Computer Systems Security Lecture 1 Introduction to Computer Security
› The C.I.A. Triangle › Terminologies
› Security Service
Copyright By PowCoder代写 加微信 powcoder
› Security Policy
› Security Mechanism
› Assumption and Trust
› Security Principles
› Who needs computer security?
What is C.I.A.?
Source: https://www.imdb.com/title/tt4196776/mediaviewer/rm181417216
The C.I.A. Triangle
› THREE main security goals – Confidentiality
– Integrity
– Availability
Source: http://panmore.com/cms/wp-content/uploads/2015/07/The-CIA-triad- goals-of-confidentiality-integrity-and-availability-for-information-security- 600×351.png
Confidentiality
› Confidentiality is the concealment of information or resources.
› The need for keeping information secret arises from the use of computers in secretive fields such as government and industry.
› Access control mechanisms support confidentiality – E.g., cryptography -> encryption techniques
– Can you think of other means?
Confidentiality
› Confidentiality also applies to the existence of data, which is sometimes more revealing than the data itself.
– Example?
› Resource hiding is another important aspect.
– Sites wish to conceal their configuration as well as what systems
they are using;
– Organisations may not wish unauthorized personnel, both insiders or outsiders, to know about specific equipment they are using.
› Assumptions and trust underlie confidentiality mechanisms.
› Integrity refers to the trustworthiness of data or resources, and it is usually phrased in terms of preventing improper or un-authorized change.
› Integrity includes
– data integrity (the content of the information) and;
– origin integrity (the source of the data, often called authentication).
› Integrity mechanisms fall into two classes:
– Prevention mechanisms
› Seek to maintain the integrity of the data by blocking any unauthorized attempts to change the data or any attempts to change the data in unauthorized ways.
› Examples?
– Detection mechanisms
› Do not try to prevent violations of integrity; they simply report that the data’s integrity is no longer trustworthy.
› Examples?
› Integrity includes both the correctness and the trustworthiness of the data.
– Who sends/creates the data? (The origin)
– How well the data was protected before it arrived at the destination?
– How well the data is protected on the computer?
› Question: Try to differentiate between integrity and confidentiality.
Availability
› Availability refers to the ability to use the information or resource desired.
› Availability is very much linked to reliability as well, as of system design because an unavailable system is as bad as no system at all.
› Someone may deliberately deny access to data or to a resource by making it unavailable.
Availability
› Attempts to block availability are called, denial of service (DoS) attacks.
› DoS attacks are difficult to detect because it requires the analyst to determine if unusual patterns of access are attributable to deliberate manipulation of resources or of environment.
– Attribute examples?
› Sometimes DoS attacks just seem to be atypical events or in some cases they are not even atypical.
– Non-atypical attack examples?
› A threat is a potential violation of security.
– The violation need not occur for there to be a threat. – The fact that the violation MIGHT occur is a threat.
› If the actions occur, it is an attack.
› The one who causes the attack to happen is an attacker/adversary
Who are Adversaries?
› Career criminals
– for financial gain
– for political reasons
– for personal fulfillment
› Malicious users – for revenge
– insiders
› Careless users
Terminologies
› Disclosure
– Unauthorized access to information
› Deception
– Acceptance of false data
› Disruption
– Interruption or prevention of correct operation
› Usurpation
– Unauthorized control of some part of a system
Terminologies
› Snooping
– Unauthorized interception of data – E.g., Passive wiretapping
› Modification or Alteration
– Unauthorized change of data – E.g., Active wiretapping
› Masquerading or Spoofing
– Impersonation of one entity by another
Terminologies
› Repudiation of origin
– A false denial that an entity sent or created something
› Denial of receipt
– A false denial that an entity received some information or message
– Temporary inhibition of a service
› Denial of Service
– A long-term inhibition of a service
Security Service
› To replicate the security requirements associated with real-world applications
– have signatures, and dates
– need protection from disclosure, tampering, or destruction – be notarized or witnessed
– be licensed
› And other new services?
Security Policy
› A security policy is a statement of what is, and what is not allowed.
– Usually described in English as what users are allowed to do.
› E.g., All remote access tools or systems that allow communication to ABC Bank resources from the Internet or external partner systems must require multi-factor authentication. Examples include authentication tokens and smart cards that require an additional PIN or password.
– Can be highly mathematical.
› E.g., A subject s is allowed read access to an object o if and only if C(s) dominates C(o).
Security Mechanism
› A security mechanism is a method, tool, or procedure for enforcing a security policy.
– Can be non-technical.
› E.g., how can your save your passwords?
Source: http://www.ci.minneapolis.mn.us/news/employees/WCMS1P-131679
(Retrieved in 2017)
Goal of Security Mechanisms
› Prevent an attack (before it happens)
– Ideal solution
– This is where technology should be helping most!
› Detect the attack (when it happens)
– Know what is going on, who is causing it
– This is really where technology is helping most!
› Recover from an attack (as soon as possible) – Stop the attack
– Assess and repair the damage caused
Assumptions and Trust
› Security rests on assumptions.
– For example,
› Opening a door lock requires a key. › The assumption
The lock is secure against lock picking
When will this assumption be invalid?
Assumptions and Trust
› When designing a security mechanism, we prefer to have “weaker” assumption(s), rather than a “stronger” assumption(s).
› For example,
– Encryption Scheme 1
› The adversary is allowed to see all plaintext and ciphertext pairs, and he cannot decrypt a new ciphertext without knowing the key.
– Encryption Scheme 2
› The adversary is allowed to see all ciphertext, and he cannot decrypt a new ciphertext without knowing the key.
Which one has a weaker assumption?
Assumptions and Trust
› Trust plays an important role in making assumptions. › For example,
– We can assume only the holder of a password can login to the system.
– Most system contains backdoors to bypass the security mechanism.
– We need to trust the fact that this backdoor will not be mis-used.
› Question: Can we TRUST WhatsApp and Facebook would not mis-use our personal information?
Assumptions and Trust
› Designers of policies always make two assumptions.
– The security policy correctly and unambiguously partitions the set of system states into “secure” and “non-secure” states.
– The security mechanisms prevent the system from entering a “non-secure” state.
› If either assumption is erroneous, the system will be non- secure.
Specification, Design and Implementation
› Similar to software (system) development
– A specification is a statement of the desired functioning of the (secure) system
– A design translates the specification into components that will implement them
– Implementation creates a system that satisfies the design
› A program is correct if its implementation performs as satisfied
– Can we prove that? How?
– If not, at least we can try to verify that using a technique known as testing.
Security Principles
› The construction of security mechanism is based on a number of security principles
– Principle of easiest penetration – Principle of adequate protection – Principle of effectiveness
› The aim of these principles facilitate
– security analysis
– assessment of effectiveness and efficiency
Principle of easiest penetration
› Intruders will use any available means of penetration.
› This makes security assessment of security difficult because all possible ways of breaching security must be examined.
› Security is only as strong as the weakest link in the system.
– Principle of weakest link
› Backdoor
Principle of adequate protection
› Items should only be protected while they are valuable, and that the level of protection should be consistent with their value.
– There is always a cost for setting up a protection
› This is a very practical principle which underlies a large proportion of modern computer security.
› Example?
Principle of effectiveness
› Controls must be used properly to be effective.
› Controls should be efficient, easy to use and appropriate. › Dilemma? Cost vs Security?
Principle of effectiveness
› Case study
– Previously, to log in the e-banking service of HSBC, besides the original password, users have to enter a one-time password, generated by a physical security token.
– HSBC replaced this token by using a combination of mobile phone of the user and another password/fingerprint
› Users can generate the one-time password using their mobile phone and the password/fingerprint
› Details:
http://www.personal.hsbc.com.hk/1/2/special/banking/prom203?WT.ac=AMH_ RBWM_PIB_1704_LOGON_M_MSK_01_C
– Question: Is the new mechanism more “effective”? Why?
Who needs computer security?
› Governments
– To safeguard military or diplomatic communications and to protect national interests.
– Even for the terrorists.
› Private sector
– To protect sensitive information such as health and legal records, financial transactions, credit ratings.
– To protect information ownership.
› Individuals
– To protect sensitive information, and to protect an individual’s privacy in the electronic world.
– Allow e-commerce, internet banking and so on.
The Art of War, Sun Tzu
› Rely not on the likelihood of the enemy’s not coming – but on our own readiness to receive him
› Not on the chance of his not attacking,
– but rather on the fact that we have made our position unassailable
故用兵之法,無恃其不來,恃吾有以待之; 無恃其不攻,恃吾有所不可攻也。
› The C.I.A. Triangle › Terminologies
› Security Service
› Security Policy
› Security Mechanism
› Assumption and Trust
› Security Principles
› Who needs computer security?
› (2005). Introduction to Computer Security. .
– Chapter 1
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com