Föreläsning 3 - Secure design considerations Flashcards
(19 cards)
What is security engineering? -
is about building systems that stay safe and reliable even when facing attacks, mistakes, or accidents. It uses tools and methods to design, build, test, and update systems as needed. Consists policy, incentives (thas to do with the people that use the system), mechanism and assurance (privacy part, architecture).
What is the definition of a system? -
A device or component (like a phone, router, or smartcard). That device plus its OS and network setup. That setup plus apps (e.g., banking or health apps). All of the above plus IT staff, internal users and management, and customers and external users.
Example of security-critical systems -
banking system, healthcare systems, smart home systems, smart transportation systems.
The opponent → typical intruder behavior
- target identification & information gathering (Gather info about the target network using tools like Shodan, and NMAP for port scanning. Identify vulnerable devices, websites, by sending emails to target users.)
- Initial Access (Use brute force to guess passwords and exploit weak devices, services, and APIs. Send spear-phishing emails with malicious links to key users).
- Privilege Escalation (Scan the system for weaknesses and use exploits to gain higher privileges. Install sniffers to capture admin passwords.).
- system exploit & access maintenance (Search for valuable information and transfer files to external repositories. Use captured passwords to access other services or the network).
- Track Covering (Use rootkits to hide installed files and modify log files to erase evidence of the attack).
Attackers in the IoT -
- Thieves - individuals mostly interested in stealing (tools: system/physical, spoofing, intrusion) → motivated by monetary gain (skill-level: apprentice).
- Hacktivist - individual or group members with a potential social agenda (tools: identity theft, fraud) → motivated by promoting their causes (skill-level: apprentice).
- Nation state - highly sophisticated individuals founded by governments (tools: customised malware, spear phishing, zero-day) → motivated by cyberwarfare, strategic and tactical intelligence (skill-level: master).
Attack surface -
All the parts of a system that an attacker could try to break into.
Examples include:
• Open ports and the services running on them
• Web and other servers
• Code listening for connections
• Services inside a firewall
• Employees who could be tricked (social engineering)
Categories of attack surface -
- Network attack surface - vulnerabilities over an enterprise network, a wide area network or the internet. Network protocol vulnerabilities like DoS. Intruder attacks on the network.
- Software attack surface - vulnerabilities in applications, utility, operating systems, code or firmware. Mobile app and web server software.
- Human attach surface - vulnerabilities created by personnel or outsiders. Including social engineering, human error and trusted insiders.
Attack tree -
The root is the attack goal. Branches and sub-nodes show different steps (subgoals) to reach the goal. Leaf nodes are the final steps or ways to start the attack. Branches can be labeled with cost, difficulty, etc., to compare attack options. Used to analyze and understand attack patterns effectively.
Software in IoT -
Software is the core of every IoT system—it makes devices work and adds useful features. Attackers can use software weaknesses to break into IoT systems and cause them to stop working properly or become unsafe. Different software: IoT firmware, application programming interfaces (API) supporting interoperability, operating systems for IoT products.
Secure design prinicpels -
- Economy of mechanisms (simplicity).
- Fail-safe default (Deny-by-default).
- Complete mediation (always-check access).
- Open design (transparancy).
Security in the SDLC -
DevSecOps - development, security, operations. Security is built into every step of development, not added later. Teams collaborate to make software secure and efficient. Everyone shares responsibility for security.
DevSecOps benefits -
- Catch software vulnerabilities early (DevSecOps framework improves SDLC by detecting vulnerabilities throughout the software development and delivery process).
- Reduce time to market (Software teams can automate security tests and reduce human errors).
- Ensure regulatory compliance (Software teams use DevSecOps to comply with regulatory requirements by adopting professional security practices and technologies).
Minimum countermeasures -
These are the basic security protections that organizations must have, based on Federal Information Processing Standards (FIPS). They are defined using security functional requirements.
Some minimum countermeasures are: Access control, Awareness and training, Risk assessment, Personnel security and Encryption.
Cloud computing security -
The cloud is an on-demand system that gives access to shared IT resources (like servers, storage, apps) with minimal effort. It focuses on availability, and includes: 5 characteristics (e.g., on-demand, broad access) 3 service models (IaaS, PaaS, SaaS) 4 deployment models (public, private, hybrid, community).
Name one security guideline -
NIST guidelines on cloud security, privacy and recommendations. Consider security threats within and outside the cloud.
Cloud computing security concerns -
- Technical (access control, identification and authentification, audit and accountability).
- Operational (awerness and training, configuration management and incident response).
- Management (certification, accreditation and security assessment, risk planning assessment).
SQL injection attack -
A web security flaw where an attacker tricks a website into running harmful database commands. IoT web apps provide users with intuitive GUIS to manage IoT devices. SQL injection and command injection attacks can provide attackers with unauthorized access.
Countermeasures against SQLi attack -
- Filter database inputs (Detect and filter out malicious code from user inputs - limiting the number of characters).
- Least privilege access (Limit database permissions so attackers can’t do much if they get in).
- Restrict database access (Use strong access controls to prevent unauthorized access or data leaks).
SDLC (software development life cycle) phase
- defining concepts and requirements
- software design
- development/implementation
- testing and acceptance
- deployment and integration
- maintenance and disposal
