Overview of University of

Tennessee at Chattanooga

Li Yang
Computer Science and Engineering Department at
University of Tennessee at Chattanooga
November 10, 2012
 UT Chattanooga -- Computer Science &
Engineering Program
• National Center of Academic Excellence on Information Assurance
Education (CAE-IAE)
• CNSS 4011: Information Systems Security (INFOSEC) Professionals
– CRMJ 1100 – Criminal Justice
– CPSC 1110 – Data Structure and Problem Solving
– CPSC 3600 – Principles of Information Security and Assurance
– CPSC 4550 – Computer Networks
– CPSC 4620 – Computer Network
– CPSC 4600 – Biometrics and Cryptography
• CNSS 4012: Senior System Managers
– CPSC 4660 – Vulnerability Analysis and Auditing
– CPSC 4670 – Database Security and Auditing
– CPSC 4680 – Computer Crime Investigation

7/16/2019 2
 UT Chattanooga -- Computer Science &
Engineering Program
• B.S. degree with four concentrations
– Information Security and Assurance (ISA) (ABET accredited)
– Software Systems (ABET accredited)
– Scientific Applications (ABET accredited)
– Computer Engineering (ABET accredited)
– Uteach
• Undergraduate Certificates
– CNSS 4011: Information Systems Security (INFOSEC)
Professionals
– CNSS 4012: Senior System Manager
• M.S. degree in General Computer Science and the
One with ISA Concentration
7/16/2019 3
 Quality Program at Computer Science
Department
• Small-class size
• Low student/faculty ratio
• Faculty work closely with students
• Every student has an academic advisor through
their study
• Won several national awards from National
Science Foundation
• Supportive student organization and tutoring
programs

7/16/2019 4
 Who hires our students?

7/16/2019 5
 Future of Computer Science
Professionals
• Employment opportunities for those in Computer
Science design will increase a whopping 48.78% during
the 2008-18 decade, according to the U.S. Bureau of
Labor Statistics.
• The increasing reliance of business and everyday affairs
on computers is increasing, thus, career opportunities
for Computer Science graduates are limitless.
• Leading cyber experts warned of a shortage of
talented computer security experts in the United
States, making it difficult to protect corporate and
government networks at a time when attacks are on
the rise. The shortages appear to be in the 20,000s to
40,000s for years to come.
7/16/2019 6
Overview of Cyber Security
 Overview of Cyber Security

• Introduction
• What is security?
• Security threats and attacks
• Perspectives of attacks
• Tools and practices

7/16/2019 8
 Introduction

• Me: Research and Teacher

– Information Security and Assurance
– Intrusion Detection
– Mobile Security
– Cryptography
– Trust Management

7/16/2019 9
 Cases of Cyber Attacks

7/16/2019 10
 Driving Forces

• Sarbanes–Oxley Act of 2002

7/16/2019 11
 Trends

• Social Networking • Company investment

• Mobile Devices • Maturing cyber security processes
• Non-Computing Devices (printers, • Personal background checks
networked TV) • Portable device security
• Personal Electronic Devices in Office standards/procedures
• Wiki Leak-like occurrences • Compliance testing
• Privacy concerns • Employee security awareness training
• Cloud computing • Authentication based on use risk
• Malware creation classification
• “Hacktivism” (cyber protests) • Centralized security information
• Social Engineering management process
• PWC 2011 Global State of Information Security Survey ®

Networks Become Borderless, There Is No Perimeter

7/16/2019 12
 Facts About Intrusions

Verizon 2010 Data Breach Investigation Report

WHO IS BEHIND DATA BREACHES? WHAT COMMONALITIES EXIST?

• 48% were caused by insiders • 85% of attacks were not considered highly difficult
• 11% implicated business partners • 61% were discovered by a third party
• 86% of victims had evidence of the breach in their log files
• 96% of breaches were avoidable through simple or
7/16/2019 intermediate controls 13
 Network Security Visualization – Web
Security
• Cross site scripting: attacker injects scripting code
into pages generated by a web application
– Script could be malicious code
– JavaScript (AJAX!), VBScript, ActiveX, HTML, or Flash
• Threats:
– Phishing, hijacking, changing of user settings, cookie
theft/poisoning, false advertising , execution of code on
the client, ...
• http://m6gatlinburg.com/tmp/xss/xss.html

7/16/2019 14
 Network Security Visualization – Web
Security
• Clickjacking
– a malicious attacker can trick a Web user into clicking on
something different from what the user perceives they are
clicking on, thus potentially revealing confidential
information or taking control of the computer.
• Threats:
– Phishing, hijacking, changing of user settings, cookie
theft/poisoning, false advertising , execution of code on
the client, ...
• http://reinsmidt.com/research/intersec/clickjack.php

7/16/2019 15
 Network Security Visualization –
Packet Sniffer
• Packet sniffer is a program that captures all of
the packets of data that pass through a given
network interface, and recognizes and
decodes certain packets of interest.
• http://williams.comp.ncat.edu/IA_visualizatio
n_labs/security_visual_tools/packet_sniffer/p
acket_sniffer.html

7/16/2019 16
 Network Security Visualization -- Wireless
Network Attacks Simulator
• Eavesdropping
The attacker configures his/her network interface into promiscuous mode,
which allows a network device to read each network packet that arrives at
the device.
• Evil Twin
An evil twin is a wireless access point (AP) that masquerades as a
legitimate one.
• Man in the Middle
The attacker intercepts the traffic between two computers. The attacker
sniffs packets from the network, may modify the packets and inserts them
back into the network.
• ARP Cache Poisoning
Address Resolution Protocol (ARP) is a network layer protocol used to
associate an IP address with a MAC address. A network device has an ARP
cache, which contains all the IP addresses and MAC addresses the device
has already matched together.
• http://williams.comp.ncat.edu/IA_visualization_labs/security_visual_tools
/wireless_attacks/wireless_attacks.html

7/16/2019 17
Network Security Visualization -- SYN Flood

• SYN Flood, one of Denial-of-Service attacks

• http://williams.comp.ncat.edu/IA_visualizatio
n_labs/security_visual_tools/SYNFloodDemo/i
ndex.htm

7/16/2019 18
7/16/2019 19
 Incident Categories

• Crimes in which the computer is the target of the

attack
• Incidents in which the computer is a means of
perpetrating a criminal act

• Combination of both:
– attack one computer to gain access to it
– use this computer to launch Denial-of-Service (DOS) attack
against other

7/16/2019 20
 Attack Consequences

• A loss of confidentiality where information is

disclosed to unauthorized individuals
• A loss of integrity where information is modified by
unauthorized individuals
• A loss of availability where information or the
systems processing it are not available for authorized
users

7/16/2019 21
 Types of Attacks

• Viruses, Worms, Trojans, Rootkits

• intruders
– hacker: script kiddy vs. elite hacker
• insider
– most harmful
• criminal organization
– structured attack
• terrorist and information warfare
– targets critical infrastructure

7/16/2019 22
 Viruses, Worms, Trojans, Rootkits
• Malware can be classified into several
categories, depending on propagation
and concealment Trojan
Horse
• Propagation M
– Virus: human-assisted propagation R
(e.g., open email attachment) O
W Virus
– Worm: automatic propagation
without human assistance
• Concealment
Bomb
– Rootkit: modifies operating system to
hide its existence
– Trojan: provides desirable
functionality but hides malicious
operation
• Various types of payloads, ranging from
annoyance to crime
7/16/2019 23
 Lessons from History

• as Internet became more prevalent, it became

vehicle for malicious exploits

• recent threats:
– email  spam
– websites

7/16/2019 24
 Email attachment – file format
• executables
– .exe .cmd .bat .com .dll .pif .vbs…
• hidden extensions
• hidden double extensions
– .gif.exe …
• moreover:
– file type associations
• even seemingly innocent file types:
– .gif
– .pdf
– .wmf
– .zip

7/16/2019 25
 Human Attacks

• Piggybacking and shoulder surfing

• Dumpster diving
• Social engineering
– gain trust of insider
• people generally want to help somebody who is
• requesting help
• people generally want to avoid confrontation

7/16/2019 26
 Network Threats and Attacks

• Eavesdropping: the interception of information intended for

someone else during its transmission over a communication
channel.

Alice Bob

7/16/2019 27
Eve
 Network Threats and Attacks
• Alteration: unauthorized modification of information.
– Example: the man-in-the-middle attack, where a network
stream is intercepted, modified, and retransmitted.

Sender Communication Recipient

channel
encrypt decrypt

plaintext M plaintext M′
shared shared
secret ciphertext C ciphertext C′
secret
key key
Attacker
7/16/2019
(intercepting)
28
 Network Threats and Attacks
• Denial-of-service: the interruption or degradation of a data
service or information access.
– Example: email spam, to the degree that it is meant to
simply fill up a mail queue and slow down an email server.

Alice
7/16/2019 29
 Network Threats and Attacks

• Masquerading: the fabrication of information that is

purported to be from someone who is not actually the
author.

“From: Alice”
(really is from Eve)

7/16/2019 30
 Network Threats and Attacks
• Repudiation: the denial of a commitment or data receipt.
– This involves an attempt to back out of a contract or a
protocol that requires the different parties to provide
receipts acknowledging that data has been received.

7/16/2019 31
Public domain image from http://commons.wikimedia.org/wiki/File:Plastic_eraser.jpeg
 Insider Attacks

• An insider attack is a security breach that is caused

or facilitated by someone who is a part of the very
organization that controls or builds the asset that
should be protected.
• In the case of malware, an insider attack refers to a
security hole that is created in a software system by
one of its programmers.

7/16/2019 32
 Perspectives on Protection

• Provide user education

– as simple as strong password
• provide physical protection
– don’t loose your laptop
• provide host protection
– patch, patch and patch
• provide network protection
– watch and examine traffic such as firewall, IDS

7/16/2019 33
 Poor security practice

• Password selection
– harder passwords are harder to remember
• e-mail and web-surfing practices
• Installing unauthorized hardware and
software

7/16/2019 34
 Perspectives on Protection

• Provide user education

– as simple as strong password
• provide physical protection
– don’t loose your laptop
• provide host protection
– patch, patch and patch
• provide network protection
– watch and examine traffic such as firewall, IDS

7/16/2019 35
 Access Control

• Protect infrastructure
– access to building
– access to computer
– access to network equipment

• Authentication
– Discretionary vs. mandatory access control
– Role-based access control

7/16/2019 36
 Perspectives on Protection

• Provide user education

– as simple as strong password
• provide physical protection
– don’t loose your laptop
• provide host protection
– patch, patch and patch
• provide network protection
– watch and examine traffic such as firewall, IDS

7/16/2019 37
 Security Principles

• Fail-safe defaults states that the default configuration

of a system should have a conservative protection
scheme.
• Separation of privilege dictates that multiple conditions
should be required to achieve access to restricted
resources or have a program perform some action
• Least privilege means that each program and user of a
computer system should operate with the bare
minimum privileges necessary to function properly.
• Open design means that the security architecture and
design of a system should be made publicly available.

7/16/2019 38
 Security Operations

• Policies
– Management statements of what the organization wants
to accomplish
• Procedures
– Step-by-step instructions on how employees are expected
to act in a given situation or to accomplish a specific task
• Standards
– Mandatory elements regarding the implementation of a
policy
• Guidelines
– Recommendations relating to a policy

7/16/2019 39
 Operational Model of Computer Security

Audit Logs Backups

Access Control
IDS Incident Response Team
Firewall
Honey Pots Computer Forensics
Cryptography

Every security technique and technology

falls into at least one of the three elements of the equation

7/16/2019 40
 Summary of Concepts
• cyber security is a real concern
• human element is large

• protection is possible
– education
– tools and practices

7/16/2019 41