# Computer Security - lesson 1 #### Stefano Zanero ###### 10 March 2016 ## What is security? Security is usually associated with closeness, locks, contention We usually associate it with the image of a bank vault, or a lock. ### CIA paradigm - __Confidentiality__ - __Integrity__ - __Availability__ For example in a bank withdrawal, the withdraw must always be zero sum (__integrity__), and must occur only when you're at the bank and on your request. __Availability__ goes in the opposite direction of the previous two concepts, because it means diffusing the information instead of restricting it. These conflicting requirements consists in an engineering problem, because we need to find a tradeoff, otherwise the problem would have been simple, just requiring to add more locks. ### Vault image example By the keypad we can tell that some of the worn out keys are 1 and 9, so the 4-digit code is probably a year. The key concept is that a system may appear secure but there may be something that let us bypass it easily. ### Vulnerability and exploit In the case of the lock the vulnerability is the attrition and the fact that the mechanical object is not perfect. But the exploit is the way of picking it wit pick and tension wrench The __vulnerability__ is the problem of a system The __exploit__ is a way of using the vulnerability to break the system. We can know the exploit without knowing the vulnerability To fix the lock vulnerability we can: - Make the exploit harder by putting a pin in the short side making it difficult to pick - We can grease the lock by making it closer to the design - We can redesign the lock in a way that the vulnerability goes away ### Simple software bug The short type has less bytes that the int, so we can assign to int 65536 to short it is truncated and becomes 0 TODO: think of a different exploit for the same vulnerability ### Security and Protection __Security__ is a different thing from __protection level__ For example a soldier in an ATV vehicle is less secure than a civil in a peaceful country In fact security depends on the environments, and on the level of threats. The __threat level__ is not always easy to assess, for example the colorado mountain seems safe but during the cuban missile crisis it was the most threatened place outside and probably safest inside (in the NORAD bunker base). ### Assets and Threats __Assets__ are generally composed of - hardware - software - data - __reputation__ is also an important asset A __threat agent__ is not always intentional, but during this course we focus on *intentional* threats. ### Attackers and Attacckers They are not the same thing. The term __hacker__ (in italian *smanettone*, that comes from the italian *manetta* for joystick) Whenever we hear a sentence with the word hacker, we can substitute tu *smanettone* and check if it still makes sense, otherwise the word hacker has been used incorrectly. For example *locksmiths* are able to open locks but they are not thiefs. Malicious hackers can be attackers, but Attackers are not necessarily hackers. Another terminology: __Black hats__ = malicious hackers The term comes from old western movies in which to distinguish between the good guys and the foes the sheriffs were wearing light colored hats while the bandits wore black hats. ### Security as an Engineering Problem Some vulnerabilities can not be fixed, and there is no __invulnerable systems__ or __secure systems__. `There is no spoon. (Neo)` We cannot design __secure systems__, but we can design systems that are safe enough. We define __risk__ as the combination of: - Assets - Vulnerability - Threats: independent (cannot be changed) For example when McDonalds launched in Italy (1996) it used as a marketing strategy the fact of being American. But over time they changed their image moving from the USA image to a more local image, and this operation changed their threat level because before there were more people pissed off by America that burned flags, threw rocks at the USA embassy and burned down McDonalds.