《安全与可信securityandtrusted脆弱性安全vs.结构性安全.ppt》由会员分享,可在线阅读,更多相关《安全与可信securityandtrusted脆弱性安全vs.结构性安全.ppt(65页珍藏版)》请在三一文库上搜索。
1、1,安全与可信 security and trusted 脆弱性安全 vs. 结构性安全 Vulnerability vs. Structure 攻防两端如何在结构性安全环境中寻求空间 Space in the structural environment,潘柱廷(大潘) Jordan Pan http:/ mailto:,2,摘要Summary,脆弱性安全Vulnerability-oriented security 结构性安全Structural security 结构性安全中的脆弱性 Vulnerabilities in structures 结构性威胁Structural threat
2、s,3,脆弱性安全 Vulnerability-oriented security,4,脆弱性Vulnerabilities,弱口令 simple password 病毒 virus 操作系统漏洞 OS flaw 协议漏洞 protocol flaw 造成拒绝服务攻击的性能限制 performance limitation 防火墙配置不当 bad configuration of firewalls ,5,面向脆弱性的安全 Vulnerability-oriented security,防病毒系统 anti-virus system 漏洞扫描系统 vulnerability scanner 补
3、丁管理系统 patch management system 入侵检测系统 IDS 防拒绝服务攻击系统 anti-DoS 防火墙 Firewall 多功能安全网关 UTM ,6,PSPC需求驱动筐架 Requirement Driven BaCaMeth,7,面向脆弱性的风险管理 Vulnerability-oriented risk management,8,国家标准中的风险管理关系图 Risk management elements in Chinese standard,9,最精简的风险管理要素模型 3-element risk management model,10,2006 SC Aw
4、ards,Best anti-malware solution Best Anti-spyware Best Anti-trojan Best Anti-virus Best Anti-worm Best Content Security Solution Best Anti-spam Best Email Content Filtering Best Email Security Best IM security Best Intellectual Property Protection Best Network Security Solution Best Wireless Securit
5、y Best Enterprise Firewall Best Intrusion Detection Best Intrusion Prevention Best Desktop Firewall Best Remote Access Best VPN - SSL Best VPN - Ipsec Best Endpoint Security Solution Best Web Filtering Best Encryption,Best Identity Management Solution Best Password Management Best Authentication Bes
6、t Single Sign-on Best Two-Factor Solution Best Unified Threat Solution Best Integrated Security Software Best Integrated Security Appliance Best Managed Security Service Best Email Managed Service Best Network Security Management Best Event Management Best Computer Forensics Best Policy Management B
7、est Security Audit Best Security Management Tool Best Vulnerability Assessment and Remediation Best Patch Management Best Vulnerability Assessment,Source from: http:/ Vulnerability-oriented security industrial environment,威胁方 Threat agents,厂商 Provider,用户 User,12,木桶原理的迷失 Misleading of Cask Rule,误导 将整
8、体结构仅仅简化为防御结构 不考虑防御纵深问题 只考虑静态的结果状态 没有成本观念 Misleading Only consider prevention structure Not consider deep prevention Only consider static state Not consider cost-effective ,13,结构性安全 Structural security,基本结构basic structure 紧密结构 tight structure 松散结构loose structure,14,访问控制的RM机制 Reference monitor of acce
9、ss control,访问控制的RM机制是非常基本的安全结构 Reference monitor of access control is a very basic security structure,15,RM机制有效的结构性条件 Structural conditions of valid RM mechanism,三个条件 不能被绕过 不可篡改 足够小,可以被证明,3 conditions of VRM Can not be bypass Can not be tampered Be small enough, can be proved,16,Randomly Generated S
10、ymmetric Key (seed + PRNG),Alice,Public key,Private key,Private key,Public key,Bob,密钥交换过程 Key Exchange Process,17,紧密安全结构的代表可信计算 Tight security structure Trusted Computing,http:/www.trustedcomputinggroup.org,可信的定义 Definition of trust 可信就是,一个设备的行为是按照其预期目标和指定方式执行的 Trust is the expectation that a device
11、 will behave in a particular manner for a specific purpose. 一个可信平台应当至少提供三个基本特性:保护能力、完整性测量和完整性报告 A trusted platform should provide at least three basic features: protected capabilities, integrity measurement and integrity reporting. (From section 4.1, TCG Architecture Overview 1.0),18,TCG的基石性原理 Funda
12、mental rule of TCG,信任根就像“公理”一样,是信任的基础。在PC系统中,常常用硬件芯片实现。 Roots of trust In TCG systems roots of trust are components that must be trusted because misbehavior might not be detected.,信任链则是信任传递的机制。常常采用密码技术。 Chains of trust Transitive trust also known as “Inductive Trust”, is a process where the Root of
13、Trust gives a trustworthy description of a second group of functions.,19,一个包含TPM的PC Reference PC platform containing a TCG TPM,20,TCG 可信平台模块 TCG Trusted Platform Module (TPM),一个可信平台常常拥有三个可信根 There are commonly three Roots of Trust in a trusted platform 测量可信根 root of trust for measurement (RTM) 存储可信根
14、 root of trust for storage (RTS) 报告可信根 root of trust for reporting (RTR),21,证明协议和消息交换 Attestation protocol and message exchange,22,TPM 存储可信根的体系结构 TPM Root of Trust for Storage (RTS),23,TPM 部件体系结构 TPM component architecture,24,TCG 软件分层 TCG software layering,25,可信平台的生命周期 The trusted platform lifecycle
15、,26,可信平台上的用户认证 User authentication using trusted platforms,27,可信平台上的用户认证 User authentication using trusted platforms,28,经典的四角模型 The classical four corners model,29,四角模型的可信平台实现 Detailed TP deployment architecture,30,TCG对于可信计算平台的划分 8 categories of Trusted platform,体系结构Architecture,TPM,移动设备Mobile,客户端PC
16、 Client,服务器Server,软件包 Software Stack,存储Storage,可信网络连接 Trusted Network Connect,31,TCG的IWG和TNC的对应关系 the IWG and TNC architecture,32,TNC体系结构 TNC architecture,33,TNC体系结构下的消息流 Message flow between components,34,拥有TPM的TNC体系结构 The TNC architecture with the TPM,35,思科的自防御网络体系 Ciscos self-defending network,36
17、,思科的自防御网络体系 Ciscos self-defending network,37,松散安全结构的代表框架和方案 Loose security structure Framework,松散结构中的各个部件关联关系,常常靠人的集成来实现 The connection among the components of loose structure is always integrated by human. 松散结构常常表现为框架Framework 技术框架Technology framework 管理体系Management system ISO27001, ISO20000, etc.,
18、38,39,技术功能是PDR的衍生 PDR can express technology framework,40,检测能力是松散技术结构的关联要素 Detection make the loose structure tight,攻击者不得不面对越来越多的 Attackers have to face more 入侵检测 IDS 漏洞扫描 scanner 应用审计系统 Application auditing system 日志系统 log system 蜜罐 honey pot 取证系统 forensic system 监控平台 monitoring platform 等等 etc.,41
19、,一个信息安全管理体系的结构 Structure of a ISMS (modified ISO27001),42,结构性安全中的脆弱性 Vulnerabilities in structures,43,你对刚才阐述的结构性安全有什么感觉? Whats your feeling about structural security?,复杂 complex 怀疑其完备性 concern about the completion 成本 cost 蠢人永远有 stupid guys are there ,44,不要被“结构性安全”给忽悠了! Do not be misled by structural
20、 security,不要被“结构性安全”给忽悠了!脆弱性安全和结构性安全并不是对立的,也不是两个发展阶段;脆弱性安全也有结构,结构性安全也有脆弱性。 Do not be misled by structural security Vulnerability-oriented security also has structure Structural security also has vulnerabilities,45,借助非技术环节来侵害技术结构 Find vulnerabilities from non-technology parts,Randomly Generated Symme
21、tric Key (seed + PRNG),Alice,Public key,Private key,Private key,Public key,Bob,46,借助非技术环节来侵害技术结构 Find vulnerabilities from non-technology parts,Randomly Generated Symmetric Key (seed + PRNG),Alice,Public key,Private key,Private key,Public key,Bob,Private key,Public key,Carl,线路的透明插入,可以完成对于加密通信的嗅探攻击,4
22、7,借助非技术环节来侵害技术结构 Find vulnerabilities from non-technology parts,Randomly Generated Symmetric Key (seed + PRNG),Alice,Public key,Private key,Private key,Public key,Bob,Private key,Public key,Carl,48,结构性安全的局限性 Limitation of structural security,结构是在环境中的、有边界的 environment and boundary,49,在生命周期中寻找弱点 Find
23、vulnerabilities along the lifecycle,厂家的生产环节常常会埋有后门 back doors embedded during manufacturing 没有一个系统是完美的 No perfect system ,50,在结构的时序中寻找突破 Find vulnerabilities through time sequence,以文档保密系统为例 Sample: Document protection system 文档的生成环节最可能存在漏洞 Vulnerabilities during creating documentation,51,结构性安全的局限性 L
24、imitation of structural security,结构是在环境中的、有边界的 environment and boundary 在不同阶段、不同人手中保持安全很困难 different phases and organizations,52,在人性中寻找弱点 Find vulnerabilities from human behavior,社交工程攻击Social Engineering 隐私保护Privacy protection 自由倾向Anti-DRM 懒惰Lazy ,53,结构性安全的局限性 Limitation of structural security,结构是在环
25、境中的、有边界的 environment and boundary 在不同阶段、不同人手中保持安全很困难 different phases and organizations 人把科学变成了艺术 Human transform science to art,54,结构本身可能就有问题 Find vulnerabilities from structure itself,55,对于AR/PEP/PDP的伪装,可能打破整个结构 every role may be spoofed 所有看似漂亮的结构,其性能和可用性问题可能会非常严重,会轻易被拒绝服务攻击击垮 Most beautiful struc
26、tures have performance and availability problems and may be easy to be kick down by DoS. 那么多传统攻击方式,可能有的还有效 Some traditional attacks are still effective,结构本身可能就有问题 Find vulnerabilities from structure itself,56,结构性安全还要继续博弈 We are still in the game,怎么博弈? How to Play the game? 你了解对方的结构吗? Do you know the
27、 structure of all players? 你了解对方了解多少自己的结构吗? Do you know “how much have the other player known about your structure” ?,57,结构性威胁 Structural threats,知识、资源和原则 Knowledge, Resources and Principles,58,知识 Knowledge,寻求对于系统更深层次技术结构的研究 Who know lower? 寻求对于系统宏观结构的了解 Who know the macro-structure better? 寻求对于具体对象
28、的全面了解 How many details do you know? ,59,资源 Resources,从分布式拒绝服务攻击到僵尸网络,掌握具有结构和组织的攻击体 Botnet is a sample of structural software organization for attacking 在时序上组成结构,非常有利于攻击 Time sequence spreading is a good thinking of structural attack ,60,结构的一些关键字 Key words of structure,Business Distribution Hierarchy
29、 Time sequence Life-cycle Management Organization Regular Process Control Value,业务 分布式 层次 时序 生命周期 管理 组织 制度 过程控制 价值,61,流程化的结构思路 Process-oriented structure,process,input,output,Process owner,operator,Infra- structure,Knowledge base,LOG Archive,Process improving,Monitor,62,原则 Principles,安全没有百分之百 No 100
30、% Security 安全相对性的三个原则 3 security relativity rule 生存原则 survival rule 风险原则 Risk rule 保镖原则 bodyguard rule,自身完备性要求 Perfective requirement,63,总结 Conclusion,脆弱性安全Vulnerability-oriented security 结构性安全Structural security 结构性安全中的脆弱性 Vulnerabilities in structures 结构性威胁Structural threats,64,总结:一个可以持续研究下去的课题 Conclusion: A good problem to keep approaching,脆弱性和结构性 Vulnerability-oriented vs. structural,攻击和防守 defend vs. attack,65,谢谢 Thanks,大潘 Jordan Pan,