BAIT1093
Introduction to
Computer Security
Chapter 1: Introduction
Objectives
● Describe the key security requirements of
confidentiality, integrity, and availability
● Discuss the types of security threats and attacks
that must be dealt with and give examples of the
types of threats and attacks that apply to different
categories of computer and network assets
● Explain the security goals
● Discuss the use of attack surfaces and attack trees
● Understand the available controls
2
The NIST Internal/Interagency Report NISTIR
7298 (Glossary of Key Information Security
Terms , May 2013) defines the term computer
security as follows:
“ Measures and controls that ensure confidentiality,
integrity, and availability of information system
assets including hardware, software, firmware, and
information being processed, stored, and
communicated.”
What Is Computer Security?
● Computer Security is the protection of the items you
value, called the assets of a computer or computer system.
● The protection of the assets of a computer
system
● Hardware
● Software
● Data
4
Assets
● Computer systems—hardware, software, and data—have
value and deserve security protection.
5
Values of Assets
6
Basic Terms
● Vulnerability
● Threat
● Attack
● Countermeasure or Control
Vulnerabilities, Threats, Attacks,
Controls
● Vulnerability is a weakness in the security system.
● (i.e., in procedures, design, or implementation), that might be exploited to
cause loss or harm.
● Threat to a computing system is a set of circumstances that has the potential to
cause loss or harm.
● a potential violation of security
● An attack is a threat that is carried out (threat action) and, if successful, leads to an
undesirable violation of security, or threat consequence. The agent carrying out the
attack is referred to as an attacker, or threat agent.
● A human (criminal) who exploits a vulnerability perpetrates an attack on the
system.
● How do we address these problems?
● We use a control as a protective measure.
● That is, a control is an action, device, procedure, or technique that removes or
reduces a vulnerability.
8
Threat and Vulnerability
Relationship among threats, controls, and vulnerabilities:
• A threat is blocked by control of a vulnerability.
• To devise controls, we must know as much about threats as possible.
The fact that the
violation might occur
means that the actions
that might cause it
should be guarder
against.
9
Types of Threats
10
Types of Attackers
11
Types of Harm
12
Threats
● In an interception means that some unauthorized party
has gained access to an asset.
● In an interruption, an asset of the system becomes lost,
unavailable, or unusable.
● If an unauthorized party not only accesses but tampers
(forges) with an asset, the threat is a modification.
● Finally, an unauthorized party might create a fabrication
of counterfeit objects on a computing system.
Method—Opportunity—Motive
(MOM)
● A malicious attacker must have three
things (MOM):
● method: the skills, knowledge, tools, and
other things with which to be able to pull
off the attack
● Knowledge of systems are widely available
● opportunity: the time and access to
accomplish the attack
● Systems available to the public are accessible
to them
● motive: a reason to want to perform this
attack against this system
14
Passive and Active Attacks
Passive Attack Active Attack
● Attempts to learn or make use ● Attempts to alter system
of information from the system resources or affect their
but does not affect system operation
resources ● Involve some modification of
● Eavesdropping on, or the data stream or the creation
monitoring of, transmissions of a false stream
● Four categories:
● Goal of attacker is to obtain
● Replay
information that is being
● Masquerade
transmitted
● Modification of Messages
● Two types: ● Denial of Service
● Release of Message Contents
● Traffic Analysis
Passive Attack
1. Release of Message Content
2. Traffic Analysis
Read Contents (Eavesdropping),
Observe Patterns (Packet Sniffing),
Illegal Copying
Network
• This is an attack on confidentiality.
Active Attack
● Active attacks involve modification of the data stream or the creation of a false stream
● Difficult to prevent because of the wide variety of potential physical, software, and
network vulnerabilities
● Goal is to detect attacks and to recover from any disruption or delays caused by them
Four categories of Active Attacks:
• Takes place when one entity pretends to be a different entity.
Masquerade • Usually includes one of the other forms of active attack.
• This is an attack on Authenticity.
• Involves the passive capture of a data unit and its subsequent
Replay retransmission to produce an unauthorized effect.
• This is an attack of Integrity.
Modification of • Some portion of a legitimate message is altered, or messages are delayed
or reordered to produce an unauthorized effect.
Messages • This is an attack of Integrity.
• Prevents or inhibits the normal use or management of communications
Denial of Service facilities.
• This is an attack of Availability.
Active Attack
1. Masquerade
Unauthorized assumption of
another’s identity.
Network
• This is an attack on authenticity.
Active Attack
2. Replay (without tampering)
3. Modification of Messages
Intercept messages,
tamper, release again.
Network
• This is an attack on integrity.
Active Attack
4. Denial of Service
Overwhelm or crash servers,
disrupt infrastructure.
Network
• This is an attack on availability.
Table 1.3
Computer and Network Assets, with Examples of Threats
C-I-A Triad
● Confidentiality
● Integrity
● Availability
● Sometimes two other desirable characteristics:
● Authentication
● the process or action of proving or showing something to be true,
genuine, or valid.
● Nonrepudiation
● is the assurance that someone cannot deny something.
● i.e. nonrepudiation refers to the ability to ensure that a party to a
contract or a communication cannot deny the authenticity of their
signature on a document or the sending of a message that they
originated
22
Security Goals
● When we talk about computer security, we mean that we are addressing
three important aspects of any computer-related system: confidentiality,
integrity, & availability (CIA)
● Confidentiality ensures that computer-related assets are
accessed only by authorized parties.
● i.e. reading, viewing, printing, or even knowing their existence
● Secrecy or privacy
● Integrity means that assets can be modified only by authorized
parties or only in authorized ways.
● i.e. writing, changing, deleting, creating
● Availability means that assets are accessible to authorized
parties at appropriate times.
● i.e. often, availability is known by its opposite, denial of service.
Relationship between Confidentiality,
Integrity and Availability
• In fact, these three characteristics can be independent,
can overlap, and can even be mutually exclusive.
Confidentiality
Secure
Integrity Availability
Key Security Concepts
Confidentiality Integrity Availability
• preserving • guarding against • ensuring timely
authorized improper and reliable
restrictions on information access to and
information modification or use of
access and destruction, information
disclosure, including
including means ensuring
for protecting information
personal privacy nonrepudiation
and proprietary and authenticity
information
Approaches Lead to
Breach of Security
Confidentiality Integrity Availability
● Approaches ● Approaches ● Approaches
● Eavesdropping ● Destruction of
● Changing a hardware
● Link Monitoring
record in a ● Physical
● Packet Capturing
● System database damages to
Compromisation communication
● System links
● How it happens? compromisation ● Introduction of
● In wireless ● Making use of noise
communication, ● Removal of
broadcast and delays in
routing
multicast communication ● Erase of a
● Store and forward program or a file
● Modify
approach in
protocols hardware ● DoS attacks
Levels of Impact
Low Moderate High
The loss could
The loss could The loss could
be expected to
be expected to be expected to
have a severe or
have a limited have a serious
catastrophic
adverse effect on adverse effect on
adverse effect on
organizational organizational
organizational
operations, operations,
operations,
organizational organizational
organizational
assets, or assets, or
assets, or
individuals individuals
individuals
Other Security Concepts: A.A.A.
Authenticity
Anonymity
Assurance
Assurance
● Assurance refers to how trust is provided and managed in computer
systems.
● Trust management depends on:
● Policies, which specify behavioral expectations that people or systems have
for themselves and others.
● For example, the designers of an online music system may specify policies
that describe how users can access and copy songs.
● Permissions, which describe the behaviors that are allowed by the agents
that interact with a person or system.
● For instance, an online music store may provide permissions for limited
access and copying to people who have purchased certain songs.
● Protections, which describe mechanisms put in place to enforce
permissions and polices.
● We could imagine that an online music store would build in protections to
prevent people from unauthorized access and copying of its songs.
Authenticity
● Authenticity is the ability to determine that statements,
policies, and permissions issued by persons or systems
are genuine.
● Primary tool:
● digital signatures 🡪 These are cryptographic computations
that allow a person or system to commit to the authenticity of
their documents in a unique way that achieves nonrepudiation,
which is the property that authentic statements issued by
some person or system cannot be denied.
Anonymity
● Anonymity: the property that certain records or transactions not
to be attributable to any individual.
● Tools:
● Aggregation: the combining of data from many individuals so that
disclosed sums or averages cannot be tied to any individual.
● Mixing: the intertwining of transactions, information, or
communications in a way that cannot be traced to any individual.
● Proxies: trusted agents that are willing to engage in actions for an
individual in a way that cannot be traced back to that person.
● Pseudonyms: fictional identities that can fill in for real identities in
communications and transactions, but are otherwise known only to
a trusted entity.
Controls / Countermeasures
32
Goals of Security
● Prevention
● Prevent attackers from violating security policy
● Detection
● Detect attackers’ violation of security policy
● Recovery
● Stop attack, assess and repair damage
● Continue to function correctly even if attack succeeds
Trust and Assumptions
● Trust underlies all aspects of security
● Policies
● Unambiguously partition system states
● Correctly capture security requirements
● Mechanisms
● Assumed to enforce policy
● Support mechanisms work correctly
Computer Security Strategy
Security Policy Security
• Formal statement of rules Implementation
and practices that specify or • Involves four complementary
regulate how a system or courses of action:
organization provides
• Prevention
security services to protect
sensitive and critical system • Detection
resources • Response
• Recovery
Assurance Evaluation
• Encompassing both system • Process of examining a
design and system computer product or system
implementation, assurance is with respect to certain criteria
an attribute of an information • Involves testing and may also
system that provides grounds involve formal analytic or
for having confidence that mathematical techniques
the system operates such
that the system’s security
policy is enforced
Different Types of Controls
36
Effectiveness of Controls
● Likelihood of Use
● Of course, no control is effective unless it is used
● Principle of Effectiveness:
● Controls must be used properly to be effective.
● They must be efficient, easy to use, and appropriate.
● This principle implies that computer security controls
● must be efficient enough, in terms of time, memory space,
human activity, or other resources used,
● using the control does not seriously affect the task being
protected.
● Controls should be selective so that they do not exclude
legitimate accesses.
Principle of Weakest Link
● Security can be no stronger than its weakest link !!!
● Whether it is the power supply that powers the firewall or the
operating system under the security application or the
human who plans, implements, and administers controls, a
failure of any control can lead to a security failure.
Standards
● Standards have been developed to cover management practices and
the overall architecture of security mechanisms and services
● The most important of these organizations are:
● National Institute of Standards and Technology (NIST)
● NIST is a U.S. federal agency that deals with measurement science,
standards, and technology related to U.S. government use and to the
promotion of U.S. private sector innovation
● Internet Society (ISOC)
● ISOC is a professional membership society that provides leadership in
addressing issues that confront the future of the Internet, and is the
organization home for the groups responsible for Internet infrastructure
standards
● International Telecommunication Union (ITU-T)
● ITU is a United Nations agency in which governments and the private sector
coordinate global telecom networks and services
● International Organization for Standardization (ISO)
● ISO is a nongovernmental organization whose work results in international
agreements that are published as International Standards
Summary
● Vulnerabilities are weaknesses in a system;
● threats exploit those weaknesses;
● controls protect those weaknesses from exploitation
● Confidentiality, integrity, and availability are the three
basic security primitives
● Different attackers pose different kinds of threats based
on their capabilities and motivations
● Different controls address different threats; controls come
in many flavors and can exist at various points in the
system
40