安全与可信securityandtrusted脆弱性安全vs结构性安全

1,安全与可信securityandtrusted脆弱性安全vs.结构性安全Vulnerabilityvs.Structure攻防两端如何在结构性安全环境中寻求空间Spaceinthestructuralenvironment,2,摘要Summary,脆弱性安全Vulnerability-orientedsecurity结构性安全Structuralsecurity结构性安全中的脆弱性Vulnerabilitiesinstructures结构性威胁Structuralthreats,3,脆弱性安全Vulnerability-orientedsecurity,4,脆弱性Vulnerabilities,弱口令simplepassword病毒virus操作系统漏洞OSflaw协议漏洞protocolflaw造成拒绝服务攻击的性能限制performancelimitation防火墙配置不当badconfigurationoffirewalls,5,面向脆弱性的安全Vulnerability-orientedsecurity,防病毒系统anti-virussystem漏洞扫描系统vulnerabilityscanner补丁管理系统patchmanagementsystem入侵检测系统IDS防拒绝服务攻击系统anti-DoS防火墙Firewall多功能安全网关UTM,6,PSPC需求驱动筐架RequirementDrivenBaCaMeth,7,面向脆弱性的风险管理Vulnerability-orientedriskmanagement,8,国家标准中的风险管理关系图RiskmanagementelementsinChinesestandard,9,最精简的风险管理要素模型3-elementriskmanagementmodel,10,2006SCAwards,Bestanti-malwaresolutionBestAnti-spywareBestAnti-trojanBestAnti-virusBestAnti-wormBestContentSecuritySolutionBestAnti-spamBestEmailContentFilteringBestEmailSecurityBestIMsecurityBestIntellectualPropertyProtectionBestNetworkSecuritySolutionBestWirelessSecurityBestEnterpriseFirewallBestIntrusionDetectionBestIntrusionPreventionBestDesktopFirewallBestRemoteAccessBestVPN-SSLBestVPN-IpsecBestEndpointSecuritySolutionBestWebFilteringBestEncryption,BestIdentityManagementSolutionBestPasswordManagementBestAuthenticationBestSingleSign-onBestTwo-FactorSolutionBestUnifiedThreatSolutionBestIntegratedSecuritySoftwareBestIntegratedSecurityApplianceBestManagedSecurityServiceBestEmailManagedServiceBestNetworkSecurityManagementBestEventManagementBestComputerForensicsBestPolicyManagementBestSecurityAuditBestSecurityManagementToolBestVulnerabilityAssessmentandRemediationBestPatchManagementBestVulnerabilityAssessment,Sourcefrom:,11,脆弱性安全的产业环境Vulnerability-orientedsecurityindustrialenvironment,威胁方Threatagents,厂商Provider,用户User,12,木桶原理的迷失MisleadingofCaskRule,误导将整体结构仅仅简化为防御结构不考虑防御纵深问题只考虑静态的结果状态没有成本观念MisleadingOnlyconsiderpreventionstructureNotconsiderdeeppreventionOnlyconsiderstaticstateNotconsidercost-effective,13,结构性安全Structuralsecurity,基本结构basicstructure紧密结构tightstructure松散结构loosestructure,14,访问控制的RM机制Referencemonitorofaccesscontrol,访问控制的RM机制是非常基本的安全结构Referencemonitorofaccesscontrolisaverybasicsecuritystructure,15,RM机制有效的结构性条件StructuralconditionsofvalidRMmechanism,三个条件不能被绕过不可篡改足够小，可以被证明,3conditionsofVRMCannotbebypassCannotbetamperedBesmallenough,canbeproved,16,RandomlyGeneratedSymmetricKey(seed+PRNG),Alice,Publickey,Privatekey,Privatekey,Publickey,Bob,密钥交换过程KeyExchangeProcess,17,紧密安全结构的代表可信计算TightsecuritystructureTrustedComputing,,可信的定义Definitionoftrust可信就是，一个设备的行为是按照其预期目标和指定方式执行的Trustistheexpectationthatadevicewillbehaveinaparticularmannerforaspecificpurpose.一个可信平台应当至少提供三个基本特性：保护能力、完整性测量和完整性报告Atrustedplatformshouldprovideatleastthreebasicfeatures:protectedcapabilities,integritymeasurementandintegrityreporting.(Fromsection4.1,TCGArchitectureOverview1.0),18,TCG的基石性原理FundamentalruleofTCG,信任根就像“公理”一样，是信任的基础。在PC系统中，常常用硬件芯片实现。RootsoftrustInTCGsystemsrootsoftrustarecomponentsthatmustbetrustedbecausemisbehaviormightnotbedetected.,信任链则是信任传递的机制。常常采用密码技术。ChainsoftrustTransitivetrustalsoknownas“InductiveTrust”,isaprocesswheretheRootofTrustgivesatrustworthydescriptionofasecondgroupoffunctions.,19,一个包含TPM的PCReferencePCplatformcontainingaTCGTPM,20,TCG可信平台模块TCGTrustedPlatformModule(TPM),一个可信平台常常拥有三个可信根TherearecommonlythreeRootsofTrustinatrustedplatform测量可信根rootoftrustformeasurement(RTM)存储可信根rootoftrustforstorage(RTS)报告可信根rootoftrustforreporting(RTR),21,证明协议和消息交换Attestationprotocolandmessageexchange,22,TPM存储可信根的体系结构TPMRootofTrustforStorage(RTS),23,TPM部件体系结构TPMcomponentarchitecture,24,TCG软件分层TCGsoftwarelayering,25,可信平台的生命周期Thetrustedplatformlifecycle,26,可信平台上的用户认证Userauthenticationusingtrustedplatforms,27,可信平台上的用户认证Userauthenticationusingtrustedplatforms,28,经典的四角模型Theclassicalfourcornersmodel,29,四角模型的可信平台实现DetailedTPdeploymentarchitecture,30,TCG对于可信计算平台的划分8categoriesofTrustedplatform,体系结构Architecture,TPM,移动设备Mobile,客户端PCClient,服务器Server,软件包SoftwareStack,存储Storage,可信网络连接TrustedNetworkConnect,31,TCG的IWG和TNC的对应关系theIWGandTNCarchitecture,32,TNC体系结构TNCarchitecture,33,TNC体系结构下的消息流Messageflowbetweencomponents,34,拥有TPM的TNC体系结构TheTNCarchitecturewiththeTPM,35,思科的自防御网络体系Ciscosself-defendingnetwork,36,思科的自防御网络体系Ciscosself-defendingnetwork,37,松散安全结构的代表框架和方案LoosesecuritystructureFramework,松散结构中的各个部件关联关系，常常靠人的集成来实现Theconnectionamongthecomponentsofloosestructureisalwaysintegratedbyhuman.松散结构常常表现为框架Framework技术框架Technologyframework管理体系ManagementsystemISO27001,ISO20000,etc.,38,39,技术功能是PDR的衍生PDRcanexpresstechnologyframework,40,检测能力是松散技术结构的关联要素Detectionmaketheloosestructuretight,攻击者不得不面对越来越多的Attackershavetofacemore入侵检测IDS漏洞扫描scanner应用审计系统Applicationauditingsystem日志系统logsystem蜜罐honeypot取证系统forensicsystem监控平台monitoringplatform等等etc.,41,一个信息安全管理体系的结构StructureofaISMS(modifiedISO27001),42,结构性安全中的脆弱性Vulnerabilitiesinstructures,43,你对刚才阐述的结构性安全有什么感觉？Whatsyourfeelingaboutstructuralsecurity?,复杂complex怀疑其完备性concernaboutthecompletion成本cost蠢人永远有stupidguysarethere,44,不要被“结构性安全”给忽悠了！Donotbemisledbystructuralsecurity,不要被“结构性安全”给忽悠了！脆弱性安全和结构性安全并不是对立的，也不是两个发展阶段；脆弱性安全也有结构，结构性安全也有脆弱性。DonotbemisledbystructuralsecurityVulnerability-orientedsecurityalsohasstructureStructuralsecurityalsohasvulnerabilities,45,借助非技术环节来侵害技术结构Findvulnerabilitiesfromnon-technologyparts,RandomlyGeneratedSymmetricKey(seed+PRNG),Alice,Publickey,Privatekey,Privatekey,Publickey,Bob,46,借助非技术环节来侵害技术结构Findvulnerabilitiesfromnon-technologyparts,RandomlyGeneratedSymmetricKey(seed+PRNG),Alice,Publickey,Privatekey,Privatekey,Publickey,Bob,Privatekey,Publickey,Carl,线路的透明插入，可以完成对于加密通信的嗅探攻击,47,借助非技术环节来侵害技术结构Findvulnerabilitiesfromnon-technologyparts,RandomlyGeneratedSymmetricKey(seed+PRNG),Alice,Publickey,Privatekey,Privatekey,Publickey,Bob,Privatekey,Publickey,Carl,48,结构性安全的局限性Limitationofstructuralsecurity,结构是在环境中的、有边界的environmentandboundary,49,在生命周期中寻找弱点Findvulnerabilitiesalongthelifecycle,厂家的生产环节常常会埋有后门backdoorsembeddedduringmanufacturing没有一个系统是完美的Noperfectsystem,50,在结构的时序中寻找突破Findvulnerabilitiesthroughtimesequence,以文档保密系统为例Sample:Documentprotectionsystem文档的生成环节最可能存在漏洞Vulnerabilitiesduringcreatingdocumentation,51,结构性安全的局限性Limitationofstructuralsecurity,结构是在环境中的、有边界的environmentandboundary在不同阶段、不同人手中保持安全很困难differentphasesandorganizations,52,在人性中寻找弱点Findvulnerabilitiesfromhumanbehavior,社交工程攻击SocialEngineering隐私保护Privacyprotection自由倾向Anti-DRM懒惰Lazy,53,结构性安全的局限性Limitationofstructuralsecurity,结构是在环境中的、有边界的environmentandboundary在不同阶段、不同人手中保持安全很困难differentphasesandorganizations人把科学变成了艺术Humantransformsciencetoart,54,结构本身可能就有问题Findvulnerabilitiesfromstructureitself,55,对于AR/PEP/PDP的伪装，可能打破整个结构everyrolemaybespoofed所有看似漂亮的结构，其性能和可用性问题可能会非常严重，会轻易被拒绝服务攻击击垮MostbeautifulstructureshaveperformanceandavailabilityproblemsandmaybeeasytobekickdownbyDoS.那么多传统攻击方式，可能有的还有效Sometraditionalattacksarestilleffective,结构本身可能就有问题Findvulnerabilitiesfromstructureitself,56,结构性安全还要继续博弈Wearestillinthegame,怎么博弈？HowtoPlaythegame?你了解对方的结构吗？Doyouknowthestructureofallplayers?你了解对方了解多少自己的结构吗？Doyouknow“howmuchhavetheotherplayerknownaboutyourstructure”?,57,结构性威胁Structuralthreats,知识、资源和原则Knowledge,ResourcesandPrinciples,58,知识Knowledge,寻求对于系统更深层次技术结构的研究Whoknowlower?寻求对于系统宏观结构的了解Whoknowthemacro-structurebetter?寻求对于具体对象的全面了解Howmanydetailsdoyouknow?,59,资源Resources,从分布式拒绝服务攻击到僵尸网络，掌握具有结构和组织的攻击体Botnetisasampleofstructuralsoftwareor