Software Security 01
Basic Systems Security Concepts
What is Security?
The act of protecting the security properties of system from harm:
- against a specific adversary(敌人) with known (or unknown) power
- in a specific environment
- for a specific period of time
- having a plan for what needs to happen when it all goes wrong
Security Properties(CIA-triad)
Top-level properties that we want to maintain in a system:
- Confidentiality(保密性) : 避免被没有授权地披露信息,比如被黑客盗取信息
- Integrity(完整性,一致性) : 避免数据被没有授权地篡改
- Availability(可用性) : 避免出现已被授权的人无法使用系统的情况
Tools for Confidentiality
To avoid unauthorized disclosure:
- Encryption(加密) : if you can’t read it, you can’t disclosure it.
- Access control(访问控制) : if the OS won’t let you open the file you can’t disclose what’s inside it
- Authentication(验证) : 一种检测你有没有权利做一些事情的机制
- Physical security(物理上的加密) : 比如放在家里的地下室再上个锁
Tools for Integrity
To spot(发现) unauthorized modification :
- Backups(备份) : 比对备份和现在的数据是否一致,不一致就代表被篡改了
- Checksums / Error correction codes(校验和/纠错码) : Small values that change if the data changes.
To prevent(防止) unauthorized modification :
- Encryption : You can’t modify what you can’t write.
- Access control : You can’t modify what the OS won’t let you modify.
- Physical security : You can’t modify what you can’t physically get to.
Tools for Availability
To make sure you can always use the computer when you need it:
- Redundancy(冗余) : Duplicate systems/disks to deal with busy periods/failures. 复制系统/磁盘以处理繁忙时段/故障。
- Limits(限制) : 限制任何单个人/进程可以使用的资源量
Other security properties
- AAA Authentication(验证), Authorization(授权) and Accountability(问责制)
- Accountability : 记录用户使用网络服务中的所有操作,包括使用的服务类型、起始时间、数据流量等,它不仅是一种计费手段,也对网络安全起到了监视作用。
- Tools include: identity management, access control and logging
- AAA Assurance(保证), Authenticity(真实性) and Anonymity(匿名性)
- Assurance(保证): 指计算机中信任如何被提供和管理
- Authenticity(真实性): 确定人或系统所发布的声明、策略和权限真实性的能力
- Anonymity(匿名性): 确保特定的记录或交易不归因于任何个体方法:数据聚集、数据混淆、使用代理、使用化名
How are we attacking these security properties?
Stride
Framework developed at Microsoft for identifying threats to a system:
- Spoofing(欺骗) : 一个没有被授权的人伪装成一个被授权的人(Attacks authenticity(真实性))
- Tampering(篡改) : 一个没有被授权的人篡改了数据 (Attacks integrity)
- Repudiation(抵赖) : 一个做过某事的人否认做过某事,比如在交易的时候,一个人拿到了东西,但是他不承认自己拿到了东西。 (Attacks accountability/assurance).
- Information Disclosure(信息泄露) : 一个没有被授权的人拿到了某机密数据 (Attacks confidentiality)
- Denial of Service(拒绝服务) : 通过向服务器发送大量垃圾信息或干扰信息的方式,导致服务器无法向正常用户提供服务的现象。
- Elevation of Privilege(权利提升) : 某个没有那么高权利的人拿到了更高的权利 (Attacks authorization)
Games to help you think about threats:
Elevation of Privilege https://github.com/adamshostack/eop
Decisions and Disruptions https://www.decisions-disruptions.org
Threats vs Weaknesses vs Vulnerabilities
- 仅仅因为系统受到攻击并不意味着安全属性将受到侵犯
- 仅仅因为系统设计不佳并不意味着可以通过利用该弱点来违反安全属性(defence in depth)
💡 But!
If there is a threat
And there is a weakness
And that weakness is exploitable
Sometimes there is a vulnerability