• Aucun résultat trouvé

Computer Science Security Introduction

N/A
N/A
Protected

Academic year: 2022

Partager "Computer Science Security Introduction"

Copied!
51
0
0

Texte intégral

(1)

Computer Science Security Introduction

Pierre.Paradinas@cnam.fr

(2)

Les cours

Introduction et définitions Matrice d’accès

Politique de sécurité Sécurité et assurances

Critères communs Contrôle d’accès

Information flow

Sécurité physiques des composants

Exposés le 20 novembre

(3)

Sujet des exposés

1 à 2 personnes par groupe

Sujet ouvert : proposition à faire valider Sujets proposés :

BYOD : les solutions Bull/Thales de téléphone mobile

Sécurité dans la JVM (state of the art et statut actuel dans les naviagteurs) La sécurité des compteurs électriques et la protection de la vie privée

Un point précis sur la polémique PRISM (quels outils mis en oeuvre par les agences… quelle parade possible…)

Mozilla Social API For Firefox, Facebook Messenger Firs...

(4)

Computer Security

Introduction & definitions (Secure) Design Principles Modern issues in security Bibliography

(5)

Every day there is security issue !

(6)

Security a key issue

pervisory control and data acquisition) uxnet

Privacy issues

(7)

P. Paradinas - 2011

Exigences critiques sur les SEs

7

^O '+W'&V!,'(!'/.(P(Q'0'(!,&!-.)$/$'-!'0"1#%&'!

^ONO 'V$)'+/'(!/#$Q$%&'(!'Q!'V$)'+/'(!,'!%&1-$Q'!,'!('#\$/'!

2|^)2iJ2S!JI^`^zh2S!

-'!>541'5&!(&$B5+>!<#*0$('!<.&#!1'(!<#$+0$<5&A!('0>'&#(!G!

! 1'(! <#$+0$<5&A! '+D'&A! ,'! 0#$>$0$>*! 0.+0'#+*(! d(b#'>*! ,'! ;.+0>$.++'3'+>W! (*0&#$>*! ,'(!

<'#(.++'(!'>!,'(!4$'+(W!(*0&#$>*!,'!1V$+;.#35>$.+gW!!

! 15!<#*('+0'!,'!0.+>#5$+>'(!,'!>'3<(F#*'1W!<1&(!.&!3.$+(!o!,&#'(!pW!!

! 15!+*0'(($>*!.&!+.+!,'!3$('!'+!n&B#'!,'!(L(>Z3'(!,'!('0.&#(!d<15+(!,V&#/'+0'!.&W!<1&(!

($3<1'3'+>W!/'(>$.+!,V515#3'(g!'+!05(!,'!<5++'!o!05>5(>#.<H$%&'!pW!

! 1'!+$B'5&!,V'A$/'+0'!'+!>'#3'(!,'!0'#>$;$05>$.+W!

! 15!+5>&#'!,'(!+.#3'(!5((.0$*'(!5&A!<#.0'((&(!,'!,*B'1.<<'3'+>!d3.L'+(!3$(!'+!n&B#'W!

.4D'0>$;(!,'!#*(&1>5>(gX!

!

/3464<46>5!

(;<6;B3!

(l3;6>! (><B346>! (><B3O!$8i9!

/98637486;5!

6;KI5E3>;@!

);56498!?;!

I788;!<7675O!

'M4=;8<;!?;!

<;364i4<76498!

+93K;5!I39<;55B5!?;!

?>J;@9II;K;86!

R&>.3.4$1'! ! ! ! M&#'(! k&$!

:.L'++'!'+!

0#.$((5+0'!

d^Sk!?a?a?g!

:.L'+(!

N'##.B$5$#'! ! ! ! M&#'(! k&$! N.#>'! :.L'+(!

R*#.+5&>$%&'! ! ! ! M&#'(! k&$! N.#>'! k4D'0>$;(!

2(<50'! ! ! !

M&#'(!<.&#!1'(!

15+0'&#(W!

;5$41'(!<.&#!

1'(!(5>'11$>'(!

S'1.+!1'(!

5<<1$05>$.+(W!

515#3'(!5&!

3$+$3&3!

N.#>'!

k4D'0>$;(W!35$(!5B'0!

<#*0.+$(5>$.+!,'!

3.L'+(!

i&01*5$#'! ! ! ! M&#'(! k&$! N.#>'! k4D'0>$;(!

s+'#/$'!d<#.,&0>$.+W!,$(>#$4&>$.+W!

&>$1$(5>$.+g! ! ! ! M&#'(! R15#3'(! U5#$541'! !

Q#.,&0>$.+!$+,&(>#$'11'! ! ! ! S'1.+!

1'!<#.0*,*!

S'1.+!

1'!,5+/'#! U5#$541'! !

^+(>#&3'+>5>$.+!3*,$051'! ! ! ! :.L'++'(! R15#3'(! N.#>'! k4D'0>$;(!

"y>$3'+>!d,.3.>$%&'g! ! ! ! S'1.+!

1V5<<1$05>$.+! R15#3'(! N5$41'! !

`*1*0.3(! ! ! ! S'1.+!

1V5<<1$05>$.+! R15#3'(! U5#$541'!('1.+!

1'(!#*('5&A! :.L'+(!

s1'0>#.+$%&'!/#5+,!<&41$0! ! ! ! N5$41'(! i.+! N5$41'! !

-./$(>$%&'! ! ! ! N5$41'(! i.+! N5$41'! !

^+;#5(>#&0>&#'(!&#45$+'(! ! ! ! N5$41'(! R15#3'(! N5$41'! !

S*0&#$>*! ! ! ! :.L'++'(!\!

;.#>'(! R15#3'(! J#.$((5+>'! :.L'+(!

`#5+(50>$.+!*1'0>#.+$%&'! ! ! ! :.L'++'(! i.+! N.#>'! :.L'+(!

!

(8)

P. Paradinas - 2011

La qualité de services dans les SEs (1/2)

8 2|^)2iJ2S!M2!zhR-^`2!M2!S2IU^J2!

-'! >541'5&! 0$F,'((.&(! #*(&3'! 1'(! ;.+0>$.+(! \! %&51$>*! ,'! ('#B$0'! 1'(! <1&(! (.&B'+>! 0.+0'#+*'(!

,5+(!0H5%&'!('0>'&#!G!

! 3'(&#'!'>!0.33&+$05>$.+W!!

! $+>'#;50'!H.33'F350H$+'W!!

! #*/&15>$.+!'>!.<>$3$(5>$.+!,&!0.+;.#>!,V&+!.&!,'!<1&($'&#(!&>$1$(5>'&#(W!,V&+!<#.0*,*!.&!

<#.0'((&(!0.3<1'A'W!,'!15!0.+(.335>$.+!.&!,'!15!<#.,&0>$.+!,V*+'#/$'W!!

! %&51$>*!,'!('#B$0'!'+!>'#3'(!,'!,$(<.+$4$1$>*!'>!,'!<'#;.#35+0'(W!!

5$+($! %&'! 1'(! 1$3$>5>$.+(! /*#*'(! '>! 1'(! 1$'+(! '+>#'! ;.+0>$.+(! 0#$>$%&'(! '>! ;.+0>$.+(! \! %&51$>*! ,'!

('#B$0'X!

!

X98<64985!

I348<4I7@;5! -4K46764985!I348<4I7@;5! $86;37<64985!;863;!i98<64985!<3464LB;5!;6!

i98<64985!G!LB7@46>!?;!5;3J4<;!

(;<6;B3!

0;5B3;!;6!<9KKO! $R0! .I64KO!/98i936! .I64KO!H39<;55! .I64KO!*8;3=4;! %B7@46>!?;!5;3J4<;!

! !

R&>.3.4$1'! ! ! ! ! ! ! J.b>!,'(!0.3<.(5+>(!'>!

,&!1./$0$'1!

R&D.&#,VH&$!G!#*('5&A!'>!<#.0'(('&#(!

$+,*<'+,5+>(X!

^+>*#r>!\!;&($.++'#!,'35$+!v!

N'##.B$5$#'! ! ! ! ! ! !

i*0'(($>*!,V5((&#'#!0'(!

;.+0>$.+(!(5+(!

0.3<#.3'>>#'!15!

(*0&#$>*!

!

^1!;5&>!,*3.+>#'#!1V$+,*<'+,5+0'!'+>#'!1'(!

;.+0>$.+(!S!d0#$>$%&'g!'>!iS!di.+F0#$>$%&'g!

!!(*/#*/5>$.+!.&!,*B'1.<<'3'+>!,'(!

;.+0>$.+(!iS!5B'0!1'!+$B'5&!,'!(*0&#$>*!1'!

<1&(!*1'B*!!

R*#.+5&>$%&'! ! ! ! ! ! !

J.&>W!,&#*'!,'!B$'W!

0.+(.335>$.+!

*+'#/*>$%&'!'>!<.$,(!

^1!;5&>!,*3.+>#'#!1V$+,*<'+,5+0'!'+>#'!1'(!

;.+0>$.+(!S!d0#$>$%&'g!'>!iS!di.+F0#$>$%&'g!

!!(*/#*/5>$.+!.&!,*B'1.<<'3'+>!,'(!

;.+0>$.+(!iS!5B'0!1'!+$B'5&!,'!(*0&#$>*!1'!

<1&(!*1'B*!

2(<50'! ! ! ! ! ! !

Q.$,(!'>!41$+,5/'!,'(!

(L(>Z3'(!!!$3<50>!(&#!

1'(!<#.0'(('&#(!'>!15!

3*3.$#'!,$(<.+$41'!

Q#*,.3$+5+0'!,'(!;.+0>$.+(!1'(!<1&(!

0#$>$%&'(!do!(5;'>L!pg!5((&#*'!<5#!1'!

H5#,c5#'!

i&01*5$#'! ! ! ! ! ! !

J.&>!'>!,&#*'!,'!B$'!

d/'(>$.+!,'!

1V.4(.1'(0'+0'g!

!

s+'#/$'!d<#.,&0>$.+W!

,$(>#$4&>$.+W!&>$1$(5>$.+g! ! ! ! ! ! !

J.b>!d<#.,&0>$.+!'>!

$+(>5115>$.+gW!>5$11'W!

51$3'+>5>$.+!'>!

0.+(.335>$.+!

*+'#/*>$%&'!

-$3$>*'(!5&D.&#,VH&$W!35$(!15!05<50$>*!

,V$+>*/#'#!,'(!;.+0>$.+(!,'!<#.>'0>$.+W!

3'(&#'!'>!.<>$3$(5>$.+W!(5+(!<'#>'!,'!

0.+;$5+0'!B$(F\FB$(!,'(!;.+0>$.+(!0#$>$%&'(W!

'(>!&+!(&D'>!$3<.#>5+>!<.&#!1'!;&>&#!

Q#.,&0>$.+!$+,&(>#$'11'! ! ! ! ! ! ! ! !

^+(>#&3'+>5>$.+!3*,$051'! ! ! ! ! ! !

J.&>W!,&#*'!,'!B$'W!

0.+(.335>$.+!

*+'#/*>$%&'!

!

"y>$3'+>!d,.3.>$%&'g! ! ! ! ! ! !

J.b>!d<#.,&0>$.+!'>!

$+(>5115>$.+gW!>5$11'W!51$3X!

'>!0.+(.335>$.+! !

(9)

P. Paradinas - 2011 9

!

"#$%&'(!)*+*#$%&'(!,&!-./$0$'1!2345#%&*! ! !9?!7!89!

! !

2|^)2iJ2S!M2!zhR-^`2!M2!S2IU^J2!

-'! >541'5&! 0$F,'((.&(! #*(&3'! 1'(! ;.+0>$.+(! \! %&51$>*! ,'! ('#B$0'! 1'(! <1&(! (.&B'+>! 0.+0'#+*'(!

,5+(!0H5%&'!('0>'&#!G!

! 3'(&#'!'>!0.33&+$05>$.+W!!

! $+>'#;50'!H.33'F350H$+'W!!

! #*/&15>$.+!'>!.<>$3$(5>$.+!,&!0.+;.#>!,V&+!.&!,'!<1&($'&#(!&>$1$(5>'&#(W!,V&+!<#.0*,*!.&!

<#.0'((&(!0.3<1'A'W!,'!15!0.+(.335>$.+!.&!,'!15!<#.,&0>$.+!,V*+'#/$'W!!

! %&51$>*!,'!('#B$0'!'+!>'#3'(!,'!,$(<.+$4$1$>*!'>!,'!<'#;.#35+0'(W!!

5$+($! %&'! 1'(! 1$3$>5>$.+(! /*#*'(! '>! 1'(! 1$'+(! '+>#'! ;.+0>$.+(! 0#$>$%&'(! '>! ;.+0>$.+(! \! %&51$>*! ,'!

('#B$0'X!

!

X98<64985!

I348<4I7@;5! -4K46764985!I348<4I7@;5! $86;37<64985!;863;!i98<64985!<3464LB;5!;6!

i98<64985!G!LB7@46>!?;!5;3J4<;!

(;<6;B3!

0;5B3;!;6!<9KKO! $R0! .I64KO!/98i936! .I64KO!H39<;55! .I64KO!*8;3=4;! %B7@46>!?;!5;3J4<;!

! !

R&>.3.4$1'! ! ! ! ! ! ! J.b>!,'(!0.3<.(5+>(!'>!

,&!1./$0$'1!

R&D.&#,VH&$!G!#*('5&A!'>!<#.0'(('&#(!

$+,*<'+,5+>(X!

^+>*#r>!\!;&($.++'#!,'35$+!v!

N'##.B$5$#'! ! ! ! ! ! !

i*0'(($>*!,V5((&#'#!0'(!

;.+0>$.+(!(5+(!

0.3<#.3'>>#'!15!

(*0&#$>*!

!

^1!;5&>!,*3.+>#'#!1V$+,*<'+,5+0'!'+>#'!1'(!

;.+0>$.+(!S!d0#$>$%&'g!'>!iS!di.+F0#$>$%&'g!

!!(*/#*/5>$.+!.&!,*B'1.<<'3'+>!,'(!

;.+0>$.+(!iS!5B'0!1'!+$B'5&!,'!(*0&#$>*!1'!

<1&(!*1'B*!!

R*#.+5&>$%&'! ! ! ! ! ! !

J.&>W!,&#*'!,'!B$'W!

0.+(.335>$.+!

*+'#/*>$%&'!'>!<.$,(!

^1!;5&>!,*3.+>#'#!1V$+,*<'+,5+0'!'+>#'!1'(!

;.+0>$.+(!S!d0#$>$%&'g!'>!iS!di.+F0#$>$%&'g!

!!(*/#*/5>$.+!.&!,*B'1.<<'3'+>!,'(!

;.+0>$.+(!iS!5B'0!1'!+$B'5&!,'!(*0&#$>*!1'!

<1&(!*1'B*!

2(<50'! ! ! ! ! ! !

Q.$,(!'>!41$+,5/'!,'(!

(L(>Z3'(!!!$3<50>!(&#!

1'(!<#.0'(('&#(!'>!15!

3*3.$#'!,$(<.+$41'!

Q#*,.3$+5+0'!,'(!;.+0>$.+(!1'(!<1&(!

0#$>$%&'(!do!(5;'>L!pg!5((&#*'!<5#!1'!

H5#,c5#'!

i&01*5$#'! ! ! ! ! ! !

J.&>!'>!,&#*'!,'!B$'!

d/'(>$.+!,'!

1V.4(.1'(0'+0'g!

!

s+'#/$'!d<#.,&0>$.+W!

,$(>#$4&>$.+W!&>$1$(5>$.+g! ! ! ! ! ! !

J.b>!d<#.,&0>$.+!'>!

$+(>5115>$.+gW!>5$11'W!

51$3'+>5>$.+!'>!

0.+(.335>$.+!

*+'#/*>$%&'!

-$3$>*'(!5&D.&#,VH&$W!35$(!15!05<50$>*!

,V$+>*/#'#!,'(!;.+0>$.+(!,'!<#.>'0>$.+W!

3'(&#'!'>!.<>$3$(5>$.+W!(5+(!<'#>'!,'!

0.+;$5+0'!B$(F\FB$(!,'(!;.+0>$.+(!0#$>$%&'(W!

'(>!&+!(&D'>!$3<.#>5+>!<.&#!1'!;&>&#!

Q#.,&0>$.+!$+,&(>#$'11'! ! ! ! ! ! ! ! !

^+(>#&3'+>5>$.+!3*,$051'! ! ! ! ! ! !

J.&>W!,&#*'!,'!B$'W!

0.+(.335>$.+!

*+'#/*>$%&'!

!

"y>$3'+>!d,.3.>$%&'g! ! ! ! ! ! !

J.b>!d<#.,&0>$.+!'>!

$+(>5115>$.+gW!>5$11'W!51$3X!

'>!0.+(.335>$.+!

*+'#/*>$%&'!

!

`*1*0.3(! ! ! ! ! ! !

J.b>(W!<'#;.#35+0'(W!

51$3X!*+'#/*>$%&'!,5+(!

1'(!<5L(!*3'#/'+>(!

S*0&#$>*!$+;.!<.&#!>.&>'(!;.+0>$.+(!

!

"#$%&'(!)*+*#$%&'(!,&!-./$0$'1!2345#%&*! ! !99!7!89!

! !

X98<64985!

I348<4I7@;5! -4K46764985!I348<4I7@;5! $86;37<64985!;863;!i98<64985!<3464LB;5!;6!

i98<64985!G!LB7@46>!?;!5;3J4<;!

(;<6;B3!

0;5B3;!;6!<9KKO! $R0! .I64KO!/98i936! .I64KO!H39<;55! .I64KO!*8;3=4;! %B7@46>!?;!5;3J4<;!

! !

s1'0>#.+$%&'!/#5+,!<&41$0! ! ! ! ! ! ! J.b>(! S*0&#$>*!$+;.!<.&#!>.&>'(!;.+0>$.+(!

-./$(>$%&'! ! ! ! ! ! ! ! S*0&#$>*!$+;.!<.&#!>.&>'(!;.+0>$.+(!

^+;#5(>#&0>&#'(!&#45$+'(! ! ! ! ! ! ! ! S*0&#$>*!$+;.!<.&#!>.&>'(!;.+0>$.+(!

S*0&#$>*! ! ! ! ! ! ! ! S*0&#$>*!$+;.!<.&#!>.&>'(!;.+0>$.+(!

`#5+(50>$.+!*1'0>#.+$%&'! ! ! ! ! ! ! ! S*0&#$>*!$+;.!<.&#!>.&>'(!;.+0>$.+(W!

/'(>$.+!,'!15!0.+;$5+0'!

!

^OUO 1+1-P('!'Q!/.+/-&($.+(!

-'(! >541'5&A! <#*0*,'+>(! ;.+>! 5<<5#5m>#'! ,'(! <.$+>(! 0.33&+(! '>! ,'(! ,$;;*#'+0'(! ;.#>'(! '+>#'!

('0>'&#(W!5B'0!,'(!0.+(*%&'+0'(!>5+>!0H'P!1'(!$+>*/#5>'&#(!,'!(L(>Z3'(!/1.45&A!d'+!>'#3'(!,'!

0.3<*>'+0'(! '>! ,'! <#.0'((&(! ,'! ,*B'1.<<'3'+>gW! %&'! 0H'P! 1'(! *%&$<'3'+>$'#(W! (.0$*>*(! ,'!

('#B$0'!'>!*,$>'&#(!,'!1./$0$'1(!$3<1$%&*(!,5+(!1'(!,$;;*#'+>(!('0>'&#(!5<<1$05>$;(X!

2|^)2iJ2S!JI^`^zh2S!

-V$3<.#>5+0'!;.#>'!'+!N#5+0'!,'!,$;;*#'+>(!('0>'&#(!(.&3$(!\!,'(!'A$/'+0'(!0#$>$%&'(!'+!>'#3'(!

,'!5l3;6>! ?;! i98<64988;K;86! '>! ,'!5><B346>! ?;5! I;35988;5! ;6! ?;5! h4;85! 5! '&! <.&#! ';;'>! 1'!

,*B'1.<<'3'+>! ,'! >'0H+$%&'(! $++.B5+>'(! '>! ,'! 0.3<*>'+0'(! ,5+(! 1'! ,.35$+'! 505,*3$%&'W!

0H'P! 1'(! *,$>'&#(! ,'! 1./$0$'1(! '>W! ,'! 35+$Z#'! <1&(! $+*/51'W! 5&! ('$+! ,'(! /#5+,(! /#.&<'(X! J'>>'!

5B5+0'!'(>!0'<'+,5+>!\!0.+>#5(>'#!\!,'&A!;50>'&#(!,'!;5$41'(('!G!

! S$!,5+(!15!<1&<5#>!,'(!('0>'&#(!0.+0'#+*(!d5&>.3.4$1'W!;'##.B$5$#'W!5*#.+5&>$%&'W!'(<50'W!

+&01*5$#'W! *+'#/$'W! >*1*0.3(gW! ,'! /#5+,(! /#.&<'(! <#*,.3$+'+>! <5#3$! 1'(! $+>*/#5>'&#(! '>!

1'(! (.&(F>#5$>5+>(! ,'! #5+/! 6W! 1'(! Q:2! (.+>! 4'5&0.&<! <1&(! +.34#'&('(! <5#3$! 1'(! (.&(F

>#5$>5+>(! ,'! #5+/! (&<*#$'&#! '>! 1'(! 0.3<*>'+0'(! (.&B'+>! >#.<! 3.#0'1*'(! <.&#! 4*+*;$0$'#!

,'(!(L+'#/$'(!'+>#'!('0>'&#(X!

! -5! >'+($.+! '+>#'! 35m>#$('! ,'(! 0.b>(! '>! 'A$/'+0'(! ,'! 0'#>$;$05>$.+! +'! (V'A<#$3'! <5(! ,'!

35+$Z#'! H.3./Z+'! (&#! 1V'+('341'! ,'! 0'(! ('0>'&#(X! M5+(! 1'! 0.+>'A>'! *B.%&*! 5&! <.$+>!

<#*0*,'+>W! 0'>>'! ,$;;*#'+0'! 5! <.&#! 0.+(*%&'+0'! &+'! 3.$+,#'! 5(($3$15>$.+! ,'(!

>'0H+.1./$'(! ,'! (b#'>*! '>! (*0&#$>*! ,5+(! 1'(! ('0>'&#(! ,V'A$/'+0'! 3.L'++'! .&! B5#$541'W!

0.33'!1V*+'#/$'!'>!1'(!>*1*0.3(W!<5#!'A'3<1'X!

-'! #'+;.#0'3'+>! ,'(! (L+'#/$'(! '>! 1'! ,*B'1.<<'3'+>! ,'! 4#$%&'(! >'0H+.1./$%&'(! '>! ,V.&>$1(!

15#/'3'+>!#*&>$1$(541'(!,V&+!('0>'&#!\!1V5&>#'!d'>!0'#>$;$*(!5&>5+>!%&'!<.(($41'g!<'#3'>>#5$>!,.+0!

d$g! 5&A! ;.&#+$(('&#(! ,'! >'0H+.1./$'! $++.B5+>(! ,V500#.m>#'! 1'&#! 35#0H*! d'>! ,.+0! ,'! /#5+,$#g! '>!

d$$g!5&A! /#5+,(! $+>*/#5>'&#(! ,'! #'+;.#0'#! 1'&#! 5B5+>5/'! 0.+0&##'+>$'1! '+! >'#3'(! ,'! (b#'>*! ,'!

;.+0>$.++'3'+>! '>! ,'! (*0&#$>*! ,'(! <'#(.++'(! '>! ,'(! 4$'+(X! -5! ,$(<.+$4$1$>*! ,'! 3$,,1'c5#'!

0'#>$;$*W!35(%&5+>!15!,*<'+,5+0'!5&!35>*#$'1!.&!;50$1$>5+>!15!0.'A$(>'+0'!,'!;.+0>$.+(!0#$>$%&'(!

'>! ,'! ;.+0>$.+(! \! %&51$>*! ,'! ('#B$0'! (&#! &+'! 3r3'! <15>'F;.#3'! 3&1>$F0n&#(W! '>! 1'!

,*B'1.<<'3'+>! ,V&+'! /533'! 0.H*#'+>'! ,V.&>$1(! ,'! ,*B'1.<<'3'+>W! ,V$+>*/#5>$.+W! ,'!

($3&15>$.+W!,'!B51$,5>$.+!'>!,'!/'(>$.+!,'!>'(>(W!(.+>!,'(!*1*3'+>(!01*(!\!0.+($,*#'#!,5+(!0'>>'!

<'#(<'0>$B'X!Q5#511Z1'3'+>!\!0'(!';;.#>(!,'!#'0H'#0H'!'>!,*B'1.<<'3'+>W!&+'!0..<*#5>$.+!<1&(!

X98<64985!

I348<4I7@;5! -4K46764985!I348<4I7@;5! $86;37<64985!;863;!i98<64985!<3464LB;5!;6!

i98<64985!G!LB7@46>!?;!5;3J4<;!

(;<6;B3!

0;5B3;!;6!<9KKO! $R0! .I64KO!/98i936! .I64KO!H39<;55! .I64KO!*8;3=4;! %B7@46>!?;!5;3J4<;!

! !

s1'0>#.+$%&'!/#5+,!<&41$0! ! ! ! ! ! ! J.b>(! S*0&#$>*!$+;.!<.&#!>.&>'(!;.+0>$.+(!

-./$(>$%&'! ! ! ! ! ! ! ! S*0&#$>*!$+;.!<.&#!>.&>'(!;.+0>$.+(!

^+;#5(>#&0>&#'(!&#45$+'(! ! ! ! ! ! ! ! S*0&#$>*!$+;.!<.&#!>.&>'(!;.+0>$.+(!

S*0&#$>*! ! ! ! ! ! ! ! S*0&#$>*!$+;.!<.&#!>.&>'(!;.+0>$.+(!

`#5+(50>$.+!*1'0>#.+$%&'! ! ! ! ! ! ! ! S*0&#$>*!$+;.!<.&#!>.&>'(!;.+0>$.+(W!

/'(>$.+!,'!15!0.+;$5+0'!

!

^OUO 1+1-P('!'Q!/.+/-&($.+(!

-'(! >541'5&A! <#*0*,'+>(! ;.+>! 5<<5#5m>#'! ,'(! <.$+>(! 0.33&+(! '>! ,'(! ,$;;*#'+0'(! ;.#>'(! '+>#'!

('0>'&#(W!5B'0!,'(!0.+(*%&'+0'(!>5+>!0H'P!1'(!$+>*/#5>'&#(!,'!(L(>Z3'(!/1.45&A!d'+!>'#3'(!,'!

0.3<*>'+0'(! '>! ,'! <#.0'((&(! ,'! ,*B'1.<<'3'+>gW! %&'! 0H'P! 1'(! *%&$<'3'+>$'#(W! (.0$*>*(! ,'!

('#B$0'!'>!*,$>'&#(!,'!1./$0$'1(!$3<1$%&*(!,5+(!1'(!,$;;*#'+>(!('0>'&#(!5<<1$05>$;(X!

2|^)2iJ2S!JI^`^zh2S!

-V$3<.#>5+0'!;.#>'!'+!N#5+0'!,'!,$;;*#'+>(!('0>'&#(!(.&3$(!\!,'(!'A$/'+0'(!0#$>$%&'(!'+!>'#3'(!

,'!5l3;6>! ?;! i98<64988;K;86! '>! ,'!5><B346>! ?;5! I;35988;5! ;6! ?;5! h4;85! 5! '&! <.&#! ';;'>! 1'!

,*B'1.<<'3'+>! ,'! >'0H+$%&'(! $++.B5+>'(! '>! ,'! 0.3<*>'+0'(! ,5+(! 1'! ,.35$+'! 505,*3$%&'W!

0H'P! 1'(! *,$>'&#(! ,'! 1./$0$'1(! '>W! ,'! 35+$Z#'! <1&(! $+*/51'W! 5&! ('$+! ,'(! /#5+,(! /#.&<'(X! J'>>'!

5B5+0'!'(>!0'<'+,5+>!\!0.+>#5(>'#!\!,'&A!;50>'&#(!,'!;5$41'(('!G!

! S$!,5+(!15!<1&<5#>!,'(!('0>'&#(!0.+0'#+*(!d5&>.3.4$1'W!;'##.B$5$#'W!5*#.+5&>$%&'W!'(<50'W!

+&01*5$#'W! *+'#/$'W! >*1*0.3(gW! ,'! /#5+,(! /#.&<'(! <#*,.3$+'+>! <5#3$! 1'(! $+>*/#5>'&#(! '>!

1'(! (.&(F>#5$>5+>(! ,'! #5+/! 6W! 1'(! Q:2! (.+>! 4'5&0.&<! <1&(! +.34#'&('(! <5#3$! 1'(! (.&(F

>#5$>5+>(! ,'! #5+/! (&<*#$'&#! '>! 1'(! 0.3<*>'+0'(! (.&B'+>! >#.<! 3.#0'1*'(! <.&#! 4*+*;$0$'#!

,'(!(L+'#/$'(!'+>#'!('0>'&#(X!

! -5! >'+($.+! '+>#'! 35m>#$('! ,'(! 0.b>(! '>! 'A$/'+0'(! ,'! 0'#>$;$05>$.+! +'! (V'A<#$3'! <5(! ,'!

35+$Z#'! H.3./Z+'! (&#! 1V'+('341'! ,'! 0'(! ('0>'&#(X! M5+(! 1'! 0.+>'A>'! *B.%&*! 5&! <.$+>!

<#*0*,'+>W! 0'>>'! ,$;;*#'+0'! 5! <.&#! 0.+(*%&'+0'! &+'! 3.$+,#'! 5(($3$15>$.+! ,'(!

>'0H+.1./$'(! ,'! (b#'>*! '>! (*0&#$>*! ,5+(! 1'(! ('0>'&#(! ,V'A$/'+0'! 3.L'++'! .&! B5#$541'W!

0.33'!1V*+'#/$'!'>!1'(!>*1*0.3(W!<5#!'A'3<1'X!

-'! #'+;.#0'3'+>! ,'(! (L+'#/$'(! '>! 1'! ,*B'1.<<'3'+>! ,'! 4#$%&'(! >'0H+.1./$%&'(! '>! ,V.&>$1(!

15#/'3'+>!#*&>$1$(541'(!,V&+!('0>'&#!\!1V5&>#'!d'>!0'#>$;$*(!5&>5+>!%&'!<.(($41'g!<'#3'>>#5$>!,.+0!

d$g! 5&A! ;.&#+$(('&#(! ,'! >'0H+.1./$'! $++.B5+>(! ,V500#.m>#'! 1'&#! 35#0H*! d'>! ,.+0! ,'! /#5+,$#g! '>!

d$$g!5&A! /#5+,(! $+>*/#5>'&#(! ,'! #'+;.#0'#! 1'&#! 5B5+>5/'! 0.+0&##'+>$'1! '+! >'#3'(! ,'! (b#'>*! ,'!

;.+0>$.++'3'+>! '>! ,'! (*0&#$>*! ,'(! <'#(.++'(! '>! ,'(! 4$'+(X! -5! ,$(<.+$4$1$>*! ,'! 3$,,1'c5#'!

0'#>$;$*W!35(%&5+>!15!,*<'+,5+0'!5&!35>*#$'1!.&!;50$1$>5+>!15!0.'A$(>'+0'!,'!;.+0>$.+(!0#$>$%&'(!

(10)

Computer Security

Introduction & Definitions (Secure) Design Principles Modern issues in security Bibliography

(11)

Computer Science Security Definitions

Basics and definitions about confidentiality, integrity and availability About threats

Policy and mechanisms Assumptions and trust Assurance

From specifications to the program

(12)

Basics

A system provides features. The threats may corrupt the system Security protects the system against threats

Security is based on policies and mechanisms System security analyzing improves security Security is also related to trust

Human beings are part of the system and generally the weakest link !

(13)

Basic security properties

Confidentiality Integrity

Availability

These properties are different and related to the system context

(14)

Basic security properties: confidentiality

Confidentiality is the feature of information where it have to be keep “secret”

and not to be “revealed”

Examples:

secret key involved in a cryptographic protocol information “reserved” to a group of person password

...

(15)

Basic security properties: integrity

Integrity is a feature of information where there is trust on the data (or resources) in term of alterations/modifications (data integrity) and on data origin (origin integrity some time call authentication)

Examples:

In a operating system, “user management” must be based on integrity. Only

“user” authorized may change the rules and authorization attached to a user In a fund transfer integrity is on the amount, origin and destination

Integrity Mechanisms:

Prevention (how to protect )

Detection (how to detect if an information was altered)

(16)

Basic security properties: availability

Availability refers to the possibility to use data or resources of a system

Availability is part of the security issues as if some one establish conditions where the data or resources of a system are no longer available for a normal use it causes a “deny of access”

Examples:

DOS on Internet are well known

If a bank network is not available the day before Christmas then many

commercial transactions will be impossible or done without “confirmation”

from the bank

The system design (statical, expected pattern, parameters,...) defines a usage model, if it fails we enter in DOS

DOS detection is very complex task

(17)

Threats/Attacks

A threat is a potential violation of security. When the violation occurs, it is an attack. The attacks are performed by attackers

A system must be prepared to prevent attacks and executes countermeasures 4 large classes of threat:

Disclosure (non authorized information are revealed) Deception (acceptance of false data)

Disruption (interruption of operation)

Usurpation (non authorized control of the system)

(18)

Different threats

Snooping (wiretapping, passive wiretapping) Modification

Masquerade Delegation

Repudiation of origin Denial of receipt

DOS

(19)

Policy and mechanism

Definition: A security policy is a statement of what is, and what is not allowed A security policy specifies “secure” and “non secure” states and actions

Definition: A security mechanism is a method, tool, or procedure for enforcing a security policy

A security policy can (must) be defined by mathematical and formal technics Example:

Change its password is allowed for an entity

Request a proof of an identity before to accept to change a password is a security mechanism

(20)

Goals of policy and mechanism

For a given security policy security mechanisms can:

Prevent

In this case attacks fail, attacks are not efficient,

Detect

The mechanism is able to detect that attacks are performed, detected and have to be reported

Recovery

Is the set of actions necessary to put in place to reach and establish a new “secure state”

of the system

(21)

Assumptions and Trust

Security is based on assumptions:

Policy splits system states in two part with no ambiguity: “secure” and

“non-secure”

Mechanism prevent to move from “secure” state to “non secure” state If one of these assumptions are false then the system is non secure

Let P the set of system states. Let Q the set of system secure state. Let R the set of reduced system states by the mechanisms (R ≤ P).

A security mechanism is secure if R ≤ Q A security mechanism is precise if R = Q

A security mechanism is broad if there are state r R et r Q

(22)

P. Paradinas - 2013

Security and Precision (R=P)

ACCESS CONTROL MECHANISMS 201

FIGURE 4.4 Security and precision.

All States

Authorized States

S (given policy)

Unauthorized States

Reachable States (given mechanism)

Secure' R c p Precise: R = P

systems whose security can be verified. Finally, we shall examine theoretical ques- tions related to proving properties about the transfer of rights in abstract models.

4.2.2 Reliability and Sharing

Protection mechanisms enforce policies of controlled sharing and reliability. Sev- eral levels of sharing are possible:

o

2.

No sharing at all (complete isolation).

Sharing copies of data objects.

22

(23)

Assumptions and Trust

In real word, mechanisms are broad

Trust in mechanisms requires assumptions:

Each mechanism implement one or more part of the security policy The union of mechanisms implements the all policy

The mechanism are correctly implemented, installed and managed during the life cycle of the system

(24)

Insurance

Trust is difficult to evaluate ? How much you trust a system ?

How you develop your system provides an assurance level of the trust in the system

A system is said to satisfy a specification if the specification correctly states how the system will work.

(25)

Specification

Specifications are a precise statement of the system behaviors It describe what the system is allow to do (and not to do)

The specification may be formal (based on mathematical or formal language) or informal (set of phrases) description

The level of description may be different (low or high level language description)

The specification are not only relevant to security function but on the system itself

Use the same formalism is challenging and benefit for the system Security is a non functional property

(26)

Design and implementation

The design of a system transforms the specification into a component that will implement them

The design is said to satisfy the specifications, in any cases, the design will not permit the system to violate the specification

The design implementation realizes the functions (execute the “system functions”)

On CS it is a program executable on an engine

By transitivity an implementation satisfy a system specification A program is correct if it implementation performs as specified

Proof of program is very complex and difficult to do !

As correctness is a big issue, a posteriori technics like verification of the

(27)

Operational issues and others points

Cost benefit analysis Risk analysis

Laws and customs (cryptography) Certifications

Organizational problems People problems

inside and outside

(28)

Not so simple

The different notions are

“interleaved” and nested System is in “real word”

and the word changes ! The cost of security have to be compared with the system (and threats) costs

Threats/Attacks

Policy/Requirements Specification

Design

Implementation

Operation

(29)

From D. Denning books

DATA SECURITY 5

modification and injection of false messages by making it infeasible for an oppo- nent to create ciphertext that deciphers into meaningful plaintext. Note, however, that whereas it can be used to detect message modification, it cannot prevent it.

Encryption alone does not protect against replay, because an opponent could simply replay previous ciphertext. Cryptographic techniques for protecting against this problem are discussed in Chapter 3. Although encryption cannot prevent message deletion, the cryptographic techniques discussed in Chapter 3 can detect deletions of blocks or characters within a message stream. Deletion of entire mes- sages can be detected with communication protocols that require message acknowledgment.

FIGURE 1.4 Threats to data stored in computer systems.

Computer system

overwriting modifying

replaying

browsing

P

classified data

"'"k__

confidential data

statistic

FT]

inserting

deleting

(30)

Computer Security

Introduction & Definitions (Secure) Design Principles Modern issues in security

Bibliography

(31)

Design principles

As in all system design phase is essential

In security, following principles avoid some classical mistakes, errors, ... the principles are not an insurance but may help !

The principles

The principle of Least Privilege states that a subject should be given only those privileges that it needs in order to complete its task

Program or process have only access to their data. A wrong program will not be able to modify data of an other program or process

The principle of Fail-Safe Defaults states that, unless a subject is given explicit access to an object, it should be denied access to that object

If we come back to privilege modes, there is a contradiction with this

(32)

Design Principle (Cont’d)

The principle of Economy Mechanism states that the security should be as simple as possible

Doesn’t build a “gaze factory”

(33)

Design Principle (Cont’d)

The principle of Complete Mediation requires that all accesses to object be checked to ensure that they are allowed

Let a subject request to read a file F. If it is allowed to read the file and the file is read in different step. After some step if the status of the file change (i.e. the right granted is remove) the subject may continue to read the file

(34)

Design Principle (Cont’d)

The principle of Open Design states that the security of a system is not based on secrecy of its design and implementation

It is not true to think that secret design or implementation increase the security...

In cryptography publication of algorithms and protocols improve the

security because the community is able to see the design and to evaluate the strength of it

(35)

Design Principle (Cont’d)

The principe of Separation of Privilege states that a system should not grant permission based on a single condition

Example:

in organization some decisions or actions require the agreement of different person

during a count creation on information system is necessary to get authorization of HR services and from IT department

in Unix to switch on root mode needs the root password and be part of the group with GID 0 in Berkley based Unix

(36)

Design Principle (Cont’d)

The principe of Least Common Mechanism states that mechanisms used to access resources should not be shared

Rationale:

In a system where resources are shared by different users may provide information through “information channels”. To avoid these issues isolation and confinement are established by OS

(37)

Design Principle (Cont’d)

The principle of Psychological Acceptability states that:

the mechanism must be easy and completely to use (i.e. acceptable and no bypass)

the mechanism should not increase the conditions to access information

(38)

Computer Security

Introduction & Definitions (Secure) Design Principles Modern issues in security Bibliography

(39)

Mobile devices...

(40)

Mobile phone security

What it is important to protect ? What are the threats

Data (calendar, contact, access code...)

privacy

Identity of the phone owner

ID & pwd

Availability

Who are the attacker (same as IT) Professional, thieves and hackers Consequences

(41)

Mobile phone security

Consequences

Data deletion, loss, stolen,...

Record conversations between the users Decrease HS performances (battery) Phone calls perform on number taxed Use as a zombie machine

(42)

What are the technics

Attacks on:

Attack based on SMS & MMS

Attacks based on communication networks

GSM

Wi-Fi, Buetooth

Physical attacks and reverse engineering and on software...

(43)

What are the technics (cont’d)

Attacks based on vulnerabilities in software OS

Web and App

Malicious Software (Malware)

Viruses and Trojans Spyware

Long list on the wikipedia article

(44)

Contermeasure

Hardware

Firmware, bootloader Operating System

With isolation, rights,…

Memory protection and sand box mechanisms VM, hyperviser

Applications distribution model

Access control (where are the protections)

Pin Code, or advanced biometrics device like on iPhone 5S

But also…

(45)

Contermeasure (cont’d)

Completed by

Resource Monitoring in the smartphone Network audit and surveillance

Manufacturer's audit and surveillance User awareness (!)

(46)

P. Paradinas - 2013

Automotive

46

!

! e rs qu ati s Sû ile rm nfo Mob MS : t I és ITI SE qu men e S er rte bar Écol Mast Em Dépa es èm Syst CNAM – Sel

on pl urs usie

étude les s

ystè s e mes

rqués mba un sont

domai des des nes

Nouve s lle

hnologi Tec de l es

’Inform ation

de l et a Com

cat muni les ion

us a pl s e ctif

rme n te réat de c

ion

ploi d’em t de s e

géné ration de

vale ur pour l

ntre es e prise

u tra s a d’appl vers

tions ica innova

. ntes

e l Comm ouligne e s

« le rappor

otie t P

1

r les »,

ystè s e mes

rqués mba e l ne s

ite im nt pa

u s a

domai ne de

ystè s s te mes

ré mps cri el

tique s lié

ux app s a ations lic

ass cl s du ique

nsport tra ou et/

du cont rôle-

mande com exi . Il

aus ste de trè si

s nom breux

res aut domai

qui e nes rquent mba

du

éri mat t du el e

cie logi ompl l c

à exe ise réal

r en résol

le vant ontra s c

es int es fort

de pri x, sé

té, curi

bilit fia efficacité é,

et de lit qua

se é de rvice

fert s of omm s c

les e : art c

à puc es la e,

éphoni tél e

le, mobi gest la

des ion meubl im

la es, ion gest

éne des rgies

, l’i lige ntel

am nce biant

t l e e es

ica appl tions

tourné es ve

rs la pers

onne. Inf ent em part le dé et M CNA Le

ormat de ique

’écol l SIT e

Sci I ( e enc

Industri e elle

t

hnologi Tec de l es

ormat ’Inf ion)

ont m en is

e l plac Mas e

SEM ter Sys S :

s Emb tème és arqu

ile Mob t S s e

pe ûrs tant rmet

pré de r le pare

tudi s é s a ant

étie ux m rs du

veloppe dé de ment

tèm sys em es

barqué obile s m

ûrs. à s s ocié ass st S e EM -S Le Master

col l’E tiona e na

supé le rieure

nform d’i atique

pour ndustri l’i

t e e

ntre l’e prise

l’E , à e Ce col

le ntra d’éle

ctroni que de

ari P l'Ins s,

ut S tit upérie

ur d' ctroni Ele

que de

s s Pari ous f

orme bilit d’ha

ation pour l’E

E ( NSIE http:

ww //w iie .ens

.fr) de c et

onvent pour ion

CE (ht l’E //e tp:

r) e ce.f ISE t l'

http: P ( ww //w

p.fr/ .ise

). s de ant tudi s é à de té priori en stiné de est er ast Ce M

veau ni ter mas

ormat inf ( ique

maste 1 r M

n d ou e ièr ern

née e an 'éc d

d'in ole eu géni

), a r un yant

goût prononc é pour

a les pplic

ations

les mobi barqué , em

es dé veloppé

es de mani

séc ère urisé

t s e e ûre.

cti Obje

fs form La

ation a pour

but de form

des er cia spé

tes lis n inf e

ormat de ique

veau ni + 5 Bac

qui

ent soi u fa a

des it derni

s t ère echnol

ogies n m e

re de atiè ystè s

em me barqué

obile m t s s e

ûrs

prena com nt :

Langa • ges de

program ion pour l mat

barqué ’em ava : J

, C, C++

,…

Pla • orme d’e tef

xécut : J ion

M ava ava E, J

Card , Androi

d, iO SE S, O

K, …

Réseau • obile x m

s, ré ux sea

apt de c ; eurs

Pla • ormes tef

barqué em es de

conf e : c ianc

es à art puce, T

, TE PM E,…

Tec • hnologi

pour la es ise m

n pl e d’a ace

pplic ation

urisé séc crypt e (

ographi séc e,

urité

orm inf atique

, déte ction d’i

ntrus ion, …

) !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!! tri .indus ww //w tp: ht

1

Références

Outline

Documents relatifs

In this setting, we focus on two approaches to define policies: the rule-based approach consists of specifying the conditions under which an action is granted, and the

This company has a public website with the description of the offer and also a website, only accessible with a login and a password, for the clients who reserved a diner.. The

Note: questions 1 is one of the reasons why ”classic” RSA is never used in real life (instead, we use RSA PKCS#1 v1.5 or even better, RSA PKCS#1 OAEP, or other encryption

Notice: the number of points corresponds approximately to the number of minutes needed for solving an exercise.. Exercise 1 (Course Questions,

(c) (2 points) What are the modifications that Pizza Gourmet Unlimited company has to perform on his website if the chosen solution is to deliver X.509 certificates to their

I Strat´ egies de d´ efense et d’attaques sont diff´ erentes.. I Cyberattaques ont des cons´

This paper covers description of SELinux and impact on mobile platform, Android Application Sandbox and the whole new virtual machine ART, which was introduced in Android 4.4.. The

• Vulnerability (Common Vulnerabilities and Exposures - CVE): An occurrence of a weak- ness (or multiple weaknesses) within software, in which the weakness can be used by