The document provides an introduction to computer security including:
- The basic components of security such as confidentiality, integrity, and availability.
- Common security threats like snooping, modification, and denial of service attacks.
- Issues with security including operational challenges and human factors.
- An overview of security policies, access control models, and security models like Bell-LaPadula and Biba.
2. Syllabus:
Basic components of security (Confidentiality, Integrity and
Availability),
Security threats (Snooping, Modification, Masquerading,
repudiation of origin, denial of receipt, Delay, Denial of
service),
Issues with security (Operational issues, human issues),
Security Policies, Type of security policy,
Access control, Type of access control (Introduction to MAC,
DAC, Originator Controlled Access Control, Role Based
Access Control)
Overview of the Bell-LaPadula Model and Biba integrity
model.
2
3. Network Security: Analogy..!!
“The art of war teaches us to rely not on the likelihood
of the enemy's not coming, but on our own readiness to
receive him; not on the chance of his not attacking, but
rather on the fact that we have made our position
unassailable.”
- The Art of War, Sun Tzu
3
4. Computer Security: ?
The protection afforded to an automated information
system in order to attain the applicable objectives of
preserving the integrity, availability and confidentiality
of information system resources
(includes hardware, software, firmware, information/data, and
telecommunications)
- NIST 1995
4
6. Basic components of security
Confidentiality
Data confidentiality: Assures that confidential information is
not disclosed to unauthorized individuals
Privacy: Assures that individual control or influence what
information may be collected and stored
Integrity
Data integrity: assures that information and programs are
changed only in a specified and authorized manner
System integrity: Assures that a system performs its
operations in unimpaired manner
Availability: assure that systems works promptly and service is
not denied to authorized users
6
7. Basic components of security
Although the use of the CIA triad to define security
objectives is well established, some in the security
field feel that additional concepts are needed to
present a complete picture.
Two of the most commonly mentioned are:
Authenticity: The property of being genuine and being
able to be verified and trusted; confidence in the validity of
a transmission, a message, or message originator.
Accountability: The security goal that generates the
requirement for actions of an entity to be traced uniquely to
that entity.
7
8. Levels of security breach impact
Low: the loss will have a limited impact,
e.g., a degradation in mission or minor damage or minor
financial loss or minor harm
Moderate: the loss has a serious effect,
e.g., significance degradation on mission or significant
harm to individuals but no loss of life or threatening
injuries
High: the loss has severe or catastrophic adverse
effect on operations, organizational assets or on
individuals
e.g., loss of life
8
9. Examples of security requirements: Confidentiality
Student grade information is an asset whose
confidentiality is considered to be very high
The US FERPAAct: grades should only be available to
students, their parents, and their employers (when required
for the job)
Student enrollment information: may have moderate
confidentiality rating; less damage if enclosed
Directory information: low confidentiality rating;
often available publicly
9
10. Examples of security requirements: Integrity
A hospital patient’s allergy information (high
integrity data): a doctor should be able to trust that
the info is correct and current
If a nurse deliberately falsifies the data, the database should
be restored to a trusted basis and the falsified information
traced back to the person who did it
An online newsgroup registration data: moderate
level of integrity
An example of low integrity requirement:
anonymous online poll (inaccuracy is well
understood)
10
11. Examples of security requirements: Availability
A system that provides authentication: high
availability requirement
If customers cannot access resources, the loss of services
could result in financial loss
A public website for a university: a moderate
availably requirement; not critical but causes
embarrassment
An online telephone directory lookup: a low
availability requirement because unavailability is
mostly annoyance (there are alternative sources)
11
15. Hacker vs. Cracker: Assignment
“All Crackers are Hackers, But Not all Hackers
are Crackers”
Is This Statement True ???
Justify this Statement with a Suitable Example.
15
16. Threat Vs. Attack
A threat is a “potential” violation of security
The violation need not actually occur
The fact that the violation might occur makes it a
threat
It is important to guard against threats and be
prepared for the actual violation
The actual violation of security is called an
attack
16
17. Challenges of computer security
Computer security is not simple
One must consider potential (unexpected) attacks
Procedures used are often counter-intuitive
Must decide where to deploy mechanisms
Involve algorithms and secret info (keys)
A battle of wits between attacker / admin
It is not perceived on benefit until fails
Requires constant monitoring
Too often an after-thought (not integral)
Regarded as impediment to using system
17
18. Security: Categories ??
Information Security
Protecting Information from Intruders who could possibly
harm the state of Information.
Information in encrypted form is most widely used form of
security.
Network Security
Protecting Information from Intruders during its transmission.
Protecting Network Services From Intruders.
Very Critical and difficult to maintain
18
19. Security: Categories ??
Computer Security
Protecting system from malicious software, network attacks.
Generic name for the collection of tools designed to protect
data and to prevent hackers.
Keep up a system running.
Internet Security
Measure to protect data during their transmission over a
collection of interconnected networks.
19
20. Security: Attacks..!!
Security Attacks Exploitation of Vulnerability.
Types of Security Attacks.
Passive Attacks
A passive attack attempts to learn or make use of information
from the system but does not affect system resources.
Active Attacks
An active attack attempts to alter system resources or affect their
operation.
20
27. Common security attacks
Interruption, delay, or denial of service
System assets or information become unavailable or are rendered
unavailable
Interception or snooping
Unauthorized party gains access to information by browsing through files or
reading communications
Modification or alteration
Unauthorized party changes information in transit or information stored for
subsequent access
Fabrication, masquerade, or spoofing
Spurious information is inserted into the system or network by making it
appear as if it is from a legitimate entity
Repudiation of origin
False denial that an entity created/sent something
Denial of Receipt
False denial that an entity received something
27
28. Classes of Threats
Disclosure: unauthorized access to information
Snooping
Deception: acceptance of false data
Modification, masquerading/spoofing, repudiation of
origin, denial of receipt
Disruption: interruption/prevention of correct
operation
Modification
Usurpation: unauthorized control of a system
component
Modification, masquerading/spoofing, delay, denial of
service
28
30. Policy and Mechanism
Security Policy:
A statement of what is, and what is not, allowed.
Security Mechanism:
A method, tool, or procedure for enforcing a
security policy.
30
31. Types of Security Policies
A military security policy (also called a governmental
security policy) is a security policy developed
primarily to provide confidentiality.
A commercial security policy is a security policy
developed primarily to provide integrity.
A confidentiality policy is a security policy dealing
only with confidentiality.
An integrity policy is a security policy dealing only
with integrity.
31
32. Types of Security Policies: Some common security policies
Acceptable use policy
Defines what actions users of a system may perform while using computing and
networking equipment
Human resource policy
Policies of the organization that address human resources
Password management policy
A password management policy should clearly address how passwords are
managed
Privacy policy
Organizations should have a privacy policy that outlines how the organization uses
information it collects
Disposal and destruction policy
A disposal and destruction policy that addresses the disposing of resources is
considered essential
Service-level agreement
Contract between a vendor and an organization for services
32
33. Types of Security Policies
Figure: Security Policies Cycle along with Types of Security Policies
33
36. Goals of Security
Prevention: Guarantee that an attack will fail
Detection: Determine that a system is under attack,
or has been attacked, and report it
Recovery:
Off-line recovery: stop an attack, assess and repair damage
On-line recovery: respond to an attack reactively to
maintain essential services
36
37. Issues with Security: Operational Issues
Cost-Benefit Analysis
Benefits vs. total cost
Is it cheaper to prevent or recover?
Risk Analysis
Should we protect something?
How much should we protect this thing?
Risk depends on environment and change with time
Laws and Customs
Are desired security measures illegal?
Will people do them?
Affects availability and use of technology
37
38. Issues with Security: Human Issues
Organizational Problems
Power and responsibility
Financial benefits
People problems
Outsiders and insiders
Which do you think is the real threat?
Social engineering
38
39. Access Control
Security technique for the prevention of unauthorized
use of a resource in a computing environment
(i.e., this service controls who can have access to a
resource, under what conditions access can occur, and what
those accessing the resource are allowed to do).
In the context of network security, access control is
the ability to limit and control the access to host
systems and applications via communications links.
To achieve this, each entity trying to gain access must
first be identified, or authenticated, so that access
rights can be tailored to the individual.
39
41. Access Control
Access control systems perform authorization
identification, authentication, access approval, and
accountability of entities through login credentials
including passwords, personal identification numbers
(PINs), biometric scans, and physical or electronic keys.
There are two main types of access control: physical
and logical.
Physical access control limits access to campuses, buildings,
rooms and physical IT assets.
Logical access limits connections to computer networks,
system files and data.
41
42. Access Control: Categories
Some times Categories of access control are also
called Types of access control
The four main categories of access control are:
Mandatory Access Control (MAC) or Rule-based
Access Control
Discretionary Access Control (DAC)
Role-based Access Control (RBAC)
Originator Controlled Access Control (ORCON or
ORG-CON)
42
43. Access Control: MAC
When a system mechanism controls access to an object
and an individual user cannot alter that access, the control
is a mandatory access control (MAC), occasionally called
a rule-based access control.
The operating system enforces MAC. Neither the subject
nor the owner of the object can determine whether access
is granted.
Typically, the system mechanism will check information
associated with both the subject and the object to
determine whether the subject should access the object.
Rules describe the conditions under which access is
allowed.
43
44. Access Control: DAC
If an individual user can set an access control mechanism
to allow or deny access to an object, that mechanism is a
discretionary access control (DAC), also called an
identity-based access control (IBAC).
DAC base access rights on the identity of the subject and
the identity of the object involved.
Identity is the key; the owner of the object constrains
who can access it by allowing only particular subjects to
have access.
The owner states the constraint in terms of the identity of
the subject, or the owner of the subject.
44
45. Access Control: RBAC
Role-based access control (RBAC) is a method of
regulating access to computer or network resources
based on the roles of individual users within an
enterprise.
In this context, access is the ability of an individual
user to perform a specific task, such as view, create,
or modify a file.
Roles are defined according to job competency,
authority, and responsibility within the enterprise.
45
46. Access Control: ORCON or ORG-CON
An originator controlled access control (ORCON or
ORGCON) bases access on the creator of an object
(or the information it contains).
The goal of this control is to allow the originator of
the file (or of the information it contains) to control
the dissemination of the information.
The owner of the file has no control over who may
access the file.
46
47. Security Models
Bell-LaPadula Model (1973)
Biba Model (1977)
Clark-Wilson Model (1987)
Access Control Matrix
Information Flow Model
Noninterference Model
Chinese Wall Model
Lattice Model
Confidentiality
Integrity
Availability
Security Requirements Security Models
47
48. Overview of the Bell-LaPadula Model
Funded by the U.S. government, Bell-LaPadula model is
the first mathematical model of a multilevel security
policy. Because users with different clearances use the
system, and the system processes data with different
classifications.
Is a state machine model that enforce the confidentiality
aspects of access control, but not with integrity or
availability
Is an information flow security model as it ensures
information does not flow in an insecure manner.
All mandatory access control (MAC) model are based on
the Bell-LaPadula model.
48
49. Overview of the Bell-LaPadula Model
The Simple Security Property (ss Property) states that a
subject at a given security level cannot read data that
resides at a higher security level (No Read Up).
The * (star) Security Property states that a subject in a
given security level cannot write information to a lower
security level. (No Write Down).
The Strong Star Property states that a subject that has read
and write capabilities can only perform those functions at
the same security level, nothing higher and nothing lower.
A subject to be able to read and write to an object, the
clearance and classification must be equal.
49
50. Overview of the Bell-LaPadula Model
Simple
Security
Property
Star (*)
Property
Strong
Star (*)
Property
Layer of
Lower Secrecy
Layer of
Higher Secrecy
Read Write Read/Write
Divulging
Secrets
Divulging
SecretsΧ Χ
Χ Reading
Secrets
Reading
Secrets
Χ
50
51. Bell-LaPadula Model: Example
security level subject object
Top Secret Tamara Personnel Files
Secret Samuel E-Mail Files
Confidential Claire Activity Logs
Unclassified James Telephone Lists
• Tamara can read all files
• Claire cannot read Personnel or E-Mail Files
• James can only read Telephone Lists
51
52. Overview of the Biba Integrity Model
Developed in 1977, the Biba integrity model
mathematically describes read and write restrictions
based on integrity access classes of subjects and
objects. It is the first model to address integrity.
Is an information flow model as it is concerned about
data flowing from one level to another.
The model looks similar to the Bell-LaPadula Model;
however, the read-write conditions are reversed.
52
53. Overview of the Biba Integrity Model
The Simple Integrity Axiom: States that a subject at one
level of integrity is not permitted to observe (read) an
object of a lower integrity. No Read Down.
The * (Star) Integrity Axiom: States that an object at
one level of integrity is not permitted to modify (write
to) an object of a higher level of integrity. No Write Up.
Invocation property states that a subject at one level of
integrity cannot invoke (call up) a subject at a higher
level of integrity.
53
54. Overview of the Biba Integrity Model
Simple
Integrity
Property
Integrity
Star (*)
Property
Layer of
Lower Secrecy
Read Write
Χ
ContaminationΧ
Get
Contaminated
54
55. Overview of the Biba Integrity Model
The Biba model can be extended to include an access
operation called invoke. A subject can invoke another
subject, such as a software utility, to access an object.
The subject cannot send message (logical request for
service) to subjects of higher integrity. Subjects are
only allowed to invoke utilities or tools at the same or
lower integrity level (otherwise, a dirty subject could
use a clean tool to access or contaminate a clean
object).
55