security engineering lecture notes (1/6)

고려대학교 정보보호대학원

마스터 제목 스타일 편집


보안공학이란?

(Security Engineering)



2

Who am I?



4

사이버국방학과



6

SANE Lab. – Smart TV Hacking @ CanSecWest 2013 -

CanSecWest 2013



7

(CanSecWest 2013)

SANE Lab. – Smart TV Hacking @ CanSecWest 2013 -



8

Black Hat 2013

SANE Lab. – Smart TV Hacking @ Black Hat 2013 -



9




10

(Black Hat 2013)




11

SANE Lab. – Smart TV Security Evaluation Criteria @ ICCC 2014 -



12

SANE Lab. – Smart TV Forensic @ Digital Investigation 2014 -


마스터 제목 스타일 편집 SANE Lab. - HARU (www.h4ru.com) -

(Founder : 김승주, 2011년)


마스터 제목 스타일 편집 SANE Lab. - SECUINSIDE (www.secuinside.com) -

(Founder : 김승주, 2011년)



15

Information Assurance & SE



16

Information Assurance (정보보증) ?



17




18




19




20




21




22

Information Security Protecting information and information systems

from unauthorized access, use, disclosure, disruption, modification, or destruction.

Information Assurance Originated in the U.S. DoD in the late 1990's. Validating that the information is authentic,

trustworthy, and accessible. IA is more than just IS!

Also includes reliability and emphasizes strategic risk management over tools and tactics.

In short words one may say that IA is a comprehensive and systematic management of InfoSec.




23

Dependability = Reliability (Accidental Failures) + Security (Intentional Failures)

Reliability and security are often strongly correlated in practice

Dependability in a Nutshell



24

Fault Prevention

Fault Tolerance

Fault Detection & Removal

Fault Forecasting

The Means to Attain Dependability



25

Critical Infrastructures

Infrastructure systems for which continuity is so important that loss, significant interruption or degradation of service would have grave social consequences.

(Source : National Infrastructure Security Coordination Center, UK)

Why We Need Dependability?



26

Critical Infrastructures

Power generation and distribution Oil and gas refining and distribution Water and waste systems Chemical processing and transport Manufacturing Telecommunications Banking

Why We Need Dependability?



27

First defined in1968 by the NATO Science Committee

50 software experts met to solve the software crisis

defined software engineering as “the application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software”

S/W Engineering



28

Security engineering is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts.

It is similar to other systems engineering activities in that its primary motivation is to support the delivery of engineering solutions that satisfy pre-defined functional and user requirements,

but with the added dimension of preventing misuse and malicious behavior. These constraints and restrictions are often asserted as a security policy.

(by Wikipedia)

Security Engineering (보안공학) ?



29

Security engineering is about building systems to remain dependable in the face of malice, error and mischance. As a discipline, it focuses on the tools, processes and methods needed to design, implement and test complete systems, and to adapt existing systems as their environment evolves.

(by Ross Anderson)

Security Engineering (보안공학) ?



30

Nearly every company/organization utilizes network security infrastructure (e.g. Firewalls, IDS, etc).

But very small number of them invest in application security strategy, design, and code review services.

Consequently, security flaws are identified

only at the later stages of the application lifecycle. And thus

Much greater cost to fix High maintenance cost …

Goal



31

Thus, there must be a transition to a more stringent repeatable software development process that greatly focuses on security.

Goal : minimize the number of security vulnerabilities in design, implementation, and documentation.

Identify and remove vulnerabilities in the development lifecycle as early as possible!!!

Goal



32

Policy

Mechanisms

Assurance Level of Trust that it really does!

How to Accomplish a Goal : 4 Steps



33

Policy Assurance : Evidence establishing security requirements in policy is complete, consistent, technically sound.

Security Objectives : High-level security issues

Security Requirements : Specific, concrete issues

Design assurance : Evidence establishing

design sufficient to meet requirements of security policy.




34

Implementation Assurance : Evidence establishing implementation consistent with security requirements of security policy.

Operational Assurance : Evidence establishing system sustains the security policy requirements during installation, configuration, and day-to-day operation. Also called ‘Administrative Assurance’.




35


Security requirements

Design

Implementation

1

32

4

Assurancejustification

Design andimplementationrefinement



36

Key Points

Assurance is critical for determining trustworthiness of systems.

Different levels of assurance, from informal evidence to rigorous mathematical evidence.

Assurance needed at all stages of system life cycle.




37

Case Study - Importance of Policy Assurance -



38

망 분리란?

업무망 인터넷망



39

정보통신망 이용촉진 및 정보보호 등에 관한 법률 시행령

개인정보 보호법 시행령

금융전산 망분리 가이드라인 등

망 분리 관련 법



40

정보통신망법 시행령) 전년도 말 기준 직전 3개월간 그 개인정보가 저장·관리되고 있는 이용자 수가 일일평균 100만명 이상이거나 정보통신서비스 부문 전년도(법인인 경우에는 전 사업연도를 말한다) 매출액이 100억원 이상인 정보통신서비스 제공자

금융전산 망분리 가이드라인) 전산센터 망분리는 ‘14년말까지 완료하고, 본점·영업점은 단계적으로 추진 (은행 ‘15년말, 그외 ‘16년말까지)

망 분리 의무화 대상



41

망 분리 구축 방식

(출처: 정현석, “국내 망분리 관련 현황”, Shared IT, 2014.6.17)



42

망 분리 과연 안전한가? - 기술면 -



43




44




45




46

망 분리 과연 안전한가? - 정책면 -




47


Cloud

망 분리 과연 안전한가? - 정책면 -



48

외국은?

기밀자료 유통망

일반 업무자료 유통망

(인터넷)



49

외국은?

기밀자료 유통망

일반 업무자료 유통망

(인터넷)

Cloud



50

해결책은?



51

Case Study - Importance of Security Evaluation -



52

“A few lines of code can wreak more havoc than a bomb.”

- Tom Ridge

(Former) Secretary of the U.S. Department of Homeland Security



53

Test Tools, Processes, and Methods

Crypto algorithms implemented in security products

“Algorithm”

H/W Security, EMI/EMC, etc.

Various security functions of IT security product

“Product”

Identification & Authentication function, etc.

“Module”

“System” Limitations of CC (1) : Integration issues of component TOEs may not be adequately evaluated and should be evaluated by another means.

“Environment” Limitations of CC (2) : The evaluation takes place in a laboratory, not the operational environment.

CAVP Cryptographic Algorithm Validation Program

CMVP(FIPS140-2) ISO/IEC 19790 Cryptographic Module Validation Program

NIAP(CC)

ISO/IEC 15408 National Information Assurance Program

DITSCAP DoD IT Security Certification and Accreditation Program

NIST C&A Certification and Accreditation



54

Design

Implement Adapt

Test Tools, Processes, and Methods



55

A process for evaluating and certifying that the security functions of IT product(H/W, F/W, S/W) are implemented effectively and correctly.

For this, checking if a developer 1) follows the software engineering process,

and 2) makes a product secure against all known

vulnerabilities.

Security Evaluation in a Nutshell



56




vulnerabilities.




57

Printer Fax Copier Scanner MFP

= + + +

(e.g.) MFP



58

FAX board ▶ Extension telephone socket (Ext) ▶ Telephone line socket

▶ USB port

▶ Network port (RJ45)

▶ Storage (Hard disk)

Power ▶ Power switch ▶ Power receptacle ▶ Power jack

(e.g.) MFP



59

(e.g.) MFP



60

(e.g.) MFP



61



and -> “Reliability” 2) makes a product secure against all known

vulnerabilities.




62




vulnerabilities. -> “Security”




63

Security Require-ments

Functional Descrip-

tion

High-Level Design

Source Code/

H/W plan

Implementation

Document Verification (Checking Design Errors. Evaluate specifications and traceability of security functions)

Functional Testing (Correspondence Analysis between the High-Level Design and the Low-Level Design & Integration Tesing)

+ Vulnerability Analysis




64

By the end of the course, you should be able to tackle an information protection problem by drawing up a threat model, formulating a security policy, and designing specific protection mechanisms to implement the policy.

Objectives



65

Textbook (Main)



66

Textbook (Sub)



67

Textbook (Sub)



68

SECURITY IS NOT A PRODUCT

BUT A

PROCESS




보안공학이란?

(Security Engineering)