Computer Security

Lecture 1
Introduction
How to Avoid Becoming Road Kill
on The Information Superhighway

Syed Naqvi
snaqvi@ieee.org

Course Outline
1. Monday 08 Nov: Introduction to Security
2. Tuesday 09 Nov: Security Models
3. Thursday 11 Nov: Cryptography
4. Monday 15 Nov: Security Mechanisms
5. Tuesday 16 Nov: Security Practices
6. Thursday 18 Nov: Security Evaluation
7. Monday 22 Nov: Exercises and discussions
8. Tuesday 23 Nov: Exam

08 November 2010 Lecture 1: Introduction to Security 2

1
Terminologies
Requirements
& Policies
Security Architecture

Information
Security
Features
or
Services

Attackers/Intruders/
Malfeasors Security
Mechanisms

08 November 2010 Lecture 1: Introduction to Security 3

Terminologies
♦ Subject (S: set of all subjects)
– Active entities that carry out an action/operation on other entities;
Eg.: users, processes, agents, etc.

♦ Object (O: set of all objects)

– Eg.: Processes, files, devices, etc.

♦ Right
– An action/operation that a subject is allowed/disallowed on objects

08 November 2010 Lecture 1: Introduction to Security 4

2
Terminologies
♦ Access Control Matrix (ACM)
– Describes the protection state of a system.
– Characterizes the rights of each subject
– Elements indicate the access rights that subjects have on objects

♦ ACM is an abstract model

– Rights may vary depending on the object involved

♦ ACM is implemented primarily in two ways

– Capabilities (rows)
– Access control lists (columns)

08 November 2010 Lecture 1: Introduction to Security 5

Fundamental Blocks – Goals

♦ Prevention
– To prevent someone from violating a security policy

♦ Detection
– To detect activities in violation of a security policy
– Verify the efficacy of the prevention mechanism

♦ Recovery
– Stop policy violations (attacks)
– Assess and repair damage
– Ensure availability in presence of an ongoing attack
– Fix vulnerabilities for preventing future attack
– Retaliation against the attacker

08 November 2010 Lecture 1: Introduction to Security 6

3
Fundamental Blocks – Objectives
♦ Confidentiality
– Prevention of unauthorized disclosure of information

♦ Integrity
– Prevention of data from being inappropriately changed or deleted

♦ Availability
– Prevention of unauthorized withholding of information or
resources

08 November 2010 Lecture 1: Introduction to Security 7

Fundamental Blocks – Policy

♦ A Security Policy states what is, and is not, allowed
– This defines “security” for the site/system/etc.
– Policy definition: Informal? Formal?

♦ Mechanisms enforce policies

♦ Composition of policies
– If policies conflict, discrepancies may create security
vulnerabilities

08 November 2010 Lecture 1: Introduction to Security 8

4
Fundamental Blocks – Assumptions
♦ Policies and mechanisms have implicit assumptions

♦ Assumptions regarding policies

– Unambiguously partition system states into “secure” and
“nonsecure” states
– Correctly capture security requirements

♦ Mechanisms
– Assumed to enforce policy; i.e., ensure that the system does not
enter “nonsecure” state
– Support mechanisms work correctly

08 November 2010 Lecture 1: Introduction to Security 9

Fundamental Blocks – Models

TOP SECRET
SECRET
A B C D E
CONFIDENTIAL
OPEN
shared data
Multi-Level Security Multilateral Security
(Basic control policy: No Read Up)

08 November 2010 Lecture 1: Introduction to Security 10

5
Fundamental Blocks – Models
♦ Multi-
Multi-Level Security
– The Bell-
Bell-LaPadula Security Policy Model
– McLean’
McLean’s System Z
– Biba’
Biba’s Integrity Model

♦ Multilateral Security
– The Compartmentation Model
– The Chinese Wall Model
– The BMA Model
• British Medical Association

08 November 2010 Lecture 1: Introduction to Security 11

Functions: 1- Authentication
♦ Authentic
– Conforming to fact and therefore worthy of trust, reliance, or belief
belief
– Having a claimed and verifiable origin or authorship; not
counterfeit or copied

♦ Authenticate
– To establish the authenticity of; prove genuine

♦ Authentication
– The verification of the identity of a person or process. In a
communication system, authentication verifies that messages really
really
come from their stated source, like the signature on a (paper) letter
letter
or a check

08 November 2010 Lecture 1: Introduction to Security 12

6
Functions: 1- Authentication
♦ Challenge-
Challenge-Response
♦ Biometrics
♦ Public Key Infrastructure (PKI)/Digital Certificates
♦ Kerberos
♦ Userid/Password
Userid/Password Pairs

08 November 2010 Lecture 1: Introduction to Security 13

Functions: 2 - Authorization
♦ Provides access controls to desired parties.
♦ Determines what you are allowed to do when you have
been authenticated to the system.
Access Token File Object
Entry 1
UserId:
UserId: Mike
Security Deny Sales Write X
GroupId:
GroupId: Users Reference Entry 2
Managers Monitor Allow Users Read X
Everyone Entry 3
Desired Access: Allow Everyone Read X
Read/Write
Entry 4
√
Allow Managers Read/Write
Entry 5
Allow Mike Full Control
08 November 2010 Lecture 1: Introduction to Security 14

7
Functions: 3 - Others
♦ Auditability/Traceability
– Tracking the trails of various actions performed on a system

♦ Nonrepudiation
– Ability to ensure that a party cannot deny the authenticity of their
signature on a document or the sending of a message that they
originated

♦ Accountability
– To answer who, what, when, etc. if required.

08 November 2010 Lecture 1: Introduction to Security 15

Risks
♦ Vulnerability
– Weakness that can be exploited to cause damage

♦ Threat
– Method of exploiting a vulnerability

♦ Attack
– Motivated capable adversary who will mount attacks

08 November 2010 Lecture 1: Introduction to Security 16

8
Classes of Threats
♦ Disclosure: unauthorized access to information
– Snooping, eavesdropping

♦ Deception: acceptance of false data

– Modification, masquerading/spoofing, repudiation of origin, denial
of receipt

♦ Disruption: interruption/prevention of correct operation

– Modification

♦ Usurpation: unauthorized control of a system component

– Modification, masquerading/spoofing, delay, denial of service

08 November 2010 Lecture 1: Introduction to Security 17

Common Security Attacks

♦ Interruption, delay, denial of receipt or denial of service
– System assets or information become unavailable or are rendered
unavailable
♦ Interception or snooping
– Unauthorized party gains access to information by browsing
through files or reading communications
♦ Modification or alteration
– Unauthorized party changes information in transit or information
stored for subsequent access
♦ Fabrication, masquerade, or spoofing
– Spurious information is inserted into the system or network by
making it appear as if it is from a legitimate entity
– Not to be confused with delegation
♦ Repudiation of origin
– False denial that an entity created something

08 November 2010 Lecture 1: Introduction to Security 18

9
Trust & Trustworthiness
♦ Trust is a belief that a system meets its specification, or
otherwise lives up to its security expectation.

♦ Trustworthiness is assurance that the system deserves to be

trusted.
– Is trust, backed up by believable evidence
– It may include approval by an expert entity or compliance to
accepted security standards.

♦ Trust without trustworthiness is a formula for disaster!

08 November 2010 Lecture 1: Introduction to Security 19

Trusted Systems
♦ Trusted Systems are trustworthy.
– Calling something trusted does not make it so.

♦ They have security requirements / security policy.

♦ The system implementation has protection mechanisms
designed to meet the security requirements
♦ They have assurance /evidence that the implemented
system meets its security requirements.

08 November 2010 Lecture 1: Introduction to Security 20

10
Trusted Systems
♦ Statement of security
Policy requirements
– Identifies entities
– Defines rules
♦ Justification that the
Assurance
mechanism meets policy
– Assurance Evidence
– Credible approvals
Mechanism ♦ Implements the policy

08 November 2010 Lecture 1: Introduction to Security 21

Assurance
♦ Assurance is to indicate how much to trust a system and is
achieved by ensuring that
– The required functionality is present and correctly implemented
– There is sufficient protection against unintentional errors
– There is sufficient resistance to intentional penetration or by-pass
♦ Basis for determining this aspect of trust
– Specification
• Requirements analysis
• Statement of desired functionality
– Design
• Translate specification into components that satisfy the specification
– Implementation
• Programs/systems that satisfy a design

08 November 2010 Lecture 1: Introduction to Security 22

11
General Security Model

OWNER value
wish to minimize
should be aware of

impose

Countermeasures
to protect
may be may possess
reduced by
Vulnerabilities Risks Assets
exploit lead to
to
Threats
give rise to
wish to abuse and/or may damage
ATTACKER

08 November 2010 Lecture 1: Introduction to Security 23

Now let’s try …

♦ Implement some basic features of Access Control Lists
(ACLs) such as
– Prepare a list of your friends as an ACL
– Write down a simple program to input name string
– Welcome message for your friends AND access denial message for
others

♦ Think of some more sophisticated features and

– Implement them

08 November 2010 Lecture 1: Introduction to Security 24

12