Introduction to Computer and Network Security CNE417

Information and Network Security

CNE417 Second Semester 2023

Grading Structure
Introduction to Computer and Network Security CNE417

Percentage of Total
# Assessment task Week Due
Assessment Score
1 Homework 3,4,5,6,7 20%

3 Midterm Exams 6 30%

4 Projects 9 10%

7 Final Exam 12 40%

2
Introduction to Computer and Network Security CNE417

Introduction

Resources
Introduction to Computer and Network Security CNE417

• Textbook:
 Mark Stamp, Information security: principles and practice. (3rd Edition)
Wiley, Sep 2021.
 Paul C. van Oorschot, Computer Security and the Internet: Tools and Jewels from
Malware to Bitcoin, (2nd Edition). Springer, 2021

● References
 R Anderson , Security Engineering - A Guide to Building Dependable Distributed
Systems, (3rd Edition), Wiley , 2021
 Matt Bishop, Computer Security Art and Science, (2nd Edition), Addison-Wesley
Professional, 2018
 Wenliang , Computer & Internet Security:A Hands-on Approach, (3rd Edition), 2022

4
 What is security?
Introduction to Computer and Network Security CNE417

● Enforcing a desired property in the presence of an attacker

○ Data confidentiality, data and computation integrity ,authentication, availability, user privacy etc

● Security is not privacy: Privacy is protecting data from unauthorized access

○ Privacy is about making sure that the data is either not collected in the first place or, if collected,
not misused

● Security is not safety: Safety is enforcing a desired property, but in the presence
of random nature
○ In other words, making sure systems work as expected

Computer Security
Introduction to Computer and Network Security CNE417

● Computer: includes programmable computing/communications devices such

as a personal computer or mobile device (e.g., laptop, tablet, smartphone),
and machines they communicate with including servers and network devices.
○ fundamental goals of computer security: can be viewed as security services
● Computer security: is defined as the combined art, science and engineering
practice of protecting computer-related assets from unauthorized actions and
their consequences, either by preventing such actions or detecting and then
recovering from them.
● Information Security: The protection of information and information systems
from unauthorized access, use, disclosure, disruption, modification, or
destruction in order to provide confidentiality, integrity, and availability.
6
 Meta definition
Introduction to Computer and Network Security CNE417

● A system is secure if it can maintain well-specified properties in

spite of the actions of well-specified adversaries.

• The set of properties we assume to be correct is called the trust model

• The set of adversaries (and their capability) is called the threat model
• Trust Model + Threat Model = Security Model

• The art and science of secure systems lies in properly identifying these
properties, adversaries, and designing mechanisms that achieve this goal.

Computer Security Goals/Objectives (CIA triad)

Introduction to Computer and Network Security CNE417

Confidentiality
• Data confidentiality
• Assures that private or confidential information is not made available or disclosed to unauthorized
individuals
• Privacy
• Assures that individuals control or influence what information related to them may be collected
and stored and by whom and to whom that information may be disclosed
Integrity
• Data integrity
• Assures that information and programs are changed only in a specified and authorized manner
• System integrity
• Assures that a system performs its intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of the system
Availability
• Assures that systems work promptly and service is not denied to authorized users 8
 Confidentiality
Introduction to Computer and Network Security CNE417

• Prevent “unauthorized disclosure of information”

• Examples:
– Keep Alice from reading Bob’s files without permission
– Keep Bob from knowing Alice has a file called ILoveBob.txt
– Prevent Eve from reading Alice’s network traffic
– Prevent Steve from knowing whether Alice is a patient at a clinic

Integrity
Introduction to Computer and Network Security CNE417

• Prevent unauthorized modification of data

• Examples:
– Keep Alice from changing Bob’s files without permission
– Keep Bob from deleting Alice’s file
– Prevent Mallory from modifying Alice’s network traffic
– Prevent Bob from changing an important system binary
• ls -> sl

10
 Availability
Introduction to Computer and Network Security CNE417

• Prevent “disruption of access to or use of information or information

system”

• Examples:
– Keep Bob from deleting Alice’s files
– Prevent Mallory from crashing xyz.edu
– Prevent Dave from flooding Bob’s computer with network requests

11

Beyond CIA
Introduction to Computer and Network Security CNE417

• Authentication: Are you who you say you are?

• Determine whether access is allowed
• Authenticate human to machine
• Or authenticate machine to machine

• Authorization: Are you allowed to do that?

• Once you have access, what can you do?
• Enforces limits on actions

• Accountability: the ability to identify principals responsible for past actions. As

the electronic world lacks conventional evidence
12
 Computer Security Goals/Objectives
Introduction to Computer and Network Security CNE417

13

Security Architecture- OSI (Open Systems Interconnection)

Introduction to Computer and Network Security CNE417

● Security attack
○ Any action that compromises the security of information owned by an organization
● Security mechanism
○ A process (or a device incorporating such a process) that is designed to detect,
prevent, or recover from a security attack
● Security service
○ A processing or communication service that enhances the security of the data
processing systems and the information transfers of an organization
○ Intended to counter security attacks, and they make use of one or more security
mechanisms to provide the service

14
 Security Architecture- OSI (Open Systems Interconnection)
Introduction to Computer and Network Security CNE417

Security attack Security service

• Passive Attack Authentication
o Message Content Access Control
o Masked Traffic Analysis Data Confidentiality
• Active Attacks Data Integrity
o Masquerade Non- repudiation
o Replay
o Modification of Message
o Denial of Services

15

Vulnerabilities (Attack Vectors)

Introduction to Computer and Network Security CNE417

● A Vulnerability is a flaw that exposes the user, data or system to a threat.

● Weakness in an information system, system security procedures, internal controls,
or implementation that could be exploited or triggered by a threat source.
○ Buffer overflows, WEP key leakage, etc

● Where do vulnerabilities come from?

○ Bad software or hardware
○ Poor understanding of requirements/bad design
○ Bad policy/configuration
○ System Misuse
○ Unintended purpose or environment
● An exploit is an attack that leverages that vulnerability
○ a tool that can be used to take advantage of a vulnerability
16
 Types of Attacks
Introduction to Computer and Network Security CNE417

● Passive Attack
►Make use of information, but not affect system resources, e.g.
 Release message contents
 Traffic analysis
►Relatively hard to detect, but easier to prevent
● Active Attack
►Alter system resources or operation, e.g.
Masquerade: one entity pretends to be a different entity

Replay: passive capture of a data unit and its subsequent retransmission to produce an

unauthorized effect
 Modification: a legitimate message is altered, or messages are delayed or reordered to
produce an unauthorized effect
 Denial of service: Prevents the normal use or management of communications facilities
17
►Relatively hard to prevent, but easier to detect

Types of Attacks
Introduction to Computer and Network Security CNE417

18
 Release message contents
Introduction to Computer and Network Security CNE417

19

Traffic Analysis
Introduction to Computer and Network Security CNE417

20
 Masquerade
Introduction to Computer and Network Security CNE417

21

Replay
Introduction to Computer and Network Security CNE417

22
 Modification of messages
Introduction to Computer and Network Security CNE417

23

Denial Of Service (DoS)

Introduction to Computer and Network Security CNE417

24
 Security Services
Introduction to Computer and Network Security CNE417

● Access Control
○ The prevention of unauthorized use of a resource (i.e., this service controls who can
have access to a resource, under what conditions access can occur, and what those
accessing the resource are allowed to do).
● Authentication
○ The assurance that the communicating entity is the one that it claims to be.
● Non-repudiation
○ Provides protection against denial by one of the entities involved in a communication of
having participated in all or part of the communication.
○ Nonrepudiation, Origin
■ Proof that the message was sent by the specified party.
○ Nonrepudiation, Destination
■ Proof that the message was received by the specified party.
25

Threats
Introduction to Computer and Network Security CNE417

● An adversary is any entity trying to circumvent the security infrastructure

○ Computer security experts think like an attacker all the time
● Assets are the items that we are trying to protect
● Threat: “A potential for violation of security, which exists when there is a
circumstance, capability, action, or event that could breach security and cause
harm. That is, a threat is a possible danger that might exploit a vulnerability”
○ A threat can be
■ “intentional”: hacker, other adversary
■ “accidental”: “act of God” such as an earthquake, a fire, or a tornado
● Threats are impotent without a vulnerability to exploit

26
 Risk
Introduction to Computer and Network Security CNE417

• Risk is often defined as

● R = T * V * C , where …

T = threat information (probability instantiated at a given time)

–
– V = existence of vulnerabilities
– C = cost of impact
• Sometimes just R = P * C
– Where P = probability attacker is successful

27

Threat Model
Introduction to Computer and Network Security CNE417

• A Threat Model is a systematic identification of the threats a system faces

• One approach (from “Writing Secure Code”):
– Brainstorm known threats
– Rank the threats by risk (likelihood and impact)
– Choose threat responses, techniques, and implementations

1. Identify things of value that you want to protect

2. Enumerate the attack surfaces
3. Hypothesize attackers and map them to Survey mitigations
o Things of value they want from (1)
o Their ability to target vulnerable surfaces from (2)
4. Balance costs versus risks

28
 Attack Surfaces
Introduction to Computer and Network Security CNE417

● An attack surface consists of the reachable and exploitable vulnerabilities in a

system
● Examples:
○ Open ports on outward facing Web and other servers, and code listening on those ports
○ Services available on the inside of a firewall
○ Code that processes incoming data, email, XML, office documents, and industry-specific custom
data exchange formats
○ Interfaces, SQL, and Web forms
○ An employee with access to sensitive information vulnerable to a social engineering attack

29

Attack Surfaces Categories

Introduction to Computer and Network Security CNE417

● Network attack surface

○ Refers to vulnerabilities over an enterprise network,
wide-area network, or the Internet
● Software attack surface
○ Refers to vulnerabilities in application, utility, or
operating system code
● Human attack surface
○ Refers to vulnerabilities created by personnel or
outsiders

 Layering:
○ the use of multiple, overlapping protection
approaches addressing the people, technology, and
operational aspects of information systems
30
 Threat Modeling Approaches
Introduction to Computer and Network Security CNE417

• Diagram-driven • Checklists
– Architectural diagram – From past experience
– Data flow diagram • STRIDE
– User workflow – Spoofing
– Ask: what could go wrong? – Tampering
• Attack Tree – Repudiation
– Attacker goal at top – Information disclosure
– Branches are ways to get to – Denial of service
the goal – Escalation of privilege
31

Adversary Attributes
Introduction to Computer and Network Security CNE417

• Objectives
• Intention and goals of attackers
• Methods
• The anticipated attack techniques, or types of attacks
• Capabilities
• Computing resources (CPU, storage, bandwidth), skills, knowledge,
personnel, opportunity (e.g., physical access to target machines)
32
• Funding level
• Influences attacker determination, methods and capabilities
• Outsider vs. insider
• Outsider is remote attacker, while insider has access to network
 Threat Modeling Approaches
Introduction to Computer and Network Security CNE417

33

Diagram-driven threat modeling

Introduction to Computer and Network Security CNE417

Data flow: how data flows through the system

34
 Lifecycle diagrams threat modeling
Introduction to Computer and Network Security CNE417

35

Attack tree threat modeling

Introduction to Computer and Network Security CNE417

• Attacker needs one path to get access

• Defender needs to secure all paths

36
 STRIDE threat Model
Introduction to Computer and Network Security CNE417

● STRIDE. Another approach uses a small set of keywords to stimulate thought,

unburdened by a longer list.
○ Spoofing—attempts to impersonate a thing (e.g., web site), or an entity (e.g., user).
○ Tampering—unauthorized altering, e.g., of code, stored data, transmitted packets.
○ Repudiation—denying responsibility for past actions.
○ Information disclosure—unauthorized release of data.
○ Denial of service—impacting availability of services, or the quality of services,
through malicious actions that consume resources or induce errors in systems.
○ Escalation of privilege—obtaining privileges to access resources, typically referring
to malware that gains a base level of access as a foothold and then exploits
vulnerabilities to extend this to gain greater access

37

STRIDE threat Model

Introduction to Computer and Network Security CNE417

38
 Attacks
Introduction to Computer and Network Security CNE417

• An attack occurs when an adversary attempts to exploit a vulnerability

• A compromise occurs when an attack is successful
– Typically associated with taking over/altering resources
• Attack types
• Interception — unauthorized access to an asset
• Modification — unauthorized changes to an asset
• Fabrication — creation of fake objects
– Files, Messages, etc.
• Interruption — asset is “lost, unavailable, unusable”

39

Why compromise end user machines?

Introduction to Computer and Network Security CNE417

Steal user credentials

keylog for banking passwords, corporate passwords, gaming pwds
Example: SilentBanker (and many like it)

User requests login page

Malware injects Bank sends login page
Javascript needed to log in
Bank
When user submits
information, also sent to
attacker Similar mechanism used
by Zbot, and others
Adversary-in-the-Browser (AITB)
Dan Boneh
 Defenses
Introduction to Computer and Network Security CNE417

• Measures taken to reduce the potential or impact of an attack AKA

“Controls” or “Countermeasures”
• There are Five Defense Archetypes:
– Prevention — “block the attack or close the vulnerability” (P&P)
– Deterrence — Make attack harder (but not impossible)
– Deflection — Make target less desirable than others
– Detection — Detect attack in progress (and try to do something about it)
– Recovery — Assume attack and just plan to fix things later

41

Trust
Introduction to Computer and Network Security CNE417

• In practice, it is very difficult to completely prevent attacks. We often trust systems that are not
completely secure.

• Trust refers to the degree to which an entity is expected to behave.

• What is an entity not expected to do?
• A trust model describes, for a particular environment, who is trusted to do what.
• You make trust decisions every day...
– What are they?
– Whom do you trust?
• A trusted system or component is one whose failure can break the security policy.”
• Trusted Computing Base (TCB) is the parts of the system you trust.

• “A trustworthy system or component is one that won’t fail.”

42
 Security Models
Introduction to Computer and Network Security CNE417

• A security model is the combination of trust and threat models that address the set
of perceived risks
– What are the security concerns (risks)? Threats?
– Who are our adversaries?
– Who do we trust and to do what?

• The “security requirements” used to develop some strong and

comprehensive design

• Not easy
– Threats and adversaries change over time
– New attacks emerge
43

A Network Security Model

Introduction to Computer and Network Security CNE417

44