Security

Part I-1 Components of Computer Security

Confidentiality Keeping data and resources hidden. Government, military, online financial transactions, e-commerce, medical record, .... Confidentiality is a protection of information from unauthorized parties Can be achieved by access control. Cryptography is used in access control. Encryption scrambles data to make it incomprehensible. Original data can be recovered by decryption. Demo: Encryption using AES

Integrity Data integrity is to provide assurance so that data has not been altered (for example, by an unauthorized entity). Unauthorized tampering can be detected by tracking a message digest. MD5/SHA-1 Example Origin integrity (of the source of data) , is also called authentication. Counter measures include prevention and detection.

Availability Availability—Enabling access to data and resources. It is aspect of reliability and system design. Attackers can make data or service unavailable (deny access). Some systems are designed based on some (statistical) model. Attackers can do something so that the assumptions of the model is invalid.

Part I-2 Threats

Disclosure Unauthorized access of information. It is a passive attack and has the following form: Snooping (e.g., wiretapping).

Deception Acceptance of false data. The forms are: Modification (or alteration)—unauthorized change of information (e.g., active wiretapping, man-in-the-middle attack). Spoofing (or masquerading)—impersonation Repudiation of the origin—deny previously authorized action. Denial of receipt

Policies and Mechanisms Components of Computer Security Threats Policies and Mechanisms Trust and Assumptions Assurance Operational Issues Hum Part I-3 Policies and Mechanisms

Policies and Mechanisms Policy says what is, and is not, allowed. 1 A policy defines “security” for site/system/etc. Formal definition (e.g., algebraic characterization) v.s. informal definition (plain description in English). 2 Mechanisms enforce policies. 1 Mechanisms can be methods, tools or procedures. Be careful with composition of policies. Inconsistent policies may be a source of security flaws. 1 Example. MS Outlook can be configured to include “Don’t download pictures”, but in IE “Show picture” is chosen.

Goals of Security Prevention—prevent attackers from violating security policy. Detection—detect attackers’ violation of security policy. Recovery—stop attack, assess and repair damage; continue to function correctly even if attack succeeds

Part I-4 Trust and Assumptions

Trust and Assumptions Underlie all aspects of security. Two assumptions: 1 Policies should unambiguously partition system states into “secure” set and “non secure” set, and correctly capture security requirements. Mechanisms are assumed to enforce policy and implemented correctly. 2

Types of Mechanisms P = set of all states. Q = set of secure states specified by a policy. Q is a subset of P, i.e., Q ⊂ P. Suppose that a mechanism restricts the system to some set of states, say R ⊂ P. Then the security mechanism is 1 secure if R ⊂ Q. precise if R = Q. broad if R − Q is not empty, i.e., there is some state of R which is not in Q. 2 3

Types of Mechanisms...(2) Secure Precise Broad Set Q ( secure ) Set R ( reachable )

Components of Computer Security Threats Policies and Mechanisms Trust and Assumptions Assurance Operational Issues Hum Part I-7 Human Issues

Human Issues People problems: Outsiders and insiders 1 1 Outsiders and insiders Some statistics indicates high percentage of security threats are from insiders. 2 2