1. Lecture 2:Overview (cont)

2. 2 Key Security ConceptsConfidentiality IntegrityAvailability preserving guarding against ensuring timelyauthorizedimproper and reliable accessrestrictions on informationto and use ofinformation accessmodification orinformationand disclosure. destruction, including means including ensuringfor protectinginformationpersonal privacynonrepudiationand proprietary and authenticityinformation 3. 3 Computer Security Terminology Adversary (threat agent) - An entity that attacks, or is athreat to, a system. Attack - An assault on system security that derives from anintelligent threat; a deliberate attempt to evade securityservices and violate security policy of a system. Countermeasure - An action, device, procedure, ortechnique that reduces a threat, a vulnerability, or anattack by eliminating or preventing it, by minimizing theharm it can cause, or by discovering and reporting it so thatcorrective action can be taken. 4. 4Computer Security Terminology Risk - An expectation of loss expressed as theprobability that a particular threat will exploit aparticular vulnerability with a particular harmful result. Security Policy - A set of rules and practices thatspecify how a system or org provides security servicesto protect sensitive and critical system resources. System Resource (Asset) - Data; a service provided bya system; a system capability; an item of systemequipment; a facility that houses systemoperations and equipment. 5. 5 Computer Security Terminology Threat - A potential for violation of security, whichexists when there is a circumstance, capability,action, or event that could breach security and causeharm. Vulnerability - Flaw or weakness in a systemsdesign, implementation, or operation andmanagement that could be exploited to violatethe systems security policy. 6. 6Security Concepts and Relationships 7. 7 Vulnerabilities, Threats and Attacks vulnerabilities leaky (loss of confidentiality) corrupted (loss of integrity) unavailable or very slow (loss of availability) threats capable of exploiting vulnerabilities represent potential security harm attacks (threats carried out) passive or active attempt to alter/affect system resources insider or outsider 8. 8Countermeasures preventmeans used to deal detectwith security attacks recovermay introduce new vulnerabilities Residual vulnerabilities mayremain goal is to minimizeresidual level of riskto the assets 9. 9 Threat Consequences Unauthorized disclosure is a threat to confidentiality Exposure: This can be deliberate or be the result of ahuman, hardware, or software error Interception: unauthorized access to data Inference: e.g., traffic analysis or use of limited accessto get detailed information Intrusion: unauthorized access to sensitive data 10. 10 Threat Consequences Deception is a threat to either system or data integrity Masquerade: e.g., Trojan horse; or an attempt by an unauthorized user to gain access to a system by posing as an authorized user Falsification: altering or replacing of valid data or the introduction of false data Repudiation: denial of sending, receiving or possessing the data. 11. 11 Threat Consequences Disruption is a threat to availability or system integrity Incapacitation: a result of physical destruction of or damage to system hardware Corruption: system resources or services function in an unintended manner; unauthorized modification Obstruction: e.g. overload the system or interfere with communications 12. Usurpationusurpation (ysr-pshn, -zr-)n.1. The act of usurping, especially thewrongful seizure of royal sovereignty.2. A wrongful seizure or exercise of authorityor privilege belonging to another; anencroachment: "in our own day, grossusurpations upon the liberty of private life"(John Stuart Mill). 13. 13 Threat Consequences Usurpation is a threat to system integrity. Misappropriation: e.g., theft of service, distributed denial of service attack Misuse: security functions can be disabled or thwarted 14. 14 Scope of Computer Security 15. 15 Computer and Network Assets 16. 16Passive and Active Attacks Passive attacks attempt to learn or make use of information from the system but does not affect system resources eavesdropping/monitoring transmissions difficult to detect emphasis is on prevention rather than detection two types: message contents traffic analysis Active attacks involve modification of the data stream goal is to detect them and then recover four categories: masquerade replay modification of messages denial of service 17. 17Security Functional Requirementsoverlap computer computer security management controlssecurity technicaltechnical measures and procedures measures and management controls access control awareness & training configuration identification & audit & accountability managementauthentication; certification, accreditation, incident response system && security assessments media protection contingency planningcommunication maintenanceprotection physical & environmental system & informationprotectionintegrity planning personnel security risk assessment systems & services acquisition 18. Reading Assignment http://en.wikipedia.org/wiki/Cyber_Intelligence_Sharing_and_Protection_Act 19. 19 Data Origin Authentication Authentication corroboration of the source of aServicedata supports applications where there are no prior interactions assuring a communication is Peer Entity Authentication from the source that it claims corroboration of the identity to be fromof a peer entity confidence that an entity is interference by a third partynot performing masquerading as one of the a masquerade or two legitimate parties an unauthorized replay 20. 20 AccessNonrepudiation ControlService Service prevents either sender or limit and control the access to receiver from denying a host systems and applications transmitted message each entity trying to gain access must first be identified, or authenticated 21. 21 Data connection confidentiality Confidentiality Service connectionless confidentiality selective-field confidentiality protection of transmitted data from passive attacks protects the traffic flow from analysis Protects user data transmitted over a period traffic-flow confidentiality of time 22. 22 connectionless integrity service Data provides protection against Integritymessage modification only Service connection-oriented integrity service assures that messages are can apply to a stream of received as sent messages, a single message, no duplication, insertion or selected fields within amodification, reordering, or messagereplays with and without recovery 23. 23 a variety of attacks can result in the loss of or reduction inAvailability availability Service some of these attacks are amenable to authentication and encryption some attacks require a physical action to prevent or recover from loss of a service that protects a availability system to ensure its availability being accessible and depends on properusable upon demand bymanagement and controlan authorized system of system resourcesentity 24. 24 Security Mechanism Feature designed to Prevent attackers from violating security policy Detect attackers violation of security policy Recover, continue to function correctly even if attack succeeds. No single mechanism that will support all services Authentication, authorization, availability, confidentiality, integrity, non-repudiation 25. 25 Security Trends 26. 26 Security Technologies 27. 27 Security Policy formal statement of rules and practices that specify or regulate security services factors to consider: value of the protected assets vulnerabilities of the system potential threats and the likelihood of attacks trade-offs to consider: ease of use versus security cost of security versus cost of failure and recovery 28. 28Assurance and Evaluation assurance the degree of confidence one has that the security measures work as intended both system design and implementation evaluation process of examining a system with respect to certain criteria involves testing and formal analytic or mathematical techniques 29. 29