270 likes | 289 Views
Learn about the fundamental concepts of computer security, including confidentiality, integrity, and availability. Understand the definitions of vulnerabilities, threats, attacks, and controls. Explore the relationship between security goals and the importance of maintaining a balance among them.
E N D
EEC 688/788Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org
Outline Introduction to computer security Security concept Vulnerabilities, threats, attacks, and Controls Computer Security: Art and Science, by Matt Bishop, Addison-Wesley Professional, 2002 http://my.safaribooksonline.com/book/networking/security/0201440997 Security in Computing, 4th Edition By CharlesP.Pfleeger, ShariLawrencePfleeger http://proquest.safaribooksonline.com/0132390779 EEC688/788: Secure & Dependable Computing
The Meaning of Computer Security The purpose of computer security is to devise ways to protect valuable computer-related asset Computer-related asset (valuable components): Hardware, software, and data What we mean when we say that a system is secure: Confidentiality: computer-related assets are accessed only by authorized parties. Confidentiality is sometimes called secrecy or privacy Integrity: assets can be modified only by authorized parties or only in authorized ways Availability: assets are accessible to authorized parties at appropriate times 12/21/2019 EEC688/788: Secure & Dependable Computing Wenbing Zhao
Confidentiality Confidentiality is the concealment of information Conceal the content of the information Conceal the very existence of information The need for keeping information secret arises from the government and the industry Enforce “need to know” principle Achieve confidentiality: access control mechanisms Cryptography: users without the cryptographic key cannot access unscrambled information Other access control mechanisms may conceal the mere existence of data, such as Steganography 12/21/2019 EEC688/788: Secure & Dependable Computing Wenbing Zhao
Integrity Integrity refers to the trustworthiness of information, usually phrased in terms of preventing improper or unauthorized change Data integrity: the content of the information Origin integrity: the source of the data, i.e., authentication Integrity mechanisms: Prevention mechanisms: Blocking any unauthorized attempts to change the data Blocking any attempts to change the data in unauthorized ways Detection mechanisms: report that the data’s integrity is no longer trustworthy Analyze system events to detect problems Analyze the data itself to see if required or expected constraints still hold 12/21/2019 EEC688/788: Secure & Dependable Computing Wenbing Zhao
Working with Confidentiality & Integrity With confidentiality, the data is either compromised or it is not With integrity, both the correctness and the trustworthiness of the data must be considered Origin of the data How well the data was protected before it arrived at the current machine How well the data is protected on the current machine Evaluating integrity is often very difficult 12/21/2019 EEC688/788: Secure & Dependable Computing Wenbing Zhao
Availability Availability refers to the ability to use the information desired An aspect of reliability Also an aspect of system design: an unavailable system is at least as bad as no system at all Why availability is relevant to security? Someone may deliberately arrange to deny access to data or to a service by making it unavailable Denial of service attacks: attempts to block availability It is very difficulty to detect denial of service attacks Must determine if the unusual access patterns are attributable to deliberate manipulation of resources or of environment (i.e., an atypical event) 12/21/2019 EEC688/788: Secure & Dependable Computing Wenbing Zhao
Availability The security community is just beginning to understand what availability implies and how to ensure it A small, centralized control of access is fundamental to preserving confidentiality and integrity, but it is not clear that a single access control point can enforce availability Much of computer security's past success has focused on confidentiality and integrity; full implementation of availability is security's next great challenge 12/21/2019 EEC688/788: Secure & Dependable Computing Wenbing Zhao
Relationship of Security Goals A secure system must meet all three requirements The challenge is how to find the right balance among the goals, which often conflict For example, it is easy to preserve a particular object's confidentiality in a secure system simply by preventing everyone from reading that object However, this system is not secure, because it does not meet the requirement of availability for proper access => There must be a balance between confidentiality and availability 12/21/2019 EEC688/788: Secure & Dependable Computing Wenbing Zhao
Relationship of Security Goals 12/21/2019 EEC688/788: Secure & Dependable Computing Wenbing Zhao
Vulnerabilities, Threats, Attacks, & Controls A vulnerability is a weakness in the security system A threat to a computing system is a set of circumstances that has the potential to cause loss or harm A human who exploits a vulnerability perpetrates an attack on the system. How do we address these problems? We use a control as a protective measure A control is an action, device, procedure, or technique that removes or reduces a vulnerability A threat is blocked by control of a vulnerability EEC688/788: Secure & Dependable Computing
Threats, Vulnerabilities, and Controls EEC688/788: Secure & Dependable Computing
Type of Threats An interception means that some unauthorized party has gained access to an asset In an interruption, an asset of the system becomes lost, unavailable, or unusable If an unauthorized party not only accesses but tampers with an asset, the threat is a modification An unauthorized party might create a fabrication of counterfeit objects on a computing system EEC688/788: Secure & Dependable Computing
Type of Threats EEC688/788: Secure & Dependable Computing
Threats: Methods, Opportunity, and Motive A malicious attacker must have three things: Method: the skills, knowledge, tools, and other things with which to launch an attack Opportunity: the time and access to accomplish the attack Motive: a reason to want to perform this attack against this system EEC688/788: Secure & Dependable Computing
Vulnerabilities EEC688/788: Secure & Dependable Computing
Threats in Networks Networks are specialized collections of hardware, software, and data Each network node is itself a computing system It experiences all normal security problems A network must also confront communication problems that involve the interaction of system components and outside resources 12/21/2019 EEC688: Secure & Dependable Computing Wenbing Zhao
What Makes a Network Vulnerable A network's lack of physical proximity Use of insecure, shared media, and The inability of a network to identify remote users positively 12/21/2019 EEC688: Secure & Dependable Computing Wenbing Zhao
Methods of Defense Harm occurs when a threat is realized against a vulnerability To protect against harm, we can neutralize the threat, close the vulnerability, or both The possibility for harm to occur is called risk 12/21/2019 EEC688: Secure & Dependable Computing Wenbing Zhao
Methods of Defense We can deal with harm in several ways. We can seek to Prevent it, by blocking the attack or closing the vulnerability Deter it, by making the attack harder, but not impossible Deflect it, by making another target more attractive (or this one less so) Detect it, either as it happens or some time after the fact Recover from its effects Intrusion tolerance is also a form of recovery because it enables the system to continue operating correctly despite attacks 12/21/2019 EEC688: Secure & Dependable Computing Wenbing Zhao
Methods of Defense – Multiple Controls 12/21/2019 EEC688: Secure & Dependable Computing Wenbing Zhao
Countermeasures / Controls Encryption Scrambling process Software controls Internal program controls, OS controls, development controls Hardware controls hardware or smart card implementations of encryption Policies and Procedures Example: change password periodically Physical Controls Example: Locks on doors, guards at entry points 12/21/2019 EEC688: Secure & Dependable Computing Wenbing Zhao
Security Principles • Principle of easiest penetration • Principle of adequate protection • Principle of effectiveness
Principle of Easiest Penetration An intruder may use any available means of penetration The penetration may not necessarily be by the most obvious means Nor is it the one against which the most solid defense has been installed 12/21/2019 EEC688: Secure & Dependable Computing Wenbing Zhao
Principle of Easiest Penetration This principle implies that Computer security specialists must consider all possible means of penetration The penetration analysis must be done repeatedly, and especially whenever the system and its security changes Strengthening one aspect of a system may simply make another means of penetration more appealing to intruders 12/21/2019 EEC688: Secure & Dependable Computing Wenbing Zhao
Principle of Adequate Protection Principle of Adequate Protection: Computer items must be protected only until they lose their value They must be protected to a degree consistent with their value 12/21/2019 EEC688: Secure & Dependable Computing Wenbing Zhao
Principle of Effectiveness Principle of Effectiveness: Controls must be used—and used properly—to be effective. They must be efficient, easy to use, and appropriate 12/21/2019 EEC688: Secure & Dependable Computing Wenbing Zhao