Unit-III

Syllabus:
Security Methods and Security Mechanisms: Different Security Models and Security
Mechanisms, Information Security and Network Security, Operating System Security, Web
Security, Email Security, Mobile Device Security, Cloud Security, IoT Security, Cyber Physical
System Security, Social Media Security, Virtual Currency, Block Chain Technology, Security
Auditing.
Different Security Models and Security Mechanisms:
Two historical facts highlight a fundamental problem that needs to be addressed in the area
of computer security.
• First, all complex software systems have eventually revealed aws or bugs that
subsequently needed to be xed.
• Second, it is extraordinarily dif cult, if not impossible, to build a computer hardware/
software system that is not vulnerable to a variety of security attacks.
These problems have led to a desire to develop a method to prove, logically or
mathematically, that a particular design does satisfy a stated set of security requirements and
that the implementation of that design faithfully conforms to the design speci cation. To this
end, security researchers have attempted to develop formal models of computer security that
can be used to verify security designs and implementations.

Formal Models for Computer Security:

1. The Bell-Lapudula Model
2. Biba Integrity Model
3. Clark-Wilson Integrity Model
4. Chinese Wall Model

1.The Bell-Lapudula Model

The BLP model was developed in the 1970s as a formal model for access control.
In the model, each subject and each object is assigned a security class. In the simplest
formulation, security classes form a strict hierarchy and are referred to as security levels.
One example is the U.S. military classi cation scheme:

top secret > secret > con dential > restricted > unclassi ed

1 of 14
fi
fi
fi
fi
fi
fl
fi
 This concept is equally applicable in other areas, where information can be organized into
gross levels and categories and users can be granted clearances to access certain
categories of data.
This suggests a classi cation scheme such as

strategic > sensitive > con dential > public

A subject is said to have a security clearance of a given level; an object is said to have a
security classi cation of a given level. The security classes control the manner by which a
subject may access an object. The model de ned four access modes.
• read: The subject is allowed only read access to the object.
• append: The subject is allowed only write access to the object.
• write: The subject is allowed both read and write access to the object.
• execute: The subject is allowed neither read nor write access to the object but may invoke
the object for execution.
When multiple categories or levels of data are de ned, the requirement is referred to as
multilevel security (MLS).
A multilevel secure system for con dentiality must enforce the following:
• No read up: A subject can only read an object of less or equal security level.
This is referred to in the literature as the simple security property (ss-property).
• No write down: A subject can only write into an object of greater or equal security level.
This is referred to in the literature as the *-property 1 (pronounced star property).
These two properties provide the con dentiality form of what is known as mandatory access
control (MAC). Under this MAC, no access is allowed that does not satisfy these two
properties. In addition, the BLP model makes a provision for discretionary access control
(DAC).
• ds-property: An individual (or role) may grant to another individual (or role) access to a
document based on the owner’s discretion, constrained by the MAC rules. Thus, a subject
can exercise only accesses for which it has the necessary authorization and which satisfy
the MAC rules.
Example of BLP Use
This example illustrates the operation of the BLP model and also highlights a practical issue
that must be addressed. We assume a role-based access control system. A and B are users
of the system. A is a student (s) in course c1. B is a teacher (t) in course c1 but may also
access the system as a student; thus two roles are assigned to B:

A: (c1-s)

2 of 14
fi
fi
fi
fi
fi
fi
fi
 B: (c1-t), (c1-s)
2.Biba Integrity Model
The BLP model deals with con dentiality and is concerned with unauthorized disclosure of
information. The Biba models deals with integrity and is concerned with the unauthorized
modi cation of data. The Biba model is intended to deal with the case in which there is data
that must be visible to users at multiple or all security levels but should only be modi ed in
controlled ways by authorized agents.

The basic elements of the Biba model have the same structure as the BLP model. As with
BLP, the Biba model deals with subjects and objects. Each subject and object is assigned an
integrity level, denoted as I(S) and I(O) for subject S and object O, respectively. A simple
hierarchical classi cation can be used, in which there is a strict ordering of levels from lowest
to highest.

The model considers the following access modes:

• Modify: To write or update information in an object.
• Observe: To read information in an object.
• Execute: To execute an object.
• Invoke: Communication from one subject to another.

The rst three modes are analogous to BLP access modes. The invoke mode is new. Biba
then proposes a number of alternative policies that can be imposed on this model. The most
relevant is the strict integrity policy, based on the following rules:
• Simple integrity: A subject can modify an object only if the integrity level of the subject
dominates the integrity level of the object: I(S) Ú I(O).
• Integrity con nement: A subject can read an object only if the integrity level of the subject is
dominated by the integrity level of the object: I(S) … I(O).
• Invocation property: A subject can invoke another subject only if the integrity level of the rst
subject dominates the integrity level of the second subject: I(S1 ) Ú I(S2 ).

3 of 14
fi
fi
fi
fi
fi
fi
fi
 3.Clark-Wilson Integrity Model

A more elaborate and perhaps more practical integrity model was proposed by Clark and
Wilson. The Clark-Wilson integrity model (CWM) is aimed at commercial rather than military
applications and closely models real commercial operations. The model is based on two
concepts that are traditionally used to enforce commercial security policies:
• Well-formed transactions: A user should not manipulate data arbitrarily, but only in
constrained ways that preserve or ensure the integrity of the data.
• Separation of duty among users: Any person permitted to create or certify a well-formed
transaction may not be permitted to execute it (at least against production data).

The model imposes integrity controls on data and the transactions that manipulate the data.
The principal components of the model are as follows:
• Constrained data items (CDIs): Subject to strict integrity controls.
• Unconstrained data items (UDIs): Unchecked data items. An example is a simple text le.
• Integrity veri cation procedures (IVPs): Intended to assure that all CDIs conform to some
application-speci c model of integrity and consistency.
• Transformation procedures (TPs): System transactions that change the set of CDIs from
one consistent state to another.

The CWM enforces integrity by means of certi cation and enforcement rules on TPs.
Certi cation rules are security policy restrictions on the behavior of IVPs and TPs.
Enforcement rules are built-in system security mechanisms that achieve the objectives of the
certi cation rules. The rules are as follows:

Cl: All IVPs must properly ensure that all CDIs are in a valid state at the time the IVP is run.
C2: All TPs must be certi ed to be valid. That is, they must take a CDI to a valid nal state,
given that it is in a valid state to begin with. For each TP, and each set of CDIs that it may
manipulate, the security of cer must specify a relation, which de nes that execution. A
relation is thus of the form (TPi, (CDIa, CDIb, CDIc . . . )), where the list of CDIs de nes a
particular set of arguments for which the TP has been certi ed.
El: The system must maintain the list of relations speci ed in rule C2 and must ensure that
the only manipulation of any CDI is by a TP, where the TP is operating on the CDI as
speci ed in some relation.

4 of 14
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
 E2: The system must maintain a list of relations of the form (UserID, TPi, (CDIa, CDIb,
CDIc, . . . )), which relates a user, a TP, and the data objects that TP may reference on behalf
of that user. It must ensure that only executions described in one of the relations are
performed.
C3: The list of relations in E2 must be certi ed to meet the separation of duty requirement.
E3: The system must authenticate the identity of each user attempting to execute a TP.
C4: All TPs must be certi ed to write to an append-only CDI (the log) all information
necessary to permit the nature of the operation to be reconstructed.
C5: Any TP that takes a UDI as an input value must be certi ed to perform only valid
transformations, or else no transformations, for any possible value of the UDI. The
transformation should take the input from a UDI to a CDI, or the UDI is rejected. Typically,
this is an edit program.
E4: Only the agent permitted to certify entities may change the list of such entities associated
with other entities: speci cally, the list of TPs associated with a CDI and the list of users
associated with a TP. An agent that can certify an entity may not have any execute rights with
respect to that entity.

The rules combine to form a two-part integrity assurance facility, in which certi cation
is done by a security of cer with respect to an integrity policy, and enforcement is done
by the system.

5 of 14
fi
fi
fi
fi
fi
fi
 4. Chinese Wall Model

The Chinese Wall Model (CWM) takes a quite different approach to specifying integrity and
con dentiality than any of the approaches we have examined so far. The model was
developed for commercial applications in which con icts of interest can arise. The model
makes use of both discretionary and mandatory access concepts.
The principal idea behind the CWM is a concept that is common in the nancial and legal
professions, which is to use a what is referred to as a Chinese wall to prevent a con ict of
interest.

The elements of the model are the following:

• Subjects: Active entities that may wish to access protected objects; includes users and
processes.
• Information: Corporate information organized into a hierarchy with three levels:
— Objects: Individual items of information, each concerning a single corporation.
— Dataset (DS): All objects that concern the same corporation.
— Con ict of interest (CI) class: All datasets whose corporations are in competition.
• Access rules: Rules for read and write access.
To enforce the Chinese wall policy, two rules are needed. To indicate the similarity with the
two BLP rules, the authors gave them the same names. The rst rule is the simple security
rule:
Simple security rule: A subject S can read on object O only if
• O is in the same DS as an object already accessed by S, OR
• O belongs to a CI from which S has not yet accessed any information.
The simple security rule does not prevent an indirect ow of information that would cause a
con ict of interest. To prevent this, the CWM has a second rule
*-property rule: A subject S can write an object O only if
• S can read O according to the simple security rule, AND
• All objects that S can read are in the same DS as O.

6 of 14
fi
fl
fl
fl
fl
fi
fi
fl
 Put another way, either subject cannot write at all, or a subject’s access (both
read and write) is limited to a single dataset. Thus, in below Figure, neither John
nor Jane has write access to any objects in the overall universe of data.

Security Mechanisms:
A process (or a device compilation such a process) that is designed to identify, avoid,
or restore from a security attack. The mechanisms are divided into those that are performed in
a de nite protocol layer, including TCP or an application-layer protocol. These mechanisms are
known as speci c security mechanisms.

7 of 14
fi
fi
 • Encipherment − This is the procedure of using numerical algorithms to change data into a
form that is not freely intelligible. The transformation and subsequent recovery of the
information based on an algorithm and zero or higher encryption keys.
• Digital Signature − A digital signature is an analytical approach which validates the authenticity and
integrity of a message, application or digital records. It allows us to test the author name, date and
time of signatures, and verify the message text.
The digital signature supports far more basic security and designed to solve the problem of tampering
and impersonation (deliberately copy another person's features) in electronic connection.
Data or cryptographic transformation of an information unit is additional to the data, therefore that the
recipient of the information unit is converted of the source and integrity of the information unit and this
can also serve to secure the data against forgery (such as by the recipient).
• Access Control − Access control is an information security process that enables organizations to
manage who is authorized to access corporate data and resources.
Secure access control need policies that check users are who they claim to be and support proper
control access levels are allowed to users. There are several structure are available that accomplish
access rights to resources.
• Data Integrity − Integrity can use to a ow of messages, an individual message, or selected areas
inside a message. In data integrity, it is a connection-oriented integrity service, it can handle with a
ow of messages, and assure that messages are received as sent with no duplication, insertion,
modi cation, reordering, or replays.
There are several structure that can be used to encourage the integrity of a data unit or ow of data
units.
• Authentication Exchange − This is a structure intended to provide the integrity of an entity by
means of information exchange.
• Traf c Padding − The insertion of bits into gaps in an information ow is known as traf c padding.
This provide to counter traf c analysis attempts.
• Routing Control − Routing control allows selection of speci c physically secure routes for speci c
data transmission and enables routing changes, particularly when a gap of security is suspected.
• Notarization − This is the usage of a trusted third party to assure speci c properties of an information
exchange.

Information Security and Network Security:

Information Security:
Organizations and people that use computers can describe their needs for information security
and trust in systems in terms of three major requirements:

Con dentiality: controlling who gets to read information;

8 of 14
fl
fi
fi
fi
fi
fl
fi
fl
fi
fi
fl
fi
 Integrity: assuring that information and programs are changed only in a speci ed and
authorized manner; and

Availability: assuring that authorized users have continued access to information and
resources.

Network security:
Network security is a set of technologies that protects the usability and integrity of a company’s
infrastructure by preventing the entry or proliferation within a network of a wide variety of
potential threats.

Network security is key to an organization’s ability to deliver products and services to

customers and employees. From online stores to enterprise applications to remote desktops,
protecting apps and data on the network is essential to advancing the business, to say nothing
of protecting an organization’s reputation. In addition, effective network security can improve
network performance by eliminating downtime due to successful attacks.

A multi-layered approach to network security implements controls at numerous points within a

network to provide comprehensive access control and threat control.

• Firewall : A rewall establishes a barrier between the trusted and the untrusted areas of a
network. Thus, a rewall performs access control and macro-segmentation based on IP
subnets. The same rewall may also perform more granular segmentation, known as micro-
segmentation.

• Load Balancer : A load balancer distributes load based on metrics. By implementing

speci c mitigation techniques, a load balancer can go beyond traditional load balancing to
provide the capability to absorb certain attacks, such as a volumetric DDoS attack.

• IDS/IPS : The classic IDS/IPS is deployed behind a rewall and provides protocol analysis
and signature matching on various parts of a data packet. Protocol analysis is a compliance
check against the publicly declared speci cation of the protocol. Signature matching
prevents known attacks such as an SQL injection.

• Sandbox : A sandbox is similar to an IDS/IPS, except that it does not rely on signatures. A
sandbox can emulate an end-system environment and determine if a malware object is
trying, for example, to execute port scans.

• NTA/NDR : NTA/NDR looks directly at traf c (or traf c records such as NetFlow) and uses
machine learning algorithms and statistical techniques to evaluate anomalies and determine
if a threat is present. First, NTA/NDR tries to determine a baseline. With a baseline in place,
it identi es anomalies such as traf c spikes or intermittent communication.

9 of 14
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
 Information Security:

information security, is a set of tools and practices that you can use to protect your digital and
analog information. InfoSec covers a range of IT domains, including infrastructure and network
security, auditing, and testing. It uses tools like authentication and permissions to restrict
unauthorized users from accessing private information. These measures help you prevent
harms related to information theft, modi cation, or loss.

Information Security vs Cybersecurity

Although both security strategies, cybersecurity and information security cover different
objectives and scopes with some overlap. Information security is a broader category of
protections, covering cryptography, mobile computing, and social media. It is related to
information assurance, used to protect information from non-person-based threats, such as
server failures or natural disasters. In comparison, cybersecurity only covers Internet-based
threats and digital data. Additionally, cybersecurity provides coverage for raw, unclassi ed data
while information security does not.

Information security policies should seamlessly integrate all three principles of the CIA triad.
Together, the three principles should guide organizations while assessing new technologies
and scenarios.

Information Security Measures

Information Security measures are essential in today’s world of technology to protect all
sensitive information from being shared, stored, and controlled by unauthorized individuals.
Without appropriate measures, hackers might access any information, which could lead to
nancial loss, data theft, or other adverse outcomes.

So here are some of the Information Security measures, that are needed to be taken into
consideration.
Develop security policy
A security policy is a document that outlines the measures that an organization will take to
protect its information and information systems. A security policy should include guidelines for
access control and other security measures.
Use strong passwords
Strong passwords should protect information from any data breach. Passwords should also be
changed regularly and should not be easily guessable.
Training staff

10 of 14
fi
fi
fi
 Employees should be trained in such a way that they must know everything in detail about
Information Security and the measures. The training should include identifying any security
incidents and then taking necessary steps to protect every sensitive information.
Keep software up-to-date
Software should be updated regularly to defend against any identi ed security vulnerabilities.
Use anti-virus software
To defend information systems and data against malware attacks, antivirus software should be
utilized.

Operating System Security:

Operating systems manage both logical and physical resources to prevent interference with
each other and unauthorized access from external sources. These methods are categorized as
protection and security in the operating system. Computing resources, such as CPUs, disks, and
memory, are secured and protected by this management. This can be accomplished by assuring the
operating system's, con dentiality, availability, and integrity. Unauthorized access, viruses, worms, and
other threats must be prevented from entering the system.

The OS must protect itself from security breaches, such as runaway processes ( denial of service ),
memory-access violations, stack over ow violations, the launching of programs with excessive
privileges, and many others.

OS uses two sets of techniques to counter threats to information namely:

• Protection
• Security

Protection tackles the system's internal threats. It provides a mechanism for controlling access to
processes, programs, and user resources.
Security tackles the system's external threats. The safety of their system resources such as saved
data, disks, memory, etc. is secured by the security systems against harmful modi cations,
unauthorized access, and inconsistency. It provides a mechanism (encryption and authentication) to
analyze the user before allowing access to the system.

Threats to Protection and Security

A program that is malicious in nature and has harmful impacts on a system is called a threat.
Protection and security in an operating system refer to the measures and procedures that can ensure
the con dentiality, integrity, and availability (CIA) of operating systems. The main goal is to protect the
OS from various threats, and malicious software such as trojans, worms, and other viruses,
miscon gurations, and remote intrusions.

11 of 14
fi
fi
fi
fl
fi
fi
 Methods to Ensure Protection and Security in Operating System
• Keep a Data Backup: It is a safe option in case of data corruption due to problems in protection and
security, you can always require it from the Backup.
• Beware of suspicious emails and links: When we visit some malicious link over the internet, it can
cause a serious issue by acquiring user access.
• Secure Authentication and Authorization: OS should provide secure authentication and
authorization for access to resources and also users should keep the credentials safe to avoid illegal
access to resources.
• Use Secure Wi-Fi Only: Sometimes using free wi or insecure wi may cause security issues,
because attackers can transmit harmful programs over the network or record the activity etc, which
could cause a big problem in the worst case.
• Install anti-virus and malware protection: It helps to remove and avoid viruses and malware from
the system.
• Manage access wisely: The access should be provided to apps and software by thorough analysis
because no software can harm our system until it acquires access. So, we can ensure to provide
suitable access to software and we can always keep an eye on software to see what resources and
access it is using.
• Firewalls Utilities: It enables us to monitor and lter network traf c. We can use rewalls to ensure
that only authorized users are allowed to access or transfer data.
• Encryption and Decryption Based transfer: The data content must be transferred according to an
encryption algorithm that can only be reversed with the appropriate decryption key. This process
protects your data from unauthorized access over the internet, also even if data is stolen it would
always remain unreadable.
• Be cautious when sharing personal information: The personal information and credentials must
be shared only with trusted and safe sources by not doing so attackers can use this information for
their intent which could be harmful to the system's security.

Web Security:
Web Security is very important nowadays. Websites are always prone to security threats/risks.
Web Security deals with the security of data over the internet/network or web or while it is
being transferred to the internet. For e.g. when you are transferring data between client and
server and you have to protect that data that security of data is your web security.

Hacking a Website may result in the theft of Important Customer Data, it may be the credit
card information or the login details of a customer or it can be the destruction of one’s business
and propagation of illegal content to the users while somebody hacks your website they can
either steal the important information of the customers or they can even propagate the illegal
content to your users through your website so, therefore, security considerations are needed in
the context of web security.

12 of 14
fi
fi
fi
fi
fi
 Web Security Threats :

Web security threats are constantly emerging and evolving, but many threats consistently
appear at the top of the list of web security threats. These include:

• Cross-site scripting (XSS)

• SQL Injection
• Phishing
• Ransomware
• Code Injection
• Viruses and worms
• Spyware
• Denial of Service

• Updated Software: You need to always update your software. Hackers may be aware of
vulnerabilities in certain software, which are sometimes caused by bugs and can be used to
damage your computer system and steal personal data. Older versions of software can
become a gateway for hackers to enter your network. Software makers soon become aware of
these vulnerabilities and will x vulnerable or exposed areas. That’s why It is mandatory to
keep your software updated, It plays an important role in keeping your personal data secure.
• Beware of SQL Injection: SQL Injection is an attempt to manipulate your data or your
database by inserting a rough code into your query. For e.g. somebody can send a query to
your website and this query can be a rough code while it gets executed it can be used to
manipulate your database such as change tables, modify or delete data or it can retrieve
important information also so, one should be aware of the SQL injection attack.
• Cross-Site Scripting (XSS): XSS allows the attackers to insert client-side script into web
pages. E.g. Submission of forms. It is a term used to describe a class of attacks that allow an
attacker to inject client-side scripts into other users’ browsers through a website. As the
injected code enters the browser from the site, the code is reliable and can do things like
sending the user’s site authorization cookie to the attacker.
• Error Messages: You need to be very careful about error messages which are generated to
give the information to the users while users access the website and some error messages are
generated due to one or another reason and you should be very careful while providing the
information to the users. For e.g. login attempt – If the user fails to login the error message
should not let the user know which eld is incorrect: Username or Password.
• Data Validation: Data validation is the proper testing of any input supplied by the user or
application. It prevents improperly created data from entering the information system.
Validation of data should be performed on both server-side and client-side. If we perform data
validation on both sides that will give us the authentication. Data validation should occur when
data is received from an outside party, especially if the data is from untrusted sources.
• Password: Password provides the rst line of defense against unauthorized access to your
device and personal information. It is necessary to use a strong password. Hackers in many
cases use sophisticated software that uses brute force to crack passwords. Passwords must

13 of 14
fi
fi
fi
be complex to protect against brute force. It is good to enforce password requirements such as
a minimum of eight characters long must including uppercase letters, lowercase letters, special
characters, and numerals.

14 of 14