Security in Computing Chapter 1, Is There a Security Problem in Computing? Summary created by Kirk...
-
Upload
kelly-mcbride -
Category
Documents
-
view
216 -
download
1
Transcript of Security in Computing Chapter 1, Is There a Security Problem in Computing? Summary created by Kirk...
1
Security in ComputingChapter 1, Is There a Security Problem in
Computing?
Summary created byKirk Scott
2
1. What is Computer Security About?
• Protecting things of value:• Hardware• Software• Data
3
2. A Basic Vocabulary for Security
• Threat: What could go wrong• Vulnerability: Weakness in a system or in its
defenses or protections• Control: A protective measure• Summary of relationship among the three:• A threat is blocked by a control of a
vulnerability.
4
3. The Three Steps of Security
• 1. Recognize the risk.• Embrace Murphy’s law, revised: What can be
hacked will.• In other words, the world is full of threats.• 2. Identify and classify the vulnerabilities.• There are varying degrees of vulnerability• 3. Seek countermeasures/controls and
effective means of implementing them
5
4. The Principle of Easiest Penetration:
• “An intruder must be expected to use any available means of penetration. The penetration may not necessarily be by the most obvious means, nor is it necessarily the one against which the most solid defense has been installed. And it certainly does not have to be the way we want the attacker to behave.”
6
• Any complex system will have multiple points at which it might be attacked.
• By the process of elimination, attackers will give up on unproductive attacks and try something different.
• They will eventually reach the lowest point, the point where the system is easiest to attack.
7
5. Security is Not Just about Attacks.
• Full security takes into account any possible compromise to system and data.
• This can range from accidental deletion of files to nuclear disaster.
• This will not be discussed at length because it is non-technical in nature.
• Any well-run computer installation will have plans and procedures to deal with non-malicious issues like this.
8
6. A Taxonomy of Threats
• 1. Interception• 2. Interruption• 3. Modification• 4. Fabrication• In theory each threat can apply to each of
hardware, software, and data• Some threats would be more commonly
associated with one of those resources than another.
9
• There is an interrelationship among the threats.• Modification and fabrication tend to presuppose
interception.• To an extent, modification and fabrication are
simply differences of scale. For example:• Modifying a single db record is a fabrication at
the field level.• Inserting a fabricated recorded is a modification
at the table level.
10
8. Three Broad Security Goals
• 1. Confidentiality = privacy or secrecy• 2. Integrity (like db integrity)• 3. Availability
11
9. The Goals are the Converses of the Threats.
• Confidentiality is the converse of interception.• Integrity is the converse of modification and
fabrication.• Availability is the converse of interruption or
denial of service.
12
10. The Goals are in Tension with Each Other
• Building security means supporting all 3 goals.• Note that availability and confidentiality are in
tension.• An open system is more liable to attack.• A closed system will tend to be more
confidential.• It’s necessary to achieve balance so that
resources are both secure and available.
13
11. Components of Confidentiality
• Confidentiality can be analyzed in a matrix of at least three dimensions:
• Users• Resources or system components• Level of privilege or access
14
12. The Possible Meanings of Integrity
• Precise• Accurate• Unmodified• Modified only in acceptable ways by
authorized people or processes• Consistent/internally consistent• Meaningful and usable
15
13. Components of Integrity
• Who or what can access what user in what way?
• This is essentially very similar to the matrix for confidentiality.
• An implementation of integrity may have the additional components of error detection and correction.
16
14. The Possible Meanings of Availability
• Present in a usable form• Having sufficient capacity to meet demands• Making progress towards completing service
with bounded waiting if waiting• Completing tasks within an acceptable period
of time
17
15. Aspects of Design for Availability
• Ease of use and timeliness of response• Fair resource allocation (possibly in tension
with different levels of access privileges)• Fault tolerance = graceful degradation of
service under load or error conditions vs. catastrophic failure
• Concurrency control
18
16. Hardware Vulnerabilities
• Destruction (physical)• Note existence of hardware destroying software• Rarely—addition/modification• Theft of hardware—theft of hardware cycles =
computing time• Historically—physical security for physical
devices• Not as applicable in portable world
19
17. Software Vulnerabilities
• Accidental and intentional problems are roughly analogous:
• Accidental deletion/intentional destruction• Accidental modification/intentional
modification or replacement• The results:• Gone or present but not working• Worse: Still present and “working” but
harboring some security problem
20
18. Aspects of Software Vulnerability
• Physical security along can’t protect software• Like hardware, software is vulnerable to theft
(piracy) as well as compromise• Software is not robust• Hardware systems are designed to be fault
tolerant and self-correcting• Change one bit of software and you may be
dead• Research topic: Self-healing software
21
19. Spectrum of Security
• Hardware security encompasses those with physical access to devices
• Software security encompasses those with electronic access and knowledge of writing and using programs
• Data security encompasses anyone with access to data and knowledge of its meaning
• These tend to be widening circles of people
22
20. Security Spectrum for Data Alone
• Granularity—data items only have meaning within a context—isolated data may have no significance
• Data has real value—it may be hard to quantify—but compromise or loss have a real cost
• Data has a lifetime—after a certain point it may have reduced or no value—meaning security measures for it can change
23
21. Principle of Adequate Protection
• “Computer items must be protected only until they lose their value. They must be protected to a degree consistent with their value.”
24
22. Threats to Data Confidentiality
• Physical/technical—wiretapping, network sniffing, etc.
• Physical access to non-electronic media—printouts, etc.
• Social access—access through other people who have access
• Software access—bugs, holes, leaks, etc.
25
23. Aspects of Data Vulnerability--Integrity
• Interception is typically the first step• More sophistication is needed to modify or
fabricate• Modifying data is typically easier than
modifying software or hardware• In a sense, data is the most valuable part of a
system• The hardware and software “serve” it
26
• A focused attack will be designed to access data, whether the attack comes through hardware or software
• If the data is the goal, the attacker presumably understands the data
• In that sense, the data itself is the weak point in the system
• Hardware and software can or should be part of the defenses for the data
27
24. System Security
• Security spans the range from a single system to collections of systems
• Networks may be under the control of one organization or the components may be autonomous (the Internet)
• A complete system includes hardware, software, data, and people or processes with access
28
25. Classification of Computer Criminals
• Amateurs• Crackers/malicious hackers• Career criminals• Terrorists• The book does not mention this category:
State actors, spies, military organizations
29
26. Method, Opportunity, and Motive
• Documentation is available for commodity systems like Microsoft and Apple. Method is widely available.
• The systems themselves are widespread. There is no lack of opportunity.
• Motives vary, but it’s as simple as this: Where there is an open door, somebody will eventually walk through it.
30
27. A Little More Terminology
• “Harm occurs when a threat is realized against a vulnerability.”
• “The possibility for harm to occur is called risk.”
31
28. Methods of Defense/Dealing with the Potential for Harm
• Deter harm (make the attack harder)• Deflect harm (make another target relatively
easier)• Prevent harm (close the vulnerability/block
the attack)• Detect harm• Recover from harm
32
29. Controls or Countermeasures
• Multi-pronged approach• Controls vary in implementation and use
difficulty and expense• They vary in area of effect and effectiveness• Resources vary in value• Across a system a combination of overlapping
techniques may be applied to achieve the overall level of protection desired.
33
30. Encryption (Data Control)
• This is the most basic and powerful security tool• Encryption scrambles data so that only authorized
users have access• Used correctly, encryption can prevent interception,
modification, and fabrication of data.• I.e., it supports confidentiality and integrity.• An access control/authorization system will also have
encryption in its internals• Therefore, encryption is also central to providing
secure availability.
34
31. Encryption Alone is Not Sufficient
• Encryption is used with other tools, techniques, and protocols
• Encryption itself is not simple• Care has to be taken so that it’s implemented correctly• Doing so is not a trivial task• Done incorrectly, it can be counterproductive• Poorly conceived changes can actually degrade or
negate the security in an encrypted system• Faulty encryption can lead to a false sense of security
35
32. Software Controls
• Software development controls—making sure the software itself doesn’t contain security flaws
• Internal program controls—e.g., authorization in a dbms
• O/S and network controls—e.g., login, password, permissions, etc.
• Independent security programs—e.g., anti-virus, intrusion detection, etc.
36
33. Hardware Controls
• Physical devices—e.g., locks and cabes, etc.• User verification devices—e.g., cards,
biometrics, etc.• Hardware/smart card encryption, adapter
cards securing attached devices, dongles, etc.• Larger scale system level devices like firewall
and intrusion detection machines, etc.
37
34. Policies and Procedures
• Policies and procedures set standards for the implementation and use of technical defenses
• This is an administrator’s dream—but a necessary one
• Large organizations will have manuals on this• If procedures aren’t followed, technical
defenses can be circumvented
38
• At the low end procedures can be as simple as “You have to change your password every three months.”
• At the high end, procedures may take the form of ethics guidelines.
• Guidelines may be useful in promoting an ethical culture, but concrete policies still have to be enforced.
39
35. Effectiveness of Controls
• Decision makers need to believe that controls are needed
• Users should be persuaded that they ought to use them
• Controls have to be easy enough to use that people will use them
40
36. Principle of Effectiveness
• “Controls must be used—and used properly—to be effective. They must be efficient, easy to use, and appropriate.”
41
37. Principle of Weakest Link
• “Security can be no stronger than its weakest link. Whether it is the power supply that powers the firewall or the operating system under the security application or the human who plans, implements, and administers controls, a failure of any control can lead to security failure.”
42
• Notice that the principle of the weakest link is essentially a restatement of the principle of easiest penetration.
• In an environment with controls, vulnerability is highest at that point where the controls are weakest.
43
38. Periodic Review
• Security is a moving target• No one control is 100% effective• Technology progresses• When one problem is fixed, another arises• Or attackers probe for weaknesses in the supposed
fixed• A layered approach is necessary, with multiple,
overlapping controls• As time passes, threats, vulnerabilities, and controls
have to be reassessed.
44
39. What Lies Ahead in this Course
• Ch. 2, Elementary Cryptography (intro)• Ch. 12, Cryptography Explained (in depth)• Ch. 3, Program Security• Ch. 7, Security in Networks• Ch. 10, Privacy in Computing• Ch. 11, Legal and Ethical Issues in Computer
Security• Project in Applied Web Site Security