Security
Problems in Computer Systems
- "As society becomes more
dependent on computers, computer crime is becoming not only more
disastrous in its potential impact, but also more attractive to the
criminal"
Threats
to Computer Systems
- Privacy and security are
problems associated with computer systems and applications that were not
foreseen until well into the second half of the present computer
age."
General
Issues Relating to Security
- Threats
- Vulnerabilities
- Attacks
- Controls
- Effectiveness of Controls
- Impediments to Security
Threats
- Potential occurrences, malicious or otherwise, that can have
undesirable effects on assets or resources associated with computer
systems
- Goals of computer security with
respect to mitigating threats is to provide
- insights
- techniques
- methodologies
Vulnerabilities
- Characteristics of computer systems that make it possible for
a threat to potentially occur
- threats can be mitigated by
identifying and eliminating vulnerabilities
Attacks
- Actions taken by an entity
that exploit certain vulnerabilities in order to cause an existing threat
to occur
- often heuristic
(trial and error)
Controls
- Goals of security controls
are to provide:
- confidentiality
- integrity
- availability
- authentication
- Controls can be
procedures or mechanisms
Effectiveness
of Controls
- Must be used
- users must be convinced of
the necessity for controls
- Must be effective
- timeliness
- reviewed periodically
- Necessary and sufficient
Impediments
to Security
- Existing systems must be retrofitted
- Assurance is difficult
- Effective procedures
- Security requirements are
difficult to identify
- Attitude of computer
community
Confidentiality
- Assets of a computer system
are accessible only by authorized parties or entities
- The property of
confidentiality protects a system from the threat of disclosure
- A Disclosure Threat is the possibility that data will be
accessed by unauthorized entities
- Eavesdropping and resource
stealing are disclosure attacks
Confidentiality
Controls
- Encryption
- Data is transformed
(encoded) so that it is unintelligible to an entity that does not have a
key to decode the data
- encryption is at the
heart of all computer security
- Laws
- eavesdropping and
wiretapping are illegal
-
Integrity
- Unauthorized changes in
data can not occur
- Unauthorized changes in
data can be detected
- The property of integrity
protects against threats of modification and fabrication
Integrity
Controls
- Encryption
- Message integrity check
(MIC)
- One-way functions
Availability
- Capacity to meet service
needs
- includes timeliness
and usability
- The property of
availability protects against threats of denial of service
- Denial of service
occurs when when access to computer system
assets are blocked
- unauthorized access to
computer system assets frequently results in denial of service to an
authorized user
Availability
Controls
- Passwords
- Still mainly unexplored
- Overlap with concerns of the
real-time community
Assurance
- Convincing evidence that
control mechanisms really do mitigate threats
- Examples of assurance
evidence
- test results
- field results
- formal methods
- Providing adequate assurance
is a difficult task
-
Privacy
- Concerns data about humans
- Privacy assures that this
data is not made public or accessible by unauthorized individuals
- Threats on the privacy
property include snooping on information about users
- Accounting logs made for
security purposes are a vulnerability to a snooping attack
Threats,
Vulnerabilities, Attacks, and Controls Reviewed
- Threat -- possibility of an
attack
- Vulnerability -- a weakness
or characteristic that makes it possible for an attack to occur
- Attack -- an action that
exploits a vulnerability causing an existing threat to occur
- Control -- a mechanism or
procedure that mitigates a threat
System
Security Engineering
- Spiral Approach
- Iterative process
- Specify system architecture
- Identify threats,
vulnerabilities, attacks
- Estimate component risk --
exit spiral if acceptably low
- Prioritize vulnerabilities
- Identify and install
safeguards -- go back to first step
Threat
Tree Approach
- Threats are the highest
concern of the science of computer security
- Threat tress can be used to
insure that security requirements are:
- complete (and organized)
- justifiable
- well-documented