CHAPTER 1

INTRODUCTION

1
 Computer Security Definition
• The protection afforded to an automated
information system in order to attain the
applicable objectives of preserving the integrity,
availability, and confidentiality of information
system resources
– Resources Includes hardware, software, firmware,
information/data, and telecommunications).

2
 Key Objectives
• Three key objectives that are at the heart of
computer security
– Confidentiality
– Integrity
– Availability

3
 Confidentiality
• Assures that private or confidential information
is not made available or disclosed to
unauthorized individuals.
• Example
– Student grade information is an asset whose
confidentiality is considered to be highly important by
students. Grade information should only be available to
students, their parents, and employees that require the
information to do their job.
– Student enrollment information may have a moderate
confidentiality rating.
– Information, such as lists of students or faculty or
departmental lists, may be assigned a low confidentiality
rating or indeed no rating since it is typically freely
available to the public.
4
 Integrity
• Assures that information and programs are changed
only in a specified and authorized manner.
• Example
– Hospital patient’s allergy information stored in a
database. The doctor should be able to trust that the
information is correct and current.
– Now suppose that an employee (e.g., a nurse) who is
authorized to view and update this information
deliberately falsifies the data to cause harm to the
hospital.
– The database needs to be restored to a trusted basis
quickly, and it should be possible to trace the error back
to the person responsible.
– Patient allergy information is an example of an asset with
a high requirement for integrity. 5
 Availability
• Assures that systems work promptly and service is
not denied to authorized users.
• Example
– Consider a system that provides authentication services
for critical systems, applications, and devices. An
interruption of service results in the inability for
customers to access computing resources and staff to
access the resources they need to perform critical tasks.
Which in term creates a large financial loss.
– An example of an asset that would typically be rated as
having a moderate availability requirement is a public
Web site for a university which provides information for
current and prospective students and donors. Such a site
is not a critical component of the university’s information
system, but its unavailability will cause some
embarrassment.
6
 Challenges of Computer Security
• Not simple –
– Computer security is not as simple as it might first
appear to the novice.
– The requirements seem to be straightforward;
indeed, But the mechanisms used to meet those
requirements can be quite complex, and
understanding them is very difficult.
• Potential Attacks
– While developing a particular security mechanism or
algorithm, potential attacks on those security
features must always be consider.
7
 Challenges of Computer Security
• Where to Use?
– It is necessary to decide where to use the Security
Mechanisms which are designed.
– Both in terms of physical placement (e.g., at what
points in a network?) and in logical sense [e.g., at what
layer or layers of an architecture such as TCP/IP].
• Security Mechanisms
– Security algorithms uses some secret information
(Encryption key) between the participants.
– Attacks may occur during creation, Distribution, so
protection of those secret information's are required
8
 Challenges of Computer Security
• Load
– Security requires regular, even constant, monitoring,
and this is difficult in today’s short-term, overloaded
environment.
• Ease of Use
– Many users and even security administrators view
strong security as an impediment to efficient and
user-friendly operation of an information system or
use of information.

9
 A Model for Computer Security
• Threat agent
– An entity that attacks, or is a threat to, a system.
• Attack
– An assault on system security done by a threat
– An attempt to evade security services and violate the
security policy of a system.
• Countermeasure
– An action, device, procedure, or technique that
reduces a threat, a vulnerability, or an attack by
eliminating or preventing it, by minimizing the harm
it can cause, or by discovering and reporting it so that
corrective action can be taken.
10
 A Model for Computer Security
• Risk
– An expectation of loss expressed as the probability that a
particular threat will exploit a particular vulnerability with
a particular harmful result.
• Security Policy
– A set of rules and practices that specify or regulate how a
system or organization provides security services to
protect sensitive and critical system resources.
• Asset
– Data contained in an information system; or a service
provided by a system; or a system capability, such as
processing power or communication bandwidth; or an
item of system equipment (i.e., a system component—
hardware, firmware, software, or documentation); or a
facility that houses system operations and equipment
11
 A Model for Computer Security
• Threat
– A potential for violation of security, which exists
when there is a circumstance, capability, action, or
event, that could breach security and cause harm.
That is, a threat is a possible danger that might
exploit a vulnerability.
• Vulnerability
– A flaw or weakness in a system’s design,
implementation, or operation and management that
could be exploited to violate the system’s security
policy.
12
Security Concepts and Relationships

13
 Assets of a computer system
• Hardware
– Including computer systems and other data processing,
data storage, and data communications devices
• Software
– Including the operating system, system utilities, and
applications.
• Data
– Including files and databases, as well as security-related
data, such as password files.
• Communication facilities and networks
– Local and wide area network communication links,
bridges, routers, and so on. 14
 Vulnerabilities and Assets
• General categories of vulnerabilities of a computer
system or network asset are
• Corrupted
– It can be corrupted, so that it does the wrong thing or
gives wrong answers. For example, stored data values
may differ from what they should be because they have
been improperly modified.
• Leaky
– It can become leaky. For example, someone who should
not have access to some or all of the information
available through the network obtains such access.
• Unavailable
– It can become unavailable or very slow. That is, using the
system or network becomes impossible or impractical.
15
 Attack and its types
• An attack is a threat that is carried out and, if
successful, leads to an undesirable violation of
security, or threat consequence. The agent
carrying out the attack is referred to as an
attacker, or threat agent.
• Two types of attacks:
– Active attack: An attempt to alter system resources or
affect their operation.
– Passive attack: An attempt to learn or make use of
information from the sys-tem that does not affect
system resources.
16
 Types of Attacks
• Classification of attacks based on the origin of the
attack:
• Inside attack
– Initiated by an entity inside the security perimeter (an
“insider”). The insider is authorized to access system
resources but uses them in a way not approved by those
who granted the authorization.
• Outside attack
– Initiated from outside the perimeter, by an unauthorized
or illegitimate user of the system (an “outsider”). On the
Internet, potential outside attackers range from amateur
pranksters to organized criminals, inter-national
terrorists, and hostile governments.
17
 Threats and Attacks
Unauthorized •Exposure: Sensitive data are directly
Disclosure released to an unauthorized entity.
A circumstance or •Interception: An unauthorized entity
event whereby an directly accesses sensitive data traveling
entity gains access between authorized sources and
destinations.
to data for which
•Inference: A threat action whereby an
the entity is not unauthorized entity indirectly accesses
authorized. sensitive data (but not necessarily the data
contained in the communication) by
reasoning from characteristics or by-
products of communications.
•Intrusion: An unauthorized entity gains
access to sensitive data by circumventing a
system’s security protections. 18
 Security Functional Requirements
• There are a number of ways of classifying and
characterizing the countermeasures that may
be used to reduce vulnerabilities and deal
with threats to system assets.

19
 Security Functional Requirements
• Access Control
– Limit information system access to authorized users, processes
acting on behalf of authorized users, or devices
• Awareness and Training
– Ensure that managers and users of organizational information
systems are made aware of the security risks associated with
their activities
• Audit and Accountability
– Create, protect, and retain information system audit records
for monitoring, analysis, investigation, and reporting of
unlawful, unauthorized, or inappropriate information system
activity;
– Ensure that the actions of individual information system users
can be traced so they can be held accountable for their
actions.
20
 Security Functional Requirements
• Contingency Planning
– Establish, maintain, and implement plans for
emergency response, backup operations, and post
disaster recovery for organizational information
systems to ensure the availability of critical
information resources and continuity of operations
in emergency situations.
• Maintenance
– Perform periodic and timely maintenance on
organizational information systems

21
 Security Functional Requirements
• Physical and Environmental Protection
– Limit physical access to information systems,
equipment, and the respective operating
environments to authorized individuals
– Protect the physical plant and support infrastructure
for information systems
– Provide supporting utilities for information systems;
– Protect information systems against environmental
hazards; and
– Provide appropriate environmental controls in
facilities containing information systems.
22
 Security Functional Requirements
• Risk Assessment
– Periodically assess the risk to organizational operations,
organizational assets
• Systems and Services Acquisition
– Allocate sufficient resources to adequately protect
organizational information systems;
– Employ system development life cycle processes that
incorporate information security considerations
– Employ software usage and installation restrictions
– Ensure that third-party providers employ adequate
security measures to protect information, applications,
and/or services outsourced from the organization.
23
 Attack Surfaces
• An attack surface consists of the reachable and
exploitable vulnerabilities in a system.
• Examples of attack surfaces
– Open ports on outward facing Web and other servers,
and code listening on those ports
– Services available on the inside of a firewall
– Code that processes incoming data, email, XML, office
documents, and industry-specific custom data exchange
formats
– Interfaces, SQL, and Web forms
– An employee with access to sensitive information
vulnerable to a social engineering attack
24
 Types of Attack surfaces
• Network attack surface
– vulnerabilities over an enterprise network, wide-area
network, or the Internet. Included in this category are
network protocol vulnerabilities, such as those used for a
denial-of-service attack, disruption of communications
links, and various forms of intruder attacks.
• Software attack surface
– Vulnerabilities in application, utility, or operating system
code.
• Human attack surface
– Vulnerabilities created by personnel or outsiders, such as
social engineering, human error, and trusted insiders.
25
 Computer Security Strategy
• A security strategy involves three aspects:
• Specification/policy
– What is the security scheme supposed to do?
• Implementation/mechanisms
– How does it do it?
• Correctness/assurance
– Does it really work?

26
 Security Policy
• The first step in devising security services and
mechanisms is to develop a security policy.
• an informal description of desired system
behavior
• In developing a security policy, the following
factors has to be considered
– The value of the assets being protected
– The vulnerabilities of the system
– Potential threats and the likelihood of attacks

27
 Security Implementation
• involves four complementary courses of action
• Prevention
– An ideal security scheme is one in which no attack is
successful. Although this is not practical in all cases,
there is a wide range of threats in which prevention is a
reasonable goal.
– For example, consider the transmission of encrypted
data. If a secure encryption algorithm is used, and if
measures are in place to prevent unauthorized access
to encryption keys, then attacks on confidentiality of
the transmitted data will be prevented.

28
 Security Implementation
• Detection
– In a number of cases, absolute protection is not
feasible, but it is practical to detect security attacks.
– For example, there are intrusion detection systems
designed to detect the presence of unauthorized
individuals logged onto a system.

29
 Security Implementation
• Response
– If security mechanisms detect an ongoing attack,
such as a denial of service attack, the system may
be able to respond in such a way as to halt the
attack and prevent further damage.
• Recovery
– An example of recovery is the use of backup
systems, so that if data integrity is compromised, a
prior, correct copy of the data can be reloaded.

30
 Assurance
• Assurance -Degree of confidence on the security
measures, both technical and operational, work
as intended to protect the system and the
information it processes.
• Thus, assurance deals with the questions,
– “Does the security system design meet its
requirements?” and
– “Does the security system implementation meet its
specifications?”

31
 Evaluation
• Process of examining a computer product or
system with respect to certain criteria.
• Evaluation involves testing and may also involve
formal analytic or mathematical techniques.
• The central thrust of work in this area is the
development of evaluation criteria that can be
applied to any security system (encompassing
security services and mechanisms) and that are
broadly supported for making product
comparisons.
32