Computer Security: Principles and Practice (Ch. 1) Overview

Computer security

Measures and controls that ensure confidentiality, integrity, and availability of information system assets including hardware, software, firmware, and information being processed, stored, and communicated.

Data confidentiality

Assures that private or confidential information is not made available or disclosed to unauthorized individuals.

Privacy

Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

data integrity

Assures that information and programs are changed only in a specified and authorized manner

System Integrity

Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system

Availability

Assures that systems work promptly and service is not denied to authorized users

Confidentiality

Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

Integrity

Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information.

Availability

Ensuring timely and reliable access to and use of information

Authenticity

The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator.

Accountability

The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity.

The system can be _______, so it does the wrong thing or gives wrong answers.

Corrupted

Adversary (threat agent)

Individual, group, organization, or government that conducts or has the internet to conduct detrimental activities.

Attack

Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.

Countermeasure

A device or techniques that has as its objective the impairment of the operational effectiveness of undesirable or adversarial activity, or the prevention of espionage, sabotage, theft, or unauthorized access to or use of sensitive information or information systems.

Risk

A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of 1) the adverse impacts that would arise if the circumstance or event occurs; and 2) the likelihood of occurrence.

Security policy

A set of criteria for the provision of security services. It defines and constrains the activities of a data processing facility in order to maintain a condition of security for systems and data.

System resource (asset)

A major application, general support system, high impact program, physical plant, mission critical system, personnel, equipment, or a logically related group of systems.

Threat

Any circumstance or event with the potential to adversely impact an information system through unauthorized access, destruction, disclosure, modification of data, and/or denial of service.

Vulnerability

Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.

Active attack

An attempt to alter system resources or affect their operation

Passive attack

An attempt to learn or make use of information from the system that does not affect system resources

Inside attack

Initiated by an entity inside the security perimeter (an "
insider").
The insider is authorized to access system resources but uses them in a way not
approved by those who granted the authorization.

Outside attack

Initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an "outsider"). On the Internet, potential outside attackers range from amateur pranksters to organized criminals, international terrorists, and hostile governments.

______ is a threat to confidentiality.

Unauthorized disclosure

Examples of unauthorized disclosure are...

Exposure, interception, inference, & intrusion

_____ is a threat to system integrity or data integrity.

Deception

Examples of deception are...

Masquerade, falsification, and repudiation

_______ is a threat to availability or system integrity.

Disruption

Examples of disruption are...

Incapacitation, corruption, & obstruction

______ is a threat to system integrity.

Usurpation

Examples of usurpation are

Misappropriation & misuse

Two types of passive attacks are ___ and ___.

Release of message contents, traffic analysis

Active attacks can be subdivided into four categories...

Replay, masquerade, modification of messages, & denial of service

Economy of mechanism

The design of security measures embodied in both hardware and software should be as simple and small as possible

Fail-safe default

access decisions should be based on permission rather than exclusion

Complete mediation

Every access must be checked against the access control mechanism

Open design

the design of a security mechanism should be open rather than secret

Separation of privilege

practice in which multiple privilege attributes are required to achieve access to a restricted resource

Least privilege

Every process and every user of the system should operate using the least set of privileges necessary to perform the task

Least common mechanism

The design should minimize the functions shared by different users, providing mutual security

Psychological acceptability

The security mechanisms should not interfere unduly with the work of users, and at the same time meet the needs of those who authorize access.

Isolation

A principle that applies in three contexts: 1) Public access systems should be isolated from critical resources. 2) Processes and files of individual users should be isolated from one another except where it is explicitly desired. 3) Security mechanisms should be isolated in the sense of preventing access to those mechanisms.

Encapsulation

A specific form of isolation based on object-oriented functionality.

Modularity

In the context of security refers both to the development of security functions as separate protected modules, and to the use of a modular architecture for mechanism design and implementation.

Layering

The use of multiple, overlapping protection approaches addressing the people, technology, and operational aspects of information systems.

Least astonishment

A program or user interface should always respond in the way that is least likely to astonish the user

Attack surfaces can be categorized in the following way...

Network attack surface, software attack surface, human attack surface

Security implementation involves four complementary courses of action...

Prevention, detection, response, & recovery

Assurance

An attribute of an information system that provides grounds for having confidence that the system operates such that the system's security policy is enforced.

Evaluation

The process of examining a computer product or system with respect to certain criteria.