Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Foundation of computer security

advertisement 
Foundation Of Computer Security
Foundation of computer security
•Reliability: accidental failures.
•Usability: operating mistakes.
•Security: intentional failures.
Security
•Security is about the protection of assets.
•Hence, computer security is about the protection of IT assets (i.e. hardware,
software, data & information, and reputation).
•Protection measures can be classified as follows:
oPrevention: taking measures that prevent your assets from being damaged.
oDetection: taking measures that allow you to detect when an asset has been
damaged, how it has been damaged, and who has caused the damage.
oReaction: taking measures that allow you to recover your assets or to recover
from damage to your assets.
Security
Example#1: protection of valuable items kept in your private home.
•Prevention:
o locks at the door and windows bars.
o A wall round the property.
o Add another layer of protection.
•Detection:
o you will detect when something has been stolen if it is no longer there.
o A burglar alarm goes off when a break in occurs.
o Closed circuit television camera
•Reaction:
o call police.
o You may decide to replace the stolen item.
Security
Example #2: Protecting Credit Card from being ‘stolen’ on the web.
•Prevention:
o Use encryption when placing an order.
o Relay on the merchant to perform some checks on the caller before accepting a credit card order.
o Don’t use your card number on the internet.
•Detection:
o Transaction that you didn’t authorize appears on your credit card statement.
•Reaction:
o Ask for new card number.
o The cost of the fraudulent transaction may have to be cover by the card holder, the merchant where the
fraudster made the purchase, or the card issuer.
Computer security
•Computer Security aims to preserve:
o Confidentiality : prevention of unauthorized disclosure of information.
o Integrity : prevention of unauthorized modification of information.
o Availability : prevention of unauthorized withholding of information or resources.
•As lists are never complete you can add further points such as authenticity , Legitimate Use,
accountability or nonrepudiation.
Integrity
Availability
Confidentiality
CIA model
Computer security
Confidentiality
Prevention of unauthorised disclosure of information
•Historically, security and secrecy were closely related (even today?!).
•Confidentiality (Privacy ,Secrecy).
•Hiding the content of a document OR hiding its very existence.
•Unlinkability: two or more items of interest (e.g. messages, actions, events,
users, etc.) are unlinkableif an attacker cannot sufficiently distinguish whether
they are related or not.
•Anonymity: A subject (e.g. user) is anonymous if it cannot be identified within a
given anonymity set of subjects.
Integrity
prevention of unauthorized modification of information
•It is not easy to give a concise definition of integrity.
•Does prevention of unauthorized actions fall under integrity?
•Clark and Wilson : no user of the system , even if authorized, may be permitted to modify data
items in such a way that assets or accounting records of the company are lost or corrupted.
•We have captured security by specifying the user actions that have to be controlled.
•External consistency : the data stored in a computer system should correctly reflect some reality
outside the computer system. (DoD’sOrange book)
Integrity
•Integrity in communication security: refers to the detection and correction of
modifications to, insertion in, deletion , or replay of transmitted data.
•This include both intentional manipulations and random transmission errors.
•Integrity is often a prerequisite for other security properties (e.g. protecting OS
access control data so an attacker cannot change it to gain unauthorized access
to documents). Here we have to protect the integrity of access control to
achieve confidentiality.
Availability
prevention of unauthorised withholding of information or resources
•According to ISO 7498-2:
o Availability: the property of being accessible and usable upon demand by an authorized user.
o Denial of Service (DoS):the prevention of authorized access to resources or the delaying of time-critical
operations.
•Although that availability is one of the most important aspects of computer security, there is a
lack of security mechanisms effectively protecting against DoS attacks.
•Security mechanisms that are too restrictive or too expensive can themselves lead to DoS
Accountability
•It is hard to prevent all improper actions:
o we may find that authorized actions can lead to a security violation.
o we may find a flaw in our security system that allow an attacker to find a way past our
controls.
•Users should be hold responsible for their actions.
•Accountability : audit information must be selectively kept and protected so that actions
affecting security can be traced to the responsible party. (the Orange book)
•In order to do this, the system should first identify and authenticate its users.
•It has to keep an audit trail (is a log of security-relevant events).
Non-repudiation
•Non-repudiation is related to accountability.
•Non-repudiation: services provide unforgeable evidence that a
specific action occurred.
•Digital signatures provide non-repudiation.
•Non-repudiation of origin: providing evidence about the sender of a
document.
•Non-repudiation delivery: providing evidence that a message was
delivered to a specific recipient.
Reliability
•Reliability (accidental failures) & safety (impact of failures on the environment).
•Reliability only quantifies the frequency of failures, disregarding the
consequences of a failure. From a safety point of view it is important to consider
the consequences of failures, especially the failures that lead to hazards.
•Security and reliability are very much related and intersected.
•Dependability: the property of a computer system such that reliance can
justifiably be placed on the service it delivers. (IFIP WG 10.4)
*skip 3.1.9
The fundamental Dilemma of computer security
•Security-unaware users have specific security requirements but usually no
security expertise.
•A security unaware user cannot make educated decisions about security
products and will have to pick standard ‘best practice’ solutions.
•Standard solutions may not address the user’s specific requirements.
•There is a trade-off between security and ease-of-use since:
oSecurity mechanisms need additional computational resources.
oSecurity interferes with the working patterns users are accustomed to.
oEffort has to be put into managing security.
Data vs. Information
•Data represents information.
•Information is the interpretation of data.
•Data is physical phenomena chosen by convention to represent certain aspects
of our conceptual and real world. The meanings we assign to data are called
information.
•A covert channel is an information flow that is not controlled by a security
mechanism.
Principles of Computer Security
•Fundamental design parameters of computer security.
Application
Software
User
(subject)
Resource
(object)
Hardware
•The figure above sketches the main dimensions in the design space for computer security.
Horizontal axis represents the focus of the security policy, whilst the vertical axis represents the
layer of the computer system where a protection mechanism is implemented.
Focus of Control
First Design Decision:
In a given application (i.e. a cash machine), should the protection mechanism in a computer
system focus on:
•data;
•Operations; and/or
•users (access control)?
It is a fundamental design decision choosing which these options to take when applying security
controls. Operating system have traditionally focused on protection data. In modern
applications, it is often more relevant to control users’ actions.
The Man-Machine Scale
Services
generic while mechanisms at the outside are more
OS
likely to address individual user requirements
OS Kernel
Hardware
Second Design Decision:
In which layer of the computer system should a security mechanism be placed?
more generic simple machine-oriented
Mechanisms towards the center tend to be more
more specific complex man-oriented
Applications
Complexity vs. Assurance
•There is a trade-off between complexity and assurance.
Third Design Decision:
Simple with higher assurance OR complex with a feature-rich
security environment?
•Feature-rich security and high assurance do not match easily
Centralized vs. Decentralized
•Centralized(If a single entity is in charge of security):
o Easy to achieve uniformity.
o Better control.
BUT
o Performance bottleneck.
o Single Point of Failure (SPoF).
•Decentralized(Distributed):
o More efficient.
o No SPoF.
BUT
o More expensive and complicated (e.g. cost, management, etc.).
Fourth Design Decision:
Centralized OR decentralized?
The Layer Below
•Every protection mechanism defines a security perimeter (boundary).
•Attackers may bypass protection mechanisms at some layer.
Fifth Design Decision:
How can you prevent an attacker from getting access to a layer below the protection
mechanism?
•The Layer Below – Examples:
1.
Recovery tools, like Norton Utilities, restore the data by reading memory directly and then
restoring the file structure. Such a tool can be used to circumvent logical access control as it
does not care for the logical memory structure
The Layer Below – Examples
2. Unix treats I/O devices and physical memory devices like files. If access
permissions are defined badly, e.g. if read access is given to a disk containing
read protected files, then an attacker can read the disk contents and reconstruct
the files.
3. Object reuse: in a single processor system, when a new process becomes
active, it gets access to memory positions used by the previous process. You
have to avoid storage residues, i.e. data left behind in the memory area allocated
to the new process.
4. Buffer Overruns: a value is assigned to a variable that is too large for the
memory buffer allocated to that variable , so that memory allocated to other
variables is overwritten.
The Layer Above
•It is not very wise design decision to spend much time and effort
trying to protect a layer from the layer above it!
•The security services provided by a layer are mostly not sufficient to
the layer above it which requires more complex man-oriented
services.
Reading
“Computer Security ”, 3rd edition by Dieter Gollmann. Wiley, March, 2011.
Chapter 3
Related documents
Business Integrity Program-Confidentiality
Business Integrity Program-Confidentiality
394071375-CSCI262-lecture-1-pptx
394071375-CSCI262-lecture-1-pptx
Lecture 1
Lecture 1
ppt
ppt
Access Controls outline
Access Controls outline
Technology Infrastructure Use Policy
Technology Infrastructure Use Policy
Sample Information Security Program
Sample Information Security Program
Middleware Support for Non-repudiable Business-to- Business Interactions PhD Thesis Extended Abstract
Middleware Support for Non-repudiable Business-to- Business Interactions PhD Thesis Extended Abstract
Middleware Support for Non-repudiable Business-to-Business Interactions Nick Cook
Middleware Support for Non-repudiable Business-to-Business Interactions Nick Cook
Download
advertisement