Basic Concepts
There are three basic tenants to computer security, namely confidentiality, integrity, and availability. We will
be discussing each of these relative to computer security.
Confidentiality
Concealment of information or resources
enciphering income tax returns, medical data, etc
Existence of data
Resource hiding
Integrity
Trustworthiness of data or resources
Preventing improper or unauthorized change to the data
Data integrity
Content of the information
Origin integrity
Source of the data, Authentication
Integrity Mechanisms
Prevention Mechanisms
Blocking any unauthorized attempts to change the data
Tries to change data but has no authority to change
Attempts to change the data in unauthorized ways
Authority to change certain data but tries to change other data
Detection Mechanism
Report that data’s integrity is no longer trustworthy
Analyze system events
Data
Report file corruption
Specific data corrupt
Confidentially
Data is either compromised or it is not
Integrity
Correctness & Trustworthiness of data
- Origin of Data
- How well protected before
- How well protected current
Availability
Ability to use the information or resource desired
DOS attacks – ability to block availability of information or resource
Threats
Potential violation of security
Violation might occur
Attacks – violation of security
Attackers – those who execute such actions
4 classes of threats
Disclosure
Unauthorized access of information
Deception
Acceptance of false data
Disruption
Interruption or prevention of correct operation
Usurpation
Unauthorized control of some part of a system
Snooping - disclosure
Unauthorized interception of information
Characteristics
Passive
Wiretapping
Confidentiality services counter
Modification (Alteration) – deception, disruption, usurpation
Unauthorized change of information
Deception
if modification of data to determine which action to take
if incorrect information is accepted as correct and is released
Disruption, Usurpation
If modified data controls the operation of the system
Characteristics
Active – changing information
Man in the middle – intruder read messages from sender and sends modified version
to recipient
Integrity services counter
Masquerading (Spoofing) – deception and usurpation
Impersonation of one entity by another
Spoof to get information
Characteristics
Passive
Usually active attack
Integrity services counter
Reputation of Origin - deception
False denial that an entity sent something
False ordering, claim did not order when really did
Characteristics
Integrity services counter
Denial of Receipt - deception
False denial that an entity received some information or message
Deny receiving something
Characteristics
Integrity & Availability services counter
Delay – usurpation, deception
Temporary inhibition of Service
Delay confirmation
Characteristics
Availability services counter
Denial of Service - usurpation
Long term inhibition of service
Characteristics
Availability services counter
Policy & Mechanism
Def:
A Security Policy is a statement of what is and what is not allowed
Def:
A Security Mechanism is a method, tool, or procedure for enforcing a security policy
Copying homework relative to policy. What about just looking and not copying.
Policy provides an axiomatic description of secure states and nonsecure states.
Difficult to sometimes determine policy when more than one entity is involved.
Goals of Security
Security mechanisms can prevent the attack, detect the attack, or recover from the attack.
Prevention
Attack will fail
Disconnect from internet
Resource protected by the prevention mechanism need not be monitored for security
problems.
Detection
Determine attack underway, has occurred, and report it
Resource protected by the detection mechanism is continuously monitored for security
problems
Recovery
Stop attack, fix vulnerability, repair system
Continues to run while under attack, fault tolerance techniques
Assumptions and Trust
Two assumptions that policy designers make:
1. The policy correctly and unambiguously partitions the set of system states into
secure” states.
“secure” and “non-
2. The security mechanisms prevent the system from entering a “non-secure” state.
Let P be the set of all possible states.
Let Q be the set of all secure states
The security mechanism restricts the system to some set of states R, R
Def:
A Security Mechanism is secure if R
P
Q;
it is precise if R = Q;
it is broad if there are state r
R and r
Q.
Assumptions relative to trusting security mechanisms
1. Each mechanism is designed to implement one or more parts of the security policy
2. The union of the mechanisms implements all aspects of the security policy
3. The mechanisms are implemented correctly
4. The mechanisms are installed and administered correctly.
Assurance
How much to trust a system
System
specifications
design
implementation
Def:
A system is said to satisfy a specification if the specification correctly states how the system will
function.
e.g.
Drug example
System high secret machine example
Specification
Formal or informal statement of the desired functioning of the system
mathematical
English
Medical computer vs desktop
Design
Translates the specification into components that will implement them
Implementation
Creates a system that satisfies the design
Formal verification
Testing
Operational Issues
Balance between policy and mechanism
vs
Benefits of the protection against the cost of design, implementation, and using the mechanism
Cost-Benefit Analysis
Risk Analysis
Determines what assets to protect and at what level to protect
Function of
Environment – no internet connection
Time – change with time
Remote but still exist
Analysis paralysis
Laws and Customs
Laws restrict the availability and use of technology and affect procedural controls
Difference between legal and acceptable practices
Human Issues
Best Security can easily be defeated by people
Organizational Problems
Secondary
Costs
Resources
People Problems
Heart of security
Outsiders
Insiders
Social Engineering
Complex configuration files
Misread or not analyze security mechanisms