Download presentation
Presentation is loading. Please wait.
1
Chapter 1: Introduction
Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues
2
Basic Components Confidentiality Integrity Availability
3
Confidentiality Keeping data and resources hidden
Need-to-know principle Illicit access to information Tools: cryptography Encrypting data with a cryptographic key will assure privacy: only those with the decryption key can access the contents. Resource hiding Access control mechanisms support privacy
4
Integrity Data integrity (integrity) Origin integrity (authentication)
The data is authentic, e.g., has not been tampered/corrupted Origin integrity (authentication) The source of the information is authentic Integrity mechanisms fall intio two classes: Prevention mechanisms (block unauthorized attempts) Detection mechanisms (analyze system events and report integrity failures)
5
Availability Enable access to data and resources Reliability
Denial of service attacks Can be the most difficult to detect because the analyst must determine if an unusual access pattern is attributable to deliberate manipulation of resources or of the environment (reliability failure)
6
Relationship between Confidentiality Integrity and Availability
Secure Availability
7
Other security requirements
Reliability – deals with accidental damage, Safety – deals with the impact of system failure caused by the environment, Dependability – reliance can be justifiably placed on the system Survivability – deals with the recovery of the system after massive failure. Accountability -- actions affecting security must be traceable to the responsible party. For this, Audit information must be kept and protected, Access control is needed.
8
Threats A threat is a potential violation of security.
The violation need not occur for there to be a threat. The fact that the violation might occur means that the actions that might cause it should be guarder against. The three security services discussed earlier (confidentiality, integrity, availability) counter threats to the security of the system.
9
Classes of Threats Disclosure Deception Disruption Usurpation Snooping
Modification, spoofing, repudiation of origin, denial of receipt Disruption Modification Usurpation Modification, spoofing, delay, denial of service
10
Policies and Mechanisms
Policy says what is, and what is not, allowed This defines “security” for the site/system/etc. May be expressed in natural language, which is usually imprecise but easy to understand mathematics, which is usually precise but hard to understand policy languages, which look like some form of programming language and try to balance precision with ease of understanding
11
Policies and Mechanisms
Mechanisms enforce policies Mechanism = a method, tool or procedure Mechanisms may be technical, in which controls in the computer enforce the policy: for example, the requirement that a user supply a password to authenticate herself before using the computer procedural, in which controls outside the system enforce the policy: for example, firing someone for bringing in a disk containing a game program obtained from an untrusted source
12
Policies and Mechanisms
Composition of policies If policies conflict, discrepancies may create security vulnerabilities The composition problem requires checking for inconsistencies among policies. If, for example, one policy allows students and faculty access to all data, and the other allows only faculty access to all the data, then they must be resolved (e.g., partition the data so that students and faculty can access some data, and only faculty access the other data).
13
Goals of Security Prevention Detection Recovery
Prevent attackers from violating security policy Detection Detect attackers’ violation of security policy Recovery Stop attack, assess and repair damage Continue to function correctly even if attack succeeds
14
Trust and Assumptions Trust underlies all aspects of security Policies
Unambiguously partition system states Correctly capture security requirements Mechanisms Assumed to enforce policy Support mechanisms work correctly
15
Types of Mechanisms secure precise broad set of reachable states
(that the computer can enter) set of secure states (as allowed by the security policy)
16
Assurance Specification Design Implementation Requirements analysis
Statement of desired functionality Design How system will meet specification Implementation Programs/systems that carry out design
17
Assurance Assurance is a measure of how well the system meets its requirements informally, how much you can trust the system to do what it is supposed to do. It does not say what the system is to do; rather, it only covers how well the system does it.
18
Assurance Specifications arise from requirements analysis, in which the goals of the system are determined. The specification says what the system must do to meet those requirements. It is a statement of functionality, not assurance, and can be very formal (mathematical) or informal (natural language). The specification can be high-level or low-level (for example, describing what the system as a whole is to do vs. what specific modules of code are to do).
19
Assurance The design architects the system to satisfy, or meet, the specifications Typically, the design is layered by breaking the system into abstractions, and then refining the abstractions as you work your way down to the hardware. An analyst also must show the design matches the specification. The implementation is the actual coding of the modules and software components. These must be correct (perform as specified) and their aggregation must satisfy the design.
20
Operational Issues Cost-Benefit Analysis Risk Analysis
Is it cheaper to prevent or recover? Risk Analysis Should we protect something? How much should we protect this thing? Laws and Customs Are desired security measures illegal? Will people do them?
21
Human Issues Organizational Problems People problems
Power and responsibility those responsible have the power to enforce it For example, system administrators are responsible for security, but only security officers can make the rules. People problems Outsiders and insiders It is speculated that insiders account for 80-90% of all security problems Social engineering
22
The security life cycle
Tying it all together Threats Policy Specification Design Implementation Operation & Maintenance The security life cycle
23
Key Points Policy defines security, and mechanisms enforce security
Confidentiality Integrity Availability Trust and knowing assumptions Importance of assurance The human factor
24
Key Points How to achieve Computer Security:
Security principles/concepts: explore general principles/concepts that can be used as a guide to design secure information processing systems. Security mechanisms: explore some of the security mechanisms that can be used to secure information processing systems. Physical/Organizational security: consider physical & organizational security measures
25
References Even at this general level there is disagreement on the precise definitions of some of the required security aspects. References: Orange book – US Dept of Defense, Trusted Computer System Evaluation Criteria. ITSEC – European Trusted Computer System Product Criteria. CTCPEC – Canadian Trusted Computer System Product Criteria
26
Fundamental Dilemma: Functionality or Assurance
Security mechanisms need additional computation Security policies interfere with working patterns, and can be very inconvenient Managing security requires additional effort and costs. Ideally there should be a tradeoff Risk analysis
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.