■ Economic impact of viruses, worms and Trojan horses $17.1 billion in 2000 ($8.75 billion due to the “I Love You” virus alone)
■ In 2009, the cost of a data breach for companies has risen to $202 per lost record, up from $197 in 2007. For the 47 companies audited, those costs added up to $6.6 million per incident (Forbes.com, 2 February 2009)
■ In a 2009 study, 92% of 700 billion email messages examined were spam, 0.07% were infected
■ 4,501 documented software vulnerabilities were discovered in 2009, many of them in web-based programs
■ Shift from large, multipurpose attacks on the network perimeter towards smaller, more targeted attacks to desktop computers
■ Shift from malicious “hacking” to criminal attacks with economic or political motives● Identity theft● Phishing● Denial-of-service● Cyberextortion● Cyberwarfare● Hactivisim
■ In August 2004, an intrusion had compromised 1.4 million records of personal information at UC Berkeley
■ In April 2005, an intrusion into its Seisint database of LexisNexis compromises personal information of about 310,000 persons
■ In August 2007, identity thieves who compromised Monster.com's database also made off with the personal information of 146,000 people who use USAJobs
■ SecurityFocus, 23 January 2006● In October 2005, Dutch authorities arrested three men in the
Netherlands who allegedly controlled a network of more than 1.5 million compromised computers
■ International Herald Tribune, 10 November 2007● A computer security consultant accused of installing malicious
software to create an army of up to 250,000 “zombie” computers so he could steal identities and access bank accounts will plead guilty to four federal charges
■ Increasing use of social networks to send spam, distribute malicious code, run identity fraud● New York Times, 2 May 2010. “log-in data for 1.5 million
Facebook accounts for sale on several online criminal marketplaces”
● PCWorld, 7 August 2009. “The distributed denial of service attack that targeted Twitter, Facebook, LiveJournal, and several Google sites may have been politically motivated”
■ 18 July 2011● The Defense Department has revealed that 24,000 files
containing Pentagon data were stolen by a foreign government from a defense industry computer network in a single intrusion
■ In 2009, US Defense Secretary Robert Gates declared cyberspace to be the “fifth domain” of military operations, alongside land, sea, air and space
■ USCybercom went fully operational in October 2010 headed by General Keith Alexander
■ General Alexander: “Pentagon’s computer systems are probed 250,000 times an hour, up to six million times per day”, and that among those attempting to break in were “more than 140 foreign spy organizations trying to infiltrate US networks”
■ New York Times, 25 September 2010 ● “Iran Fights Malware Attacking Computers” The Iranian
government agency that runs the country’s nuclear facilities, including those the West suspects are part of a weapons program, has reported that its engineers are trying to protect their facilities from a sophisticated computer worm that has infected industrial plants across Iran
● Stuxnet is aimed solely at industrial equipment made by Siemens that controls oil pipelines, electric utilities, nuclear facilities and other large industrial sites
■ 2011 has seen a huge rise in cyber activity that has come to be know as “hactivism” — political, social activism through hacking
■ Groups like LulzSec and Anonymous have targeted governments and corporations through highly publicized attacks directed at● United States Senate● CIA● Citibank● MasterCard● PayPal● Sony Corporation
■ We will study the technical issues related to security in a non-technical context● “If you work with computer and network security long enough,
you realize that the biggest problem is people: the people who design the software, the people who deploy it, the people who use the systems, the people who abuse the systems, and sometimes the people who guard the systems. There are certainly many technological challenges to be met, but the biggest problems still come back to people.” Gene Spafford
■ NIS is trustworthy when it works correctly despite● Malicious/hostile attacks● Design and implementation errors (bugs)● Human user and operator errors● Environmental disruptions
(in increasing order of frequency)
■ Holistic and multidimensional problem● Property of system, not just components● Involves many interacting sub-properties
■ Trustworthiness is an example of a nonfunctional requirement
■ Functional requirements specify what a system is supposed to do: inputs produce correct outputs
■ Nonfunctional requirements define how a system is supposed to be. Often called qualities of a system● Scalability● Performance● Efficiency● Operability● Interoperability● Testability
■ By their nature, attacks/errors/bugs are unpredictable and cannot be formalized; to do so would rule out possible scenarios, and thus would be incorrect
■ Trustworthiness cannot be added to an existing system as an afterthought
■ Patent restrictions■ Government regulations (restrictions on export of
cryptography technologies)■ Reliance on existing communication infrastructures
(Internet)■ Everything is interconnected● Telephone and power companies use Internet technology● Their operational systems are linked to their corporate systems,
which are linked to the Internet● And the Internet requires power, and is largely built on top of
Like any system, we can study security with respect to■ Specification: What is it supposed to do?■ Implementation: How does it do it?■ Correctness: Does it really work?
In security, these are called■ Policy (Specification)■ Mechanism (Implementation)■ Assurance (Correctness)
■ In 2005, the mean time between the disclosure of a vulnerability and the release of associated exploit code is 6.0 days
■ In 2005, an average of 54 days elapsed between the appearance of a vulnerability and the release of an associated patch by the affected vendor — vulnerability window
■ Zero-day attack: occur during the vulnerability window
Severity of a threat is related to the resources available for the attack■ Knowledge is a resource■ Money can buy anything, including knowledge■ Easy access to “packaged” knowledge (e.g., SATAN for
Unix systems) results in a discontinuity between the technical expertise of a particular threat and the severity of the damage
■ International Herald Tribune, 28 September 2006. “Hacking made easy: 'Secret' data just a Google search away”:● One widespread vulnerability can be exploited through a practice
that has come to be known as Google hacking. These hacks require no special tools and little skill. All that is needed is a Web-connected PC and a few keywords to look for, like "filetype:sqlpassword" or "index.of.password."
What do locks, keys, values and the police have to do with computer security?■ Locks: authorization, access control mechanisms■ Keys: authentication required to open a lock. Can be
something the user knows, has or is■ Police: same as the real world. Since attacks can be
launched remotely, equivalents of video cameras are needed for convicting offenders
Two general principles to promote higher assurance■ Economy of Mechanism: small and simple mechanisms
whenever possible■ Open Design: security of a mechanism should not
depend on attacker’s ignorance of how the mechanism works or is built● No “security through obscurity”● Makes security harder but is necessary for increased assurance
