Lecture 2: Security Principles

• Slides
• Playlist (length: 1:05:59)

Don’t Blame the Users

To make sure everyone is watching lectures, please click this link to fill out a form for extra credit.

Security is Economics

True or false: As long as the data on my computer is not worth enough money to an attacker, I don't need to worry about attackers stealing my data.

False. An attacker might not spend $1 million to launch an attack on me, but many weaker attacks are very cheap or even free. However, the value of my data might determine how much money I want to spend to secure my computer.

Prevention

Detection, Defense in Depth

True or false: It is possible to create a detector with a 0% false negative rate.

True. Just have the detector alert every time. However, this would be a very useless detector (imagine a fire alarm that sounds off 24 hours a day).

In practice, do we prefer combining two independent detectors in parallel (either detector can alert) or in series (both detectors must alert)?

It depends on the cost of false negatives and false positives. For example, if I’m building a fire alarm, I might prefer to combine detectors in parallel, because a false negative (the building burns down) is much worse than a false positive (everyone has to evacuate).

Password Authentication

Two-factor authentication is often described as requiring a combination of something the user knows, something the user has, and something the user is. What are some examples of each factor?

Something the user knows: a password, the answer to a security question (what was the name of your first pet?).

Something the user has: their phone, their credit card.

Something the user is: their fingerprint, their face.

Measuring Attacker Capabilities

What is rubber-hose cryptanalysis?

Instead of trying to cut through the safe, convince someone to give you the password. The comic from the slides: https://xkcd.com/538/

Least Privilege

What are some examples of least privilege that the CS 161 staff might use?

Only the head TA or professor has the ability to submit final grades. Only TAs responsible for writing the exam can see the exam solutions.

Trusted Computing Base (TCB)

Ensuring Complete Mediation

More Security Principles

Suppose the TAs decide to use a secret page on the website, https://cs161.org/secret-solutions, to store assignment solutions. Which security principle does this violate?

Security through obscurity. If the attacker gains knowledge of how our website is designed, they would gain access to all the assignment solutions too. A better implementation would be to make these solutions password-protected. Now, even if the attacker learns the entire source code of the website, if they don’t have the password, they cannot access the solutions.

Which security principle is violated by rubber-hose cryptanalysis?

A system is only as secure as its weakest link. A million-dollar safe is useless if someone will tell you the combination.

Time of Check to Time of Use (TOCCTOU)

After finishing this lecture, you should be able to complete Q3 on Homework 1.