Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction Security services – tools and programs that prevent/detect/react the attacks. many combine mechanism/services into method(s) for thwarting security threats.
Security Attack Types Interruption – attack on availability Function Property Interruption – attack on availability Interception – attack on confidentiality Modification – attack on integrity Fabrication – attack on authenticity Various kinds of attacks can be classified into 4 different categories. User a transmits a fiel to User B.The file contains sensitive information that should be protected from disclosure. User C who is not authorised to read the file able to monitor the transmission and capture a copy of the file during transmission. 2. A network manager D transmits a message to a computer E under its management. The message instruct computer E to update an authorisation file. User F intercepts the messages, alter the message and sends it to E which accepts as if it came from D and modifies the authorisation file. 3. Rather then intercepting the message, user constructs his own message and sends it as if it came from D. A fired employee intercepts a message from personal manager which will invalidate his
Security is defined as Computer security deals with the prevention and detection of unauthorised actions by users of a computer system AND deals with the ready availability of valuable assets by authorised agents, and the denial of that access to all others
The security dilemma security deals with the ready availability of valuable assets by authorised agents, and the denial of that access to all others. One mechanism may interfere with the other e.g: shutting down or bringing a system to a single user mode, say for consistency verification forcing users to change password every week. What we mean by unauthorsised actions. The dilemma here is whether we should make the it available or not? On the contrary we have another problem too – namely real users do not know much about security requirements!!
Example Regular backing up the system and/or user data files (say everyday at midnight) What kind of attack for which this service will be appropriate? Interruption (file being deleted by an un-authorised person!) Modification – file content is modified (e.g. by a virus) mechanism – detection (and not prevention) how and when you detect? See the Q!
Example – contd Service – backup and restore program complete backup revolving backup selective or incremental backup explain these terms – tutorial class
Q You discover that your computer system has been infected by a piece of malicious code which modified certain files of the system. You have NO idea when the infection has occurred. You do have backups performed every week since the system was put into operation. How could you use the backups to construct a “clean” version of your system?
Another Q Assume that a bank shuts down its customer accounts database at 5 pm and restarts it the next day at 9 am. How the bank can verify whether the state (contents) of the database at 9 am is same as the one when the shutdown occurred at the previous day? in other words how to detect any change (by modification and fabrication) in the contents of a file (database file)? Note that the file size may be large (say in giga-bytes, if not in tera bytes!!)
One method of defence By controls What should be the focus of the controls? For example: should protection mechanisms focus on data or operations on that data or on the users who use the data? Since there are layers of technology, where controls should apply? Applications, services, operating systems, kernel, hardware. As I mentioned in the first lecture, the method of defence is either by controls or by making the data readable by the authorised users but not by others. Let us look at control more here as it is only thing that is applicable to computer security. Controls can be applied various layers and what component of the system it should apply?
Layers of technology (and Onion Model) In which layer should security mechanisms be placed ? Should controls be placed in more that one layer ? See slide 46 too. Operating System Kernel Hardware Services Applications
Controls Can be applied at hardware, software, physical or polices. Simple mechanisms or lots of features? Should defining and enforcing security mechanism be a centralised function? How to prevent access to the layer below the security mechanism? This slides tells in in more details what I mentioned in the previous slide.
Layers The presence of layers is a feature of technology Separate layers often perform very different functions Similar functions are combined in one layer The boundary between two layers is usually easily defined Layers can often be independently implemented
Effectiveness of Controls Merely having controls does no good unless they are used properly. The factors that affect the effectiveness are Awareness of protection Likelihood of users Overlapping controls Periodic review Having controls alone is not enough but also it has to be effective. Effectiveness comes from the users of the system. How to improve the effectiveness: Awareness, who are the users who need to be educated, probably overlapping controls to cross impose and verification and periodic evaluation of the effectiveness of the controls.
The security dilemma The costs of additional resources to implement security mechanisms can be quantified. Security mechanisms interfere with users, and can lead to loss of productivity. Managing security also costs. Need to perform risk analysis (which will be the next topic) The security dilemma need resource and hence it costs money!!