Computer Security
Introduction
3/15/2016
1
Introduction
What is the goal of Computer Security?
A first definition:
To prevent or detect unauthorized actions by users
of the system.
3/15/2016
2
Introduction
How do we achieve Computer Security:
1. Security principles/concepts: explore general
principles/concepts that can be used as a guide to design
secure information processing systems.
2. Security mechanisms: explore some of the security
mechanisms that can be used to secure information
processing systems.
3. Physical/Organizational security: consider physical &
organizational security measures (policies)
3/15/2016
3
Security
Security is about protecting assets.
This involves:
• Prevention
• Detection
• Reaction (recover/restore assets)
3/15/2016
4
Computer Security
1. Confidentiality: prevent unauthorized disclosure of
information.
2. Integrity: prevent unauthorized modification of
information.
3. Availability: prevent unauthorized withholding of
information.
Additionally:
Authenticity, accountability, reliability, safety,
dependability, survivability . . .
3/15/2016
5
Computer Security
Even at this general level there is disagreement on
the precise definitions of some of the required security
aspects.
References:
• TCSEC or Orange book – US Dept of Defense, Trusted
Computer System Evaluation Criteria.
• ITSEC – European Trusted Computer System Product Criteria.
• CTCPEC – Canadian Trusted Computer System Product
Criteria
3/15/2016
6
Confidentiality
Historically, security is closely linked to secrecy.
Security involved a few organizations dealing mainly
with classified data.
However, nowadays security extends far beyond
confidentiality.
Confidentiality involves:
• privacy: protection of private data,
• secrecy: protection of organizational data.
3/15/2016
7
Integrity
“Making sure that everything is as it is supposed to be.”
For Computer Security this means:
Preventing unauthorized writing or modifications.
3/15/2016
8
Availability
For Computer Systems this means that:
Services are accessible and useable (without undue
Delay) whenever needed by an authorized entity.
For this we need fault-tolerance.
Faults may be accidental or malicious (Byzantine).
Denial of Service attacks are an example of malicious
attacks.
3/15/2016
9
Relationship between Confidentiality
Integrity and Availability
Confidentiality
Secure
Integrity
Availability
3/15/2016
10
Accountability
Actions affecting security must be traceable
to the responsible party.
For this,
• Audit information must be kept and protected,
• Access control is needed.
3/15/2016
11
Other security requirements
• Reliability – deals with accidental damage,
• Safety – deals with the impact of the environment
on system failure
• Dependability – reliance can be justifiably placed on
the system
• Survivability – deals with the recovery of the system
after massive failure.
3/15/2016
12
Computer Security
If I must give a definition…. (again)
Computer Security deals with the prevention and
detection of unauthorized actions by users of the
System.
3/15/2016
13
Fundamental dilemma of Computer
Security
Functionality or Assurance: which one?
• Security mechanisms need additional computational
resources.
• Security policies interfere with working patterns, and
can be very inconvenient.
• Managing security requires additional effort and
costs.
• Ideally there should be a tradeoff.
3/15/2016
14
Principles of Computer Security-- fundamental
design parameters
Application Software
|
|
User ---------------------------|-------------------- Resource
(subject)
|
(object)
|
Hardware
The dimensions of Computer Security
3/15/2016
15
Principles of Computer Security
Integrity = compliance with a given set of rules.
Rules:
• Internal consistency of data items
• Authorized operations on data items
• Access control
3/15/2016
16
1st Design decision
Should protection focus on data, operations
or users?
3/15/2016
17
Layers of an IT system
• Application – users run application programs tailored to meet
specific requirements
• Services – application programs make use of services
provided by a software packages like a Database Management
System (DBMS) or an Object Reference Broker (ORB).
• OS – The software packages run on top of the OS which
controls access to resources
• OS kernel – the OS may have a kernel that mediates every
access to the processor or memory
• Hardware – (processor & memory) physically stores and
manipulates data.
3/15/2016
18
2nd Design decision
In which layer should security be placed?
3/15/2016
19
The onion model of protection mechanisms
Hardware
OS Kernel
OS
Services
Application
3/15/2016
20
Complexity vs Assurance
3rd Design decision
Should security focus on simplicity or security?
3/15/2016
21
Centralized vs Decentralized
4th Design decision
Should security control tasks be given to a
central entity of left to individual components?
3/15/2016
22
The layer below
Physical and organizational security mechanisms
define a security perimeter or boundary.
Attackers may try to bypass this boundary.
Computer Security
Physical and organizational security measures protection boundary
3/15/2016
23
The layer below
Access to the layer below is controlled through
physical and organizational security measures.
• Parts of the system that can malfunction without
compromising the protection mechanisms lie
beyond the perimeter.
• Parts that can be used to disable the protection
mechanisms lie within the perimeter.
3/15/2016
24
5th Design decision
How to prevent the attacker from accessing the
layer below the protection boundary?
3/15/2016
25
Vulnerabilities
• Hardware: Interruption (DOS), Modification,
Interception (Theft), Fabrication (Substitution)
• Software: Interruption (Deletion), Modification,
Interception, Fabrication
• Data: Interruption (Loss), Modification, Interception,
Fabrication
3/15/2016
26
Hardware
Hardware is more visible, so it is more easy to
add/remove/change devices, intercept traffic, flood
with traffic and generally control their functionality.
Attacks: physical damage
3/15/2016
27
Software
• Interruption (Deletion): surprisingly easy!
• Modification:
– Logic bombs –failure when certain conditions are met)
– Trojan horses –a program that overtly does one thing while
covertly does another
– Viruses –a specific Trojan horse that can be used to spread its
“infection”.
– Trapdoors –a program that has a specific entry point
– Information leaks in programs –code that makes information
accessible to unauthorized users
• Interception (Theft): unauthorized copying
3/15/2016
28
Data
Hardware security is usually the concern of a relatively
small number of staff. Software extends to programmers
and analysts who create an modify programs.
However data can be readily interpreted by the general
public.
Because of its visibility data attacks are much more
widespread.
3/15/2016
29
Data
• Data Confidentiality: wiretapping, planting bugs, sifting
though trash receptacles, monitoring electromagnetic
radiation, bribing, inferring, requesting …
• Data Integrity: a higher level of sophistication is
needed.
– Salami attacks –shave off a little from many accounts to
form a valuable result
– Replay attacks
3/15/2016
30
Computer Criminals
• Amateurs
– Normal people who observe a weakness in a security system
– Disgruntled over some negative work situation
– Have committed most of computer crimes to date
• Crackers
– Often high school or university students: cracking is seen as the
ultimate victimless crime
– Attack for curiosity, self-satisfaction and personal gain
– No common profile or motivation
3/15/2016
31
Computer Criminals
• Career criminals
– Understand the targets of computer crime
– Usually begin as computer professionals who later
engage in computer crime finding the prospects and
payoff good.
– Electronic spies and information brokers who recognize
– That trading in companies secrets can be lucrative.
3/15/2016
32