480 likes | 754 Views
Security in Computing Chapter 1, Is There a Security Problem in Computing?. Summary created by Kirk Scott. 1. What is Computer Security About?. Protecting things of value: Hardware Software Data. 2. A Basic Vocabulary for Security. Threat: What could go wrong
E N D
Security in ComputingChapter 1, Is There a Security Problem in Computing? Summary created by Kirk Scott
1. What is Computer Security About? • Protecting things of value: • Hardware • Software • Data
2. A Basic Vocabulary for Security • Threat: What could go wrong • Vulnerability: Weakness in a system or in its defenses or protections • Control: A protective measure • Summary of relationship among the three: • A threat is blocked by a control of a vulnerability.
3. The Three Steps of Security • 1. Recognize the risk. • Embrace Murphy’s law, revised: What can be hacked will. • In other words, the world is full of threats. • 2. Identify and classify the vulnerabilities. • There are varying degrees of vulnerability • 3. Seek countermeasures/controls and effective means of implementing them
4. The Principle of Easiest Penetration: • “An intruder must be expected to use any available means of penetration. The penetration may not necessarily be by the most obvious means, nor is it necessarily the one against which the most solid defense has been installed. And it certainly does not have to be the way we want the attacker to behave.”
Any complex system will have multiple points at which it might be attacked. • By the process of elimination, attackers will give up on unproductive attacks and try something different. • They will eventually reach the lowest point, the point where the system is easiest to attack.
5. Security is Not Just about Attacks. • Full security takes into account any possible compromise to system and data. • This can range from accidental deletion of files to nuclear disaster. • This will not be discussed at length because it is non-technical in nature. • Any well-run computer installation will have plans and procedures to deal with non-malicious issues like this.
6. A Taxonomy of Threats • 1. Interception • 2. Interruption • 3. Modification • 4. Fabrication • In theory each threat can apply to each of hardware, software, and data • Some threats would be more commonly associated with one of those resources than another.
There is an interrelationship among the threats. • Modification and fabrication tend to presuppose interception. • To an extent, modification and fabrication are simply differences of scale. For example: • Modifying a single db record is a fabrication at the field level. • Inserting a fabricated recorded is a modification at the table level.
8. Three Broad Security Goals • 1. Confidentiality = privacy or secrecy • 2. Integrity (like db integrity) • 3. Availability
9. The Goals are the Converses of the Threats. • Confidentiality is the converse of interception. • Integrity is the converse of modification and fabrication. • Availability is the converse of interruption or denial of service.
10. The Goals are in Tension with Each Other • Building security means supporting all 3 goals. • Note that availability and confidentiality are in tension. • An open system is more liable to attack. • A closed system will tend to be more confidential. • It’s necessary to achieve balance so that resources are both secure and available.
11. Components of Confidentiality • Confidentiality can be analyzed in a matrix of at least three dimensions: • Users • Resources or system components • Level of privilege or access
12. The Possible Meanings of Integrity • Precise • Accurate • Unmodified • Modified only in acceptable ways by authorized people or processes • Consistent/internally consistent • Meaningful and usable
13. Components of Integrity • Who or what can access what user in what way? • This is essentially very similar to the matrix for confidentiality. • An implementation of integrity may have the additional components of error detection and correction.
14. The Possible Meanings of Availability • Present in a usable form • Having sufficient capacity to meet demands • Making progress towards completing service with bounded waiting if waiting • Completing tasks within an acceptable period of time
15. Aspects of Design for Availability • Ease of use and timeliness of response • Fair resource allocation (possibly in tension with different levels of access privileges) • Fault tolerance = graceful degradation of service under load or error conditions vs. catastrophic failure • Concurrency control
16. Hardware Vulnerabilities • Destruction (physical) • Note existence of hardware destroying software • Rarely—addition/modification • Theft of hardware—theft of hardware cycles = computing time • Historically—physical security for physical devices • Not as applicable in portable world
17. Software Vulnerabilities • Accidental and intentional problems are roughly analogous: • Accidental deletion/intentional destruction • Accidental modification/intentional modification or replacement • The results: • Gone or present but not working • Worse: Still present and “working” but harboring some security problem
18. Aspects of Software Vulnerability • Physical security along can’t protect software • Like hardware, software is vulnerable to theft (piracy) as well as compromise • Software is not robust • Hardware systems are designed to be fault tolerant and self-correcting • Change one bit of software and you may be dead • Research topic: Self-healing software
19. Spectrum of Security • Hardware security encompasses those with physical access to devices • Software security encompasses those with electronic access and knowledge of writing and using programs • Data security encompasses anyone with access to data and knowledge of its meaning • These tend to be widening circles of people
20. Security Spectrum for Data Alone • Granularity—data items only have meaning within a context—isolated data may have no significance • Data has real value—it may be hard to quantify—but compromise or loss have a real cost • Data has a lifetime—after a certain point it may have reduced or no value—meaning security measures for it can change
21. Principle of Adequate Protection • “Computer items must be protected only until they lose their value. They must be protected to a degree consistent with their value.”
22. Threats to Data Confidentiality • Physical/technical—wiretapping, network sniffing, etc. • Physical access to non-electronic media—printouts, etc. • Social access—access through other people who have access • Software access—bugs, holes, leaks, etc.
23. Aspects of Data Vulnerability--Integrity • Interception is typically the first step • More sophistication is needed to modify or fabricate • Modifying data is typically easier than modifying software or hardware • In a sense, data is the most valuable part of a system • The hardware and software “serve” it
A focused attack will be designed to access data, whether the attack comes through hardware or software • If the data is the goal, the attacker presumably understands the data • In that sense, the data itself is the weak point in the system • Hardware and software can or should be part of the defenses for the data
24. System Security • Security spans the range from a single system to collections of systems • Networks may be under the control of one organization or the components may be autonomous (the Internet) • A complete system includes hardware, software, data, and people or processes with access
25. Classification of Computer Criminals • Amateurs • Crackers/malicious hackers • Career criminals • Terrorists • The book does not mention this category: State actors, spies, military organizations
26. Method, Opportunity, and Motive • Documentation is available for commodity systems like Microsoft and Apple. Method is widely available. • The systems themselves are widespread. There is no lack of opportunity. • Motives vary, but it’s as simple as this: Where there is an open door, somebody will eventually walk through it.
27. A Little More Terminology • “Harm occurs when a threat is realized against a vulnerability.” • “The possibility for harm to occur is called risk.”
28. Methods of Defense/Dealing with the Potential for Harm • Deter harm (make the attack harder) • Deflect harm (make another target relatively easier) • Prevent harm (close the vulnerability/block the attack) • Detect harm • Recover from harm
29. Controls or Countermeasures • Multi-pronged approach • Controls vary in implementation and use difficulty and expense • They vary in area of effect and effectiveness • Resources vary in value • Across a system a combination of overlapping techniques may be applied to achieve the overall level of protection desired.
30. Encryption (Data Control) • This is the most basic and powerful security tool • Encryption scrambles data so that only authorized users have access • Used correctly, encryption can prevent interception, modification, and fabrication of data. • I.e., it supports confidentiality and integrity. • An access control/authorization system will also have encryption in its internals • Therefore, encryption is also central to providing secure availability.
31. Encryption Alone is Not Sufficient • Encryption is used with other tools, techniques, and protocols • Encryption itself is not simple • Care has to be taken so that it’s implemented correctly • Doing so is not a trivial task • Done incorrectly, it can be counterproductive • Poorly conceived changes can actually degrade or negate the security in an encrypted system • Faulty encryption can lead to a false sense of security
32. Software Controls • Software development controls—making sure the software itself doesn’t contain security flaws • Internal program controls—e.g., authorization in a dbms • O/S and network controls—e.g., login, password, permissions, etc. • Independent security programs—e.g., anti-virus, intrusion detection, etc.
33. Hardware Controls • Physical devices—e.g., locks and cabes, etc. • User verification devices—e.g., cards, biometrics, etc. • Hardware/smart card encryption, adapter cards securing attached devices, dongles, etc. • Larger scale system level devices like firewall and intrusion detection machines, etc.
34. Policies and Procedures • Policies and procedures set standards for the implementation and use of technical defenses • This is an administrator’s dream—but a necessary one • Large organizations will have manuals on this • If procedures aren’t followed, technical defenses can be circumvented
At the low end procedures can be as simple as “You have to change your password every three months.” • At the high end, procedures may take the form of ethics guidelines. • Guidelines may be useful in promoting an ethical culture, but concrete policies still have to be enforced.
35. Effectiveness of Controls • Decision makers need to believe that controls are needed • Users should be persuaded that they ought to use them • Controls have to be easy enough to use that people will use them
36. Principle of Effectiveness • “Controls must be used—and used properly—to be effective. They must be efficient, easy to use, and appropriate.”
37. Principle of Weakest Link • “Security can be no stronger than its weakest link. Whether it is the power supply that powers the firewall or the operating system under the security application or the human who plans, implements, and administers controls, a failure of any control can lead to security failure.”
Notice that the principle of the weakest link is essentially a restatement of the principle of easiest penetration. • In an environment with controls, vulnerability is highest at that point where the controls are weakest.
38. Periodic Review • Security is a moving target • No one control is 100% effective • Technology progresses • When one problem is fixed, another arises • Or attackers probe for weaknesses in the supposed fixed • A layered approach is necessary, with multiple, overlapping controls • As time passes, threats, vulnerabilities, and controls have to be reassessed.
39. What Lies Ahead in this Course • Ch. 2, Elementary Cryptography (intro) • Ch. 12, Cryptography Explained (in depth) • Ch. 3, Program Security • Ch. 7, Security in Networks • Ch. 10, Privacy in Computing • Ch. 11, Legal and Ethical Issues in Computer Security • Project in Applied Web Site Security