Lec 1: Intro

Question 1

What is computer security?

Answer 1

It is about how the embodiment of functionality behaves in the presence of an adversary

Question 2

What makes computer security different from most other fields of CS?

Answer 2

Most of CS is about providing functionality, computer security is not

Question 3

What is the binary model?

Answer 3

it’s a security philosophy that is:

• traditional crypto and trustworthy systems
• assume adversary limitations X and define security policy Y
• if Y cannot be violated without needing X then system is secure, else insecure

Question 4

What is the risk management model?

Answer 4

it’s a security philosophy that is:

• most commercial software development (and much real-world security…e.g., terrorism)
• try to minimize biggest risks and threats
• improve security where most cost effective (expected value)

Question 5

What model does the perfect substitution cipher follow?

Answer 5

the binary model

Question 6

What is the perfect substitution cipher?

Answer 6

• invented by Vernam & Mauborgne in 1919
• choose a string of random bits the same length as the plaintext, XOR them to obtain the ciphertext
• perfect secrecy (proved by claude shannon)

Question 7

What is perfect secrecy?

Answer 7

• probability that a given message is encoded in the ciphertext is unaltered by knowledge of the ciphertext

Question 8

Generally explain the proof of perfect secrecy in the perfect substitution cipher?

Answer 8

Give me any plaintext message and any ciphertext and I can construct a key that will produce the ciphertext from the plain text. Zero information in ciphertext

Question 9

What model does the concrete barricade security solution follow? What is the problem that it solves?

Answer 9

• risk management model
• prevents incursion by car bombers by preventing cars from getting too close to the building

Question 10

What are some of the problems with the binary model of security?

Answer 10

1. Many assumptions are brittle in real systems
   - real artifacts fragile, imperfect, have bugs/limitations
   - implicit dependencies with exposed layers

– ex: reading secret bits off current draw on a chip

2. Hard to know what security policy should be
3. hugely expensive

Question 11

What are some problems with risk management model of security?

Answer 11

1. creates arms races
   - forced co-evolution
   - (adversary invents new attack -> defender creates new defense -> repeat)
2. security is a spectrum, but how to evaluate risk or reward?
3. best you can hope for is stalemate
   - and we’re losing stalemate in a number of situations (e.g. SPAM, Malware)

Question 12

What are the key meta issues in security?

Answer 12

1. policy
2. risks
3. threats
4. value
5. protection
6. identity & reputation

Question 13

What questions do you have to ask when coming up with policy? What makes it difficult?

Answer 13

1. what is a bad thing?
2. remarkably tricky to define for known threats
   - the software on your computer likely has 100s of security options…how should you set them?
   - what might be a good security policy for who gets to access faculty salary data?
3. Even harder for unknown threats
   - SPAM
4. Can be non-intuitive
   - should a highly privileged user have more rights on a system or less?

Question 14

What questions do you have to ask when dealing with risks& threats?

Answer 14

Risk

• what bad things are possible?
• How bad are they and how likely are they?

Threats

• who is targeting the risk?
• what are their capabilities?
• what are their motivations?

Question 15

How formalized are risks and threats?

Answer 15

tend to be well formalized in some communities (e.g. finance sector) and less in others (e.g. energy sector)

Question 16

Draw/describe the Threat Landscape

Answer 16

Question 17

What questions do you have to ask when thinking about value of security? What are some examples?

Answer 17

• what is the cost if the bad thing happens?
• what is the cost of preventing the bad thing?
• ex: credit card fraud

– who plays if someone steals your credit card # and buys a TV with it?

• ex: permissive action links for nuclear weapons –http://www.cs.columbia.edu/~smb/nsam-160/pal.html

Question 18

What counts as protection?

Answer 18

• the mechanisms used to protect resources against threats

– this is most of academic and industrial computer security

Question 19

What are some of the classes of protections

Answer 19

• cryptographic protection of data
• software guards
• communication guards
• user interface design (protect user against own limitations)

Question 20

Is protection proactive or reactive?

Answer 20

Protection can be either proactive or reactive

Question 21

What is the deterrence?

Answer 21

• there is some non-zero expectation that there is a future cost to doing a bad thing

–i.e. going to jail, having a missile hit your house, having your assets seized, etc -

• criminal cost-benefit: Mb + Pb > Ocp + OcmPaPc [Clark&Davis 95]

» Mb : Monetary benefit

» Pb : Psychological benefit

» Ocp : Cost of committing crime

» Ocm : Monetary cost of conviction

» Pa : Probability of getting caught

» Pc : Probability of conviction

Question 22

What is needed for deterrence to work?

Answer 22

need meaningful forensic capabilities

• audit actions, assign identity to evidence, etc
• must be cost effective relative to positive incentives

Question 23

How does identity relate to security?

Answer 23

• identity is implicit in virtually all security questions, but we rarely think about it much We have strong intuitions however
• how do you feel about “Black Unicorn” the cypherpunk?
• how about A.S.L. von Bernhardi the investment banker?

Question 24

What is identity?

Answer 24

one def: the distinct personality of an individual regarded as a persisting entity; individuality (c/o Black Unicorn)

another def: a unique identifier –distinguishing mark (c/o A.S.L. von Bernhardi)

Question 25

What’s the difference between an identity and an identifier?

Answer 25

Allows naming; to establish an assertion about reputation

Question 26

What is reputation?

Answer 26

• a specific characteristic or trait ascribed to a person or thing: e.g. “a reputation for paying promptly”
• potentially a predictor of behavior, a means of valuation and as a means for third-party assessment
• value comes from binding reputation and identifiers
• but how to make this binding?

Question 27

What is due diligence?

Answer 27

• work to acquire multiple independent pieces of evidence establishing identity/reputation linkage; particularly via direct experience - expensive

Question 28

What is trust? How is it used in security? What questions do you have to ask about trust?

Answer 28

• reliance on something in the future; hope
• allows cheap form of due-diligence: third-party attestation
• economics of third-party attestation? cost vs limited liability
• what is a third-party qualified to attest to?
• culturally informed/biased?