Components of Computer Security - Threats - Policies & Mechanisms - The Role of Trust - Assurance - Operational Issues - Human Issues
Components of Computer Security - Threats - Policies & Mechanisms - The Role of Trust - Assurance - Operational Issues - Human Issues
Slide #1-2
Confidentiality
Keeping data and resources hidden
• Need-to-know principle
• Illicit/unlawful access to information
• Tools: cryptography
– Encrypting data with a cryptographic key will assure
privacy: only those with the decryption key can access
the contents.
• Resource hiding
• Access control mechanisms support privacy
Slide #1-3
Integrity
• Data integrity (integrity)
– The data is authentic, i.e., has not been
tampered/corrupted
• Origin integrity (authentication)
– The source of the information is authentic
• Integrity mechanisms fall into two classes:
– Prevention mechanisms (block unauthorized attempts)
– Detection mechanisms (analyze system events and report
integrity failures)
Slide #1-4
Availability
Enable/Ensure access to data and resources
• Reliability
• Denial of Service attacks (DoS)
• Can be the most difficult to detect because the analyst
must determine if an unusual access pattern is attributable
to deliberate manipulation of resources or of the
environment (failure in the reliability).
Slide #1-5
Relationship between Confidentiality
Integrity and Availability
Confidentiality
Secure
Integrity Availability
Slide #1-6
7
Basic Terms
• Threat
• Attack
• Vulnerability
• Countermeasure or control
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
8
Access Control
Policy:
Who + What + How =Yes/No
Object
Mode of access (what)
Subject (how)
(who)
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
9
Types of Threats
Threats
Natural Human
causes causes
Examples: Fire,
Benign Malicious
power failure
intent intent
Example:
Human error
Random Directed
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
10
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
11
Types of Attackers
Terrorist
Criminal-
Hacker
for-hire
Loosely
Individual connected
group
Organized
crime member
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
12
Types of Harm
Interception Interruption
Modification Fabrication
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Threats
• The fact that the violation might occur means that the
actions that might cause it should be guarded against.
• The three security services discussed earlier (CIA)
counter/prevent threats to the security of the system.
Slide #1-13
Vulnerabilities, Threats, Attacks,
Controls
• Vulnerability is a weakness in the security system
– (i.e., in procedures, design, or implementation), that
might be exploited to cause loss or harm.
• A threat to a computing system is a set of circumstances that has
the potential to cause loss or harm.
• A human who exploits a vulnerability perpetrates (carry out or
commit a harmful, illegal, or immoral action) an attack on the
system.
• How do we address these problems?
– We use a control as a protective measure.
• That is, a control is an action, device, procedure, or technique that removes or
reduces a vulnerability.
Classes of Threats
• Disclosure
– Snooping (spying) / interception
• Deception
– Modification, spoofing, repudiation of origin, denial of
receipt, fabrication
• Disruption
– Modification
Slide #1-15
Policies and Mechanisms
(Countermeasure or control)
• Policy defines what is, and what is not, allowed
– This defines “security” for the site/system/etc.
– May be expressed in
• Natural Language, which is usually imprecise but easy to understand
• Mathematics, which is usually precise but hard to understand
• Policy Languages, which look like some form of programming
language and try to balance precision with ease of understanding
Slide #1-16
Policies and Mechanisms
Slide #1-17
Policies and Mechanisms
• Composition of policies
– If policies conflict, discrepancies/contradictions may create
security vulnerabilities
– The composition problem requires checking for inconsistencies
among policies.
– If, for example, one policy allows students and faculty access to
all data, and the other allows only faculty access to all the data,
then they must be resolved
• (e.g., partition the data so that students and faculty can access some data,
and only faculty access the other data).
Slide #1-18
19
Controls/Countermeasures
Kind of Threat
Physical
Procedural
Confidentiality
Technical
Protects
Integrity
Availability
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Goals of Security
• Prevention
– Prevent attackers from violating security policy
• Detection
– Detect attackers’ violation of security policy
• Recovery
– Stop attack, assess and repair damage
– Continue to function correctly even if attack
succeeds
Slide #1-20
Security Goals
• When we talk about computer security, we mean that we are
addressing three important aspects of any computer-related system:
confidentiality, integrity, and availability (CIA)
– Confidentiality ensures that computer-related assets are accessed only by
authorized parties.
• Reading, viewing, printing, or even knowing their existence
• Secrecy or privacy
– Integrity means that assets can be modified only by authorized parties or only
in authorized ways.
• Writing, changing, deleting, creating
Slide #1-22
Types of Mechanisms
• Let P be the set of all possible states.
• Let Q be the set of secure states as specified by the
security policy: Q P
• Let the security mechanisms restrict the system to
some set of states, R (thus R P)
• The enforcement mechanism is
– A security mechanism is Secure if R Q
– It is Precise if R = Q
– it is Broad if there is a state r such that r R and r Q.
23
Types of Mechanisms
Slide #1-24
Human Issues
• Organizational Problems
– Power and responsibility
• those responsible have the power to enforce it
• i.e. system administrators are responsible for security, but only security
officers can make the rules.
• People problems
– Outsiders and insiders
• It is speculated that insiders account for 80-90% of all security
problems
– Social engineering
Slide #1-25
Security Life Cycle
Threats
Policy
Specification
Design
Implementation