脆弱性安全vs结构性安全-安全与可信security

1安全与可信securityandtrusted脆弱性安全vs.结构性安全Vulnerabilityvs.Structure攻防两端如何在结构性安全环境中寻求空间Spaceinthestructuralenvironment潘柱廷(大潘)JordanPan@venustech.com.cn2摘要Summary•脆弱性安全Vulnerability-orientedsecurity•结构性安全Structuralsecurity•结构性安全中的脆弱性Vulnerabilitiesinstructures•结构性威胁Structuralthreats3脆弱性安全Vulnerability-orientedsecurity4脆弱性Vulnerabilities•弱口令simplepassword•病毒virus•操作系统漏洞OSflaw•协议漏洞protocolflaw•造成拒绝服务攻击的性能限制performancelimitation•防火墙配置不当badconfigurationoffirewalls•……5面向脆弱性的安全Vulnerability-orientedsecurity•防病毒系统anti-virussystem•漏洞扫描系统vulnerabilityscanner•补丁管理系统patchmanagementsystem•入侵检测系统IDS•防拒绝服务攻击系统anti-DoS•防火墙Firewall•多功能安全网关UTM•……6PSPC需求驱动筐架RequirementDrivenBaCaMeth需求筐架Req.BCM.来自内部FromInternal来自外部FromExternal主动引导Active体系化Systematic政策性Policy被动要求Passive问题型Problem合规性Compliance7面向脆弱性的风险管理Vulnerability-orientedriskmanagement8国家标准中的风险管理关系图RiskmanagementelementsinChinesestandard使命Mission脆弱性Vulnerability安全需求Requirement安全措施Safeguard资产价值Assetvalue资产Asset威胁Threat风险Risk残余风险ResidualR.事件Event依赖On拥有Have被满足Satisfiedby抗击Resist利用暴露Explore降低Reduce增加increase增加Increase增加Increase导出Lead演变成Occur未被满足notsatisfiedby未控制Uncontrolled可能诱发Invoke残留Leave成本Cost9最精简的风险管理３要素模型3-elementriskmanagementmodel三要素风险管理模型3-elementriskmanagementmodel资产和业务Asset保障措施Safeguard威胁Threat102006SCAwards•Bestanti-malwaresolution–BestAnti-spyware–BestAnti-trojan–BestAnti-virus–BestAnti-worm•BestContentSecuritySolution–BestAnti-spam–BestEmailContentFiltering–BestEmailSecurity–BestIMsecurity–BestIntellectualPropertyProtection•BestNetworkSecuritySolution–BestWirelessSecurity–BestEnterpriseFirewall–BestIntrusionDetection–BestIntrusionPrevention–BestDesktopFirewall•BestRemoteAccess–BestVPN-SSL–BestVPN-Ipsec–BestEndpointSecuritySolution–BestWebFiltering–BestEncryption•BestIdentityManagementSolution–BestPasswordManagement–BestAuthentication–BestSingleSign-on–BestTwo-FactorSolution•BestUnifiedThreatSolution–BestIntegratedSecuritySoftware–BestIntegratedSecurityAppliance–BestManagedSecurityService–BestEmailManagedService•BestNetworkSecurityManagement–BestEventManagement–BestComputerForensics–BestPolicyManagement–BestSecurityAudit–BestSecurityManagementTool•BestVulnerabilityAssessmentandRemediation–BestPatchManagement–BestVulnerabilityAssessmentSourcefrom:脆弱性安全的产业环境Vulnerability-orientedsecurityindustrialenvironment威胁方Threatagents厂商Provider用户User12木桶原理的迷失MisleadingofCaskRule•误导–将整体结构仅仅简化为防御结构–不考虑防御纵深问题–只考虑静态的结果状态–没有成本观念–……•Misleading–Onlyconsiderpreventionstructure–Notconsiderdeepprevention–Onlyconsiderstaticstate–Notconsidercost-effective–……13结构性安全Structuralsecurity基本结构basicstructure紧密结构tightstructure松散结构loosestructure14访问控制的RM机制Referencemonitorofaccesscontrol•访问控制的RM机制是非常基本的安全结构•Referencemonitorofaccesscontrolisaverybasicsecuritystructure15RM机制有效的结构性条件StructuralconditionsofvalidRMmechanism•三个条件–不能被绕过–不可篡改–足够小，可以被证明•3conditionsofVRM–Cannotbebypass–Cannotbetampered–Besmallenough,canbeproved16RandomlyGeneratedSymmetricKey(seed+PRNG)AlicePublickeyPrivatekeyPrivatekeyPublickeyBob密钥交换过程KeyExchangeProcessmessageX15/^ow83h7ERH39DJ3HmessageX15/^ow83h7ERH39DJ3H17紧密安全结构的代表——可信计算Tightsecuritystructure—TrustedComputing•可信的定义Definitionoftrust–可信就是，一个设备的行为是按照其预期目标和指定方式执行的Trustistheexpectationthatadevicewillbehaveinaparticularmannerforaspecificpurpose.–一个可信平台应当至少提供三个基本特性：保护能力、完整性测量和完整性报告Atrustedplatformshouldprovideatleastthreebasicfeatures:protectedcapabilities,integritymeasurementandintegrityreporting.(Fromsection4.1,TCGArchitectureOverview1.0)18TCG的基石性原理FundamentalruleofTCG•信任根就像“公理”一样，是信任的基础。在PC系统中，常常用硬件芯片实现。•Rootsoftrust–InTCGsystemsrootsoftrustarecomponentsthatmustbetrustedbecausemisbehaviormightnotbedetected.•信任链则是信任传递的机制。常常采用密码技术。•Chainsoftrust–Transitivetrustalsoknownas“InductiveTrust”,isaprocesswheretheRootofTrustgivesatrustworthydescriptionofasecondgroupoffunctions.19一个包含TPM的PCReferencePCplatformcontainingaTCGTPM20TCG–可信平台模块TCG–TrustedPlatformModule(TPM)•一个可信平台常常拥有三个可信根TherearecommonlythreeRootsofTrustinatrustedplatform–测量可信根rootoftrustformeasurement(RTM)–存储可信根rootoftrustforstorage(RTS)–报告可信根rootoftrustforreporting(RTR)21证明协议和消息交换Attestationprotocolandmessageexchange22TPM–存储可信根的体系结构TPM–RootofTrustforStorage(RTS)23TPM部件体系结构TPMcomponentarchitecture24TCG软件分层TCGsoftwarelayering25可信平台的生命周期Thetrustedplatformlifecycle26可信平台上的用户认证Userauthenticationusingtrustedplatforms27可信平台上的用户认证Userauthenticationusingtrustedplatforms28经典的四角模型Theclassicalfourcornersmodel29四角模型的可信平台实现DetailedTPdeploymentarchitecture30TCG对于可信计算平台的划分8categoriesofTrustedplatform体系结构ArchitectureTPM移动设备Mobile客户端PCClient服务器Server软件包SoftwareStack存储Storage可信网络连接TrustedNetworkConnect31TCG的IWG和TNC的对应关系theIWGandTNCarchitecture32TNC体系结构TNCarchitecture33TNC体系结构下的消息流Messageflowbetweencomponents34拥有TPM的TNC体系结构TheTNCarchitecturewiththeTPM35思科的自防御网络体系Cisco’sself-defendingnetwork36思科的自防御网络体系Cisco’sself-defendingnetwork37松散安全结构的代表——框架和方案Loosesecuritystructure—Framework•松散结构中的各个部件关联关系，常常靠人的集成来实现Theconnectionamong