part01 general security concepts

2/19/2012

1

LOGO

General Security ConceptsIT Faculty – Dalat University

February - 2012

Outline

Components of computer security

Threats and Vulnerabilities

Policies and mechanisms

The role of trust

Assurance

Operational Issues

Human Issues

2 Phan Thi Thanh Nga - IT Faculty

Basic Components

Confidentiality

Keeping data and resources hidden

A secure system ensures the confidentiality

of data. This means that it allows individuals

to see only the data that they are supposed to

see


2/19/2012

2

Basic Components

Confidentiality

Access control mechanisms support confidentiality.

One access control mechanism for preserving

confidentiality is cryptography

Other system-dependent mechanisms can prevent

processes from illicitly accessing information

Confidentiality also applies to the existence of data,

which is sometimes more revealing than the data

itself

Resource hiding is another important aspect of

confidentiality: configuration, equipment,…


Basic Components

Integrity

Integrity refers to the trustworthiness of data

or resources, and it is usually phrased in

terms of preventing improper or unauthorized

change

Data integrity (integrity)

Origin integrity (authentication)


Basic Components

Integrity

A secure system ensures that the data it

contains is valid.

Data integrity means that data is protected

from deletion and corruption, both while it

resides within the database, and while it is

being transmitted over the network

Integrity mechanisms fall into two classes:

prevention mechanisms and detection

mechanisms.


2/19/2012

3

Basic Components

Availability

Enabling access to data and resources

A secure system makes data available to

authorized users, without delay. Denial-of-

service attacks are attempts to block

authorized users’ ability to access and use the

system when needed


Basic Components

Integrity

Confidentiality

Avaliability


Basic Components

Authentication

assurance that the communicating entity is the one claimed

Access Control

prevention of the unauthorized use of a resource


2/19/2012

4

Basic Components

Vulnerability

An error or weakness in design,

implementation or operation

Threat

An adversary motivated and capable of

exploiting a vulnerability

Attack

The means (sequence of actions) of

exploiting a vulnerability10 Phan Thi Thanh Nga - IT Faculty

Information security threats

Loss of integrity: -> must prevent the improper modification of information

Loss of non-repudiation/ authentication ->

auditing & accountability

ƒ Loss of availability: -> must avoid denial of service

(objective: 24/7 availability)



Threat:

any situation or event, whether intentional or

unintentional, that will adversely affect a

system and consequently an organization

Loss of confidentiality: -> must maintain secrecy over data

Note: privacy refers to the need to protect

data about individuals


2/19/2012

5

Classes of Threats

Disclosure: unauthorized access to

information

Snooping

Deception: acceptance of false data

Modification, spoofing, repudiation of origin, denial of

receipt

Disruption: interruption or prevention of correct operation

Modification

ƒ Usurpation: unauthorized control of some part of a system

Modification, spoofing, delay, denial of service


Basic Threats

Snooping:

the unauthorized interception of information.

Some entity is listening to (or reading)

communications or browsing through files or

system information


Basic Threats

Modification or alteration

unauthorized change of information, covers

three classes of threats

some entity relies on the modified data to

determine which action to take

incorrect information is accepted as correct

and is released

An example is the man-in-the-middle attack


2/19/2012

6

Basic Threats

Masquerading or spoofing

an impersonation of one entity by another, is

a form of both deception and usurpation

It lures a victim into believing that the entity

with which it is communicating is a different

entity.

Some forms of masquerading may be

allowed: delegation


Basic Threats

Repudiation of origin

a false denial that an entity sent (or created)

something, is a form of deception

For example, suppose a customer sends a letter to a

vendor agreeing to pay a large amount of money for a

product.

The vendor ships the product and then demands

payment.

The customer denies having ordered the product

The customer has repudiated the origin of the letter. If

the vendor cannot prove that the letter came from the

customer, the attack succeeds.


Basic Threats

Denial of receipt

a false denial that an entity received some information

or message, is a form of deception

Suppose a customer orders an expensive product,

but the vendor demands payment before shipment.

The customer pays, and the vendor ships the product.

The customer then asks the vendor when he will

receive the product.

If the customer has already received the product, the

question constitutes a denial of receipt attack


2/19/2012

7

Basic Threats

Delay

a temporary inhibition of a service, is a form of

usurpation

delivery of a message or service requires

some time t; if an attacker can force the

delivery to take more than time t, the attacker

has successfully delayed delivery


Basic Threats

Denial of service

a long-term inhibition of service, is a form of

usurpation

The attacker prevents a server from providing

a service

The denial may occur at the source, at the

destination, or along the intermediate path



Identification: a user claims who s/he is

ƒAuthentication: a mechanism that determines whether a user is who he or she claims to be (establishing the validity of the above claim )

something the user knows (e.g., a password,

PIN)

something the user possesses (e.g., an ATM

card)

something the user is (e.g., a voice pattern, a

fingerprint)


2/19/2012

8

Access control

Access control:

Closed systems

Open systems


Close system


Open system


2/19/2012

9




Protecting Data

Access Control

Encryption

Protecting Data in a Network Environment

Confidential

Cannot be modified, replayed

Lost packets can be detected

User Identification and Authentication

Auditing


Policies and Mechanisms

Policy says what is, and is not, allowed

This defines “security” for the site/system/etc.

Mechanisms enforce policies

Composition of policies

If policies conflict, discrepancies may create

security vulnerabilities


2/19/2012

10

Prevention

Prevent attackers from violating security policy

Detection

Detect attackers’ violation of security policy

Recovery

Stop attack, assess and repair damage

Continue to function correctly even if attack succeeds


Trust and Assumptions

Underlie all aspects of security

Policies

Unambiguously partition system states

Correctly capture security requirements

Mechanisms

Assumed to enforce policy

Support mechanisms work correctly


Types of Mechanisms


2/19/2012

11

Assurance

Specification

Requirements analysis

Statement of desired functionality

Design

How system will meet specification

Implementation

Programs/systems that carry out design


Operational Issues

Cost-Benefit Analysis

Is it cheaper to prevent or recover?

Risk Analysis

Should we protect something?

How much should we protect this thing?

Laws and Customs

Are desired security measures illegal?

Will people do them?


Human Issues

Organizational Problems

Power and responsibility

Financial benefits

People problems

Outsiders and insiders

Social engineering


2/19/2012

12

Tying Together


Homework

Matt Bishop, Introduction to Computer Security, Chapter 1

Read more about DAC, MAC, RBAC


References

Matt Bishop, Introduction to Computer Security, Prentice Hall PTR, 2004


part01 general security concepts

Technology