Lec 1: Intro Flashcards Preview

CSE 127: Intro to Security > Lec 1: Intro > Flashcards

Flashcards in Lec 1: Intro Deck (28)
Loading flashcards...
1
Q

What is computer security?

A

It is about how the embodiment of functionality behaves in the presence of an adversary

2
Q

What makes computer security different from most other fields of CS?

A

Most of CS is about providing functionality, computer security is not

3
Q

What is the binary model?

A

it’s a security philosophy that is:

  • traditional crypto and trustworthy systems
  • assume adversary limitations X and define security policy Y
  • if Y cannot be violated without needing X then system is secure, else insecure
4
Q

What is the risk management model?

A

it’s a security philosophy that is:

  • most commercial software development (and much real-world security…e.g., terrorism)
  • try to minimize biggest risks and threats
  • improve security where most cost effective (expected value)
5
Q

What model does the perfect substitution cipher follow?

A

the binary model

6
Q

What is the perfect substitution cipher?

A
  • invented by Vernam & Mauborgne in 1919
  • choose a string of random bits the same length as the plaintext, XOR them to obtain the ciphertext
  • perfect secrecy (proved by claude shannon)
7
Q

What is perfect secrecy?

A
  • probability that a given message is encoded in the ciphertext is unaltered by knowledge of the ciphertext
8
Q

Generally explain the proof of perfect secrecy in the perfect substitution cipher?

A

Give me any plaintext message and any ciphertext and I can construct a key that will produce the ciphertext from the plain text. Zero information in ciphertext

9
Q

What model does the concrete barricade security solution follow? What is the problem that it solves?

A
  • risk management model
  • prevents incursion by car bombers by preventing cars from getting too close to the building
10
Q

What are some of the problems with the binary model of security?

A
  1. Many assumptions are brittle in real systems
    - real artifacts fragile, imperfect, have bugs/limitations
    - implicit dependencies with exposed layers

– ex: reading secret bits off current draw on a chip

  1. Hard to know what security policy should be
  2. hugely expensive
11
Q

What are some problems with risk management model of security?

A
  1. creates arms races
    - forced co-evolution
    - (adversary invents new attack -> defender creates new defense -> repeat)
  2. security is a spectrum, but how to evaluate risk or reward?
  3. best you can hope for is stalemate
    - and we’re losing stalemate in a number of situations (e.g. SPAM, Malware)
12
Q

What are the key meta issues in security?

A
  1. policy
  2. risks
  3. threats
  4. value
  5. protection
  6. identity & reputation
13
Q

What questions do you have to ask when coming up with policy? What makes it difficult?

A
  1. what is a bad thing?
  2. remarkably tricky to define for known threats
    - the software on your computer likely has 100s of security options…how should you set them?
    - what might be a good security policy for who gets to access faculty salary data?
  3. Even harder for unknown threats
    - SPAM
  4. Can be non-intuitive
    - should a highly privileged user have more rights on a system or less?
14
Q

What questions do you have to ask when dealing with risks& threats?

A

Risk

  • what bad things are possible?
  • How bad are they and how likely are they?

Threats

  • who is targeting the risk?
  • what are their capabilities?
  • what are their motivations?
15
Q

How formalized are risks and threats?

A

tend to be well formalized in some communities (e.g. finance sector) and less in others (e.g. energy sector)

16
Q

Draw/describe the Threat Landscape

A
17
Q

What questions do you have to ask when thinking about value of security? What are some examples?

A
  • what is the cost if the bad thing happens?
  • what is the cost of preventing the bad thing?
  • ex: credit card fraud

– who plays if someone steals your credit card # and buys a TV with it?

  • ex: permissive action links for nuclear weapons –http://www.cs.columbia.edu/~smb/nsam-160/pal.html
18
Q

What counts as protection?

A
  • the mechanisms used to protect resources against threats

– this is most of academic and industrial computer security

19
Q

What are some of the classes of protections

A
  • cryptographic protection of data
  • software guards
  • communication guards
  • user interface design (protect user against own limitations)
20
Q

Is protection proactive or reactive?

A

Protection can be either proactive or reactive

21
Q

What is the deterrence?

A
  • there is some non-zero expectation that there is a future cost to doing a bad thing

–i.e. going to jail, having a missile hit your house, having your assets seized, etc -

  • criminal cost-benefit: Mb + Pb > Ocp + OcmPaPc [Clark&Davis 95]

» Mb : Monetary benefit

» Pb : Psychological benefit

» Ocp : Cost of committing crime

» Ocm : Monetary cost of conviction

» Pa : Probability of getting caught

» Pc : Probability of conviction

22
Q

What is needed for deterrence to work?

A

need meaningful forensic capabilities

  • audit actions, assign identity to evidence, etc
  • must be cost effective relative to positive incentives
23
Q

How does identity relate to security?

A
  • identity is implicit in virtually all security questions, but we rarely think about it much We have strong intuitions however
  • how do you feel about “Black Unicorn” the cypherpunk?
  • how about A.S.L. von Bernhardi the investment banker?
24
Q

What is identity?

A

one def: the distinct personality of an individual regarded as a persisting entity; individuality (c/o Black Unicorn)

another def: a unique identifier –distinguishing mark (c/o A.S.L. von Bernhardi)

25
Q

What’s the difference between an identity and an identifier?

A

Allows naming; to establish an assertion about reputation

26
Q

What is reputation?

A
  • a specific characteristic or trait ascribed to a person or thing: e.g. “a reputation for paying promptly”
  • potentially a predictor of behavior, a means of valuation and as a means for third-party assessment
  • value comes from binding reputation and identifiers
  • but how to make this binding?
27
Q

What is due diligence?

A
  • work to acquire multiple independent pieces of evidence establishing identity/reputation linkage; particularly via direct experience - expensive
28
Q

What is trust? How is it used in security? What questions do you have to ask about trust?

A
  • reliance on something in the future; hope
  • allows cheap form of due-diligence: third-party attestation
  • economics of third-party attestation? cost vs limited liability
  • what is a third-party qualified to attest to?
  • culturally informed/biased?