Com puter Security – Part One
Security as a subject • Security is an old problem in the computing world, and are parallel to even older problems outside computing • Required level of security is always related to what you protect • Trade-off between security, cost, and being non- intrusive to users.
Security in Distributed System s • What is a system? – A product or component – The above + OS, communications, etc – The above + one or more applications – Any or all of the above + IT staff – Any or all of the above + internal users and management – Any or all of the above + customers and other external users – Any or all of the above + the surrounding environment including the media, competitors, regulators, and politicians
Principle of Easiest Penetration Princip le of Ea siest Penetra tion: An intruder must be expected to use any available means of penetration. This is not necessarily the most obvious means, nor is it necessarily the one against which the most solid defense has been installed. Pfleeger, 1997
The Basic Com ponents • Confidentiality – The concealment of information or resources – Supported by access control mechanisms – Also applies to the existence of data – Resource hiding – Assumptions and trust underlie confidentiality mechanisms
The Basic Com ponents ( 2 ) • Integrity – The trustworthiness of data or resources – Includes both data integrity and origin integrity – Two classes: • prevention mechanisms – Unauthorized to change data – Unauthorized change to data • detection mechanisms – Relies on assumptions about • the source of the data • the trust in that source
The Basic Com ponents ( 3 ) • Availability – The ability to use the information or resource desired – Related to security – System design based on a statistical model • Break the model –> Break the system – Stepping stone to other kinds of attacks – Hard to detect • Manipulation vs. Environment
Tying I t All Together Threats Policy Specification Design Implementation Operation and Maintenance
Threats ( 2 ) • Threat – a potential violation of security Release of message • Passive attacks contents Passive threats – Hard to detect Traffic analysis – Prevent • Active attacks Masquerade – Easier to detect – Hard to prevent Replay Active threats – Detect - Recover Modification of message contents Denial of service
Threat Analysis - A Successful Attack 1. Identify the target and gather information 2. Analyze the information and find a vulnerability 3. Achieve sufficient access to the target 4. Execute the attack 5. Erase the traces of the attack and avoid retaliation • It is often enough to stop one of the step above
Threat Analysis ( 2 ) • Protection – Physical security • Social engineering – Virtual security – Trust model • Who you can trust and how much – The life cycle of a system • Protect all stages of the life cycle • Detection • Reaction
Policy and Mechanism • An example: – Umeå University forbids copying some other student – A student sees that another student have not read protected his or hers files and copies them. – Is anyone (or both) violating security?
Policy and Mechanism ( 2 ) Def. A security policy is a statement of what is, and what is not, allowed. • Policy language? • Two cooperating entities? Def. A security mechanism is a method, tool, or procedure for enforcing a security policy. • Mechanisms can be nontechnical
Security strategies • Different solutions to the same problem • Prevention – Undefeatable mechanisms – Preventive mechanism are often a hinder • Detection – Do not prevent compromises of the system • Recovery – Stop an attack – Assess and repair any damage – Each attack is unique -> Recovery is complex – Function inhibiting recovery? – Retaliation?
Assum ptions and Trust • “How does we determine if the policy correctly describes the required level and type of security for the system?” • Security rests on assumptions • Policy and assumptions – The policy divides the system in secure and non- secure states – The security mechanisms prevent the system from entering a non-secure state
Assum ptions and Trust ( 2 ) • Trusting that mechanisms work requires several assumptions 1. Each mechanism is designed to implement one or more parts of the security policy 2. The union of the mechanisms implements all aspects of the security policy 3. The mechanisms are implemented correctly 4. The mechanisms are installed and administered correctly
Operational I ssues • Cost-Benefit analysis – Depends on the mechanism chosen to implement a particular security service and on the mechanisms chosen to implement other security services – Adding security mechanism is more expensive than designing them into the system in the first place
Operational I ssues • Risk analysis – The level of protection is a function of the probability of an attack occurring and the effects of the attack should it succeed – Risk is a function of environment – The risks change with time – Many risks are quite remote but still exist, and ignoring them might make them more likely – Analysis paralysis – making risk analyses with no effort to act on those analyses
Operational I ssues • Laws and customs – Restrictions on availability and use of technology – Laws of multiple jurisdictions – Legal vs. acceptable practices – Psychological acceptability
Hum an I ssues • Organizational problems – Security provides no direct financial reward – Security controls often add complexity – Is security worth it? – Clear chains of responsibility and power – Which people are trained in security? – Lack of resources
Hum an I ssues ( 2 ) • People problems – The heart of any security system is people • Insiders – More access to resources – Careless/ untrained users and system administrators – Users that steal – Users assisting external attacks • Outsiders – Social engineering
Tying I t All Together Threats Policy Specification Design Implementation Operation and Maintenance
The Future The world is never going to be perfect, either on- or offline; so let's not set impossibly high standards for online. - Esther Dyson
Recommend
More recommend
