Com puter Security Part One Security as a subject Security is an - - PDF document

Com puter Security – Part One

Security as a subject

• Security is an old problem in the computing world,

and are parallel to even older problems outside computing

• Required level of security is always related to what

you protect

• Trade-off between security, cost, and being non-

intrusive to users.

Security in Distributed System s

• What is a system?

– A product or component – The above + OS, communications, etc – The above + one or more applications – Any or all of the above + IT staff – Any or all of the above + internal users and management – Any or all of the above + customers and other external users – Any or all of the above + the surrounding environment including the media, competitors, regulators, and politicians

Principle of Easiest Penetration

Princip le of Ea siest Penetra tion: An intruder must be expected to use any available means of

• penetration. This is not necessarily the most obvious

means, nor is it necessarily the one against which the most solid defense has been installed. Pfleeger, 1997

The Basic Com ponents

• Confidentiality

– The concealment of information or resources – Supported by access control mechanisms – Also applies to the existence of data – Resource hiding – Assumptions and trust underlie confidentiality mechanisms

The Basic Com ponents ( 2 )

• Integrity

– The trustworthiness of data or resources – Includes both data integrity and origin integrity – Two classes:

• prevention mechanisms

– Unauthorized to change data – Unauthorized change to data

• detection mechanisms

– Relies on assumptions about

• the source of the data
• the trust in that source

The Basic Com ponents ( 3 )

• Availability

– The ability to use the information or resource desired – Related to security – System design based on a statistical model

• Break the model –> Break the system

– Stepping stone to other kinds of attacks – Hard to detect

• Manipulation vs. Environment

Tying I t All Together

Threats Policy Specification Design Implementation Operation and Maintenance

Threats ( 2 )

• Passive attacks

– Hard to detect – Prevent

• Active attacks

– Easier to detect – Hard to prevent – Detect - Recover

Release of message contents Traffic analysis Masquerade Replay Modification of message contents Denial of service

Passive threats Active threats

• Threat – a potential violation of security

Threat Analysis - A Successful Attack

• 1. Identify the target and gather information
• 2. Analyze the information and find a vulnerability
• 3. Achieve sufficient access to the target
• 4. Execute the attack
• 5. Erase the traces of the attack and avoid retaliation
• It is often enough to stop one of the step above

Threat Analysis ( 2 )

• Protection

– Physical security

• Social engineering

– Virtual security – Trust model

• Who you can trust and how much

– The life cycle of a system

• Protect all stages of the life cycle
• Detection
• Reaction

Policy and Mechanism

• An example:

– Umeå University forbids copying some other student – A student sees that another student have not read protected his or hers files and copies them. – Is anyone (or both) violating security?

Policy and Mechanism ( 2 )

• Policy language?
• Two cooperating entities?
• Def. A security policy is a statement of what is,

and what is not, allowed.

• Def. A security mechanism is a method, tool, or

procedure for enforcing a security policy.

• Mechanisms can be nontechnical

Security strategies

• Different solutions to the same problem
• Prevention

– Undefeatable mechanisms – Preventive mechanism are often a hinder

• Detection

– Do not prevent compromises of the system

• Recovery

– Stop an attack – Assess and repair any damage – Each attack is unique -> Recovery is complex – Function inhibiting recovery? – Retaliation?

Assum ptions and Trust

• “How does we determine if the policy correctly

describes the required level and type of security for the system?”

• Security rests on assumptions
• Policy and assumptions

– The policy divides the system in secure and non- secure states – The security mechanisms prevent the system from entering a non-secure state

Assum ptions and Trust ( 2 )

• Trusting that mechanisms work requires several

assumptions 1. Each mechanism is designed to implement one

• r more parts of the security policy

2. The union of the mechanisms implements all aspects of the security policy 3. The mechanisms are implemented correctly 4. The mechanisms are installed and administered correctly

Operational I ssues

• Cost-Benefit analysis

– Depends on the mechanism chosen to implement a particular security service and on the mechanisms chosen to implement other security services – Adding security mechanism is more expensive than designing them into the system in the first place

Operational I ssues

• Risk analysis

– The level of protection is a function of the probability of an attack occurring and the effects

• f the attack should it succeed

– Risk is a function of environment – The risks change with time – Many risks are quite remote but still exist, and ignoring them might make them more likely – Analysis paralysis – making risk analyses with no effort to act on those analyses

Operational I ssues

• Laws and customs

– Restrictions on availability and use of technology – Laws of multiple jurisdictions – Legal vs. acceptable practices – Psychological acceptability

Hum an I ssues

• Organizational problems

– Security provides no direct financial reward – Security controls often add complexity – Is security worth it? – Clear chains of responsibility and power – Which people are trained in security? – Lack of resources

Hum an I ssues ( 2 )

• People problems

– The heart of any security system is people

• Insiders

– More access to resources – Careless/ untrained users and system administrators – Users that steal – Users assisting external attacks

• Outsiders

– Social engineering

Tying I t All Together

Threats Policy Specification Design Implementation Operation and Maintenance

The Future

The world is never going to be perfect, either on- or offline; so let's not set impossibly high standards for online.

• Esther Dyson