Debre-Markos University

Department of Computer Science

Computer Security
(COSC4035)
 Outlines:
 Basic concepts of computer security
 Threats, vulnerabilities, controls, risk
 Goals of computer security
 Security attack
 Security policies and mechanisms
 Prevention, detection, and deterrence
 Software security assurance
 1.1 Basic concepts of computer security:

• Security is “the quality or state of being secure—to be free from danger.”

• In other words, protection against adversaries—from those who would do harm, intentionally
or otherwise.
• Computer security protection of computer system and information from harm, theft and
unauthorized use.
♥ Computer facilities have been physically protected for three reasons:
♥ To prevent theft of or damage to the hardware
♥ To prevent theft of or damage to the information
♥ To prevent disruption of service
 1.2 Threats, Vulnerabilities, Controls, Risk
 A threat is a potential violation of security.
• The violation need not actually occur for there to be a threat.
• The fact that the violation might occur means that those actions that could cause it to occur
must be guarded against (or prepared for).
• Those actions are called attacks.
• Those who execute such actions, or cause them to be executed, are called attackers.
• Shirey [823] divides threats into four broad classes:
• disclosure, or unauthorized access to information;
• deception, or acceptance of false data;
• disruption, or interruption or prevention of correct operation;
• and usurpation, or unauthorized control of some part of a system. These four broad
classes encompass many common threats.
• The three security services—confidentiality, integrity, and availability—counter threats to the
security of a system.
 Vulnerability a weakness of an asset (resource) or a group of assets that can be exploited by
one or more threats.
 Risk---potential for loss, damage, or destruction of an asset as a result of a threat exploiting a
vulnerability.
 Example: In a system that allows weak passwords,
 Vulnerability---password is vulnerable for dictionary or exhaustive key attacks
 Threat---An intruder can exploit the password weakness to break into the system
 Risk---the resources within the system are prone for illegal access/modify/damage by the
intruder.
1.3 Goals of computer security
♥ Confidentiality: is the prevention of unauthorised disclosure of information.
• In other words, confidentiality means keeping information private or safe.
• The principle of confidentiality specifies that only the sender and the intended recipient should
be able to access the content of the message.
♥ Integrity: is the prevention of unauthorised writing or modification of information.
• Data integrity means that the data stored on the computer is the same as what is intended.
• The confidential information sent by source to destination which is accessed by other parties
without the permission or knowledge of sender and receiver.
♥ Availability: is the prevention of unauthorised with-holding of information.
• Information should be accessible and usable upon appropriate demand by an authorised
user.
• It means that assets are accessible to authorized parties at appropriate times.
Confidentiality:- is the avoidance of the unauthorized disclosure of information.
 confidentiality involves the protection of data, providing access for those who are allowed
to see it while disallowing others from learning anything about its content.

Tools for Confidentiality

 Encryption: the transformation of information using a secret, called an encryption key, so that
the transformed information can only be read using another secret, called the decryption key
(which may, in some cases, be the same as the encryption key).
 Access control: rules and policies that limit access to confidential information to those people
and/or systems with a “need to know.”
 This need to know may be determined by identity, such as a person’s name or a computer’s
serial number, or by a role that a person has, such as being a manager or a computer
security specialist.
 Authentication: the determination of the identity or role that someone has.
This determination can be done in a number of different ways, but it is usually based on a
combination of:
 something the person has (like a smart card or a radio key fob storing secret keys),
 something the person knows (like a password),
 something the person is (like a human with a fingerprint).
 Authorization: the determination if a person or system is allowed access to resources, based
on an access control policy.
 Such authorizations should prevent an attacker from tricking the system into letting him
have access to protected resources.
 Physical security: the establishment of physical barriers to limit access to protected
computational resources.
 Such barriers include locks on cabinets and doors, the placement of computers in
windowless rooms, the use of sound dampening materials, and even the construction of
buildings or rooms with walls incorporating copper meshes (called Faradaycages) so that
electromagnetic signals cannot enter or exit the enclosure.
Integrity: the property that information has not be altered in an unauthorized way.
 Tools:
 Backups: the periodic archiving of data.
 Checksums: the computation of a function that maps the contents of a file to a numerical
value. A checksum function depends on the entire contents of a file and is designed in a way
that even a small change to the input file (such as flipping a single bit) is highly likely to result
in a different output value.
 Data correcting codes: methods for storing data in such a way that small changes can be
easily detected and automatically corrected.
 Availability: the property that information is accessible and modifiable in a timely fashion by
those authorized to do so.
• Tools:
 Physical protections: infrastructure meant to keep information available even in the event of
physical challenges.
 Computational redundancies: computers and storage devices that serve as fallbacks in the
case of failures.
♥ Recovery has two forms. The first is to stop an attack and to assess and repair any damage
caused by that attack.
• One recovery mechanism would be to restore the file from backup tapes. so recovery involves
identification and fixing of the vulnerabilities used by the attacker to enter the system. By
definition, recovery requires resumption of correct operation.
• In a second form of recovery, the system continues to function correctly while an attack is
under way.
 1.4 Security attack

• There are a number of ways in which an attacker can disrupt communications.

• Normally, information goes from the source to the destination.

• Communication is interrupted if the attacker does not allow the information to reach the
destination.
Denial-of-service: the interruption or degradation of a data service or information access.
 Example: email spam, to the degree that it is meant to simply fill up a mail queue and
slow
down an email server.

 Eavesdropping: the interception of information intended for someone else during its
transmission over a communication channel.
• Communication is intercepted if the attacker interrupts the communication and receives the
source information.

• Modification occurs when the attacker intercepts the communication, alters it in some way,
and then sends it on to the destination. The attacker intends to deceive the destination into
thinking that the modified communication has come directly from the source. This is also
known as a Man-in-the-middle attack.
Alteration: unauthorized modification of information.
 Example: the man-in-the-middle attack, where a network stream is intercepted, modified,
and retransmitted.

• An attacker may also make up a communication and send it to the destination pretending that it
has come from the source. This is called fabrication.
Masquerading: the fabrication of information that is
purported to be from someone who is not actually the
author.
 1.5 Security policies and mechanisms

• A security policy is a statement of what is, and what is not, allowed.

• A security mechanism is a method, tool, or procedure for enforcing a security policy.
• Mechanisms can be nontechnical, such as requiring proof of identity before changing a
password; in fact, policies often require some procedural mechanisms that technology cannot
enforce.
 1.6 Prevention, Detection, and Deterrence
♥ Given a security policy’s specification of “secure” and “nonsecure” actions, these security
mechanisms can prevent the attack, detect the attack, or recover from the attack.
♥ Prevention means that an attack will fail.
• Typically, prevention involves implementation of mechanisms that users cannot override and
that are trusted to be implemented in a correct, unalterable way, so that the attacker cannot
defeat the mechanism by changing it.
♥ Detection is most useful when an attack cannot be prevented, but it can also indicate the
effectiveness of preventative measures.
• Detection mechanisms accept that an attack will occur; the goal is to determine that an attack is
under way, or has occurred, and report it.
• The resource protected by the detection mechanism is continuously or periodically monitored
for security problems.
 1.7 Software security assurance
• An entity is trustworthy if there is sufficient credible evidence leading one to believe that the
system will meet a set of given requirements.
• Trust is a measure of trustworthiness, relying on the evidence provided.
• Security assurance, or simply assurance, is confidence that an entity meets its security
requirements, based on specific evidence provided by the application of assurance techniques.
• Assurance techniques include the use of a development methodology, formal methods for
design analysis, and testing.
• Security assurance is acquired by applying a variety of assurance techniques that provide
justification and evidence that the mechanism, as implemented and operated,
• meets the security requirements described in the security policy for the mechanism (or
collection of mechanisms).
• information assurance, refers to the ability to access information and preserve the quality and
security of that information.
• It differs from security assurance, because the focus is on the threats to information and the
mechanisms used to protect information and not on the correctness, consistency, or
completeness of the requirements and implementation of those mechanisms.
 Assurance refers to how trust is provided and managed in computer systems.
 Trust management depends on:
 Policies, which specify behavioral expectations that people or systems have for themselves
and others.
For example, the designers of an online music system may specify policies that describe
how users can access and copy songs.
 Permissions, which describe the behaviors that are allowed by the agents that interact with
a person or system.
For instance, an online music store may provide permissions for limited access and
copying to people who have purchased certain songs.
 Protections, which describe mechanisms put in place to enforce permissions and polices.
• We could imagine that an online music store would build in
 ! !
- 1!
ch
f
o
d s!
n
E nk
h a
T