------------------ SECURITY SERVICES A secure computer system should provide: Confidentiality Integrity Availability ------------------------------------------ **** confidentiality ------------------------------------------ CONFIDENTIALITY def: *Confidentiality* means Applications: - Government - military - health care - Industry - trade secrets - personnel information ------------------------------------------ ... keeping information secret Q: What is information? The ability to answer some questions Even the existence of data can be information **** integrity ------------------------------------------ INTEGRITY def: *Integrity* means Data integrity Origin integrity ------------------------------------------ ... the trustworthiness of data or resources. This implies preventing improper or unauthorized changes. ... trustworthiness of data content (correctness) ... authentication of the source of data Q: Why does integrity matter in a secure system? garbage data in may mean garbage output (or actions) Q: What kinds of data integrity matter to a military system? information doesn't come from the enemy Q: What about a hospital database? information is reliable and not from a malicious outside entity **** availability ------------------------------------------ AVAILABILITY def: A system is *available* when ------------------------------------------ ... it can be used as designed Q: Why is availabity important to an airline company? if they can't sell tickets, they lose money, go out of business. Q: What's the name for common attacks that make a system unavailable? denial of service attacks **** security ------------------------------------------ SECURITY def: A system is *secure* if it satisifies its requirements for ------------------------------------------ ... confidentiality, integrity, and availability. These three are security services ------------------------------------------ FOR YOU TO DO Which security service is incorrect in a system that: - doesn't correct check passwords? - crashes (for all users) whenever any user makes a mistake? - answers queries from users by giving them the requested information for all users? - puts user input into database queries? ------------------------------------------ ... integrity, availability, confidentiality, and integrity ** objectives Q: What are your objectives for this course? Q: How do you want this course to help you in 5 years? (make a list) My objectives for you: ------------------------------------------ COURSE OBJECTIVES Securely Implement Analyze Reverse Engineer ------------------------------------------ ... [SecurelyImplement] Implement a software component so that it correctly implements a specification and is not subject to known attacks that would compromise its security. [Analyze] Use tools and other means to analyze software to prevent or demonstrate security problems. [ReverseEngineer] Explain the functionality of unknown software, including obfuscated malware. Why these objectives? Recommended by the NSA (CAE for Cyberoperations) So you have a basis for implementing software/systems that are secure, and so that you can see both how to check security positively (using tools) and negatively (from attacks). ** outcomes My essential learning outcomes: ------------------------------------------ LEARNING OUTCOMES Securely Construct Validate Reversing ------------------------------------------ ... [SecurelyConstruct] Explain how to specify program behavior, what well-known vulnerabilities are in software that affect security, and how they manifest themselves, and demonstrate how to construct software that is free of such vulnerabilities [Validate] Use tools to check existing source code for functional correctness and to check for the absence of security vulnerabilities [Reversing] Use tools to explain the functionality of unknown code in binary form ** plan for the course ------------------------------------------ PLAN FOR THE COURSE Broad outline: - overview - secure implementation - analysis - reverse engineering We will use C, C++, and Java plus x86 assembler, and some JavaScript ------------------------------------------ *** grading ------------------------------------------ GRADING + No curve grading + Your grade is 60% based on tests 40% on homework ------------------------------------------ moral: use homeworks to learn, cheating on homework won't help in class questions will be used to: - get students to read for first exposure on own time, - make class more productive - make class more interactive details in grading_policy.shtml web page *** cooperation and cheating ------------------------------------------ COOPERATION Can talk with others about homework - but must cite them Can cooperatively do homework - but must use a "group" in webcourses (see grading policy for details) CHEATING Attacking of the instructor's computer(s) Exchange of finished answers - without cooperation in solving them - without certification Using ideas of others - without citation Copying answers from the web - without citation ------------------------------------------ See grading policy for details. *** ask for questions/concerns discuss them