03/25/22 Prof. Ehud Gudes Security Ch 1 1 Chapter 1 (Cont.) [ SB ] chapters 1,13,14,15,16,17,1 Articles J1,J2
04/18/23Prof. Ehud Gudes Security
Ch 1 1
Chapter 1 (Cont.)
[SB ]chapters 1,13,14,15,16,17,1Articles J1,J2
Prof. Ehud Gudes Security Ch 1
Legal and Ethical Aspects
Patents, Copy-rights, Trade-secretsCopyrights notices, Stenography Employee rights and Computer crime lawsRegulations on Cryptographic methodsEthical codes, Privacy laws
Prof. Ehud Gudes Security Ch 1
Copy-rights
Designed to protect ideas and creativityIntellectual propertyOriginality of workRegistration - Copyrights notices,
StenographyProof of infringement
Copyrightprotects tangible or fixed expression of an
idea but not the idea itselfis automatically assigned when createdmay need to be registered in some countriesexists when:
proposed work is originalcreator has put original idea in concrete forme.g. literary works, musical works, dramatic
works, pantomimes and choreographic works, pictorial, graphic, and sculptural works, motion pictures and other audiovisual works, sound recordings, architectural works, software-related works.
Copyright Rights
copyright owner has these exclusive rights, protected against infringement:reproduction rightmodification rightdistribution rightpublic-performance rightpublic-display right
Prof. Ehud Gudes Security Ch 1
Patents
No laws of natureCan protect a new and useful process,
machine, composition of material – Today also a program or an algorithm (a
detailed one!) Novelty required Registration (location?)Time expiration
Patentsgrant a property right to the inventor
to exclude others from making, using, offering for sale, or selling the invention
types:utility - any new and useful process, machine,
article of manufacture, or composition of matterdesign - new, original, and ornamental design
for an article of manufactureplant - discovers and asexually reproduces any
distinct and new variety of plant
e.g. RSA public-key cryptosystem patent
Trademarks
a word, name, symbol, or device used in trade with goodsindicate source of goods to distinguish them from goods of others
trademark rights may be used to:prevent others from using a confusingly similar
markbut not to prevent others from making the
same goods or from selling the same goods or services under a clearly different mark
04/18/23 9
Comparing Copyright, Patent, and Trade Secret Protection
CopyrightPatentTrade Secret
ProtectsExpression of idea, not idea itself
Invention: the way something works
A secret, competitive advantage
Protected object made public
Yes; intention is to promote publication
Design filed at patent office
No
Requirement to Distribute
YesNoNo
Ease of filingVery easy, do-it-yourself
Very complicated; Specialist lawyer suggested
No filing
DurationLife of human originator or 75 years for a company
19 yearsIndefinite
Legal protectionSue if copy soldSue if invention copied
Sue if secret improperly obtained
Intellectual Property Issues and Computer Security
software programsprotect using copyright, perhaps patent
database content and arrangementprotect using copyright
digital content audio / video / media / webprotect using copyright
algorithmsmay be able to protect by patenting
Digital Rights Management (DRM)
systems and procedures ensuring digital rights holders are clearly identified and receive stipulated payment for their worksmay impose further restrictions on their use
no single DRM standard or architecturegoal often to provide mechanisms for the
complete content management lifecycleA major problem today: protection of
Movies, Music, etc. on the Internet - DRM
DRM System Architecture
Prof. Ehud Gudes Security Ch 1
Rights and Obligations of Employees
Ownership of new products, IPUse of company resourcesProtecting company secretsEthics code
Ethical Question Examples
whistle-blowerwhen professional ethical duty conflicts
with loyalty to employere.g. inadequately tested software
productorganizations and professional societies
should provide alternative mechanisms
potential conflict of intereste.g. consultant has financial interest in
vendor which should be revealed to client
Security in Hiring Process
objective: “to ensure that employees, contractors and third
party users understand their responsibilities, and are suitable for the roles they are considered for, and to reduce the risk of theft, fraud or misuse of facilities”
need appropriate background checks, screening, and employment agreements
Background Checks & Screeningissues:
inflated resumesreticence of former employers to give good or
bad references due to fear of lawsuits
employers do need to make significant effort to do background checks / screeningget detailed employment / education historyreasonable checks on accuracy of detailshave experienced staff members interview
for some sensitive positions, additional intensive investigation is warranted
Employment Agreements
employees should agree to and sign the terms and conditions of their employment contract, which should include:information on their and the organization’s
security responsibilitiesconfidentiality and non-disclosure agreementagreement to abide by organization's security
policy
During Employmentcurrent employee security objectives:
ensure employees, contractors, third party users are aware of info security threats & concerns
know their responsibilities and liabilitiesare equipped to support organizational security
policy in their work, and reduce human error risks
need security policy and trainingsecurity principles:
least privilegeseparation of dutieslimited reliance on key personnel
Termination of Employmenttermination security objectives:
ensure employees, contractors, third party users exit organization or change employment in an orderly manner
that the return of all equipment and the removal of all access rights are completed
critical actions:remove name from authorized access listinform guards that general access not allowedremove personal access codes, change lock
combinations, reprogram access card systems, etc
recover all assets
Email & Internet Use Policies
E-mail & Internet access for employees is common in office and some factories
increasingly have e-mail and Internet use policies in organization's security policy
due to concerns regardingwork time lostcomputer / comms resources consumedrisk of importing malwarepossibility of harm, harassment, bad conduct
04/18/23Prof. Ehud Gudes Security
Ch 1 21
Legal Issues - Colorado Computer Crime Bill
18-5.5-102. Computer crime.1. Any person who knowingly uses any computer, computer system,
computer network, or any part thereof for the purpose of: devising or executing any scheme or artifice to defraud, obtaining money, property, or services by means of false or fraudulent pretenses, representations, or promises, or committing theft, commits computer crime.
2. Any person who knowingly and without authorization uses, alters, damages, or destroys any computer, computer system, or computer network described in section 18-5.5-101 or any computer software, program, documentation, or data contained in such computer, computer system, or computer network commits computer crime.
3. If the loss, damage or thing of value taken in violation of this section is less then fifty dollars, computer crime is a class 3 misdemeanor; if fifty dollars or more, but less then two hundred dollars, computer crime is a class 2 misdemeanor; if two hundred dollars or more but less then ten thousand dollars, computer crime is class 4 felony; if ten thousand dollars or more, computer crime is a class 3 felony.
Codes of Conduct see ACM, IEEE and AITP codes place emphasis on responsibility other
people have some common themes:
1. dignity and worth of other people2. personal integrity and honesty3. responsibility for work4. confidentiality of information5. public safety, health, and welfare6. participation in professional societies to
improve standards of the profession7. the notion that public knowledge and access
to technology is equivalent to social power
Prof. Ehud Gudes Security Ch 1
IEEE Code of Ethics
We, the members of IEEE, in recognition of the importance of our technologies in affecting the quality of life throughout the world, and in accepting a personal obligation to our profession, its members, and the communities we serve, do hereby commit ourselves to conduct of the highest ethical and professional manner and agree
1. To accept responsibility in making engineering decisions consistent with the safety, health, and welfare of the public, and to disclose promptly factors that might endanger the public or the environment;
2. To avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected parties when they do exist;
3. To be honest and realistic in stating claims or estimates based on available data;4. To reject bribery in all of its forms;5. To improve understanding of technology, its appropriate application, and potential
consequences;6. To maintain and improve our technical competence and to undertake technological tasks
for others only if qualified by training and experience, or after full disclosure of pertinent limitations;
7. To seek, accept, and offer honest criticism of technical work, to acknowledge and correct errors, and to credit properly the contributions of others;
8. To treat fairly all persons regardless of such factors as race, religion, gender, disability, age, or national origin;
9. To avoid injuring others, their property, reputation, or employment by false or malicious action;
10. To assist colleagues and coworkers in their professional development and to support them in following this code of ethics.
Prof. Ehud Gudes Security Ch 1
Cryptographic laws
What is in the public domain? The DES, RSA debates
Export control – NCR96 report (DES of up to 56 bits…), today 1024 bits key?
Key-escrow and Clipper debate
Prof. Ehud Gudes Security Ch 1
Privacy - Principles of the Privacy Act
No secret Databases - RegistrationReview - Individuals must be able to find what
information is maintained about themCorrectness - Individuals must be able to
correct this informationMisuse - Info. Obtained for one purpose must
not be used for another purpose without the individual’s consent
Security - the organization maintaining the info. must enforce appropriate security controls
EU Privacy Law
European Union Data Protection Directive was adopted in 1998 to:ensure member states protect
fundamental privacy rights when processing personal info
prevent member states from restricting the free flow of personal info within EU
organized around principles of:notice, consent, consistency, access,
security, onward transfer, enforcement
US Privacy Law
have Privacy Act of 1974 which:permits individuals to determine records keptpermits individuals to forbid records being
used for other purposes permits individuals to obtain access to recordsensures agencies properly collect, maintain,
and use personal info creates a private right of action for individuals
also have a range of other privacy laws
Prof. Ehud Gudes Security Ch 1
Privacy Issues and the Internet
Browsing as Anonymous (LPWA, CROWDS)
Preventing undesirable (spam) electronic mail
Preventing illegal use of Cookies
Use of electronic cash
Protecting credit-cards by protocols such as: SSL or SET
04/18/23 29
Platform for Privacy Preferences Project (P3P)
Developed by the World Wide Web Consortium (W3C) Final P3P1.0 Recommendation
issued 16 April 2002Allows web sites to
communicate about their privacy policies in a standard computer-readable format Does not require web sites to
change their server softwareEnables the development of
tools (built into browsers or separate applications) that Summarize privacy policies Compare privacy policies with
user preferences Alert and advise users
P3P helps users understand privacy policies P3P increases transparency,
but it does not set baseline standards or enforce policies
P3P user agent software available (as of July 2002) Microsoft Internet Explorer 6 Netscape Navigator 7 AT&T Privacy Bird
http://privacybird.com/
For more information http://www.w3.org/P3P/ http://p3ptoolbox.org/ Web Privacy with P3P
by Lorrie Faith Cranorhttp://p3pbook.com/
Prof. Ehud Gudes Security Ch 1
Standards
Orange BookITSECEDI, EDIFACTX509, CORBADES , AESPrivacy laws
04/18/23Prof. Ehud Gudes Security
Ch 1 31
IETFה-
-הInternet Engineering Task Forceועדת תקינה שמתכנסת שלוש פעמים בשנה-הIETF מחולק לקבוצות עבודה )Working
groups( לכל קבוצת עבודה מוקצות מספר .משימות.
קבוצות העבודה מציעות פרוטוקולים במטרהלהפוך אותם לתקן
04/18/23Prof. Ehud Gudes Security
Ch 1 32
תהליך ההפיכה לתקן
מירב עבודתן של ועדות התקינה נעשה דרךmailing lists
קבוצת העבודה (או אנשים פרטיים) רשאיםלהציע פרוטוקול
הפרוטוקול המוצע נכתב במסמך שנקרא internet-draft
04/18/23Prof. Ehud Gudes Security
Ch 1 33
תהליך ההפיכה לתקן )המשך(
-קבוצת העבודה מציעה תיקונים בdraft לאחר ., working group last call עובר draftשה-
– RFC(ואישור של ראשי התחומים הוא הופך ל-Request For Comments(
RFC הופך לתקן, כאשר קיימים שלושה ומתקשרים RFCמימושים שונים שממשים את ה-
)Interoperable(בינהם
04/18/23Prof. Ehud Gudes Security
Ch 1 34
חלק מהפרוטוקולים שנלמד הסמסטר הפכו במהלך השנה האחרונה. חלקם עדיין RFCsל-
Internet drafts ניתן למצוא את כל תוצריה של קבוצת העבודה
ב-IPSecשל http://www.ietf.org/html.charters/ipsec-
charter.html
תהליך ההפיכה לתקן )המשך(
04/18/23Prof. Ehud Gudes Security
Ch 1 35
System Security - Design Principles
Hard negative problem: show there is no way to get unauthorized access
No definitive way, but these techniques help:Economy of MechanismFail-safe DefaultsComplete MediationOpen DesignSeparation of PrivilegeLeast PrivilegeLeast Common MechanismPsychological Acceptability
04/18/23Prof. Ehud Gudes Security
Ch 2 36
Economy of Mechanism
Complexity -> many paths to accessSome lead to unauthorized accessComplexity means they won’t be noticed
Thus keep design as simple as possible*May enable formal verification of correctnessCertainly enables other forms of assuranceDefinitely reduces debugging costs
*The KISS technique: Keep It Simple, Stupid
04/18/23Prof. Ehud Gudes Security
Ch 1 37
Complete Mediation
Every access to every object must be checked
Access control in every aspect of operation, includinginitialization, recovery, shutdown, maintenance
Requires fool-proof method of authenticating source of all requests
Optimizations based on “remembering” access checks are suspectThink about what “remember password”
means
04/18/23Prof. Ehud Gudes Security
Ch 1 38
Open Design
Design should not be secretdepending on secret design is like depending
on an unchangeable passwordonce design secret leaks, security is lost
Public review discovers flawsPublic source allows users to verify
security to their own satisfactionOpen SourceTM allows people to fix &
propagate solutions without waiting for vendor
04/18/23Prof. Ehud Gudes Security
Ch 1 39
Separation of Privilege
Don’t grant permission based on a single condition 2 keys are better than one: One mistake doesn’t blow it
all Multiple keys is similar to replication for fault-tolerance
Example: Gaining root access in some Unix products requires two conditions to be metUser knows root passwordUser belongs to a specific group of root users
04/18/23Prof. Ehud Gudes Security
Ch 1 40
Least Privilege
Users and programs should run with the least privilege necessary to do the jobLimits potential damage when faults
occurMinimizes # of interactions among
privileged programs, reducing # of access paths
04/18/23Prof. Ehud Gudes Security
Ch 1 41
Least Common Mechanism
Minimize implementation shared among principals Shared implementation is a potential information flow
channel Shared implementation must be verified to satisfy all
users
Example: Implement a new function as a procedure to be shared by all users, oras a library routine, effectively making it
individual to the user.
04/18/23Prof. Ehud Gudes Security
Ch 1 42
Psychological Acceptability
Security mechanisms must be easy to use, or will be circumventedPreferably automatically used
Preferably mechanisms should match user’s view of their protection goalsIf user must translate goals, will likely
make mistakesDifficult, because users views are rarely
an accurate reflection of users needs
04/18/23Prof. Ehud Gudes Security
Ch 1 43
Compromise Recording
If you can’t reliably prevent intrusion, try to reliably detect and record intrusion, e.g.unbreakable lock on weak cabinet: next
legitimate user can detect intrusion because cabinet will be damaged
unalterable time-stamp on files
Problem: Can successful attack alter logs?
04/18/23Prof. Ehud Gudes Security
Ch 1 44
Technical Underpinnings
... or “So how do you do all that?”Bottom-up study:
Study example systems, look for insightsSuitable to a problem that still uses ad hoc
solutions; no generalized theory availableTrue in 1975, still true in 2011…