SC3010

Computer Security

Lecture 1: Introduction
Teaching Staff Members
Lecturers:
 Assoc. Prof. Zhang Tianwei (1st half, course coordinator):
[Link]@[Link]
 Dr. Tay Kian Boon (2nd half): [Link]@[Link]

2
What is Computer Security

3
 What is Computer Security
Guarantee the correct usage of computer systems and desired
properties in the presence of malicious entities

“Security engineering is about building systems to remain

dependable in the face of malice, error, or mischance.”

Rose Anderson
Professor, Univ. of Cambridge

“Security involves making sure things work, not in the presence

of random faults, but in the face of an intelligent and malicious
adversary trying to ensure that things fail in the worst possible
way at the worst possible time … again and again. It is truly
programming Satan’s computer.”
Bruce Schneier
Adj Lecturer, Harvard Kennedy School

4
Significance of Computer Security
Critical to physical safety
 Power grid and water systems: blackouts, water contamination or
disruption of supply
 Transportation networks and connected vehicles: traffic jam, car collisions
or crashes
 Aviation: interfere with navigation and communication, leading to accident
 Factory automation: sabotage industrial processes, leading to equipment
failure or explosions
 Medical devices: pose life-threatening risks to patients (e.g., pacemakers)
 Start home systems: compromise devices like thermostats or locks can
lead to unsafe temperature levels or unauthorized access to homes
 Electric Vehicle charging stations: overload circuits and cause fire hazards

5
Case Study: Jeep Hack

6
Case Study: Throwback Attack

7
Significance of Computer Security
Critical to personal privacy
 Database breaches: infiltrate companies to steal personal data
 Phishing: send deceptive emails, SMS, web links to trick users into
revealing sensitive information, e.g., credentials, financial information, etc.
 Ransomware: encrypt personal files and demand payment for release
 Spyware: secretly monitor users’ activities, including keystrokes, web
browsing, communication, etc.
 Malicious mobile apps: unauthorized collection of location, contact, or
other private data.
 Smart device exploitation: hack cameras, speakers, or thermostats to spy
on individuals

8
Case Study: Data Breach in Singapore

9
Case Study: Target Attack

10
Case Study: WannaCry Ransomware

11
Significance of Computer Security
Critical to national security
 Cyber espionage: steal classified information from rival government or
military systems, such as diplomatic strategies, defense plans, etc.
 Election interference: spread false information to influence public opinion,
hack political campaigns, or manipulate voting systems.
 Cyber warfare: disrupt the military operations, or Distributed Denial of
Service attacks against government services or infrastructure
 Supply chain attacks: target software or hardware suppliers to
compromise the systems in government or defense agencies
 Cyber terrorism: launch attacks aimed at causing physical destruction or
fear, such as targeting dams, chemical plants or hospitals

12
Case Study: Stuxnet Malware

13
Case Study: Flame Spyware

14
 System Complexity Leads to Insecurity
Provide a protected environment for data and their processing
Standalone computer
Standalone computer single user
single user multiprogram
monoprogram
Physical security
Physical security
Process protection

Standalone computer Networked computer

multiple user Physical security
Physical security Process protection
Process protection Data protection
Data protection User authentication
User authentication Communication
protection
15
Human Factors Lead to Insecurity
System Users
 Security features are not used correctly, e.g., misconfiguration.
 Users like convenience and may try to disable some security configurations
that are not inconvenient

System Developers
 Security features are not designed correctly; security components are not
implemented correctly
 Developers are humans, and humans can make mistakes.

External Parties
 Individual’s trust can be manipulated for profit, e.g., social engineering

16
Learning Outcome
From the attacker’s perspective
 Understand the vulnerabilities associated with computer systems.
 Assess the significance of threats to computer systems

From the defender’s perspective

 Understand the common security mechanisms to mitigate security threats.
 Learn to design computer systems with enhanced security protection.

17
Course Logistics
Each week we have:
 A two-hour lecture (8:30 – 10:20am Tuesday, physical at LT1A)
 A one-hour tutorial (5:30 – 6:20pm Wednesday, physical at LT1A), starting from
week 2

Tutorial attendance policy:

 Bring you up to 5 extra points on top of the original assessment.
 We will use Wooclap to record your attendance for each tutorial.
 In a random moment within the tutorial, a barcode will be shown on screen.
Use your phone to scan this barcode, and login with your NTU account.
 Responses must be submitted within 5 minutes of the barcode being displayed
to be valid.
 Exception will be given for students who have some technical problems with
the login. Then please come to me after class and register manually.

Course materials and video recordings will be made available through

NTULearn

18
Assessment
2 Quizzes (40% each)
 Quiz 1: week 7 (8:30am – 9:20am, Tuesday, 23 September)
 Quiz 2: week 13 (To be announced later)
 Detailed locations will be announced later.
 Those who are validly absent must take make up quiz. Failure to do so will
get 0 marks. The make-up quiz will be significantly more challenging, due to
the additional preparation time.

19
Assessment
Project (20%)
 Groups of 4 students. Each group conducts 2 in-depth case studies about
cyber security.
 The project will be the submission of video presentation by week 14.
 Video presentation is 10 minutes for each group.
 All members must do the presentation & understand BOTH case studies
 We will do random group allocation. Allocation results will be released by
the end of January

Project judge criterion

 Topic selection: real-world security incidents, better to have significant
impacts. They should be related to the content discussed in this course
 Technical depth: describe the technical details about the mechanism of the
incidents. It is recommended to perform code analysis for the
vulnerabilities. Having demos will be a plus.
 Presentation quality: clear presentation and organization.
20
Schedule
Week Lecture Tutorial Instructor
1 Introduction
Introduction &
2 Software Security I
Software Security I
3 Software Security II Software Security II Zhang Tianwei
4 Software Security III Software Security III
5 OS Security I OS Security I
6 OS Security II OS Security II
Quiz 1 / Lecture (2nd Zhang Tianwei / Tay
7 Lecture (2nd half)
half) Kian Boon
8-12 Passwords & Authentication
Mobile security
Computer Security Case studies Tay Kian Boon
Introduction to Cryptography
13 Quiz 2
21
References
No required textbooks. If you want extra reading:
 D. Gollmann, Computer Security (3rd ed.), John Wiley & Sons, 2011.
 M. Bishop, Computer Security: Art and Science, Addison- Wesley, 2003.
 R. Anderson, Security Engineering, 2008.
 Erickson, Hacking: the art of exploitation, 2nd Edition, 2008.

22
Basics of Cyber Security
Threat Model
 Trusted Computing Base (TCB)
 Attacker’s assumption
 Security properties

 Security Strategies

 Design Principles of Computer Security

23
Threat Model
Describe the adversaries and threats in consideration
 What is trusted and what is not trusted (TCB).
 For the untrusted entities, what resources, capabilities and knowledge they
have; what actions they can perform.
 What security properties the system aim to achieve.

Attackers’
assumptions Computer
System Security
Properties

TCB

24
Trust
The degree to which an entity is expected to behave:
 What the entity is expected to do:
- Anti-malware can detect malicious programs;
- System can prevent illegal account login, etc.
 What the entity is expected not to do:
- The website will not expose your private data to third parties;
- An application will not inject virus into your system.

Security cannot be established in a cyber system if no entities are

trusted.

It is important to make clear what should be trusted. Otherwise,

the designed security solutions may fail in practice.

25
Trusted Computing Base (TCB)
A set of components (e.g., software, OS, firmware, hardware) that
need to be trusted to ensure the security of the cyber system

Components outside of the TCB can be malicious and misbehave.

When we design a security solution, we need to

 Assume all the components inside the TCB are secure with valid
justifications.
 Prevent any damages from any components outside of the TCB.

26
TCB Design
Design principles
 Unbypassable (completeness): there must be no way to breach system
security by bypassing the TCB.
 Tamper-resistant (security): TCB should be protected against other parts
outside the TCB. These parts cannot modify the TCB’s code or state.
 Verifiable (or correctness): it should be possible to verify the correctness
of TCB.

Size of TCB
 A system with a smaller TCB is more trustworthy and easier to verify (we
do not need to make too many assumptions, which may be violated). This
follows the KISS (Keep It Simple, Stupid) principle
 Designing a secure system with a smaller TCB is more challenging
(we need to consider more malicious entities)
27
Attacker’s Assumption
Type of Attacker
 Active: manipulate or disrupt the systems, e.g., modifying data, injecting code
 Passive: observing and gathering information without interfering system

Attacker’s knowledge
 Know the system’s design, architecture, source code, etc. ,
 Lack the detailed knowledge and must rely on probing or trial and error

Attacker’s Capability
 How much computing resources can the attacker leverage?
 What parts of the system can the attacker interact with?
 Does the attacker have unlimited time or need to act quickly?

28
Security Properties
The security goals that we aim to achieve for the system.

Common security properties (CIA model)

 Confidentiality (C): prevent unauthorized disclosure of information.
Sensitive information should not be leaked to unauthorized parties
 Integrity (I): prevent unauthorized modification of information. Critical
system state and code cannot be altered by malicious parties
 Availability (A): prevent unauthorized withholding of information or
resources. The resources should be always available for authorized users
Eavesdropping, Intercept packets,
Packet sniffing, Disrupt services
Modify and release
Illegal copying

29
Security Properties
Other properties
 Accountability: actions of an entity can be traced and identified
 Non-repudiation: unforgeable evidence that specific actions occur
 Authenticity: ensure the communicated entity is the correct entity.
 Anonymity or privacy: hide personal information and identity from being
leaked to external parties.
 Verifiability: the system’s operations can be independently verified.
 Freshness: the data or communications are current and not reused or
replayed.
 Fault tolerance: the system can continue to function correctly despite
failures.

30
Case Study: Threat Model of Target Attack
Threat Model
 Trusted Computing Base: the Target computer system including the OS and
hardware is trusted. However, the malicious software is not trusted, which
leaks the data to the attacker
 Adversarial capabilities and knowledge: the attacker can launch malware on
the Target’s POS, and collect the credit card data stored in the database.
 Security properties: we consider the confidentiality: protecting the system
from leaking sensitive information.

31
Security Strategies
Prevention
 Take measures that prevent your system from being damaged

Detection
 Take measures so that you can detect when, how, and by whom your
system has been damaged.

Reaction
 Take measures so that you can recover your system or to recover from
a damage to your system.
 Always assume that bad things will happen, and therefore prepare your
systems for the worst-case outcome

32
Design Principle: Least of Privilege
Assign privileges carefully:
 Give each entity the minimal permissions to complete the task.
 Give the privilege when needed, and revoke the privilege after use
 The less privilege that a program has, the less harm it can do if it goes awry
or becomes subverted.
 If granting unnecessary permissions, a malicious entity could abuse those
permissions to perform the attack.

Examples:
 Never perform personal activities using root or admin account in an OS
 A photo editing application on a smartphone is only allowed access to the
gallery but not the microphone or location.

33
Design Principle: Separation of Privilege
Split the responsibility:
 To perform a privileged action, it require multiple parties to work together
to exercise that privilege, rather than a single point of control or decision.
 Minimize the risk of misuse, error, or compromise by ensuring that no
single entity has full control over critical processes

Examples:
 In a financial system, transferring large sums of money requires approval
from an employee (initiator), and additional approval from a manager
(reviewer).
 A developer writes code but cannot directly deploy it to production;
deployment is handled by a separate operations team

34
Design Principles: Defense in Depth
Multiple types of defenses should be layered together
 Increase the difficulty of attacking the entire system.
 The implementation cost could be high
 The entire effectiveness is often less than the sum of all defenses. There can
be even conflicts among them!

Password managers,
End uses
company policies…

Firewalls, intrusion
Implementations
detection…

Protocols and TLS, IPsec, access

Policies control…

Cryptographic RSA, DSS, SHA-1…

35 primitives
Design Principle: Security Through Obscurity
Relying on secrecy or concealing the details of a system or its
components to provide security
 If an attacker does not know how a system works, they are less likely to
compromise it.
 This is often regarded as insufficient and unreliable as the sole basis for
security. Attackers may reverse-engineer or uncover hidden details. We
cannot solely rely on its obscurity to keep attackers away.

Examples:
 A company hides sensitive files behind obscure URLs without implementing
proper authentication. Attacker could discover the URL through guessing,
web crawling or server logs.
 A software developer uses code obfuscation to hide the details of source
code and potential vulnerabilities. Skilled attacker can deobfuscate or
analyze the binary to discover the vulnerabilities.

36
Design Principle: Kerckhoffs’s Principle and
Shannon’s Maxim
Claude Shannon: “the enemy knows the system”
 The security of a system should not depend on the secrecy of its design or
algorithms.
 It is always necessary to assume that the attacker knows every detail about
the system you are designing, including algorithms, hardware, defenses, etc.
 This makes your system resilient even if the design or implementation
becomes public knowledge

Examples:
 Cryptography: the secrecy of the
cryptographic key is the only thing
that ensures security. If the key is
kept confidential, the system
remains secure
Auguste Kerckhoffs Claude Shannon
Dutch linguist and American mathematician and
cryptographer cryptographer
37 Father of information theory