Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Overview of Computer Security

Published byAivar Roos Modified over 5 years ago

Similar presentations

Presentation on theme: "An Overview of Computer Security"— Presentation transcript:

1 An Overview of Computer Security
Chapter 1 Version 1.0 Computer Security: Art and Science, 2nd Edition

2 Computer Security: Art and Science, 2nd Edition
Outline Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Version 1.0 Computer Security: Art and Science, 2nd Edition

3 Computer Security: Art and Science, 2nd Edition
Basic Components Confidentiality Keeping data and resources hidden Integrity Data integrity (integrity) Origin integrity (authentication) Availability Allowing access to data and resources Section 1.2 Snooping : an example is passive wiretapping, where the attacker monitors communications. Modification: an example is active wiretapping, where the attacker injects something into a communication or modifies parts of the communication. Modification is sometimes called alteration. Spoofing: delegation is basically authorized spoofing. The difference is that the ones to which authority is delegated does not impersonate the delegator; she simply asserts authority to act as an agent for the delegator. Delay: slowing down messages so they arrive, but much later than expected. Denial of service: this may not be due to an attack, but due to limits of resources. However, the effect here is critical. If you define security in terms of what users need to access, the inability to access is a security problem regardless of whether the reason is intentional (an attack) or unintentional (not an attack). Version 1.0 Computer Security: Art and Science, 2nd Edition

4 Computer Security: Art and Science, 2nd Edition
Classes of Threats Disclosure Snooping Deception Modification, spoofing, repudiation of origin, denial of receipt Disruption Modification Usurpation Modification, spoofing, delay, denial of service Section 1.2 Snooping : an example is passive wiretapping, where the attacker monitors communications. Modification: an example is active wiretapping, where the attacker injects something into a communication or modifies parts of the communication. Modification is sometimes called alteration. Spoofing: delegation is basically authorized spoofing. The difference is that the ones to which authority is delegated does not impersonate the delegator; she simply asserts authority to act as an agent for the delegator. Delay: slowing down messages so they arrive, but much later than expected. Denial of service: this may not be due to an attack, but due to limits of resources. However, the effect here is critical. If you define security in terms of what users need to access, the inability to access is a security problem regardless of whether the reason is intentional (an attack) or unintentional (not an attack). Version 1.0 Computer Security: Art and Science, 2nd Edition

5 Policies and Mechanisms
Policy says what is, and is not, allowed This defines “security” for the site/system/etc. Mechanisms enforce policies Composition of policies If policies conflict, discrepancies may create security vulnerabilities Section 1.3 Policy: may be expressed in natural language, which is usually imprecise but easy to understand; mathematics, which is usually precise but hard to understand; policy languages, which look like some form of programming language and try to balance precision with ease of understanding Mechanisms: may be technical, in which controls in the computer enforce the policy; for example, the requirement that a user supply a password to authenticate herself before using the computer procedural, in which controls outside the system enforce the policy; for example, firing someone for ringing in a disk containing a game program obtained from an untrusted source The composition problem requires checking for inconsistencies among policies. If, for example, one policy allows students and faculty access to all data, and the other allows only faculty access to all the data, then they must be resolved (e.g., partition the data so that students and faculty can access some data, and only faculty access the other data). Version 1.0 Computer Security: Art and Science, 2nd Edition

6 Computer Security: Art and Science, 2nd Edition
Goals of Security Prevention Prevent attackers from violating security policy Detection Detect attackers violating security policy Recovery Stop attack, assess and repair damage Continue to function correctly even if attack succeeds Section 1.3.1 Prevention is ideal, because then there are no successful attacks. Detection occurs after someone violates the policy or tries to violate the policy. The mechanism determines that a violation of the policy has occurred (or is underway, or has been attempted), and reports it. The system (or system security officer) must then respond appropriately. Recovery means that the system continues to function correctly, possibly after a period during which it fails to function correctly. If the system functions correctly always, but possibly with degraded services, it is said to be intrusion tolerant. This is very difficult to do correctly; usually, recovery means that the attack is stopped, the system fixed (which may involve shutting down the system for some time, or making it unavailable to all users except the system security officers), and then the system resumes correct operations. Version 1.0 Computer Security: Art and Science, 2nd Edition

7 Computer Security: Art and Science, 2nd Edition
Assumptions and Trust Underlie all aspects of security Policies Unambiguously partition system states Correctly capture security requirements Mechanisms Assumed to enforce policy Support mechanisms work correctly Section 1.4 All security policies and mechanisms rest on assumptions; we will examine some in later chapters, most notably Chapter 23, Malicious Logic. Here is a taste of the assumptions. Policies: as these define security, they have to define security correctly for the particular site. For example, a web site has to be available, but if the security policy does not mention availability, the definition of security is inappropriate for the site. Also, a policy may not specify whether a particular state is “secure” or “non-secure.” This ambiguity causes problems. Mechanisms: as these enforce policy, they must be appropriate. For example, cryptography does not assure availability, so using cryptography in the above situation will not work. Further, security mechanisms rely on supporting infrastructure, such as compilers, libraries, the hardware, and networks to work correctly. Ken Thompson’s modified C preprocessor (see the example in Chapter 23, Malicious Logic) illustrates this point very well. Version 1.0 Computer Security: Art and Science, 2nd Edition

8 Computer Security: Art and Science, 2nd Edition
Types of Mechanisms secure precise broad This picture captures Definition 1-3 visually A reachable state is one that the computer can enter. A secure state is a state defined as allowed by the security policy. The left figure shows a secure system: all reachable states are in the set of secure states. The system can never enter (reach) a non-secure state, but there are secure states that the system cannot reach. The middle figure shows a precise system: all reachable states are secure, and all secure states are reachable. Only the non-secure states are unreachable. The right figure shows a broad system. Some non-secure states are reachable. This system is also not secure. set of reachable states set of secure states Version 1.0 Computer Security: Art and Science, 2nd Edition

9 Computer Security: Art and Science, 2nd Edition
Assurance Specification Requirements analysis Statement of desired functionality Design How system will meet specification Implementation Programs or systems that carry out design Section 1.5 Assurance is a measure of how well the system meets its requirements; more informally, how much you can trust the system to do what it is supposed to do. It does not say what the system is to do; rather, it only covers how well the system does it. Specifications arise from requirements analysis, in which the goals of the system are determined. The specification says what the system must do to meet those requirements. It is a statement of functionality, not assurance, and can be very formal (mathematical) or informal (natural language). The specification can be high-level or low-level (for example, describing what the system as a whole is to do vs. what specific modules of code are to do). The design architects the system to satisfy, or meet, the specifications. Typically, the design is layered by breaking the system into abstractions, and then refining the abstractions as you work your way down to the hardware. An analyst also must show the design matches the specification. The implementation is the actual coding of the modules and software components. These must be correct (perform as specified), and their aggregation must satisfy the design. Note the assumptions of correct compilers, hardware, etc. Version 1.0 Computer Security: Art and Science, 2nd Edition

10 Computer Security: Art and Science, 2nd Edition
Operational Issues Cost-benefit analysis Is it cheaper to prevent or recover? Risk analysis Should we protect something? How much should we protect this thing? Laws and customs Are desired security measures illegal? Will people do them? Section 1.6 Security does not end when the system is completed. Its operation affects security. A “secure” system can be breached by improper operation (for example, when accounts with no passwords are created). The question is how to assess the effect of operational issues on security. Cost-benefit analysis: this weighs the cost of protecting data and resources with the costs associated with losing the data. Among the considerations are the overlap of mechanisms’ effects (one mechanism may protect multiple services, so its cost is amortized), the non-technical aspects of the mechanism (will it be impossible to enforce), and the ease of use (if a mechanism is too cumbersome, it may cost more to retrofit a decent user interface than the benefits would warrant). Risk Analysis: what happens if the data and resources are compromised? This tells you what you need to protect and to what level. Cost-benefit analyses help determine the risk here, but there may be other metrics involved (such as customs). Laws and customs: these constrain what you can do. Encryption used to be the biggie here, as the text indicates. In the U.S. and France, the laws have changed radically to allow exporting of some cryptographic source code (U.S.) and no longer requiring registration of cryptographic keys (France). Customs involve non-legislated things, like the use of urine specimens to determine identity. That is legal, at least in the US in some cases; but it would never be widely accepted as an alternative to a password. Version 1.0 Computer Security: Art and Science, 2nd Edition

11 Computer Security: Art and Science, 2nd Edition
Human Issues Organizational problems Power and responsibility Financial benefits People problems Outsiders and insiders Social engineering Section 1.7 Organizations: the key here is that those responsible for security have the power to enforce security. Otherwise there is confusion, and the architects need not worry if the system is secure because they will not be blamed if someone gets in. This arises when system administrators, for example, are responsible for security, but only security officers can make the rules. Preventing this problem (power without responsibility, or vice versa) is tricky and requires capable management. What is worse is that security is not a direct financial incentive for most companies because it does not bring in revenue. It merely prevents the loss of revenue obtained from other sources. People problems are by far the main source of security problems. Outsiders are attackers from outside the organization; insiders are people who have authorized access to the system and, possibly, are authorized to access data and resources, but use the data or resources in unauthorized ways. It is speculated that insiders account for 80-90% of all security problems, but the studies generally do not disclose their methodology in detail, so it is hard to know how accurate they are. (Worse, there are many slightly different definitions of the term “insider,” causing the studies to measure slightly different things!) Social engineering, or lying, is quite effective, especially if the people gulled are inexperienced in security (possibly because they are new, or because they are tired). Version 1.0 Computer Security: Art and Science, 2nd Edition

12 Computer Security: Art and Science, 2nd Edition
Tying Together Threats Policy Specification Design Section 1.8; the picture is a rearrangement of Figure 1-1 The point to this slide is that each step feeds into the earlier steps. In theory, each of these should only affect the one before it, and the one after it. In practice, each affects all the ones that come before it. Feedback from operation and maintenance is critical, and often overlooked. It allows one to validate the threats and the legitimacy of the policy. Implementation Operation Version 1.0 Computer Security: Art and Science, 2nd Edition

13 Computer Security: Art and Science, 2nd Edition
Key Points Policy defines security, and mechanisms enforce security Confidentiality Integrity Availability Trust and knowing assumptions Importance of assurance The human factor Version 1.0 Computer Security: Art and Science, 2nd Edition

Download ppt "An Overview of Computer Security"

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.

1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.

Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.

Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
July 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
1 Introduction to Security Dr.Talal Alkharobi. 2 Why is security important? Computers and networks are the nerves of the basic services and critical infrastructures.

1 Introduction to Security Dr.Talal Alkharobi. 2 Why is security important? Computers and networks are the nerves of the basic services and critical infrastructures.
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.

April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
Topics in Information Security Prof. JoAnne Holliday Santa Clara University.

Topics in Information Security Prof. JoAnne Holliday Santa Clara University.
Cryptography and Network Security

Cryptography and Network Security
Information Security Rabie A. Ramadan GUC, Cairo Room C7 -310 Lecture 2.

Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Similar presentations

Ads by Google