Professional Documents
Culture Documents
Fall 2013
Lecture 1
Halim M. Khelalfa
(main reference = Dieter Gollmann, Computer Security, John Wiley, 3rd edition, 2011)
By PresenterMedia.com
Lecture 1
Part I:
History of Computer Security
•Learning outcomes of part 1
1. Some definitions
2. The fundamental dilemma of computer security
3. Data vs information
4. Principles of computer security
5. The layer below
6. The layer above
•Learning outcomes part II
• Security strategies
• Prevention – detection – reaction
• Security objectives
• Confidentiality – integrity – availability
• Accountability – non-repudiation
• Fundamental Dilemma of Computer Security
• Principles of Computer Security
• The layer below
Security strategies= Protecting Information Assets
i. Avoidance
ii. Prevention
iii.Detection
iv. Containment and
response
v. Recovery
vi. Improvement
Security strategies
1. Avoidance
• Improving security by to avoiding configurations that present
unnecessary opportunities for problems to occur. Example:
• IF users of systems on a particular network do not require direct access
to external networks,
• and IF inbound connections are forbidden,
• THEN there is no reason to connect the network to external networks in
the first place.
2. Prevention
• Implementation of measures and controls to minimize the
possibility of security problems occurring. Example
• It may be necessary to store different kinds of data on a common file
server.
• To prevent unauthorized access to each kind of data, access controls
should allow users to see only those kinds of data they have permission
to see.
Security strategies
3. Detection
Despite all efforts to prevent unauthorized access to information
assets and resources, security incidents are bound to occur. It is
therefore necessary to implement measures to detect possible
information security problems when they occur. Example:
It may be appropriate for you to deploy network traffic monitors to alert
you to unauthorized connection attempts to your networked systems.
4. Containment and response
When information security incidents occur, you will have to work
quickly to contain the damage and respond to prevent further
unauthorized activity.
Preparation and practice in handling security incidents is an essential part
of maintaining readiness to respond when incidents occur.
Security strategies
5. Recovery
When system failures and security incidents occur, you will need to have
resources and data backups available to restore your data, systems,
networks, and security infrastructure to a “known-good” state.
This means that preparation and ongoing effort must be applied in advance
to back up data and systems.
5. Improvement
New threats to the security of information and information systems are
discovered every day. Intruders actively seek ways to infiltrate systems in
search of information and resources.
It is necessary to engage in a continuous effort to sustain and improve the
security of the networked information systems under your administrative
control.
As security incidents occur, lessons learned help to identify areas in need of
improvement.
Staying up to date regarding newly discovered problems and the means to
mitigate them are essential elements of a continuous security improvement
process.
•Example 1 – Private Property
1. Prevention:
locks at doors, window bars, walls round the property.
2. Detection:
stolen items are missing, burglar alarms, closed circuit TV.
3. Reaction:
call the police, replace stolen items, make an insurance
claim …
•Example 2 – E-Commerce
1. Prevention:
encrypt your orders, rely on the merchant to perform
checks on the caller, don’t use the Internet (?) …
2. Detection:
an unauthorized transaction appears on your credit card
statement.
3. Reaction:
complain, ask for a new card number,
Who will cover the fraudulent transaction? The card
holder, the merchant? The card issuer?
Security Objectives CIAAA
1. Confidentiality:
prevent unauthorised disclosure of information
2. Integrity:
prevent unauthorised modification of information
3. Availability:
prevent unauthorised withholding of information or
resources
4. Authenticity:
“know whom you are talking to”
5. Accountability (non-repudiation):
prove that an entity was involved in some event
Confidentiality
Confidentiality
Secrecy
Privacy
=
=
Protection of data
Protection
belonging to an
of personal data
organisation.
More on Confidentiality- content or existence
of a document
Confidentiality
Content of a Existence
document of a document
More on Confidentiality- traffic analysis in
communication system
Un-linkability Anonymity
Two or more items of
A subject is
interest (messages,
actions, events, users) anonymous if it
are unlikable if an cannot be identified
attacker cannot within a given
sufficiently distinguish anonymity set of
if they are related or subjects
not
•Privacy
• Protection of personal data (OECD Privacy Guidelines, EU
Data Privacy Directive 95/46/EC).
• “Put the user in control of their personal data and of
information about their activities.”
• Taken now more seriously by companies that want to be
‘trusted’ by their customers.
• Also: the right to be left alone, e.g. not to be bothered by
spam.
Integrity
• Prevent unauthorised modification of information
(prevent unauthorised writing).
• Data Integrity - The state that exists when
computerized data is the same as that in the source
document and has not been exposed to accidental or
malicious alteration or destruction.
• Detection (and correction) of intentional and
accidental modifications of transmitted data.
•Integrity continued
• Clark & Wilson: no user of the system, even if authorized, may
be permitted to modify data items in such a way that assets
or accounting records of the company are lost or corrupted.
• In the most general sense: make sure that everything is as it is
supposed to be.
• (This is highly desirable but cannot be guaranteed by
mechanisms internal to the computer system.)
• Integrity is a prerequisite for many other security services;
operating systems security has a lot to do with integrity.
• Example : hacker trying to modify an OS access right table to
circumvent access controls.
Availability
The property of being accessible and usable upon demand by
an authorised entity.
Denial of Service (DoS): prevention of authorised access of
resources or the delaying of time-critical operations.
Maybe the most important aspect of computer security, but
few methods are around.
Distributed denial of service (DDoS) receives a lot of attention;
systems are now designed to be more resilient against these
attacks.
•Denial of Service Attack (smurf)
• Attacker sends ICMP echo requests to a broadcast address,
with the victim’s address as the spoofed sender address.
• The echo request is distributed to all nodes in the range of the
broadcast address.
• Each node replies with an echo to the victim.
• The victim is flooded with many incoming messages.
• Note the amplification: the attacker sends one message, the
victim receives many.
•Denial of Service Attack (smurf)
attacker
A
47
•Principles of Computer Security
The Dimensions of Computer Security
Application
Software
User Resource
(subject) (object)
Hardware
Layer of a
computer system
where protection
Security policy mechanism is
implemented
1st Fundamental Design Decision
Where to focus security controls?
applications
53
•Example: Security Evaluation
54
•4th Fundamental Design Decision
Centralized or decentralized control?
55
•Security perimeter
Every protection mechanism
defines a security perimeter
(security boundary).
The parts of the system that can
malfunction without compromising
the mechanism lie outside the
perimeter.
The parts of the system that can
disable the mechanism lie within
the perimeter.
Note: Attacks from insiders are a
major concern in security
considerations.
56
•Exercise
• Identify
suitable security perimeters for
analysing personal computer (PC) security.
• Consider the room the PC is placed in,
• the PC itself,
57
5th Fundamental Design Decision
Blocking Access to the Layer Below
58
Examples of bypassing control mechanisms from
the layer below
Controlled access
Security perimeter
61
•More examples – Storage risk
3. Object reuse: (release of memory)
In single processor systems, when a new process is activated it
gets access to memory positions used by the previous process.
Avoid storage residues, i.e. data left behind in the memory area
allocated to the new process.
4. Backup:
Whoever has access to a backup tape has access to all the data
on it.
Logical access control is of no help and backup tapes have to be
locked away safely to protect the data.
5. Core dumps:
same story again
62
•The Layer Above
• It is neither necessary nor sufficient to have a secure
infrastructure, be it an operating system or a communications
network, to secure an application.
• Security services provided by the infrastructure may be
irrelevant for the application.
• Infrastructure cannot defend against attacks from the layer
above.
• Fundamental Fallacy of Computer Security: Don’t believe
that you must secure the infrastructure to protect your
applications.
•Summary
• Security terminology is ambiguous with many overloaded
terms.
• Distributed systems security builds on computer security and
communications security.
• Two major challenges in computer security, are:
I. the design of access control systems that fit the requirements of
the Internet
II. and the design of secure software.
• In security, understanding the problem is more difficult than
finding the solution.
References
Gollmann, 3rd Edition , 2011, Computer
• Dieter,
Security, John Wiley and Sons