Chapter 1: Introduction • Components of computer security • Threats • Policies and mechanisms • The role of trust • Assurance • Operational Issues • Human Issues Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 1 Basic Components • Confidentiality – Keeping data and resources hidden • Integrity – Data integrity (integrity) – Origin integrity (authentication) • Availability – Enabling access to data and resources Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 2 1 Basic Components Confidentiality Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 3 Basic Components - Integrity Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 4 2 Basic Components Availability Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 5 Classes of Threats • Disclosure – Snooping • Deception – Modification, spoofing, repudiation of origin, denial of receipt • Disruption – Modification • Usurpation – Modification, spoofing, delay, denial of service Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 6 3 Classes of Threats - Disclosure Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 7 Classes of Threats - Deception Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 8 4 Classes of Threats - Disruption Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 9 Classes of Threats - Usurpation Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 10 5 Policies and Mechanisms • Policy says what is, and is not, allowed – This defines “security” for the site/system/etc. • Mechanisms enforce policies • Composition of policies – If policies conflict, discrepancies may create security vulnerabilities Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 11 Policies – An Example • A university disallows cheating: copying another student's homework assignment. • A computer science class requires the students to do their homework on the department's computer. • One student notices that a second student has not read protected the file containing her homework and copies it. Has either student (or have both students) breached security? Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 12 6 Policy may be expressed in … – natural language; – mathematics; – policy languages. • What are pros and cons of the above ways of expressing policies? Imprecise vs. Easy to Understand Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 13 Policy may be expressed in Mathematics – An example A simple finite-state machine. In this example, the authorized states are s1 and s2. Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 14 7 Policies - Consistencies • The composition problem requires checking for inconsistencies among policies. • For example, one policy allows students and faculty access to all data, and the other allows only faculty access to all the data, then they must be resolved (e.g., partition the data so that students and faculty can access some data, and only faculty access the other data). Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 15 Mechanisms may be … • technical, in which controls in the computer enforce the policy; example? For example, the requirement that a user supply a password to authenticate herself before using the computer • procedural, in which controls outside the system enforce the policy; example? For example, give a zero to both students Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 16 8 Goals of Security • Prevention – Prevent attackers from violating security policy • Detection – Detect attackers’ violation of security policy • Recovery – Stop attack, assess and repair damage – Continue to function correctly even if attack succeeds Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 17 Goals of Security - Prevention Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 18 9 Goals of Security - Detection Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 19 Goals of Security - Recovery Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 20 10 Trust and Assumptions • Underlie all aspects of security • Policies – Unambiguously partition system states – Correctly capture security requirements • Mechanisms – Assumed to enforce policy – Support policies work correctly Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 21 Trust and Assumptions (Cont.) • Example: a bank’s policy may state that officers of the bank are authorized to shift money among accounts. If a bank officer puts $10,000 in his account, has the bank’s security been violated? Based on the policy statement – no. In the “real world” – yes. Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 22 11 Types of Mechanisms secure precise set of reachable states broad set of secure states Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 23 Assurance • Specification – Requirements analysis – Statement of desired functionality • Design – How system will meet specification • Implementation – Programs/systems that carry out design Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 24 12 Operational Issues • Cost-Benefit Analysis – Is it cheaper to prevent or recover? • Risk Analysis – Should we protect something? – How much should we protect this thing? • Laws and Customs – Are desired security measures illegal? – Will people do them? Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 25 Laws and Customs – an Example • The United States controls the export of cryptographic hardware and software (considered munitions under United States law). Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 26 13 Human Issues • Organizational Problems – Power and responsibility – Financial benefits • People problems – Outsiders and insiders – Social engineering Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 27 Human Issues - Examples • If concluding a stock trade takes two minutes without security controls and three minutes with security controls, adding those controls results in a 50% loss of productivity. • Untrained personnel: one operator did not realize that the contents of backup tapes needed to be verified before the tapes were stored. When attackers deleted several critical system files, she discovered that none of the backup tapes could be read. Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 28 14 Tying Together Threats Policy Specification Design Implementation Operation Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 29 Key Points • Policy defines security, and mechanisms enforce security – Confidentiality – Integrity – Availability • Trust and knowing assumptions • Importance of assurance • The human factor Introduction to Computer Security Auburn University Computer Science and Software Engineering Slide 30 15