july 1, 2004computer security: art and science 2002-2004 matt bishop slide #1-1 chapter 1:...

July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop

Slide #1-1

Chapter 1: Introduction

• Components of computer security• Threats• Policies and mechanisms• The role of trust• Assurance• Operational Issues• Human Issues


Slide #1-2

Basic Components (Goals)

• Confidentiality– Keeping data and resources hidden

• Integrity– Data integrity (integrity)– Origin integrity (authentication)

• Availability– Enabling access to data and resources


Slide #1-3

Additional Goals

• Authentication– Correctly identifying the source

• Non-repudiation– Being able to prove the source of an utterance

to a third party


Slide #1-4

Terms• Exposure

– Possible form of loss• Vulnerability

– Possible mechanism by which loss can occur• Threat

– Circumstance or event that could cause loss• Attack

– Attempt to exploit vulnerability• Control

– Mechanism to mitigate exposures


Slide #1-5

Overall Process• Identify and Classify Assets

– What are we protecting? How are they important?• Identify Exposures and Threats

– What would be bad? How could it happen?• Identify Vulnerabilities and Threat Sources

– Who or what could cause loss, and how?• Determine Policies and Controls

– What should be allowed and what disallowed?– How will the policies be enforced

• Implement and Monitor– Deploy controls and use them, gain experience to update p.r.n.


Slide #1-6




Slide #1-7

Classes of Threats

• Disclosure– Snooping

• Deception– Modification, spoofing, repudiation of origin, denial of

receipt• Disruption

– Modification• Usurpation

– Modification, spoofing, delay, denial of service


Slide #1-8




Slide #1-9

Policies and Mechanisms

• Policy says what is, and is not, allowed– This defines “security” for the site/system/etc.

• Mechanisms enforce policies• Composition of policies

– If policies conflict, discrepancies may create security vulnerabilities


Slide #1-10

“Goals” of Security (Control Approaches)

• Prevention– Prevent attackers from violating security policy

• Detection– Detect attackers’ violation of security policy

• Recovery– Stop attack, assess and repair damage– Continue to function correctly even if attack

succeeds


Slide #1-11




Slide #1-12

Trust and Assumptions

• Underlie all aspects of security• Policies

– Unambiguously partition system states– Correctly capture security requirements

• Mechanisms– Assumed to enforce policy– Support mechanisms work correctly


Slide #1-13

Types of Mechanisms

secure precise broad

set of reachable states set of secure states


Slide #1-14




Slide #1-15

Assurance

• Confidence that system will perform in a predictable way

• Generally, intent is that it will perform correctly!


Slide #1-16

Achieving Assurance

• Specification– Requirements analysis– Statement of desired functionality

• Design– How system will meet specification

• Implementation– Programs/systems that carry out design


Slide #1-17




Slide #1-18

Operational Issues

• Cost-Benefit Analysis– Is it cheaper to prevent or recover?

• Risk Analysis– Should we protect something?– How much should we protect this thing?

• Laws and Customs– Are desired security measures illegal?– Will people do them?


Slide #1-19




Slide #1-20

Human Issues

• Organizational Problems– Power and responsibility– Financial benefits

• People problems– Outsiders and insiders– Social engineering


Slide #1-21

Tying Together

Threats

PolicySpecification

Design

Implementation

Operation


Slide #1-22

Key Points

• Policy defines security, and mechanisms enforce security– Confidentiality– Integrity– Availability

• Trust and knowing assumptions• Importance of assurance• The human factor

july 1, 2004computer security: art and science 2002-2004 matt bishop slide #1-1 chapter 1:...

Documents