Sicurezza Informatica Prof. Stefano Bistarelli [email protected] http://www.sci.unich.it/~bista/ Chapter 1: Introduction Prof. Stefano Bistarelli - Sicurezza Informatica 2 Outline Security (confidentiality, integrity, availability) to protect from threats!! Security policies identify threats and and define requirements (assumptions) Security mechanisms are methods to detect/prevent/recover threats Which security countermeasure we want to apply? Security Risk analysis!! Prof. Stefano Bistarelli - Sicurezza Informatica 3 Sicurezza Informatica abilità di un sistema di proteggere informazioni, risorse ed il sistema stesso, rispetto alle nozioni di Confidentialità (confidentiality) Integrità (integrity) e Autenticazione (authentication) Disponibilità (availability) Controllo degli Accessi (control access) Non ripudio (no-repudiaton) Privatezza (privacy) Prof. Stefano Bistarelli - Sicurezza Informatica 4 Alice, Bob, e … Trudy Figure 7.1 goes here “Hello-world” nel mondo della sicurezza Bob e Alice hanno la necessità di comunicare tra loro in modo sicuro Trudy, “intruder” è in grado di intercettare e modificare i messaggi Prof. Stefano Bistarelli - Sicurezza Informatica 5 Main goals Confidentialità (confidentiality) Integrità (integrity) Assicurare che le informazioni non siano accessibili ad utenti non autorizzati Assicurare che le informazioni non siano alterabili da persona non autorizzate (in maniera invisibile agli utenti autorizzati) Autenticazione (athentication) Assicurare che gli utenti siano effettivamente chi dichiarano di essere Disponibilità (availability) Assicurare che un sistema sia operativo e funzionale in ogni momento (non deny-of-service) Prof. Stefano Bistarelli - Sicurezza Informatica 6 Additional goals Controllo degli accessi (access control) Assicurare che gli utenti abbiano accesso a tutte le risorse ed a tutti i servizi cui sono autorizzati e solo a questi Non ripudio (non-repudiation) Assicurare che il mittente di un messaggio non possa negare il fatto di aver spedito il messaggio Privatezza (privacy) Assicurare che gli utenti possano controllare quali informazioni su di lui vengono raccolte, come vengono usate, chi le usa, chi le mantiene, e per quale scopo vengono usate Prof. Stefano Bistarelli - Sicurezza Informatica 7 Security is not safety!! Prof. Stefano Bistarelli - Sicurezza Informatica 8 Security “is not” Safety Reliability (affidabilità) Availability (disponibilità) “non da crash!” Maintainability (manutenibilità) “non sbaglia!” “E’ facilmente gestibile” Safety (sicurezza) “non muoreProf.nessuno usandolo” Stefano Bistarelli - Sicurezza Informatica 9 Basic Components Confidentiality, Integrity, Availability Interpretation ALWAYS depends from the context!! Prof. Stefano Bistarelli - Sicurezza Informatica 10 Confidentiality Keeping data (and resources) hidden Military and commercial motivations! Mechanisms: Access control (cryptography) System dependent mechanism (safer when working … but may fail!!) Assumptions and trust of the mechanisms!! Confidentiality of content vs existence of data!! For resource hiding: firewalls!! Prof. Stefano Bistarelli - Sicurezza Informatica 11 Integrity Preventing improper/unauthorized changes Trustworthiness of data Data integrity (integrity) Origin integrity (authentication) Mechanisms: Prevention To change data To change data in an unauthorized way Difficult!! Detection Only detection Provide explanation Prof. Stefano Bistarelli - Sicurezza Informatica 12 Availability Enabling access to data and resources Availability vs reliability ?? (disponibilità vs affidabilità) Threats: Manipulate the use of the data/resource Can be captured Denial of Service Difficult to capture!! Prof. Stefano Bistarelli - Sicurezza Informatica 13 Attack Vs Threat A threat is a “potential” violation of security The violation need not actually occur The fact that the violation might occur makes it a threat It is important to guard against threats and be prepared for the actual violation The actual violation of security is called an attack Prof. Stefano Bistarelli - Sicurezza Informatica 14 Classes of Threats Threat= potential violation of security. Classes: 1. 2. 3. 4. Disclosure (unauthorized access to information) Deception (acceptance of false data) Disruption (DoS) Usurpation (unauthorized control of (part of) a system) Prof. Stefano Bistarelli - Sicurezza Informatica 15 Threats in comunications .. Prof. Stefano Bistarelli - Sicurezza Informatica 16 Classes of Threats, ex: Snooping/sniffing Modification/Alteration Deception of data Disruption/usurpation of systems Spoofing/masquerading (impersonation) disclosure of data Deception/usurpation Notice that “delegation”= authorized masquerading Repudiation of origin/send/receipt Inibition of service Delay denial of service Prof. Stefano Bistarelli - Sicurezza Informatica 17 Policies and Mechanisms Policy says what is, and is not, allowed Composition of policies (ex: for cooperation among sites) This defines “security” for the site/system/etc. Assumption: definition of the set of secure/insecure states! If policies conflict, discrepancies may create security vulnerabilities Mechanisms are methods/tools/procedure to enforce policies Prof. Stefano Bistarelli - Sicurezza Informatica 18 Mechanism for Prevention Detection Prevent attackers from violating security policy Detect attackers’ violation of security policy Recovery 1: Stop attack, assess and repair damage 2: Continue to function correctly even if attack succeeds Retaliation as a form of recovery Prof. Stefano Bistarelli - Sicurezza Informatica 19 Trust and Assumptions A policy correctly describe the required security for a site? The mechanism can enforce the policy needs? Security rests on assumptions! Ex: per aprire una porta occorre la chiave (assunzione) Se c’e’ scassinatore, assunzione non valida! A meno che lo scassinatore apra solo le porte dietro richiesta del proprietario! Trust verso scassinatore! Policies assumptions Unambiguously partition system states (secure/non secure) Correctly capture security requirements Mechanisms Assumed to enforce policy if mechanisms work correctly Prof. Stefano Bistarelli - Sicurezza Informatica 20 Types of Mechanisms Let P be the set of all the reachable states Let Q be a set of secure states identified by a policy: Q P Let the set of states that an enforcement mechanism restricts a system to be R The enforcement mechanism is Secure if R Q Precise if R = Q Broad if there are some states in R that are not in Q Prof. Stefano Bistarelli - Sicurezza Informatica 21 Types of Mechanisms broad secure set R precise set Q (secure states) Prof. Stefano Bistarelli - Sicurezza Informatica 22 Assurance Assurance how well the system meets its requirements? how much you can trust the system to do what it is supposed to do. It does not say what the system is to do; rather, it only covers how well the system does it. Prof. Stefano Bistarelli - Sicurezza Informatica 23 Assurance To reach assurance: Detailed Specification Design of the HW and SW and show that does not violate specification Implementation that satisfy the design Proof that the implementation produce the desidered behavior (difficult!) Test (easier) Prof. Stefano Bistarelli - Sicurezza Informatica 24 Operational Issues Cost-Benefit Analysis Risk Analysis Is it cheaper to prevent or recover? Should we protect something? How much should we protect this thing? Laws and Customs Are desired security measures illegal? Will people do them? Prof. Stefano Bistarelli - Sicurezza Informatica 25 Human Issues People are THE security problem!! Organizational Problems Power without responsibility (and viceversa) Security officer make therule, system administrator is responsible … No Financial benefits Untrained users! Password revealed Outsiders and insiders Social engineering Prof. Stefano Bistarelli - Sicurezza Informatica 26 Key Points Policy defines security, and mechanisms enforce security Confidentiality Integrity Availability Trust and knowing assumptions Importance of assurance The human factor Prof. Stefano Bistarelli - Sicurezza Informatica 27 Discussion: Prof. Stefano Bistarelli - Sicurezza Informatica 28
© Copyright 2026 Paperzz