Introduction

• Components of computer security

• Threats
• Policies & Mechanisms
• The role of Trust
• Assurance
• Operational Issues
• Human Issues
Slide #1-1
Basic Components (C-I-A Triad)
• Confidentiality
• Integrity
• Availability
• Sometimes two other desirable characteristics:
• Authentication
• Nonrepudiation

Slide #1-2
 Confidentiality
Keeping data and resources hidden
• Need-to-know principle
• Illicit/unlawful access to information
• Tools: cryptography
– Encrypting data with a cryptographic key will assure
privacy: only those with the decryption key can access
the contents.
• Resource hiding
• Access control mechanisms support privacy
Slide #1-3
 Integrity
• Data integrity (integrity)
– The data is authentic, i.e., has not been
tampered/corrupted
• Origin integrity (authentication)
– The source of the information is authentic
• Integrity mechanisms fall into two classes:
– Prevention mechanisms (block unauthorized attempts)
– Detection mechanisms (analyze system events and report
integrity failures)
Slide #1-4
 Availability
Enable/Ensure access to data and resources
• Reliability
• Denial of Service attacks (DoS)
• Can be the most difficult to detect because the analyst
must determine if an unusual access pattern is attributable
to deliberate manipulation of resources or of the
environment (failure in the reliability).

Slide #1-5
Relationship between Confidentiality
Integrity and Availability

Confidentiality

Secure

Integrity Availability

Slide #1-6
 7

Basic Terms
• Threat
• Attack
• Vulnerability
• Countermeasure or control

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 8

Access Control
Policy:
Who + What + How =Yes/No

Object
Mode of access (what)
Subject (how)
(who)

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 9

Types of Threats
Threats

Natural Human
causes causes

Examples: Fire,
Benign Malicious
power failure
intent intent

Example:
Human error

Random Directed

Example: Malicious Example:

code on a general Impersonation
web site

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 10

Advanced Persistent Threat (APT)

• Organized
• Directed
• Well financed
• Patient
• Silent

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 11

Types of Attackers
Terrorist

Criminal-
Hacker
for-hire

Loosely
Individual connected
group

Organized
crime member

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 12

Types of Harm

Interception Interruption

Modification Fabrication

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 Threats

• A threat is a potential violation of security.

• The violation need not occur for there to be a threat.

• The fact that the violation might occur means that the
actions that might cause it should be guarded against.
• The three security services discussed earlier (CIA)
counter/prevent threats to the security of the system.
Slide #1-13
 Vulnerabilities, Threats, Attacks,
Controls
• Vulnerability is a weakness in the security system
– (i.e., in procedures, design, or implementation), that
might be exploited to cause loss or harm.
• A threat to a computing system is a set of circumstances that has
the potential to cause loss or harm.
• A human who exploits a vulnerability perpetrates (carry out or
commit a harmful, illegal, or immoral action) an attack on the
system.
• How do we address these problems?
– We use a control as a protective measure.
• That is, a control is an action, device, procedure, or technique that removes or
reduces a vulnerability.
 Classes of Threats
• Disclosure
– Snooping (spying) / interception
• Deception
– Modification, spoofing, repudiation of origin, denial of
receipt, fabrication
• Disruption
– Modification

Slide #1-15
 Policies and Mechanisms
(Countermeasure or control)
• Policy defines what is, and what is not, allowed
– This defines “security” for the site/system/etc.
– May be expressed in
• Natural Language, which is usually imprecise but easy to understand
• Mathematics, which is usually precise but hard to understand
• Policy Languages, which look like some form of programming
language and try to balance precision with ease of understanding

Slide #1-16
 Policies and Mechanisms

• Mechanisms enforce policies

– Mechanism = a method, tool or procedure
– Mechanisms may be
• Technical, in which controls in the computer system enforce the
policy:
– i.e., the requirement that a user supply a password to authenticate herself
before using the computer
• Procedural, in which controls outside the system enforce the
policy:
– i.e., firing someone for bringing in a disk containing a game program
obtained from an untrusted source

Slide #1-17
 Policies and Mechanisms

• Composition of policies
– If policies conflict, discrepancies/contradictions may create
security vulnerabilities
– The composition problem requires checking for inconsistencies
among policies.
– If, for example, one policy allows students and faculty access to
all data, and the other allows only faculty access to all the data,
then they must be resolved
• (e.g., partition the data so that students and faculty can access some data,
and only faculty access the other data).

Slide #1-18
 19

Controls/Countermeasures
Kind of Threat

Physical
Procedural
Confidentiality

Technical
Protects
Integrity

Availability

From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
 Goals of Security
• Prevention
– Prevent attackers from violating security policy
• Detection
– Detect attackers’ violation of security policy
• Recovery
– Stop attack, assess and repair damage
– Continue to function correctly even if attack
succeeds

Slide #1-20
 Security Goals
• When we talk about computer security, we mean that we are
addressing three important aspects of any computer-related system:
confidentiality, integrity, and availability (CIA)
– Confidentiality ensures that computer-related assets are accessed only by
authorized parties.
• Reading, viewing, printing, or even knowing their existence
• Secrecy or privacy

– Integrity means that assets can be modified only by authorized parties or only
in authorized ways.
• Writing, changing, deleting, creating

– Availability means that assets are accessible to authorized parties at appropriate

times. For this reason, availability is sometimes known by its opposite, denial
of service.
 Trust and Assumptions
• Trust underlies all aspects of security
• Policies
– Unambiguously partition system states
– Correctly capture security requirements
• Mechanisms
– Assumed to enforce policy
– Support mechanisms work correctly

Slide #1-22
 Types of Mechanisms
• Let P be the set of all possible states.
• Let Q be the set of secure states as specified by the
security policy: Q  P
• Let the security mechanisms restrict the system to
some set of states, R (thus R  P)
• The enforcement mechanism is
– A security mechanism is Secure if R  Q
– It is Precise if R = Q
– it is Broad if there is a state r such that r  R and r  Q.
23
 Types of Mechanisms

secure precise broad

set of reachable states set of secure states

(that the computer can enter) (as allowed by the security policy)

Slide #1-24
 Human Issues
• Organizational Problems
– Power and responsibility
• those responsible have the power to enforce it
• i.e. system administrators are responsible for security, but only security
officers can make the rules.

• People problems
– Outsiders and insiders
• It is speculated that insiders account for 80-90% of all security
problems
– Social engineering
Slide #1-25
Security Life Cycle
Threats

Policy

Specification

Design

Implementation

Operation and Maintenance

 Key Points
• Policy defines security, and mechanisms
enforce security
– Confidentiality
– Integrity
– Availability

• Trust and knowing assumptions

• The human factor
Slide #1-27