Sicurezza Informatica
Prof. Stefano Bistarelli
[email protected]
http://www.sci.unich.it/~bista/
Chapter 1: Introduction
Prof. Stefano Bistarelli - Sicurezza
Informatica
2
Outline

Security (confidentiality, integrity,
availability) to protect from threats!!



Security policies identify threats and and define
requirements (assumptions)
Security mechanisms are methods to
detect/prevent/recover threats
Which security countermeasure we want to
apply?

Security Risk analysis!!
Prof. Stefano Bistarelli - Sicurezza
Informatica
3
Sicurezza Informatica

abilità di un sistema di proteggere
informazioni, risorse ed il sistema stesso,
rispetto alle nozioni di






Confidentialità (confidentiality)
Integrità (integrity) e Autenticazione
(authentication)
Disponibilità (availability)
Controllo degli Accessi (control access)
Non ripudio (no-repudiaton)
Privatezza (privacy)
Prof. Stefano Bistarelli - Sicurezza
Informatica
4
Alice, Bob, e … Trudy
Figure 7.1 goes here



“Hello-world” nel mondo della sicurezza
Bob e Alice hanno la necessità di comunicare tra loro in
modo sicuro
Trudy, “intruder” è in grado di intercettare e modificare i
messaggi
Prof. Stefano Bistarelli - Sicurezza
Informatica
5
Main goals

Confidentialità (confidentiality)


Integrità (integrity)


Assicurare che le informazioni non siano accessibili ad utenti
non autorizzati
Assicurare che le informazioni non siano alterabili da persona
non autorizzate (in maniera invisibile agli utenti autorizzati)
Autenticazione (athentication)
Assicurare che gli utenti siano effettivamente chi dichiarano
di essere
Disponibilità (availability)
 Assicurare che un sistema sia operativo e funzionale in ogni
momento (non deny-of-service)


Prof. Stefano Bistarelli - Sicurezza
Informatica
6
Additional goals



Controllo degli accessi (access control)
 Assicurare che gli utenti abbiano accesso a tutte
le risorse ed a tutti i servizi cui sono autorizzati e
solo a questi
Non ripudio (non-repudiation)
 Assicurare che il mittente di un messaggio non
possa negare il fatto di aver spedito il messaggio
Privatezza (privacy)
 Assicurare che gli utenti possano controllare quali
informazioni su di lui vengono raccolte, come
vengono usate, chi le usa, chi le mantiene, e per
quale scopo vengono usate
Prof. Stefano Bistarelli - Sicurezza
Informatica
7
Security is not safety!!
Prof. Stefano Bistarelli - Sicurezza
Informatica
8
Security “is not” Safety

Reliability (affidabilità)


Availability (disponibilità)


“non da crash!”
Maintainability (manutenibilità)


“non sbaglia!”
“E’ facilmente gestibile”
Safety (sicurezza)

“non muoreProf.nessuno
usandolo”
Stefano Bistarelli - Sicurezza
Informatica
9
Basic Components

Confidentiality, Integrity, Availability

Interpretation ALWAYS depends from the
context!!
Prof. Stefano Bistarelli - Sicurezza
Informatica
10
Confidentiality

Keeping data (and resources) hidden


Military and commercial motivations!
Mechanisms:


Access control (cryptography)
System dependent mechanism




(safer when working … but may fail!!)
Assumptions and trust of the mechanisms!!
Confidentiality of content vs existence of
data!!
For resource hiding: firewalls!!
Prof. Stefano Bistarelli - Sicurezza
Informatica
11
Integrity

Preventing improper/unauthorized changes




Trustworthiness of data
Data integrity (integrity)
Origin integrity (authentication)
Mechanisms:

Prevention


To change data
To change data in an unauthorized way


Difficult!!
Detection


Only detection
Provide explanation
Prof. Stefano Bistarelli - Sicurezza
Informatica
12
Availability


Enabling access to data and resources
Availability vs reliability ??


(disponibilità vs affidabilità)
Threats:

Manipulate the use of the data/resource


Can be captured
Denial of Service

Difficult to capture!!
Prof. Stefano Bistarelli - Sicurezza
Informatica
13
Attack Vs Threat

A threat is a “potential” violation of security




The violation need not actually occur
The fact that the violation might occur makes it a
threat
It is important to guard against threats and be
prepared for the actual violation
The actual violation of security is called an
attack
Prof. Stefano Bistarelli - Sicurezza
Informatica
14
Classes of Threats


Threat= potential violation of security.
Classes:
1.
2.
3.
4.
Disclosure (unauthorized access to
information)
Deception (acceptance of false data)
Disruption (DoS)
Usurpation (unauthorized control of (part
of) a system)
Prof. Stefano Bistarelli - Sicurezza
Informatica
15
Threats in comunications ..
Prof. Stefano Bistarelli - Sicurezza
Informatica
16
Classes of Threats, ex:

Snooping/sniffing


Modification/Alteration





Deception of data
Disruption/usurpation of systems
Spoofing/masquerading (impersonation)


disclosure of data
Deception/usurpation
Notice that “delegation”= authorized masquerading
Repudiation of origin/send/receipt
Inibition of service


Delay
denial of service
Prof. Stefano Bistarelli - Sicurezza
Informatica
17
Policies and Mechanisms

Policy says what is, and is not, allowed



Composition of policies (ex: for cooperation
among sites)


This defines “security” for the site/system/etc.
Assumption: definition of the set of
secure/insecure states!
If policies conflict, discrepancies may create
security vulnerabilities
Mechanisms are methods/tools/procedure to
enforce policies
Prof. Stefano Bistarelli - Sicurezza
Informatica
18
Mechanism for

Prevention


Detection


Prevent attackers from violating security policy
Detect attackers’ violation of security policy
Recovery



1: Stop attack, assess and repair damage
2: Continue to function correctly even if attack
succeeds
Retaliation as a form of recovery 
Prof. Stefano Bistarelli - Sicurezza
Informatica
19
Trust and Assumptions

A policy correctly describe the required security for a
site? The mechanism can enforce the policy needs?

Security rests on assumptions!


Ex: per aprire una porta occorre la chiave (assunzione)
Se c’e’ scassinatore, assunzione non valida!



A meno che lo scassinatore apra solo le porte dietro richiesta del
proprietario!
Trust verso scassinatore!
Policies assumptions

Unambiguously partition system states (secure/non secure)


Correctly capture security requirements
Mechanisms Assumed to enforce policy

if mechanisms work correctly
Prof. Stefano Bistarelli - Sicurezza
Informatica
20
Types of Mechanisms




Let P be the set of all the reachable states
Let Q be a set of secure states identified by a
policy: Q  P
Let the set of states that an enforcement
mechanism restricts a system to be R
The enforcement mechanism is



Secure if R  Q
Precise if R = Q
Broad if there are some states in R that are not
in Q
Prof. Stefano Bistarelli - Sicurezza
Informatica
21
Types of Mechanisms
broad
secure
set R
precise
set Q (secure states)
Prof. Stefano Bistarelli - Sicurezza
Informatica
22
Assurance

Assurance


how well the system meets its
requirements?
how much you can trust the system to do
what it is supposed to do.


It does not say what the system is to do;
rather, it only covers how well the system
does it.
Prof. Stefano Bistarelli - Sicurezza
Informatica
23
Assurance

To reach assurance:



Detailed Specification
Design of the HW and SW and show that
does not violate specification
Implementation that satisfy the design


Proof that the implementation produce the
desidered behavior (difficult!)
Test (easier)
Prof. Stefano Bistarelli - Sicurezza
Informatica
24
Operational Issues

Cost-Benefit Analysis


Risk Analysis



Is it cheaper to prevent or recover?
Should we protect something?
How much should we protect this thing?
Laws and Customs


Are desired security measures illegal?
Will people do them?
Prof. Stefano Bistarelli - Sicurezza
Informatica
25
Human Issues


People are THE security problem!!
Organizational Problems

Power without responsibility (and viceversa)



Security officer make therule, system administrator is
responsible …
No Financial benefits 
Untrained users!



Password revealed
Outsiders and insiders
Social engineering
Prof. Stefano Bistarelli - Sicurezza
Informatica
26
Key Points

Policy defines security, and mechanisms
enforce security






Confidentiality
Integrity
Availability
Trust and knowing assumptions
Importance of assurance
The human factor
Prof. Stefano Bistarelli - Sicurezza
Informatica
27
Discussion:
Prof. Stefano Bistarelli - Sicurezza
Informatica
28
Descargar

Diapositiva 1