polimd/Computer Security/lesson_01.md

Computer Security - lesson 1

Stefano Zanero

10 March 2016

What is security?

Security is usually associated with closeness, locks, contention We usually associate it with the image of a bank vault, or a lock.

CIA paradigm

• Confidentiality
• Integrity
• Availability

For example in a bank withdrawal, the withdraw must always be zero sum (integrity), and must occur only when you're at the bank and on your request.

Availability goes in the opposite direction of the previous two concepts, because it means diffusing the information instead of restricting it. These conflicting requirements consists in an engineering problem, because we need to find a tradeoff, otherwise the problem would have been simple, just requiring to add more locks.

Vault image example

By the keypad we can tell that some of the worn out keys are 1 and 9, so the 4-digit code is probably a year. The key concept is that a system may appear secure but there may be something that let us bypass it easily.

Vulnerability and exploit

In the case of the lock the vulnerability is the attrition and the fact that the mechanical object is not perfect. But the exploit is the way of picking it wit pick and tension wrench

The vulnerability is the problem of a system The exploit is a way of using the vulnerability to break the system.

We can know the exploit without knowing the vulnerability

To fix the lock vulnerability we can:

• Make the exploit harder by putting a pin in the short side making it difficult to pick
• We can grease the lock by making it closer to the design
• We can redesign the lock in a way that the vulnerability goes away

Simple software bug

The short type has less bytes that the int, so we can assign to int 65536 to short it is truncated and becomes 0 TODO: think of a different exploit for the same vulnerability

Security and Protection

Security is a different thing from protection level For example a soldier in an ATV vehicle is less secure than a civil in a peaceful country In fact security depends on the environments, and on the level of threats. The threat level is not always easy to assess, for example the colorado mountain seems safe but during the cuban missile crisis it was the most threatened place outside and probably safest inside (in the NORAD bunker base).

Assets and Threats

Assets are generally composed of

• hardware
• software
• data
• reputation is also an important asset

A threat agent is not always intentional, but during this course we focus on intentional threats.

Attackers and Attacckers

They are not the same thing. The term hacker (in italian smanettone, that comes from the italian manetta for joystick) Whenever we hear a sentence with the word hacker, we can substitute tu smanettone and check if it still makes sense, otherwise the word hacker has been used incorrectly. For example locksmiths are able to open locks but they are not thiefs.

Malicious hackers can be attackers, but Attackers are not necessarily hackers. Another terminology: Black hats = malicious hackers

The term comes from old western movies in which to distinguish between the good guys and the foes the sheriffs were wearing light colored hats while the bandits wore black hats.

Security as an Engineering Problem

Some vulnerabilities can not be fixed, and there is no invulnerable systems or secure systems. There is no spoon. (Neo) We cannot design secure systems, but we can design systems that are safe enough. We define risk as the combination of:

• Assets
• Vulnerability
• Threats: independent (cannot be changed) For example when McDonalds launched in Italy (1996) it used as a marketing strategy the fact of being American. But over time they changed their image moving from the USA image to a more local image, and this operation changed their threat level because before there were more people pissed off by America that burned flags, threw rocks at the USA embassy and burned down McDonalds.