Basic Concepts
There are three basic tenants to computer security, namely confidentiality, integrity, and availability. We will be discussing each of these relative to computer security.
Confidentiality Concealment of information or resources enciphering income tax returns, medical data, etc
Existence of data Resource hiding
Integrity Trustworthiness of data or resources Preventing improper or unauthorized change to the data
Data integrity Content of the information
Origin integrity Source of the data, Authentication
Integrity Mechanisms
Prevention Mechanisms Blocking any unauthorized attempts to change the data Tries to change data but has no authority to change Attempts to change the data in unauthorized ways Authority to change certain data but tries to change other data
Detection Mechanism Report that data’s integrity is no longer trustworthy Analyze system events Data Report file corruption Specific data corrupt
Confidentially Data is either compromised or it is not Integrity Correctness & Trustworthiness of data - Origin of Data - How well protected before - How well protected current
Availability Ability to use the information or resource desired
DOS attacks – ability to block availability of information or resource
Threats Potential violation of security Violation might occur Attacks – violation of security Attackers – those who execute such actions
4 classes of threats
Disclosure Unauthorized access of information
Deception Acceptance of false data
Disruption Interruption or prevention of correct operation
Usurpation Unauthorized control of some part of a system
Snooping - disclosure Unauthorized interception of information
Characteristics Passive Wiretapping Confidentiality services counter
Modification (Alteration) – deception, disruption, usurpation Unauthorized change of information
Deception if modification of data to determine which action to take if incorrect information is accepted as correct and is released
Disruption, Usurpation If modified data controls the operation of the system
Characteristics Active – changing information Man in the middle – intruder read messages from sender and sends modified version to recipient Integrity services counter
Masquerading (Spoofing) – deception and usurpation Impersonation of one entity by another
Spoof to get information
Characteristics Passive Usually active attack Integrity services counter
Reputation of Origin - deception False denial that an entity sent something False ordering, claim did not order when really did
Characteristics Integrity services counter
Denial of Receipt - deception False denial that an entity received some information or message Deny receiving something
Characteristics Integrity & Availability services counter
Delay – usurpation, deception Temporary inhibition of Service Delay confirmation
Characteristics Availability services counter
Denial of Service - usurpation Long term inhibition of service
Characteristics Availability services counter
Policy & Mechanism
Def: A Security Policy is a statement of what is and what is not allowed
Def: A Security Mechanism is a method, tool, or procedure for enforcing a security policy
Copying homework relative to policy. What about just looking and not copying.
Policy provides an axiomatic description of secure states and nonsecure states.
Difficult to sometimes determine policy when more than one entity is involved.
Goals of Security Security mechanisms can prevent the attack, detect the attack, or recover from the attack.
Prevention Attack will fail Disconnect from internet Resource protected by the prevention mechanism need not be monitored for security problems.
Detection Determine attack underway, has occurred, and report it Resource protected by the detection mechanism is continuously monitored for security problems
Recovery Stop attack, fix vulnerability, repair system Continues to run while under attack, fault tolerance techniques
Assumptions and Trust
Two assumptions that policy designers make:
1. The policy correctly and unambiguously partitions the set of system states into “secure” and “non- secure” states.
2. The security mechanisms prevent the system from entering a “non-secure” state.
Let P be the set of all possible states. Let Q be the set of all secure states The security mechanism restricts the system to some set of states R, R P
Def: A Security Mechanism is secure if R Q;
it is precise if R = Q;
it is broad if there are state r R and r Q.
Assumptions relative to trusting security mechanisms
1. Each mechanism is designed to implement one or more parts of the security policy
2. The union of the mechanisms implements all aspects of the security policy
3. The mechanisms are implemented correctly
4. The mechanisms are installed and administered correctly.
Assurance How much to trust a system System specifications design implementation
Def: A system is said to satisfy a specification if the specification correctly states how the system will function.
e.g. Drug example
System high secret machine example
Specification Formal or informal statement of the desired functioning of the system mathematical English
Medical computer vs desktop
Design Translates the specification into components that will implement them
Implementation Creates a system that satisfies the design Formal verification Testing
Operational Issues Balance between policy and mechanism vs Benefits of the protection against the cost of design, implementation, and using the mechanism
Cost-Benefit Analysis
Risk Analysis Determines what assets to protect and at what level to protect Function of Environment – no internet connection Time – change with time Remote but still exist
Analysis paralysis
Laws and Customs Laws restrict the availability and use of technology and affect procedural controls Difference between legal and acceptable practices
Human Issues Best Security can easily be defeated by people
Organizational Problems Secondary Costs Resources
People Problems Heart of security Outsiders Insiders
Social Engineering
Complex configuration files
Misread or not analyze security mechanisms