Cmpe 471Computer Crime: Techniques

and Countermeasures

Preventing Computer Crime

• Proper employee relations– careful supervision of employees’ state of mind– take note of unusual personal problems– beware if the employee radiates negative energy

about the systems, peers and the company in general– try to solve the problem before it becomes a physical

attack– take measures to prevent unauthorised access to

information assets

• Take physical measures for piggybacking– Guard– physical gates– outsourced external security company– proper guard back-up procedures– prevent more than one person to enter: man-

trap: Kuzey Kampus, GarantiB headquarters

Preventing Computer Crime

• Preventing logical piggybacking– Unattended terminals or PCs are the portals for logical

piggybacking

– configurable time-out function

– automatic branching to a security screen

– user-configurable screen lay-out for re-authentication

– integration with a security database

– automatic return to the previous (interrupted) state

– apply biometrics

Preventing Computer Crime

• Controls Against Program Threats– Software development

• the design• writing• testing

– Programming Controls– Description of the programming task

• individual task that requires independent thought• programs are very individualistic• programmers are solitary people who enjoy working alone• programming is an art only understood by programmers

Preventing Computer Crime

• Controls Against Program Threats

– None of these arguments hold true!!!

– The basic principles of software engineering are• division of labour

• reuse of code

• use of standard pre-constructed software tools

• organised activity

– Peer reviews: code and design

– modularity, encapsulation and information hiding

Preventing Computer Crime

• Controls Against Program Threats– Writing code in small self-contained units:

modules• advantages for program development and security• a module can be isolated from the negative effects

of other models with which it interacts: encapsulation

– Information hiding:• other modules know that a module performs a

certain task, but not know how it performs that task

Preventing Computer Crime

• Controls Against Program Threats– Modularity:

• Unity: performs one purpose• Smallness: consists of an amount of information of which a person can readily

grasp both structure and content• Simplicity: low degree of complexity so that a person can readily understand

the purpose and structure of the module• Independence: performs a task isolated from other modules• maintenance: a module can be replaced with a revised one• understandability: small modules are easier to understand • reuse• correctness: an error can be found and corrected easily• testing: a single module with well-defined inputs, output, function can be tested

without effecting other modules

Preventing Computer Crime

• Controls Against Program Threats– From a standpoint of security, programmers

and analysts must be able to understand each module as an independent unit and be assured of its limited effect on other modules

– Proper modularity leads to modules that have minimal interaction with other modules

Preventing Computer Crime

Encapsulation

Tight coupling Independent, loosely coupledmodules

Information hiding

Access to all parts of module

Method, data hidden

Configuration Management• A person or system controls and records all changes

to a program or documentation• change control board

– judges the desirability and correctness of all proposed changes

• to guard against loss of a version of a program• to manage the parallel development of several

similar versions of one program• to provide facilities for controlled sharing of

modules that combine to form one system

Configuration Management

• Security advantages:– protects against unintentional threats– guard against malicious ones– protects integrity of programs and

documentation

Proofs of Program Correctness

• A security specialist wants to make sure that a given program computes a particular result and computes it correctly.

• Program correctness proofs are hindered by several factors:– depends on the programmer to translate

program’s statements into logical implications- translation is prone to errors

Proofs of Program Correctness

– Deriving the correctness proof from the initial assertions and the implications of statements is difficult; less appropriate for large programs

– the current state of program verification is well-developed than code production; consistent and successful application to large production systems is a challenge.

Process Improvement• Development stages:

– system requirements design

– software requirements analysis

– preliminary design

– detailed design

– coding and unit testing

– component integration and testing

– subsystem integration and testing

– system integration and testing

Process Improvement• Each of these phases has the following

requirements:– software development management: planning,

organisation, reviews

– software engineering: development, decomposition, adherence to standards for coding and language

– formal qualification testing

– software product evaluation

– configuration management

Capability Maturity Model

• Software Engineering Institute (SEI) grants CMM levels from 1 to 5, 5 being the highest standard– Initial– Repeatable– Defined– Managed– Optimising

Administrative Controls

• Standards of program development

• Enforcing program development standards– security audits– segregation of duties