Security in Computing Chapter 1, Is There a Security Problem in Computing?

1

Security in ComputingChapter 1, Is There a Security Problem in

Computing?

Summary created byKirk Scott

2

1. What is Computer Security About?

• Protecting things of value:• Hardware• Software• Data

3

2. A Basic Vocabulary for Security

• Threat: What could go wrong• Vulnerability: Weakness in a system or in its

defenses or protections• Control: A protective measure• Summary of relationship among the three:• A threat is blocked by a control of a

vulnerability.

4

3. The Three Steps of Security

• 1. Recognize the risk.• Embrace Murphy’s law, revised: What can be

hacked will.• In other words, the world is full of threats.• 2. Identify and classify the vulnerabilities.• There are varying degrees of vulnerability• 3. Seek countermeasures/controls and

effective means of implementing them

5

4. The Principle of Easiest Penetration:

• “An intruder must be expected to use any available means of penetration. The penetration may not necessarily be by the most obvious means, nor is it necessarily the one against which the most solid defense has been installed. And it certainly does not have to be the way we want the attacker to behave.”

6

• Any complex system will have multiple points at which it might be attacked.

• By the process of elimination, attackers will give up on unproductive attacks and try something different.

• They will eventually reach the lowest point, the point where the system is easiest to attack.

7

5. Security is Not Just about Attacks.

• Full security takes into account any possible compromise to system and data.

• This can range from accidental deletion of files to nuclear disaster.

• This will not be discussed at length because it is non-technical in nature.

• Any well-run computer installation will have plans and procedures to deal with non-malicious issues like this.

8

6. A Taxonomy of Threats

• 1. Interception• 2. Interruption• 3. Modification• 4. Fabrication• In theory each threat can apply to each of

hardware, software, and data• Some threats would be more commonly

associated with one of those resources than another.

9

• There is an interrelationship among the threats.• Modification and fabrication tend to presuppose

interception.• To an extent, modification and fabrication are

simply differences of scale. For example:• Modifying a single db record is a fabrication at the

field level.• Inserting a fabricated recorded is a modification at

the table level.

10

8. Three Broad Security Goals

• 1. Confidentiality = privacy or secrecy• 2. Integrity (like db integrity)• 3. Availability

11

9. The Goals are the Converses of the Threats.

• Confidentiality is the converse of interception.• Integrity is the converse of modification and

fabrication.• Availability is the converse of interruption or

denial of service.

12

10. The Goals are in Tension with Each Other

• Building security means supporting all 3 goals.• Note that availability and confidentiality are in

tension.• An open system is more liable to attack.• A closed system will tend to be more

confidential.• It’s necessary to achieve balance so that

resources are both secure and available.

13

11. Components of Confidentiality

• Confidentiality can be analyzed in a matrix of at least three dimensions:

• Users• Resources or system components• Level of privilege or access

14

12. The Possible Meanings of Integrity

• Precise• Accurate• Unmodified• Modified only in acceptable ways by

authorized people or processes• Consistent/internally consistent• Meaningful and usable

15

13. Components of Integrity

• Who or what can access what user in what way?

• This is essentially very similar to the matrix for confidentiality.

• An implementation of integrity may have the additional components of error detection and correction.

16

14. The Possible Meanings of Availability

• Present in a usable form• Having sufficient capacity to meet demands• Making progress towards completing service

with bounded waiting if waiting• Completing tasks within an acceptable period

of time

17

15. Aspects of Design for Availability

• Ease of use and timeliness of response• Fair resource allocation (possibly in tension

with different levels of access privileges)• Fault tolerance = graceful degradation of

service under load or error conditions vs. catastrophic failure

• Concurrency control

18

16. Hardware Vulnerabilities

• Destruction (physical)• Note existence of hardware destroying software• Rarely—addition/modification• Theft of hardware—theft of hardware cycles =

computing time• Historically—physical security for physical

devices• Not as applicable in portable world

19

17. Software Vulnerabilities

• Accidental and intentional problems are roughly analogous:

• Accidental deletion/intentional destruction• Accidental modification/intentional modification

or replacement• The results:• Gone or present but not working• Worse: Still present and “working” but harboring

some security problem

20

18. Aspects of Software Vulnerability

• Physical security along can’t protect software• Like hardware, software is vulnerable to theft

(piracy) as well as compromise• Software is not robust• Hardware systems are designed to be fault

tolerant and self-correcting• Change one bit of software and you may be dead• Research topic: Self-healing software

21

19. Spectrum of Security

• Hardware security encompasses those with physical access to devices

• Software security encompasses those with electronic access and knowledge of writing and using programs

• Data security encompasses anyone with access to data and knowledge of its meaning

• These tend to be widening circles of people

22

20. Security Spectrum for Data Alone

• Granularity—data items only have meaning within a context—isolated data may have no significance

• Data has real value—it may be hard to quantify—but compromise or loss have a real cost

• Data has a lifetime—after a certain point it may have reduced or no value—meaning security measures for it can change

23

21. Principle of Adequate Protection

• “Computer items must be protected only until they lose their value. They must be protected to a degree consistent with their value.”

24

22. Threats to Data Confidentiality

• Physical/technical—wiretapping, network sniffing, etc.

• Physical access to non-electronic media—printouts, etc.

• Social access—access through other people who have access

• Software access—bugs, holes, leaks, etc.

25

23. Aspects of Data Vulnerability--Integrity

• Interception is typically the first step• More sophistication is needed to modify or

fabricate• Modifying data is typically easier than

modifying software or hardware• In a sense, data is the most valuable part of a

system• The hardware and software “serve” it

26

• A focused attack will be designed to access data, whether the attack comes through hardware or software

• If the data is the goal, the attacker presumably understands the data

• In that sense, the data itself is the weak point in the system

• Hardware and software can or should be part of the defenses for the data

27

24. System Security

• Security spans the range from a single system to collections of systems

• Networks may be under the control of one organization or the components may be autonomous (the Internet)

• A complete system includes hardware, software, data, and people or processes with access

28

25. Classification of Computer Criminals

• Amateurs• Crackers/malicious hackers• Career criminals• Terrorists• The book does not mention this category:

State actors, spies, military organizations

29

26. Method, Opportunity, and Motive

• Documentation is available for commodity systems like Microsoft and Apple. Method is widely available.

• The systems themselves are widespread. There is no lack of opportunity.

• Motives vary, but it’s as simple as this: Where there is an open door, somebody will eventually walk through it.

30

27. A Little More Terminology

• “Harm occurs when a threat is realized against a vulnerability.”

• “The possibility for harm to occur is called risk.”

31

28. Methods of Defense/Dealing with the Potential for Harm

• Deter harm (make the attack harder)• Deflect harm (make another target relatively

easier)• Prevent harm (close the vulnerability/block

the attack)• Detect harm• Recover from harm

32

29. Controls or Countermeasures

• Multi-pronged approach• Controls vary in implementation and use

difficulty and expense• They vary in area of effect and effectiveness• Resources vary in value• Across a system a combination of overlapping

techniques may be applied to achieve the overall level of protection desired.

33

30. Encryption (Data Control)

• This is the most basic and powerful security tool• Encryption scrambles data so that only authorized users

have access• Used correctly, encryption can prevent interception,

modification, and fabrication of data.• I.e., it supports confidentiality and integrity.• An access control/authorization system will also have

encryption in its internals• Therefore, encryption is also central to providing secure

availability.

34

31. Encryption Alone is Not Sufficient

• Encryption is used with other tools, techniques, and protocols

• Encryption itself is not simple• Care has to be taken so that it’s implemented correctly• Doing so is not a trivial task• Done incorrectly, it can be counterproductive• Poorly conceived changes can actually degrade or

negate the security in an encrypted system• Faulty encryption can lead to a false sense of security

35

32. Software Controls

• Software development controls—making sure the software itself doesn’t contain security flaws

• Internal program controls—e.g., authorization in a dbms

• O/S and network controls—e.g., login, password, permissions, etc.

• Independent security programs—e.g., anti-virus, intrusion detection, etc.

36

33. Hardware Controls

• Physical devices—e.g., locks and cabes, etc.• User verification devices—e.g., cards,

biometrics, etc.• Hardware/smart card encryption, adapter

cards securing attached devices, dongles, etc.• Larger scale system level devices like firewall

and intrusion detection machines, etc.

37

34. Policies and Procedures

• Policies and procedures set standards for the implementation and use of technical defenses

• This is an administrator’s dream—but a necessary one

• Large organizations will have manuals on this• If procedures aren’t followed, technical

defenses can be circumvented

38

• At the low end procedures can be as simple as “You have to change your password every three months.”

• At the high end, procedures may take the form of ethics guidelines.

• Guidelines may be useful in promoting an ethical culture, but concrete policies still have to be enforced.

39

35. Effectiveness of Controls

• Decision makers need to believe that controls are needed

• Users should be persuaded that they ought to use them

• Controls have to be easy enough to use that people will use them

40

36. Principle of Effectiveness

• “Controls must be used—and used properly—to be effective. They must be efficient, easy to use, and appropriate.”

41

37. Principle of Weakest Link

• “Security can be no stronger than its weakest link. Whether it is the power supply that powers the firewall or the operating system under the security application or the human who plans, implements, and administers controls, a failure of any control can lead to security failure.”

42

• Notice that the principle of the weakest link is essentially a restatement of the principle of easiest penetration.

• In an environment with controls, vulnerability is highest at that point where the controls are weakest.

43

38. Periodic Review

• Security is a moving target• No one control is 100% effective• Technology progresses• When one problem is fixed, another arises• Or attackers probe for weaknesses in the supposed fixed• A layered approach is necessary, with multiple,

overlapping controls• As time passes, threats, vulnerabilities, and controls

have to be reassessed.

44

39. What Lies Ahead in this Course

• Ch. 2, Elementary Cryptography (intro)• Ch. 12, Cryptography Explained (in depth)• Ch. 3, Program Security• Ch. 7, Security in Networks• Ch. 10, Privacy in Computing• Ch. 11, Legal and Ethical Issues in Computer

Security• Project in Applied Web Site Security