Hashing and compression have in common that they shrink the information to smaller size.
Stegnography is hiding information from the sight. it can be used to hide malware.
Compression can be used to hide stegnography
if you need to send information to someone you have to use asymmetic algorithm like RSA
Application area for asymmetric
encryption
key exchange
digital signatures
with copyrights we can ex protect manuals and it is not good idea to protect source code
patent it is possible to get patent for software.
Patent måste man ansöka om. Idén är skyddad. Fram till för 20 år sedan kunde man inte patentera mjukvara, men reglerna ändras långsamt, i usa kan man patentera mjukvaran, i EU är det lite svårare. Du kan patentera idén bakom mjukvaran tex.
skillnaden var ju att patent var på idén och copyright på uttrycket av en idé
if you are external consultant a contract should make it obvious who has the right of the produced product
program security objectives is protecting the program from flows and protecting the program from outsider
files, applications, networks
anynomuns
p
# Lecture 1
## The Information Security Domain
## Security Goals
## Cost-benefit analysis
## Assets
## More Security not alawys better
## Humans Factor
## Policies
## Prevention not the only concern
## Controls/Countermeasures
## Multiple Controls
## Trusting Trust
## Attackers developing
## Threat
## What is attacked
## Changes of incidents over time
## Motivation
# Lectures 2,3 and 4
# Cryptography
# Substitution Cipher
## Simple Substitution Cipher (Caesar Cipher)
#### Encryption:
1. write down all alphabets and give them values **0-25**. You can also use 1-26 instead
2. Assume **P (Plain Text)** = Hello world, **K(key is given)** = 3 and **Cipher Text C**
3. Formula for encruption is : **C = (P + K) mod 26**
4. We don't preform modulas opretation if remainder would be in decimal point
#### Example for encryption:
1. We start with H. The value of H from the picture is 7
2. (7 + 3 "key") mod 26 => 10 mod 26 => 10 because of step 4
3. The value 10 corresponds the letter K from the picture that means:
H => K
#### Decryption:
**P = (C - K) mod 26**
#### Example for decryption:
1. Cipher text ABC. Key k=3
2. A = 0 => 0-3 => -3
3. Negative is not allowed so we add 26
4. (26 - 3) mod 26 => 23 mod 26 => 23
5. From the picture 23 corresponds X
## Monoalphabetic Cipher
Hackers identify the english letter frequencies
so if E is the moste common in plain text what is the most common letter in cipher text?
## Polyalphabetic Cipher
1. Make a table with alphabets in row and column
2. In every row We drop the first letter from the previous one and add the next one at the end
#### Example Encryption:
P = CAD (plain text)
K = ADD (key)
1. from the plain text and key we decide the limit of the table we see it is A-D
2. We make a table of this range. Row is Key and column is Plain text
3. Take the cross of the letter from key and letter from plain text to generate cipher text => A from Key + C from Plain text => C in Cipher text. D from Key + A from Plain text => D in Cipher text.D from Key + D from Plain text => G in Cipher text
C = CDG
#### Example Decryption:
C (Cipher text) = CDG
K = ADD
1. The same table for encryption but now key is the column and plain text is the row
2. A in key C from Cipher text => C plain text.
D in key D from Cipher text => A plain text
D in key G from Cipher text => D plain text
P = CAD
## Playfair Cipher
Some books are different but most books put I and J togetuib I/J. But you can put any two alphabets together
#### Example Encryption:
P = WORLD
K = SECURE
C=?
1. Create 5 x 5 table
2. Count letters in Key then in Plain Text P = 5, K =6
3. Add padding (usually X) to the end of the word in Plain Text P = WO RL DX = 6 (Only in case the P letters are not even number. You don't need to add padding if it is ex 6 8 or 12)
4. Now P = WORLDX
5. Fill the 5 letters from K in the first row of the matrix and then other letters without repeating any letter
6. Now we takes letters as pairs from P= WO RL DX
7. Now apply this roles in pic
8. WO => EW, RL=> UM, DX=>KC
9. C = EWUMKC
#### Example Decryption:
Now we have to find P from C= EW UM KC, K= SECURE
1. if the two letters in the same column we take the letter above in decryption (opposite of encryption) EW=> WO, KC=>DX
2. if the letters are not on the same column or same row, each letter is replaced by the one in its tow in the column of the other letter UM=> RL
3. P= WO RL DX. X is the padding and it should be discarded
4. P= WORLD
## One-Time Pads (Vernam Cipher)
#### Example Encryption:
P = DANDAPANI
K = ERISHPAUL
C = P + K
ex for the first letter D=> 3 E=>4
C= 3+4=>7
#### Example Decryption:
P = C - K
P = 7-4 = 3 =>D
# Transposition Cipher
# Summary
# Stream and Block Ciphers
## Feistel Cipher (block cipher)
It is symetric encryption. The key would be the same
The rectangle is XOR
## Subkey generator
- 64 bits key divided into 8 different blocks
- Drop 1 bit from each block. 54 bits left
- Divide into left half and right half 28 bits each
- Decide round key by shifting. One bit leftshift at a time for rounds 1, 2, 9 and 16. Other rounds two bits leftshift.
- We need only 48 bits and not 28+28 = 56. So we use Compression P-box
## Round Function
- Initial Permutation means that we are dividing 64 bits into 32bits x 2
- R0 is 32 bits and that is not enough because in block cipher block and key must have same size. the subkey is 48bits and that is why we have expand R0 in Expansion Permutation
- When both R0 and K1 are 48bits now we can use XOR operation
- Store 48 bits in Substitution box
- Preform substitution operation to convert 48 bits to 32 bits
- That is how we got R1 after the the XOR and L0
## DES TYPES
1. DES
2. 3DES
3. AES
### DES
### Double DES
### Attack in double encryption of DES
### Triple DES
### AES - Advanced Encryption Standard
- The input size is 128 bits (16 byte)
- The key sizes can be 128, 192 or 256 bits (depends on round)
- 10 rounds => 128 bits key, 12 =>192 and 14=> 256
- A constant matrix in step 3
### Example AES
- Because it is 10 rounds so the key is 128 bits
- 10 rounds means that we need 11 subkey (we start with key for initial round, and then for each round we need a key)
### Compare DES, AES and Blowfish
## Modes of operation / Arbitrary length for blocks
**It can be bigger or smaller block size**
### Modes of operation types
### ECB - Electronic codebook mode
- Same K for every block
### ECB strength, weakness and uses
### Example ECB
### CBC Cipher Block Chaining + Uses
### CFB Cipher Feedback Mode
- It has more than CBC : shift register, temperoray register and after that we are using it as key
- We are getter different key for each operation internally
- The produced C1 will become IV for the next operation and so on
# SYMMETRIC-KEY DISTRIBUTION
### KDC - Key distribution cneter
### Flat Multiple KDCs
Multiple KDCs to make it more secure
### Hierarchical Multiple KDCs
### Session Key - Member <=> KDC
### Simple Protocol using KDC
# Asymmetric/Public encryption
### Popular algorithms
### 1. RSA
- Ciphertext would be availabe to everyone, but not the encrypted message inside it
### RSA Explaination
- RSA is block cipher. Block B is encoded with integer T using function g. where 0 < T < n. where n = pq
- Euler phi function 
The Euler totient function f(n) is the number of positive integers less than n that are
relatively prime to n
- Important formula 
- Finally calculate the values of public/private keys
### RSA Example
Think: 7 * d mod 20 =1 => what is the value of d if the reminder for 7*d %20 will be one => 7*d=21 => d= 3
### 2. Diffie-Hellman key exchange
### Diffie-Hellman Explanation
Try with 3: (numbers in result should not repeat)
Try with 2: (Got repeated so 2 is not the primitiv root)
- alpha and q are public like yellow in the colors example
### Example (important for exam)
KA= KB so they securely sent the secret key
# Man-in-the-middle MITM attack
Not the same as Meet in the middle attack taht we saw it in double DES
# Need for hash function
# Ways for authentication
## Message Encryption
1. When the message is encrypted using A private key and everyone has A public key.
You got the authentication. It is from A, because no one else than A can use the private key for A. But it is a message over network and anyone can decrypt it by the public key of the sender so we lost confidentiality
2. When we encrypt using B public key and B decrypt it using its private key. We lose authentication because everyone has B public key but we got confidentiality because only B can decrypt the message using its private key.
3. The third way when A encrypt the M with A private key and then with B public Key. B decrypt the first layer with own private key then the second layer with A public key. We got both the confidentiality and authentication
## Hash Function
## Hash Function Properties
# Hashing VS Encryption
# Hash Algorithm
## Motivation
## Usage
# Hash Function & Message Authentication(Integrity)
By comparing the hash code that what we got from the sender with our hash code generated with the same hash function on the plain text can we verify if the message has been modified .
# Hash Function & Digital Signature - PKPK
1. First one(Public and private keys)
- Encrypt Hash code with the sender A private key and send it with the plain M to the receiver.
- The receiver will hash M and produce hash code. Preform Decryption on the encrypted hashcode using A public key. Compare the two hashes.We got the authentication but not the confidentialty because everyone has A public key
2. Second one(Common shared key)
- The sender is addionally applying encryption on the plain message M and the encrypted hashcode
- The receiver decrypt with the common key so we got confidentiality.
# MAC - Message Authentication Code
# Digital Signature
Digital signature is good property but you have to have someone in the middle to handle it.
# Certification Authority
# Lecture 5
# Program Security
## What is Program Security?
## Objectives
## Error, Fault and Failure
Example:
error: wrong variable name in the code
fault: we expect two digits and we got one
failure:the system crashes
## Permanent/Transient faults
Permanent fault:
Means that is we run the system once again the same fault will happen. we can reproduce it
Transient fault:
Sometimes we got the fault and sometimes not.
## Testing Security
## Fauilure seen by outsiders
## Inadvertent faults/failures
## Problems with program behaviour testing
## Types of Program Flaws
Intentional but non malicious like adding feature that is not in specification
## Unintentional flaws
## Common non-malicious program errors
## Buffer Overflows
Buffer overflows often come from innocent programmer oversights or failures to document and check for excessive data.
### Overwriting memory
If you write an element past the end of an array or
you store an 11-byte string in a 10-byte area, that extra data has to go somewhere; often it goes immediately after the last assigned space for the data.
A buffer (or array or string) is a space in which data can be held. A buffer resides in memory. Because memory is finite, a buffer’s capacity is finite For this reason, in many programming languages the programmer must declare the buffer’s maximum size so that the compiler can set aside that amount of space
First, the attacker may replace code in the system space. By replacing a few instructions right after returning from his or her own procedure, the attacker regains control from the operating system, possibly with raised privileges. This technique is called **privilege escalation**.
## Buffer Overflow Countermeasures
### Programing Controls against Buffer Overflow
### Language Features against Buffer Overflow
Some programming languages have features that preclude overflows. For example, languages such as Java, .NET, Perl, and Python generate code to check bounds before storing data. The unchecked languages C, C++, and assembler language allow largely unlimited program access.
### Code Analyzer
Software developers hope for a simple tool to find security errors in programs. Such a tool, called a static code analyzer, analyzes source code to detect unsafe conditions.
### Seperation
## Incomplete Mediation
Mediation means checking: the process of intervening to confirm an actor’s authorization before it takes an intended action
check the total price before placing order
We have to check data that comes to our server
## Time-of-check to Time-of-use errors
## Protecting from Time-of-check to Time-of-use errors
## Malicious code are also programs
## Definititions for types of Malware
## History of Malware
**A bot** (short for robot), is a kind of worm used in vast numbers by search engine hosts like Bing and Google
A virus that can change its appearance is called a **polymorphic virus**
A simple variety of polymorphic virus uses encryption under various keys to make the stored form of the virus different. These are sometimes called **encrypting viruses**
## How Viruses Work
## Viruses Detection & Prevention
## Virus Cause/Effect
## The Morris Worm
## Exploitation of Flows: استغلال العيوب
## Types of Controls & Preventing Security Flaws
## Developmental Controls
### Fundamental principles of sw engineering
### Modularity
Modularity means dividing the sytem into simple modules
### Encapsulation
### Information Hiding
.
I/O input and output
### Another controls
### Three types of reviews
### Hazard Analysis تقييم المخاطر
### Testing Phases
Testing is a process activity that concentrates on product quality: It seeks to locate potential product failures before they actually occur
### Types of Testing
Black box tester work as hacker because he doesn't know about the implementation
### Good Design
### Fault-tolerant Apporach
### Example
### Handling Failure
### Using Design Patterns
### Value of Good Design
### Risk Prediction and Management
### Static Analysis
Tool to examine our code while
### Dynamic Analysis
Examine our code while it is running
### Configuration Management
### Additional Developmental Controls
## The role of the program language
## Operating System Controls for Security
### key characteristics
### Mutual Suspicion
### Confinement الحبس
### Access Log
## Adminstrative Controls for Security
## Consclusion
# Lecture 6
# Privacy
## Privacy and Data Protection
## Privacy Personal Data
What one person considers private is that person’s decision: There is no universal standard of what is private.
## Computer-Related Privacy Problems
## Other Threats to Privacy
## Information Stakeholder Concerns
## Main Actors and Roles
## Privacy Principles | Fair Information Practices
These principles describe the rights of individuals, not requirements on collectors; that is, the principles do not require protection of the data collected.
Fair information principles describe privacy rights of individuals to sensitive data.
## Protect Stored Data
## Privacy Principles and Laws
## U.S. Data Privacy Laws
## Deceptive Practices خادع
Privacy notices are enforceable: A site that says it will not release data must abide by that rule, but a site that says nothing is not constrained.
## European Union Data Directive
## European Union Data Protection Regulation
## Conflicting Laws
Different laws in different jurisdictions will inevitably clash. Relations between the European Union and the United States have been strained over privacy because the E.U.
law forbids sharing data with companies or governments in countries whose privacy laws are not as strong as those of the E.U(The United States and the European Union have
agreed to a set of “safe harbor” principles that let U.S. companies trade with European countries in spite of their not meeting all European privacy laws.)
## Privacy in Common Criteria and Controls
## Individual Actions to Protect Privacy
**Multiple Identities-Linked**
Most people already have multiple identities. To your bank, you are your account number. To your motor vehicles bureau, you are your driver’s license number. And to your
credit card company, you are your credit card number.
Pseudonymity اسم مستعار
discuss the use of email aliases to maintain privacy. These uses, called pseudonymity, protect our privacy because we do not have to divulge what we consider
sensitive data.
The Swiss bank account provides a classic example of pseudonymity. Each customer has only a number to identify and access the account, and only a few selected bank
employees are allowed to know your identity; all other employees see only your account number
## Consequences: Not Protecting Personal Data
## Steps to Protect Against Privacy Loss
## Authentication, identity and attribute
**Authentication is** confirming an asserted identity. Inferring an identity from authentication data is far harder and less certain.
An **identity** is a character string or similar descriptor, but it does not necessarily correspond to a single person, nor does each person have only one name
we authenticate an attribute if we verify that a person has that **attribute**. An attribute is a characteristic, such as a fingerprint or a DNA profile
## Privacy-Preserving Data Mining
Because data mining can threaten privacy, researchers have looked into ways to protect privacy during data-mining operations. A naïve and ineffective approach is trying to
remove all identifying information from databases being mined. Sometimes, however, the identifying information is necessary for the mining and may even be the goal of data
mining
Data mining usually employs two approaches—correlation and aggregation. We examine techniques to preserve privacy with each of those approaches.
### Privacy for Correlation
Data swapping can help maintain reasonable privacy while providing usable data for research.
ex. Swapping all addresses for people in DB would defeat the ability to draw any correct conclusions.
### Privacy for Aggregation
Aggregation need not directly threaten privacy. an
aggregate (such as sum, median, or count) often depends on so many data items that the sensitivity of any single contributing item is hidden. Government statistics show this well: Census data, labor statistics, and school results show trends and patterns for groups but do not violate the privacy of any single person.
## Organizational Response
## The Information Life Cycle
## Mapping of ISO/IEC 27000 Standards with GDPR
## Risk Assessment
## Privacy Impact Assessments (PIA)
## Four Core Component of the PIA Process
## Privacy by Design
## Web Surfing
## Cookies
## Flash Cookies
## Web Beacons
## Web bugs vs cookies
## Spyware
## Email
## Remailer
### extra
## Emerging Technologies
## Radio Frequency Identification (RFID)
We have already described two of RFID’s major privacy issues: the ability to track individuals wherever they go and the ability to discern sensitive data about people. There are other related issues, including correctness and prediction.
### Voting
### Cloud Computing
# Lecture 7
# Management and Incidents
## Organizational Security Policy
### Audience and Contents
### Characteristics
## Security Planning
**A security plan** is a document that describes how an organization will address its security needs. The plan is
subject to periodic review and revision as the organization’s security needs change
### Requirements for Secrurity Planning
### Content of a Security Plan
Current State: The organization can determine the vulnerabilities by performing a risk analysis: a systematic investigation of the system, its environment, and the things that might go wrong.
### Inputs to the Security Plan
### Responsibility for Implementation
### Team Members
### Guarantee Support, Assuring Commitment to a Security Plan
## Business Continuity Planning
Business continuity planning guides response to a crisis that threatens a business’s existence
### Activities
Business continuity planning forces a company to set base priorities.
## Incident Response Plan (IRP)
(similar to business security plan but doesn't think about the business)
### Computer Security Incident Response Team (CSIRTs)
### CSIRT Skills
## Definitions
## Risk Analysis
### Strategies for Dealing with Risk
### Risk Exposure Example
### Risk Leverage نفوذ
ex. The leverage measures value for money spent: A risk reduction of $100 for a cost of $10, a 10:1 reduction, is quite a favorable result. If the leverage value of a proposed action is not high enough, then we look for alternative but less costly actions or more effective
reduction techniques.
### Threat Modelling
### Threat Modelling : Data Flow Diagram
### Threat Modelling: Attack Tree
### Threat Modelling : STRIDE (not too important)
## Steps for Risk Analysis
### Identify Assets
### Determine Vulnerabilities
### Estimate Likelihood of Exploitation
### Risk Analysis Methodologies
1. Quantitative
2. Qualitative
Qualitative assessment is more appropriate in situations where it is difficult
to quantify risk, for example, for the likelihood that a meteor might crash into a building.
Often, qualitative risks are then assigned a numeric value, for example, 1 for improbable
and 5 for highly likely. These numbers are a simple shorthand notation, and sometimes
they are used in the next step of risk analysis, in which risk likelihoods are used to predict
potential loss
Neither of these two approaches is “right” nor is one necessarily better than the other.
s699
## Compute Expected Loss
Legal fees:
## Survey and Selecting Controls
## Project Costs and Savings
## Example: Access Control Software Cost
## Physical Security
## Contingency Planning
**Revolving backups**, in which the last several backups are kept. Each time a backup is done, the oldest backup is replaced with the newest one. There are two reasons to perform revolving backups: to avoid problems with corruptedn media (so that all is not lost if one of the disks is bad) and to allow users or developers to retrieve old versions of a file. Another form of backup is a selective backup, in which only files that have been changed (or created) since the last backup are saved
**Offsite Backup** Keeping a backup version separate from the actual system reduces the risk of its loss
**Cold Site**
**Hot Site**
To activate a hot site, the team has only to load software and data from offsite backup copies
# Lecture 8
# Legal Issues and Ethics
## Protecting Programs and Data
## Copyrights
The copyrighted expression must also be in some tangible medium
ex. Dictionaries can be copyrighted in this way, too; the authors do not claim to own the words, just their expression in a particular dictionary.
Unfair use of a copyrighted item is called **piracy**.
Fair use allows copies for scholarship and research.
The copyright law also has the concept of a **first sale**: after having bought a copyrighted
object, the new owner can give away or resell the object
---------------
## Patents
patent is designed to protect the device or process for carrying out an idea, not the idea itself. Patents protect inventions, tangible objects, not their design or idea.
.
## Trade Secrets
Trade secret protection does not cover copying a product (specifically a computer program), so it cannot protect against a pirate who sells copies of someone else’s program without permission. However, trade secret protection makes it illegal to steal a secret algorithm and use it in another product.
The difficulty with computer programs is that reverse engineering works. Decompiler and disassembler programs can produce a source version of an executable program
## Comparing
## EXamples
### Source code
### Web Content
## Trademark
Domain names, URLs, company names, product names, and commercial symbols are protected by a **trademark**, which gives exclusive rights of use to the registered owner of such identifying marks.
## Intellectual Property Issues and Computer Security
## Information and the Law
The marginal cost of an item is the cost to produce another one after having produced
some already.
unlike a newspaper, information is far more feasible for a buyer to resell. A
copy of digital information can be perfect, indistinguishable from the original, the same
being true for copies of copies of copies of copie
## Different Legal Systems
## Different Types of Laws : Protecting Information
**Statutes** are laws that state explicitly that certain actions are illegal.
**Criminal law** involves a wrongful action against society.
**Civil law** involves harm to an individual or a corporation.
**Tort law** is the unwritten body of standards of proper behavior,
documented in prior court decisions.
**contracts**
## Cybersecurity Laws
## In Civil Law System in Sweden
## Ownerships Rights of Employees and Employers
An employment contract clarifies for both parties an employee’s rights to computer products.
In a **work for hire** situation, the employer, not the employee, is considered the author of
a work
## Licenses and trade secret
## Redress for Software Failures
## Example Guarantees and returns
## Reporting Software Flaws
A third party—such as a computer emergency response center—called a “coordinator” could also play a role when a power issue or conflict arises between reporter and vendor. Basically, the process requires reporter and vendor to do the following:
## Software Licenses
## Computer crime
**Forensic analysis** is a field in which computer security experts examine artifacts such as disk drives, log files, program code, even volatile memory, to discern facts about datacontained.
## Examples of Computer Crimes
## Computer Crime is Hard to Prosecute
## Comparison of Law and Ethics
## Ethical Issues in Computer Security
## Examining a Situation for Ethical Issues
## Rule-Based Ethics
## Consequence-Based Ethics
## Ethics of Hacking or Cracking
## Certified Information System Security Porfessional
## Are you Ethics Contextual?
## Ten Commandments of Computer Ethics
## Software Protection
# Lecture 9
# Protection in Operating Systems
## OS Functions
The operating system is the fundamental controller of all system resources—which makes it a primary target of attack, as well.
Gaining control before the protector means that the protector’s power is limited. In that case, the attacker has near-complete control of the system: The malicious code is undetectable and unstoppable. Because the malware operates with the privileges of the root of the operating system, it is called a **rootkit**.
the system addresses several particular functions that involve computer
security:
* Enforced sharing. Resources should be made available to users as appropriate
* Interprocess communication and synchronization. Executing processes sometimes need to communicate with other processes or to synchronize their accesses to shared resources
* Protection of critical operating system data
* Guaranteed fair service. All users expect CPU usage and other service to be provided so that no user is indefinitely starved from receiving service
* Interface to hardware
* User authentication.
* Memory protection.
* File and I/O device access control.
* Allocation and access control to general objects
## History of OS
The first operating systems were simple utilities, called **executives,** designed to assist individual programmers and to smooth the transition from one user to another
## Portected Objects
## OS Layered Desgin
Operating System Design to Protect Objects
The critical functions of controlling hardware and enforcing security are said to be in lower or inner layers, and the less critical functions in the upper or outer layers.
## Functions Spanning Layers
The functions listed would occur at different levels of the operating system. Thus, the user
authentication functions are implemented in several places
## Modular OS Desgin
## Virtualization
it is one of Operating System Tools to Implement Security Functions
**Hypervisor**
A hypervisor, or virtual machine monitor, is the software that implements a virtual machine. It receives all user access equests, directly passes along those that apply to real resources the user is allowed to access, and redirects other requests to the virtualized resources.
## Sandbox
A concept similar to virtualization is the notion of a sandbox. As its name implies, a
sandbox is a protected environment in which a program can run and not endanger
anything else on the system.
## Honeypot
Honeypot: system to lure an attacker into an environment that can be both controlled and monitored
## Seperation and Sharing
nowadays, simple systems might use physical separation because it is very costy otherwise we have the logical separation
### Methods of Seperation
### Methods of supporting separation/sharing
## Hardware Protection of Memory
Memory protection implements both separation and sharing.
**a fence** is a method to confine users to one side of a boundary.
In fixed Fence:
If less than the predefined space was required, the excess space was wasted. Conversely, if the operating system needed more space, it could not grow beyond the fence boundary.
## Fence Registers
if we update the OS and it needs more space the fence registers change to change the limit for the OS
A fence register protects in only one direction. In other words, an operating system can be protected from a single user, but the fence cannot protect one user from another user
A major advantage of an operating system with fence registers is the ability to relocate
## Base/Bound Registers
The relocation register solves the problem by providing a base or starting address. All addresses inside a program are offsets from that base address. A variable fence register is generally known as a **base register**.
a second register is often added, as shown in Figure 5-8. The second register, called a **bounds register**, is an upper address limit, in the same way that a base or fence register is a lower address limit
Each program address is forced to be above the base address because the contents of the base register are added to the address; each address is also checked to ensure that it is below the bounds address.
Handle data and code separately
## Tagged Architecture
This will improve the security at the cost of wider memory and all mechanisms to keep it updated and use it in good way. So it is not used very much
**tagged architecture**, in which every word of machine memory has one or more extra bits to identify the access rights to that word. These access bits can be set only by privileged (operating system) instructions. The bits are tested every time an instruction accesses that location.
## Virtual Memory: Segmentation, Paging
## Segmentation
More modern way to handle memory. Each logical part of a program we handle separately
segmentation, involves the simple notion of dividing a program into separate pieces. In other words, segmentation allows a program to be divided into many pieces having different access rights.
The operating system must maintain a table of segment names and their true addresses.
We should have translation table. When those programmes are finished we can remove those segments. And when new programmes are added we can use those holes. But we have problem when we have segments that need bigger space than those segments
## Paging
Each logical part of program (segment) needs many memory pages. We don't split the program in the logical size but we just split it in pages.
These approch allow these pages to be used easily by any other program when the current program is done and its pages are removed. But it hard to get the security, because if the given segement is divided into 1000 pages we have to replicate those security things in all pages for this segement
from book:
The program is divided into equal-sized pieces called pages, and memory is divided into equal-sized units called page frames.
Each address is again translated by a process similar to that of segmentation: The operating system maintains a table of user page numbers and their true addresses in memory.
Paging allows the security advantages of segmentation with more efficient memory management.
### Difficlty to apply security on Paging
## Best of both Segmentation and Paging
We do both.The program is splitted in segments, and we have segement table where we can put the security and before putting them in memory we can split them into pages.
In reality all those translations can be fetched from cache
## Authentication
• Identification is the act of asserting who a person is.
• Authentication is the act of proving that asserted identity: that the person is
who she says she is.
Identities are typically public or well known. Authentication should be private
## Something you know
**Dictionary Attacks**
Several network sites post dictionaries of phrases, science fiction character names, places, mythological names, Chinese words, Yiddish words, and other specialized lists. These lists help site administrators identify users who have chosen weak passwords, but the same dictionaries can also be used by attackers of sites that do not have such attentive
administrators.
**Rainbow table**: precomputed list of popular values, such as passwords
**Salt**: user-specific component joined to an encrypted password to distinguish identical passwords
## Distribution of Password Types
## Password Storage
## Biometrics (Something the user is)
**False positive**: incorrectly confirming an identity.
**False negative**: incorrectly denying an identity
Biometric matches are not exact; the issue is whether the rate of false positives and false negatives is acceptable.
## Tokens (Something the user has)
**passive tokens** do nothing, and active ones take some action. A photo or key is an example of a passive token in that the contents of the token never
change.
**An active token** can have some variability or interaction with its surroundings
The value of a **static token** remains fixed
Tokens are vulnerable to an attack called skimming. **Skimming** is the use of a device to copy authentication data surreptitiously and relay it to an attacker
**Dynamic tokens** have computing power on the token to change their internal state.
Each token generates a
distinct, virtually unpredictable series of numbers that change every minute, so the
authentication system knows what number to expect from your token at any moment. In
this way, two people can have SecurID tokens, but each token authenticates only its
assigned owner. Entering the number from another token does not pass your
authentication. And because the token generates a new number every minute, entering the
number from a previous authentication fails as well.
## Federated Identity Management
Someone else is authenticating you and allow you to get into the system
**A federated identity management** scheme is a union of separate identification and authentication systems
Federated identity management unifies the identification and authentication process for a group of systems.
## Single Sign-On
Single sign-on takes over sign-on and authentication to several independent systems for a user.
The difference between these two approaches is that federated identity management involves a single identity management module that replaces identification and
authentication in all other systems. Thus all these systems invoke the identity management
module. With single sign-on, systems still call for individual identification and
authentication, but the umbrella task performs those interactions on behalf of the user.
## Access Control
Access control: limiting who can access what in what ways
## Access Policies
Least privilege: access to the fewest resources necessary to complete some task
Tracking: Has someone been around for a long time and so has acquired a large number of no-longer-needed rights?
By granularity we mean the fineness or specificity of access control
## Reference Monitor
**Reference monitor**: access control that is always invoked, tamperproof, and verifiable
Each access should be checked by this reference monitor. And it has to be tamperfri
The reference monitor separates subjects and objects, enforcing that a subject can access only those objects expressly allowed by security policy. A reference monitor is not necessarily a single piece of code; rather, it is the collection of access controls for
devices, files, memory, interprocess communication, and other kinds of objects
## Access Control Directory
Each user has this directory.
Each user has a file directory, which lists all the files to which that user has access.
## Access Control Matrix (privilege list)
we can use an access control matrix, a table in which each row represents a subject, each column represents an object, and each entry is the set of access rights for that subject to that object
It makes it easier than access control directory. We have all users and all files in matri. so if the file is deleted we can delete it from the matrix and no need to delete it from every single user separately.
But if we have many users and many files it will be giant matrix which will make it hard to manage it
## Access Control List
There is one such list for each object, and the list shows all subjects who should have access to the object and what their access is.
it is more compact than Matrix becuase in Martrix we have many empty fields, but the access control list only contains what we actually have
## Capability
Capability: Single- or multi-use ticket to access an object or service
## Principles of Secure OS Design
**Layered Design**: a nontrivial operating system consists of at least four levels:hardware, kernel, operating system, and user. Each of these layers can include sublayers.
**Layering ensures that a security problem affects only less sensitive layers.**
## Kernelized Design
primitive functions of an operating system are called **kernel functions**, because they are basic to enforcing security as well as the other higher-level operations an operating system provides
## Trusted Systems
## Trusted Computing Base TCB
The **trusted computing base**, or TCB, is the name we give to everything in the trusted
operating system that is necessary to enforce the security policy.
**TCB Design**
The division of the operating system into TCB and non-TCB aspects is convenient for
designers and developers because it means that all security-relevant code is located in one
(logical) part.
code outside the TCB can be changed at
will, without affecting the TCB’s ability to enforce security
## Trusted Platfrom Module
TCB: Trusted Computing Base
## Other Trusted Sytem Characteristics
The trusted path in Windows is like if you enter: alt + ctrl + delete and you come to task manager so you know that you are communicating with windows
Secure startup ensures no malicious code can block or interfere with security enforcement.
## History of Trusted Systems
## Common Criteria
**Common Criteria**: Multinational standard for security evaluation separates criteria into functionality and effectiveness
## CC Functional Requirements
## CC Assurance Requirements
## Protection Profiles
## Security Targets (ST)
## Commoin Criteria Classes, Families and Components
## Evaluation Assurance Level 1 - 4
## Evaluation Assurance Level 5 - 7
## Example: Windows 2000 EAL 4+
it has been tested agains Common Criteria
they got the certificate
Problem with CC that it is only test a specific version but those systems has updates continously
## Examples EAL7 products
## CC Critcisms
## Where is CC going now?
## EU Cybersecurity Act
## Rootkit
Rootkit: Tool or script that obtains privileges of root
Splicing: a technique allowing third-party code to be invoked to service
interrupts and device driver calls
# Lecture 10
# Database
## Database Terms
**A database** is a collection of data and a set of rules that organize the data by specifying certain relationships among the data
**A database administrator** is a person who defines the rules that organize the data and also controls who should have access to what parts of the data.
The user interacts with the database through a program called a database manager
or a **database management system (DBMS)**
The database file consists of **records**, each of which contains one related group of data. Each record contains fields or elements
The logical structure of a database is called **a schema**. A particular user may have access to only part of the database, called a **subschema**
The rules of a database identify the columns with names. The name of each column is
called an **attribute** of the database. A **relation** is a set of columns. Relations in a database show some connection among data in tables.
## Example
## Queries
## Example
## Advantages
## Distributed Databases
## Multilevel Databases
## Database Security Requirements
The third means of providing database integrity is maintaining **a change log** for the database. A change log lists every change made to the database; it contains both original and modified values
## Reliability and Integrity
## Two-Phase Update
## Other Database Security Concerns
## Sensitive Data
## Inference
A database manager can control access by direct queries; disclosure can occur in more subtle ways that are harder to control.
**Inference** is a way to infer or derive sensitive data from nonsensitive data. The
inference problem is a subtle vulnerability in database security.
### Direct Attack
### Example
### Indirect Attack
**A tracker attack** can fool the database manager into locating the desired data by using additional queries that produce small results. The tracker adds additional records to be retrieved for two different queries; the two sets of records cancel each other out, leaving only the statistic or data
desired
Inference is difficult to control because it can occur from algebraic calculations beyond the scope of database management systems.
### Example
## Types of Disclosures
Aggregation is similar to inference
Related to the inference problem is **aggregation**, which means building sensitive results from less sensitive inputs
Aggregation is nearly impossible for a database management system to control because combining the data can occur outside the system, even by multiple colluding users.
## Security vs Precision
precision, aims to protect all sensitive data while revealing as much nonsensitive data as possible.
## Suppression Techniques
Suppression and concealing are two controls applied to data items. **With suppression**,
sensitive data values are not forthcoming; the query is rejected without response. **With
concealing**, the answer is close to but not exactly the actual value.
**Limited response suppression** eliminates certain low-frequency elements from being
displayed
example for combined results:
**ranges:**
**Rounding**
With **random sample** control, a result is not derived from the whole database; instead
the result is computed on a random sample of the database
**Blocking Small Sample Sizes**
Organizations that publish personal statistical data, such as the U.S. Census Bureau, do not reveal results when a small number of people make up a large proportion of a category.
**Swapping**
like swapping the user id, or any other field ex. The sex for Bailey and Chin might be interchanged,
## Conclusions on Inference
## Multilevel Databases
## Proposals for Multilevel Security
partitioning have problem with syncing
Encryption is costly to do on every query
## Data Mining
Use of massive amounts of data from varied sources is often referred to as **big data**
## Data Mining Challenges
Correcting:
One important goal of databases is to have a record in one place so that one correction
serves all uses. With data mining, a result is an aggregate from multiple data bases. There is no natural way to work backward from the result to the amalgamated databases to findand correct errors
Privacy:
Inference works on big data just as it does in databases.
Granular Access Control:
A process can access only those objects or the specific data consistent with security policy and necessary for the task at hand
Secure Data Storage:
If one data store becomes so full that performance suffers, controllers utomatically split the data and move some elsewhere. The application developer generally does not know, much less care, where the data are physically stored. suppose the data are
housed in a country whose ruler decides to nationalize all foreign-held assets. Or consider a locale where hungry citizens storm an installation to steal anything they can later resell as scrap in order to buy food.
Transaction Logs:
Determining what to track is challenging,
however: Too little tracking can limit the usefulness of the access logs, but too much data can overwhelm humans and technology, making it difficult to find the proverbial needle in a haystack of accesses. Tracking access is expensive, especially if accesses are numerous; detailed access auditing is uncommon for big data.
Real-time security monitoring: Big data architectures involve nimble movement of data and computation, but the connecting network may be a large shared network, often the Internet. Real-time security monitoring is not intended for complex, shared, fluid network architectures
Performance tends to outweigh accuracy or security for data-mining applications.
## SQL Injection Attacks
Sign in with Wallet
Connect another wallet