COMPUTER SECURITY:

PRINCIPLES AND
PRACTICE
Chapter 1: Overview

Information Security
Dr. Khalid Hamid
More than 60 Research Publications
Ex. IT Incharge CTPL
 Computer Security Concepts
 Threats, Attacks, and Assets
 Security Functional Requirements
 Fundamental Security Design Principles
 Attack Surfaces and Attack Trees
 Computer Security Strategy

CHAPTER 1 OVERVIEW
 Describe the key security requirements of
confidentiality, integrity and availability
 Discuss the types security threats and attacks that
must be dealt with
 Summarize the functional requirements for
computer security
 Explain the fundamental security design principles
 Discuss the use of attack surfaces and attack trees
 Understand the principle aspects of a
comprehensive security strategy

LEARNING OBJECTIVES
  Virus
 Phishing
 Worms
 Zero Day Attacks  Trojen Horse
 DOS  SQL Injection
  Exploit
DDOS
 Logic Bomb
 MIMA  Malware
 Ransomeware  KeyLoggers (HW SW Theft
 Pattern)
DNS Tunneling
 Internal Threats (Through
 Bots Privialges)
 Adware (Web browser history)
 Spyware (Secret Bank info)

BACKGROUND KNOWLEDGE
 Computer security: The protection afforded
to an automated information system in order
to attain the applicable objectives of
preserving the integrity, availability and
confidentiality of information system resources
(includes hardware, software, firmware,
information/data, and telecommunications)
NIST 1995

A DEFINITION OF COMPUTER
SECURITY
 Confidentiality
 Data confidentiality: Assures that confidential
information is not disclosed to unauthorized individuals
 Privacy: Assures that individual control or influence what
information may be collected and stored
 Integrity
 Data integrity: assures that information and programs
are changed only in a specified and authorized manner
 System integrity: Assures that a system performs its
operations in unimpaired manner
 Availability: assure that systems works promptly and
service is not denied to authorized users

THREE KEY OBJECTIVES (THE

CIA TRIAD)
 Authenticity: the property of being genuine
and being able to be verified and trusted;
confident in the validity of a transmission, or a
message, or its originator
 Accountability: generates the requirement
for actions of an entity to be traced uniquely to
that individual to support nonrepudiation,
deference, fault isolation, etc

OTHER CONCEPTS TO A
COMPLETE SECURITY PICTURE
 Low: the loss will have a limited impact, e.g., a
degradation in mission or minor damage or
minor financial loss or minor harm
 Moderate: the loss has a serious effect, e.g.,
significance degradation on mission or
significant harm to individuals but no loss of
life or threatening injuries
 High: the loss has severe or catastrophic
adverse effect on operations, organizational
assets or on individuals (e.g., loss of life)

LEVELS OF SECURITY BREACH

IMPACT
 Student grade information is an asset whose
confidentiality is considered to be very high
 The US FERPA Act: grades should only be
available to students, their parents, and their
employers (when required for the job)
 Student enrollment information: may have
moderate confidentiality rating; less damage if
enclosed
 Directory information: low confidentiality
rating; often available publicly

EXAMPLES OF SECURITY
REQUIREMENTS:
CONFIDENTIALITY
 A hospital patient’s allergy information (high integrity
data): a doctor should be able to trust that the info is
correct and current
 If a nurse deliberately falsifies the data, the database
should be restored to a trusted basis and the falsified
information traced back to the person who did it
 An online newsgroup registration data: moderate level
of integrity
 An example of low integrity requirement: anonymous
online poll (inaccuracy is well understood)
EXAMPLES OF SECURITY
REQUIREMENTS: INTEGRITY
 A system that provides authentication: high
availability requirement
 If customers cannot access resources, the loss of services
could result in financial loss
 A public website for a university: a moderate availably
requirement; not critical but causes embarrassment
 An online telephone directory lookup: a low availability
requirement because unavailability is mostly
annoyance (there are alternative sources)
EXAMPLES OF SECURITY
REQUIREMENTS: AVAILABILITY
CHALLENGES OF COMPUTER SECURITY
1. Computer security is not simple
2. One must consider potential (unexpected) attacks
3. Procedures used are often counter-intuitive
4. Must decide where to deploy mechanisms
5. Involve algorithms and secret info (keys)
6. A battle of wits between attacker / admin
7. It is not perceived on benefit until fails
8. Requires constant monitoring
9. Too often an after-thought (not integral)
10. Regarded as impediment to using system
 Table 1.1 and Figure 1.1 show the relationship
 Systems resources
 Hardware, software (OS, apps), data (users,
system, database), communication facilities and
network (LAN, bridges, routers, …)
 Our concern: vulnerability of these resources
(corrupted, unavailable, leaky)
 Threats exploit vulnerabilities
 Attack is a threat that is accrued out
 Active or passive; from inside or from outside
 Countermeasures: actions taken to prevent,
detect, recover and minimize risks

A MODEL FOR COMPUTER

SECURITY
COMPUTER
SECURITY
TERMINOLOGY
 .

SECURITY CONCEPTS AND

RELATIONSHIPS
 Unauthorized disclosure: threat to confidentiality
 Exposure (release data), interception, inference, intrusion
 Deception: threat to integrity
 Masquerade, falsification (alter data), repudiation
 Disruption: threat to integrity and availability
 Incapacitation (destruction), corruption (backdoor logic),
obstruction (infer with communication, overload a line)
 Usurpation: threat to integrity
 Misappropriation (theft of service), misuse (hacker gaining
THREAT CONSEQUENCES
unauthorized access)
THREAT
CONSEQUENCES
(TABULAR FORM)

 .
THE SCOPE OF COMPUTER
SECURITY
EXAMPLES OF THREATS
SECURITY FUNCTIONAL REQUIREMENTS
(FIPS 200)
 Technical measures
 Access control; identification & authentication; system &
communication protection; system & information integrity

 Management controls and procedures

 Awareness & training; audit & accountability; certification,
accreditation, & security assessments; contingency planning;
maintenance; physical & environmental protection; planning;
personnel security; risk assessment; systems & services acquisition

 Overlapping technical and management

 Configuration management; incident response; media protection
 Despite years of research, it is still difficult to
design systems that comprehensively prevent
security flaws
 But good practices for good design have been
documented (analogous to software
engineering)
 Economy of mechanism, fail-safe defaults,
complete mediation, open design, separation of
privileges, lease privilege, least common
mechanism, psychological accountability,
isolation, encapsulation, modularity, layering,
least astonishment

FUNDAMENTAL SECURITY
DESIGN PRINCIPLES [1/4]
 Economy of mechanism: the design of security measures
should be as simple as possible
 Simpler to implement and to verify
 Fewer vulnerabilities
 Fail-safe default: access decisions should be based on
permissions; i.e., the default is lack of access
 Complete mediation: every access should checked
against an access control system
 Open design: the design should be open rather than secret
(e.g., encryption algorithms)
FUNDAMENTAL SECURITY
DESIGN PRINCIPLES [2/4]
 Isolation
 Public access should be isolated from critical resources (no
connection between public and critical information)
 Users files should be isolated from one another (except when
desired)
 Security mechanism should be isolated (i.e., preventing access
to those mechanisms)
 Encapsulation: similar to object concepts (hide internal
structures)
 Modularity: modular structure
FUNDAMENTAL SECURITY
DESIGN PRINCIPLES [3/4]
 Layering (defense in depth): use of multiple, overlapping
protection approaches
 Least astonishment: a program or interface should always
respond in a way that is least likely to astonish a user

FUNDAMENTAL SECURITY
DESIGN PRINCIPLES [4/4]
 Separation of privilege: multiple privileges should be
needed to do achieve access (or complete a task)
 Least privilege: every user (process) should have the least
privilege to perform a task
 Least common mechanism: a design should minimize the
function shared by different users (providing mutual
security; reduce deadlock)
 Psychological acceptability: security mechanisms should
not interfere unduly with the work of users
FUNDAMENTAL SECURITY
DESIGN PRINCIPLES
 Attack surface: the reachable and exploitable vulnerabilities in
a system
 Open ports
 Services outside a firewall
 An employee with access to sensitive info
 …
 Three categories
 Network attack surface (i.e., network vulnerability)
 Software attack surface (i.e., software vulnerabilities)
 Human attack surface (e.g., social engineering)
 ATTACK SURFACES
Attack analysis: assessing the scale and severity of threats
 A branching, hierarchical data structure that
represents a set of potential vulnerabilities
 Objective: to effectively exploit the info
available on attack patterns
 published on CERT or similar forums
 Security analysts can use the tree to guide
design and strengthen coiuntermeasures

ATTACK TREES
.

AN ATTACK TREE
 An overall strategy for providing security
 Policy (specs): what security schemes are supposed to do
 Assets and their values
 Potential threats
 Ease of use vs security
 Cost of security vs cost of failure/recovery
 Implementation/mechanism: how to enforce
 Prevention
 Detection
COMPUTER

Response SECURITY
STRATEGY


Recovery
Correctness/assurance: does it really work
(validation/review)
SECURITY TAXONOMY
SECURITY TRENDS
COMPUTER SECURITY LOSSES
SECURITY TECHNOLOGIES USED
 Security concepts
 Terminology
 Functional requirements
 Security design principles
 Security strategy

SUMMARY