Computer Security: Principles and Practice

Compiled by: Bilisuma D.

11/8/2024 Computer Science department, computer security( Bilisuma D) 1

 Chapter 1 overview

• Computer Security Concepts

• Threats, Attacks, and Assets
• Security Functional Requirements
• Fundamental Security Design Principles
• Attack Surfaces and Attack Trees
• Computer Security Strategy

11/8/2024 Computer Science department, computer security( Bilisuma D) 2

 Learning objectives

• Describe the key security requirements of confidentiality, integrity and availability

• Discuss the types security threats and attacks that must be dealt with
• Summarize the functional requirements for computer security
• Explain the fundamental security design principles
• Discuss the use of attack surfaces and attack trees
• Understand the principle aspects of a comprehensive security strategy

11/8/2024 Computer Science department, computer security( Bilisuma D) 3

 A definition of computer security
• Computer security: The protection afforded to an automated information
system in order to attain the applicable objectives of preserving the integrity,
availability and confidentiality of information system resources (includes
hardware, software, firmware, information/data, and telecommunications)

11/8/2024 Computer Science department, computer security( Bilisuma D) 4

 Three key objectives (the CIA triad)
• Confidentiality
• Data confidentiality: Assures that confidential information is not disclosed to
unauthorized individuals
• Privacy: Assures that individual control or influence what information may be collected
and stored
• Integrity
• Data integrity: assures that information and programs are changed only in a specified
and authorized manner
• System integrity: Assures that a system performs its operations in unimpaired manner
• Availability: assure that systems works promptly and service is not denied to
authorized users

11/8/2024 Computer Science department, computer security( Bilisuma D) 5

 Key Security Concepts

11/8/2024 Computer Science department, computer security( Bilisuma D) 6

 Other concepts to a complete security picture
• Authenticity: the property of being genuine and being able to be verified and
trusted; confident in the validity of a transmission, or a message, or its originator.
• Accountability: generates the requirement for actions of an entity to be traced
uniquely to that individual to support nonrepudiation, deference, fault isolation,
etc.

11/8/2024 Computer Science department, computer security( Bilisuma D) 7

Levels of security breach impact
• Low: the loss will have a limited impact, e.g., a degradation in mission or
minor damage or minor financial loss or minor harm
• Moderate: the loss has a serious effect, e.g., significance degradation on
mission or significant harm to individuals but no loss of life or
threatening injuries
• High: the loss has severe or catastrophic adverse effect on operations,
organizational assets or on individuals (e.g., loss of life)

11/8/2024 Computer Science department, computer security( Bilisuma D) 8

Examples of security requirements: Confidentiality
• Student grade information is an asset whose confidentiality is considered to be
very high
• The US FERPA Act: grades should only be available to students, their parents, and their
employers (when required for the job)
• Student enrollment information: may have moderate confidentiality rating; less
damage if enclosed
• Directory information: low confidentiality rating; often available publicly

11/8/2024 Computer Science department, computer security( Bilisuma D) 9

 Examples of security requirements: Integrity
• A hospital patient’s allergy information (high integrity data): a doctor should be
able to trust that the info is correct and current
• If a nurse deliberately falsifies the data, the database should be restored to a trusted basis
and the falsified information traced back to the person who did it
• An online newsgroup registration data: moderate level of integrity
• An example of low integrity requirement: anonymous online poll (inaccuracy is
well understood)

11/8/2024 Computer Science department, computer security( Bilisuma D) 10

 Examples of security requirements: Availability
• A system that provides authentication: high availability requirement
• If customers cannot access resources, the loss of services could result in financial loss
• A public website for a university: a moderate availably requirement; not critical but
causes embarrassment
• An online telephone directory lookup: a low availability requirement because
unavailability is mostly annoyance (there are alternative sources)

11/8/2024 Computer Science department, computer security( Bilisuma D) 11

 Challenges of computer security
1. Computer security is not simple
2. One must consider potential (unexpected) attacks
3. Procedures used are often counter-intuitive
4. Must decide where to deploy mechanisms
5. Involve algorithms and secret info (keys)
6. A battle of wits between attacker / admin
7. It is not perceived on benefit until fails
8. Requires constant monitoring
9. Too often an after-thought (not integral)
10. Regarded as impediment to using system

11/8/2024 Computer Science department, computer security( Bilisuma D) 12

 A model for computer security
• Systems resources
• Hardware, software (OS, apps), data (users, system, database), communication
facilities and network (LAN, bridges, routers, …)
• Our concern: vulnerability of these resources (corrupted, unavailable, leaky)
• Threats exploit vulnerabilities
• Attack is a threat that is accrued out
• Active or passive; from inside or from outside
• Countermeasures: actions taken to prevent, detect, recover and minimize risks

11/8/2024 Computer Science department, computer security( Bilisuma D) 13

Computer
security
terminology

11/8/2024 Computer Science department, computer security( Bilisuma D) 14

Security concepts and relationships

11/8/2024 Computer Science department, computer security( Bilisuma D) 15

 Threat consequences
• Unauthorized disclosure: threat to confidentiality
• Exposure (release data), interception, inference, intrusion
• Deception: threat to integrity
• Masquerade, falsification (alter data), repudiation
• Disruption: threat to integrity and availability
• Incapacitation (destruction), corruption (backdoor logic), obstruction (infer with
communication, overload a line)
• Usurpation: threat to integrity
• Misappropriation (theft of service), misuse (hacker gaining unauthorized access)

11/8/2024 Computer Science department, computer security( Bilisuma D) 16

Threat
consequences
(tabular form)

11/8/2024 Computer Science department, computer security( Bilisuma D) 17

 The scope of computer security

11/8/2024 Computer Science department, computer security( Bilisuma D) 18

 Examples of threats

11/8/2024 Computer Science department, computer security( Bilisuma D) 19

 Security functional requirements (FIPS 200)
• Technical measures
• Access control; identification & authentication; system & communication protection;
system & information integrity
• Management controls and procedures
• Awareness & training; audit & accountability; certification, accreditation, & security
assessments; contingency planning; maintenance; physical & environmental protection;
planning; personnel security; risk assessment; systems & services acquisition
• Overlapping technical and management
• Configuration management; incident response; media protection

11/8/2024 Computer Science department, computer security( Bilisuma D) 20

 X.800 Security Architecture
• X.800, Security Architecture for OSI
• systematic way of defining requirements for security and characterizing
approaches to satisfying them
• defines:
• security attacks - compromise security
• security mechanism - act to detect, prevent, recover from attack
• security service - counter security attacks

11/8/2024 Computer Science department, computer security( Bilisuma D) 21

 Fundamental security design principles [1/4]
• Despite years of research, it is still difficult to design systems that
comprehensively prevent security flaws
• But good practices for good design have been documented (analogous to
software engineering)
• Economy of mechanism, fail-safe defaults, complete mediation, open design, separation
of privileges, lease privilege, least common mechanism, psychological accountability,
isolation, encapsulation, modularity, layering, least astonishment

11/8/2024 Computer Science department, computer security( Bilisuma D) 22

 Fundamental security design principles [2/4]
• Economy of mechanism: the design of security measures should be as simple
as possible
• Simpler to implement and to verify
• Fewer vulnerabilities
• Fail-safe default: access decisions should be based on permissions; i.e., the
default is lack of access
• Complete mediation: every access should checked against an access control
system
• Open design: the design should be open rather than secret (e.g., encryption
algorithms)
11/8/2024 Computer Science department, computer security( Bilisuma D) 23
 Fundamental security design principles [3/4]
• Isolation
• Public access should be isolated from critical resources (no connection between public and
critical information)
• Users files should be isolated from one another (except when desired)
• Security mechanism should be isolated (i.e., preventing access to those mechanisms)
• Encapsulation: similar to object concepts (hide internal structures)
• Modularity: modular structure

11/8/2024 Computer Science department, computer security( Bilisuma D) 24

 Fundamental security design principles [4/4]
• Layering (defense in depth): use of multiple, overlapping protection
approaches
• Least astonishment: a program or interface should always respond in a way that
is least likely to astonish a user

11/8/2024 Computer Science department, computer security( Bilisuma D) 25

 Fundamental security design principles
• Separation of privilege: multiple privileges should be needed to do achieve access (or
complete a task)
• Least privilege: every user (process) should have the least privilege to perform a task
• Least common mechanism: a design should minimize the function shared by different users
(providing mutual security; reduce deadlock)
• Psychological acceptability: security mechanisms should not interfere unduly with the work
of users

11/8/2024 Computer Science department, computer security( Bilisuma D) 26

 Attack surfaces
• Attack surface: the reachable and exploitable vulnerabilities in a system
• Open ports
• Services outside a firewall
• An employee with access to sensitive info
• …
• Three categories
• Network attack surface (i.e., network vulnerability)
• Software attack surface (i.e., software vulnerabilities)
• Human attack surface (e.g., social engineering)
• Attack analysis: assessing the scale and severity of threats
11/8/2024 Computer Science department, computer security( Bilisuma D) 27
 Attack trees
• A branching, hierarchical data structure that represents a set of potential
vulnerabilities
• Objective: to effectively exploit the info available on attack patterns
• published on CERT or similar forums
• Security analysts can use the tree to guide design and strengthen countermeasures

11/8/2024 Computer Science department, computer security( Bilisuma D) 28

 An attack tree

11/8/2024 Computer Science department, computer security( Bilisuma D) 29

 Computer security strategy
• An overall strategy for providing security
• Policy (specs): what security schemes are supposed to do
• Assets and their values
• Potential threats
• Ease of use vs security
• Cost of security vs cost of failure/recovery
• Implementation/mechanism: how to enforce
• Prevention
• Detection
• Response
• Recovery
• Correctness/assurance: does it really work (validation/review)
11/8/2024 Computer Science department, computer security( Bilisuma D) 30
 Security Taxonomy

11/8/2024 Computer Science department, computer security( Bilisuma D) 31

 Security Trends

11/8/2024 Computer Science department, computer security( Bilisuma D) 32

Computer Security Losses

11/8/2024 Computer Science department, computer security( Bilisuma D) 33

Security Technologies Used

11/8/2024 Computer Science department, computer security( Bilisuma D) 34

 Summary
• Security concepts
• Terminology
• Functional requirements
• Security design principles
• Security strategy

11/8/2024 Computer Science department, computer security( Bilisuma D) 35