Introduction to Cyber Security

&
Information Security
Module 4: System and Application Security
Chapter 1: Security Architectures and Models
Chapter 2: System Security
Chapter 3: OS Security
Chapter 4: Wireless Network and Security

Chapter I:
Security Architectures and Models

1. Designing Secure Operating Systems

2. Information Security Models

1. Designing Secured/Trusted
Operating Systems.
What makes an operating system secure? Or
trustworthy?
How are trusted systems designed, and which
of those design principles carry over naturally
to other program development tasks?
How do we develop assurance of the
correctness of a trusted operating systems?

Primitive security services

Memory protection

File protection

General object access control

User authentication

OS is trusted if we have confidence that it provides these four services

in a consistent and effective way.

2. Information Security Models.

Bell-LaPadula

Biba

Clark-Wilson

Chinese Wall

Good brief summary on Harris p.247

Bell-LaPadula (BLP) Model

BLP is formal (mathematical) description of mandatory access
control
Three properties:
ds-property (discretionary security)
ss-property (simple security no read down)
*-property (star property no write down)
A secure system satisfies all of these properties
BLP includes mathematical proof that if a system is secure and a
transition satisfies all of the properties, then the system will remain
secure.

Bell-LaPadula Model (Continued)

Honeywell Multics kernel was only true implementation of BLP, but it

never took hold

DOD information security requirements currently achieved via

discretionary access control and segregation of systems rather than BLPcompliant computers

Biba Model

Similar to BLP but focus is on integrity, not confidentiality

Result is to turn the BLP model upside down

High integrity subjects cannot read lower integrity objects (no read down)

Subjects cannot move low integrity data to high-integrity environment (no

write up)

McLean notes that ability to flip models essentially renders their

assurance properties useless

Clark-Wilson Model

Reviews distinction between military and commercial policy

Military policy focus on confidentiality

Commercial policy focus on integrity

Mandatory commercial controls typically involve who gets to do what

type of transaction rather than who sees what (Example: cut a check
above a certain dollar amount)

Clark-Wilson Model (Continued)

Two types of objects:
Constrained Data Items (CDIs)
Unconstrained Data Items (UDIs)
Two types of transactions on CDIs in model
Integrity Verification Procedures (IVPs)
Transformation Procedures (TPs)
IVPs certify that TPs on CDIs result in valid state
All TPs must be certified to result in valid transformation

Clark-Wilson Model (Continued)

System maintains list of valid relations of the form:
{UserID, TP, CDI/UDI}
Only permitted manipulation of CDI is via an authorized TP
If a TP takes a UDI as an input, then it must result in a proper CDI
or the TP will be rejected
Additional requirements
Auditing: TPs must write to an append-only CDI (log)
Separation of duties

Clark-Wilson versus Biba

In Bibas model, UDI to CDI conversion is performed by trusted subject

only (e.g., a security officer), but this is problematic for data entry
function.

In Clark-Wilson, TPs are specified for particular users and functions.

Bibas model does not offer this level of granularity.

Chinese Wall
Focus is on conflicts of interest.
Principle: Users should not access the confidential information of
both a client organization and one or more of its competitors.
How it works
Users have no wall initially.
Once any given file is accessed, files with competitor
information become inaccessible.
Unlike other models, access control rules change with user
behavior

Chapter 2:
System Security

1. email security: PGP and SMIME

2. Web Security: web authentication, SSL and
SET
3. Database Security

1. email security: PGP and SMIME

E-mail is one of the most widely used network services

Normally message contents not secured

killer application of the Internet

Can be read/modified either in transit or at destination by the
attacker

E-mail service is like postcard service

just pick it and read it

Email Security Enhancements

confidentiality

authentication

of sender of message

message integrity

protection from disclosure

protection from modification

non-repudiation of origin

protection from denial by sender

Pretty Good Privacy (PGP)

widely used secure e-mail software
originally a file encryption/decryption facility

developed by Phil Zimmermann

a security activist who has had legal problems due to
PGP

best available crypto algorithms are employed

available on several platforms with source code
originally free, now commercial versions exist
not controlled by a standardization body
although there are RFCs

PGP Mechanisms
Digital Signatures (and consequently
message authentication and integrity)
RSA, DSS

Message Encryption
CAST, IDEA, 3DES, AES (all at least 128 bits)
symmetric keys are used once and encrypted
using RSA or ElGamal (based on discrete logs)

Compression using ZIP

Radix-64 conversion (to ASCII)
for e-mail compatibility

S/MIME
Secure/Multipurpose Internet Mail Extensions
A standard way for email encryption and signing
IETF effort (RFCs 2632, 2633 for version 3.0;
RFCs 3850, 3851 for version 3.1; 5750, 5751 for
version 3.2)
Industry support
Not a standalone software, a system that is to be
supported by email clients
such as MS Outlook and Thunderbird

S/MIME handles digital signatures

Also provides encryption

S/MIME Functions
enveloped data
encrypted content and associated keys

signed data
encoded message + encoded signed message
digest

clear-signed data
cleartext message + encoded signed message
digest

signed and enveloped data

Nested signed and encrypted entities

2. Web Security: web authentication,

SSL and SET

SSL (Secure Sockets Layer)

NOT a payment protocol -- can be used for any secure
communications, like credit card numbers
SSL is a secure data exchange protocol providing
Privacy between two Internet applications
Authentication of server (authentication of browser optional)

Uses enveloping: RSA used to exchange DES keys

SSL Handshake Protocol
Negotiates symmetric encryption protocol, authenticates

SSL Record Protocol

Packs/unpacks records, performs encryption/decryption

Does not provide non-repudiation

Secure Sockets Layer (SSL)

Layered on top of TCP/IP but below the
application layer. (Requires reliable transport
to operate.)
SSL is increasing in importance for Internet
security
Invented by Phil Karlton (CMU Ph.D.) and
others at Netscape
View protocol (63 pages)

SSL (Secure Sockets Layer)

INITIALIZES SECURE
COMMUNICATION

ERROR HANDLING
HANDLES COMMUNICATION
WITH THE APPLICATION

Protocols
HANDLES DATA
COMPRESSION

INITIALIZES COMMUNCATION
BETWEEN CLIENT & SERVER

SSL (Secure Sockets Layer)

Some payment services using SSL:
Credit Card Network
Secure-Bank.Com
Web-Charge
SecureTrans

SET Objectives
Confidentiality of payment and order information
Encryption

Integrity of all data (digital signatures)

Authentication of cardholder & account (certificates)
Authentication of merchant (certificates)
No reliance on secure transport protocols (uses TCP/IP)
Interoperability between SET software and network
Standardized message formats

SET is a payment protocol

Messages relate to various steps in a credit card transaction

SET Security
Digital envelopes, nonces, salt
Two public-private key pairs for each party
One for digital signatures; one for key exchange messages
160-bit message digests
Statistically globally unique IDs (XIDs)
Certificates (5 kinds)
Cardholder, Merchant, Acquirer, Issuer, Payment Gateway
Hardware cryptographic modules (for high security)
Idempotency (message can be received many times but is
only processed once) f (f (x)) = f (x)
Complex protocol. Over 600 pages of detail
Dual signatures

SET Process Steps (Simplified)

1. Merchant sends invoice and unique transaction ID (XID)
2. Merchant sends merchant certificate and bank certificate (encrypted
with CAs private key)
3. Customer decrypts certificates, obtains public keys
4. Customer generates order information (OI) and payment info (PI)
encrypted with different session keys and dual-signed
5. Merchant sends payment request to bank encrypted with bankmerchant session key, PI, digest of OI and merchants certificate
6. Bank verifies that the XID matches the one in the PI
7. Bank sends authorization request to issuing bank via card network
8. Bank sends approval to merchant
9. Merchant sends acknowledgement to customer

SET Supported Transactions

card holder registration

merchant registration

purchase request

payment authorization

payment capture

certificate query

purchase inquiry

purchase notification
sale transaction
authorization reversal
capture reversal
credit reversal

3. Database Security
Security Objectives

Prevent/detect/deter improper
Disclosure of information
Prevent/detect/deter
Improper modification
of information

Secrecy

Integrity

Availability
Prevent/detect/deter improper
Denial of access to services

29

Policy
Organizational policy

Information systems policy

30

Databases

Collection of

interrelated data and

set of programs to access the data

Convenient and efficient processing of data

Database Application Software

31

Database Security

Protect Sensitive Data from

Unauthorized disclosure
Unauthorized modification
Denial of service attacks

Security Controls

Security Policy
Access control models
Integrity protection
Privacy problems
Fault tolerance and recovery
Auditing and intrusion detection
32

Protection of Data Confidentiality

Access control which data users can
access
Information flow control what users can
do with the accessed data
Data Mining

33

Access Control

Ensures that all direct accesses to object are

authorized

Protects against accidental and malicious

threats by regulating the read, write and
execution of data and programs

34

Access Control
Requires:

- Proper user identification

- Information specifying the access rights is
protected form modification

35

Access Control
Access

control components:
- Access control policy: specifies the
authorized accesses of a system
- Access control mechanism: implements
and enforces the policy

36

Chapter 3:
Operating System Security
1. Anti-virus software
2. Configuring the OS for security

1. Antivirus Software.
What is a Virus?
a virus is software that spreads from program to program, or from disk to disk, and
uses each infected program or disk to make copies of itself. basically computer
sabotage.

How does a Virus Spread?

first a programmer writes the virus most often being
attached to a normal program; unknown to the user,
the virus spreads to other software. then the virus
is passed by disk or network to other users who
use other computers. the virus then remains
dormant as it is passed on.

The Internet

What is AntiVirus Software?

computer programs intended to identify and eliminate computer viruses.

The Best Defense

this years best defense against computer viruses, spyware, hackers and
spam is an antivirus program called BitDefender.
has a user-friendly interface that scans all existing files on your computer,
all incoming and outgoing emails, and even IM transfers.
features include privacy protection and web scanning for internet use. a
years subscription is about $24.99.

NAV

the most widely used software is the Norton AntiVirus. (NAV)

since its release in 1990, over 100 million people around the world have
used it.
its a free program but in order to receive live updates, a valid subscription
is needed.
a yearly subscription is only $29.99.

McAfee

McAfee VirusScan is another popular antivirus program.

its designed for home and home-office use.
its used specifically on a Microsoft Windows platform.
the 2007 edition includes a number of features including on access file
sharing, inbound and outbound firewall protection, and daily definition
updates.

Kasperski
for the average home user and advanced users the Kasperski antivirus
software has an easy to use interface.
the program uses 3 tabs for protection, settings and support.
it updates itself on an hourly basis and is one of the fastest antivirus
programs available.
however, quality comes at a price and year subscription is $49.99.

Antivirus software is the equivalent to

penicillin of the computer world.
like penicillin, antivirus applications act as a guard
over your system, scanning incoming files and
applications, quarantining or cleaning up unwanted
viruses looking to cause harm to your system
antivirus software is considered to be an aid that
detects, fixes and even prevents viruses and worms
from spreading to your computer as well as
connecting computers.

2. Configuring the OS for security

Purpose of the system, type of information stored,
applications and services provided
Users of the system and their privileges
How are users authenticated
How information on system is managed
What other hosts / DBs are accessed by system
Who will manage system and how (remote or local)
Additional measures such as: firewall, anti-virus,
logging

Hardening the OS
Default OS configurations are for ease of use
Measures have to be done at all stages
Installing and patching
Configuring
Remove unnecessary applications, services and protocols
Users, groups, controls and privileges

Install additional software (anti-virus, firewall, intrusion

detection system, etc.)
Test Security

Installing and Patching

Installation
Machines should not connect to network until secured
However removable media may be infected as well

Limited network (firewall) is acceptable, ideally:

No inbound connections
Only out to certain key sites

Install only required services and drivers (from trusted sources)

Set up automatic updates (only if update time is not an issue)

Booting
Protect BIOS changes with password
Disable some bootable media
Cryptographic hard drives? Pros and Cons

Configure U/G Authentication

Define user types and privileges
Admin (ideally only temporary)
Normal
Limited

Authentication
Force default password change
Password definition
Password lifespan

Remove or disable old accounts

Allow for remote connections?

Additional Security and Testing

Anti-virus

Firewalls, IDS, IPS

White list

If attackers manage to install a program what will happen?

Run some test cases which attempt to break security (stress testing),
good hackers make a lot of money here

Application Security
Configure applications properly
Use encryption when possible as seen earlier
For storing
For transmit (SSH connections)

Limit privileges as with users

Remember what we have said about security in Android,
Blackberry, and iPhone

Applications may provide backdoors if not configured

properly

Maintenance

Now that system is set, keep it secure

This involves

Monitoring and analyzing logging information

Performing regular backups

Recovering from security compromises

Regular testing of security

Patch, update, and revise critical software

Logging

Keep a record of important events in the computer

Problems

Need to make sure to have enough space

Manual analysis is hard, so these logs should contain a format such that a
program (e.g. in Perl) can parse messages

Data Backup
Backup is the act of creating copies of information such
that it may be recovered
Archive is to keep these backups for a long period of
time in order to meet some legal aspects
Should the backup be kept online or offline?
Online makes easier access, faster recover
Offline is more secure, harder to recover
Why not both?: Users should keep their own offline backups, in
case online backup gets removed

Data may be lost accidentally (hardware failures, human

mistake) or intentionally

Chapter 4:
Wireless Networks and Security
1. Components of wireless networks
2. Security issues in wireless

1. Components of Wireless Network

1)
2)
3)
4)
5)

Equipment
Network
Software
Services
Mobile Worker.

2. Security Issues in Wireless Network

Network security issues, whether wired or wireless, fall into three main categories:
availability, confidentiality and integrity:
Confidentiality: is the information being sent across the network transmitted in such a way that only
the intended recipient(s) can read it.
Integrity: is the information reaching the recipient intact
Availability: is the network available to users whenever it is supposed to be