Embed Size (px)
DESCRIPTION
Foundation Of Computer Security. Foundation of computer security. Reliability : accidental failures. Usability : operating mistakes. Security: intentional failures. Security. Security is about the protection of assets. - PowerPoint PPT Presentation
Citation preview
Foundation Of Computer Security
Foundation of computer security•Reliability: accidental failures.•Usability: operating mistakes.•Security: intentional failures.
Security•Security is about the protection of assets.
•Hence, computer security is about the protection of IT assets (i.e. hardware, software, data & information, and reputation).
•Protection measures can be classified as follows:oPrevention: taking measures that prevent your assets from being damaged.oDetection: taking measures that allow you to detect when an asset has been
damaged, how it has been damaged, and who has caused the damage.oReaction: taking measures that allow you to recover your assets or to recover
from damage to your assets.
Security Example#1: protection of valuable items kept in your private home.
•Prevention: o locks at the door and windows bars.o A wall round the property.o Add another layer of protection.
•Detection:o you will detect when something has been stolen if it is no longer there.o A burglar alarm goes off when a break in occurs.o Closed circuit television camera
•Reaction: o call police.o You may decide to replace the stolen item.
Security Example #2: Protecting Credit Card from being ‘stolen’ on the web.
•Prevention: o Use encryption when placing an order.o Relay on the merchant to perform some checks on the caller before accepting a credit card order.o Don’t use your card number on the internet.
•Detection:o Transaction that you didn’t authorize appears on your credit card statement.
•Reaction: o Ask for new card number.o The cost of the fraudulent transaction may have to be cover by the card holder, the merchant where the
fraudster made the purchase, or the card issuer.
Computer security•Computer Security aims to preserve:o Confidentiality : prevention of unauthorized disclosure of information.o Integrity : prevention of unauthorized modification of information.o Availability : prevention of unauthorized withholding of information or resources.
•As lists are never complete you can add further points such as authenticity , Legitimate Use, accountability or nonrepudiation.
Computer security
Confidentialit
y
Availability
Integrity
CIA model
Confidentiality
•Historically, security and secrecy were closely related (even today?!).
•Confidentiality (Privacy ,Secrecy).
•Hiding the content of a document OR hiding its very existence.
•Unlinkability: two or more items of interest (e.g. messages, actions, events, users, etc.) are unlinkableif an attacker cannot sufficiently distinguish whether they are related or not.
•Anonymity: A subject (e.g. user) is anonymous if it cannot be identified within a given anonymity set of subjects.
Prevention of unauthorised disclosure of information
Integrity
•It is not easy to give a concise definition of integrity.
•Does prevention of unauthorized actions fall under integrity?
•Clark and Wilson : no user of the system , even if authorized, may be permitted to modify data items in such a way that assets or accounting records of the company are lost or corrupted.
•We have captured security by specifying the user actions that have to be controlled.
•External consistency : the data stored in a computer system should correctly reflect some reality outside the computer system. (DoD’sOrange book)
prevention of unauthorized modification of information
Integrity•Integrity in communication security: refers to the detection and correction of modifications to, insertion in, deletion , or replay of transmitted data.
•This include both intentional manipulations and random transmission errors.
•Integrity is often a prerequisite for other security properties (e.g. protecting OS access control data so an attacker cannot change it to gain unauthorized access to documents). Here we have to protect the integrity of access control to achieve confidentiality.
Availability
•According to ISO 7498-2:o Availability: the property of being accessible and usable upon demand by an authorized user.o Denial of Service (DoS):the prevention of authorized access to resources or the delaying of time-critical
operations.
•Although that availability is one of the most important aspects of computer security, there is a lack of security mechanisms effectively protecting against DoS attacks.
•Security mechanisms that are too restrictive or too expensive can themselves lead to DoS
prevention of unauthorised withholding of information or resources
Accountability•It is hard to prevent all improper actions:owe may find that authorized actions can lead to a security violation.owe may find a flaw in our security system that allow an attacker to find a way past our
controls.
•Users should be hold responsible for their actions.
•Accountability : audit information must be selectively kept and protected so that actions affecting security can be traced to the responsible party. (the Orange book)
•In order to do this, the system should first identify and authenticate its users.
•It has to keep an audit trail (is a log of security-relevant events).
Non-repudiation•Non-repudiation is related to accountability.•Non-repudiation: services provide unforgeable evidence that a specific action occurred.•Digital signatures provide non-repudiation.•Non-repudiation of origin: providing evidence about the sender of a document.•Non-repudiation delivery: providing evidence that a message was delivered to a specific recipient.
Reliability•Reliability (accidental failures) & safety (impact of failures on the environment).
•Reliability only quantifies the frequency of failures, disregarding the consequences of a failure. From a safety point of view it is important to consider the consequences of failures, especially the failures that lead to hazards.
•Security and reliability are very much related and intersected.
•Dependability: the property of a computer system such that reliance can justifiably be placed on the service it delivers. (IFIP WG 10.4)
*skip 3.1.9
The fundamental Dilemma of computer security •Security-unaware users have specific security requirements but usually no security expertise.
•A security unaware user cannot make educated decisions about security products and will have to pick standard ‘best practice’ solutions.
•Standard solutions may not address the user’s specific requirements.
•There is a trade-off between security and ease-of-use since:oSecurity mechanisms need additional computational resources.oSecurity interferes with the working patterns users are accustomed to.oEffort has to be put into managing security.
Data vs. Information•Data represents information.
•Information is the interpretation of data.
•Data is physical phenomena chosen by convention to represent certain aspects of our conceptual and real world. The meanings we assign to data are called information.
•A covert channel is an information flow that is not controlled by a security mechanism.
Principles of Computer Security•Fundamental design parameters of computer security.
•The figure above sketches the main dimensions in the design space for computer security. Horizontal axis represents the focus of the security policy, whilst the vertical axis represents the layer of the computer system where a protection mechanism is implemented.
Application Software
Hardware
User (subject)
Resource (object)
Focus of Control First Design Decision:
In a given application (i.e. a cash machine), should the protection mechanism in a computer system focus on:
•data;
•Operations; and/or
•users (access control)?
It is a fundamental design decision choosing which these options to take when applying security controls. Operating system have traditionally focused on protection data. In modern applications, it is often more relevant to control users’ actions.
The Man-Machine Scale Mechanisms towards the center tend to be more
generic while mechanisms at the outside are more
likely to address individual user requirements
Second Design Decision:
In which layer of the computer system should a security mechanism be placed?
Applications
Services
OS
OS Kernel
Hardware
more generic sim
ple machine-oriented
more specific com
plex man-oriented
Complexity vs. Assurance •There is a trade-off between complexity and assurance. Third Design Decision: Simple with higher assurance OR complex with a feature-rich security environment?•Feature-rich security and high assurance do not match easily
Centralized vs. Decentralized•Centralized(If a single entity is in charge of security):o Easy to achieve uniformity.o Better control.
BUTo Performance bottleneck.o Single Point of Failure (SPoF).
•Decentralized(Distributed):o More efficient.o No SPoF.
BUTo More expensive and complicated (e.g. cost, management, etc.).
Fourth Design Decision:
Centralized OR decentralized?
The Layer Below •Every protection mechanism defines a security perimeter (boundary).
•Attackers may bypass protection mechanisms at some layer.
Fifth Design Decision:
How can you prevent an attacker from getting access to a layer below the protection mechanism?
•The Layer Below – Examples:
1. Recovery tools, like Norton Utilities, restore the data by reading memory directly and then restoring the file structure. Such a tool can be used to circumvent logical access control as it does not care for the logical memory structure
The Layer Below – Examples2. Unix treats I/O devices and physical memory devices like files. If access permissions are defined badly, e.g. if read access is given to a disk containing read protected files, then an attacker can read the disk contents and reconstruct the files.
3. Object reuse: in a single processor system, when a new process becomes active, it gets access to memory positions used by the previous process. You have to avoid storage residues, i.e. data left behind in the memory area allocated to the new process.
4. Buffer Overruns: a value is assigned to a variable that is too large for the memory buffer allocated to that variable , so that memory allocated to other variables is overwritten.
The Layer Above•It is not very wise design decision to spend much time and effort trying to protect a layer from the layer above it!•The security services provided by a layer are mostly not sufficient to the layer above it which requires more complex man-oriented services.
Reading “Computer Security ”, 3rd edition by Dieter Gollmann. Wiley, March, 2011.
Chapter 3
