Académique Documents
Professionnel Documents
Culture Documents
Lecture 1
Introduction
How to Avoid Becoming Road Kill
on The Information Superhighway
Syed Naqvi
snaqvi@ieee.org
Course Outline
1. Monday 08 Nov: Introduction to Security
2. Tuesday 09 Nov: Security Models
3. Thursday 11 Nov: Cryptography
4. Monday 15 Nov: Security Mechanisms
5. Tuesday 16 Nov: Security Practices
6. Thursday 18 Nov: Security Evaluation
7. Monday 22 Nov: Exercises and discussions
8. Tuesday 23 Nov: Exam
1
Terminologies
Requirements
& Policies
Security Architecture
Information
Security
Features
or
Services
Attackers/Intruders/
Malfeasors Security
Mechanisms
Terminologies
♦ Subject (S: set of all subjects)
– Active entities that carry out an action/operation on other entities;
Eg.: users, processes, agents, etc.
♦ Right
– An action/operation that a subject is allowed/disallowed on objects
2
Terminologies
♦ Access Control Matrix (ACM)
– Describes the protection state of a system.
– Characterizes the rights of each subject
– Elements indicate the access rights that subjects have on objects
♦ Detection
– To detect activities in violation of a security policy
– Verify the efficacy of the prevention mechanism
♦ Recovery
– Stop policy violations (attacks)
– Assess and repair damage
– Ensure availability in presence of an ongoing attack
– Fix vulnerabilities for preventing future attack
– Retaliation against the attacker
3
Fundamental Blocks – Objectives
♦ Confidentiality
– Prevention of unauthorized disclosure of information
♦ Integrity
– Prevention of data from being inappropriately changed or deleted
♦ Availability
– Prevention of unauthorized withholding of information or
resources
♦ Composition of policies
– If policies conflict, discrepancies may create security
vulnerabilities
4
Fundamental Blocks – Assumptions
♦ Policies and mechanisms have implicit assumptions
♦ Mechanisms
– Assumed to enforce policy; i.e., ensure that the system does not
enter “nonsecure” state
– Support mechanisms work correctly
TOP SECRET
SECRET
A B C D E
CONFIDENTIAL
OPEN
shared data
Multi-Level Security Multilateral Security
(Basic control policy: No Read Up)
5
Fundamental Blocks – Models
♦ Multi-
Multi-Level Security
– The Bell-
Bell-LaPadula Security Policy Model
– McLean’
McLean’s System Z
– Biba’
Biba’s Integrity Model
♦ Multilateral Security
– The Compartmentation Model
– The Chinese Wall Model
– The BMA Model
• British Medical Association
Functions: 1- Authentication
♦ Authentic
– Conforming to fact and therefore worthy of trust, reliance, or belief
belief
– Having a claimed and verifiable origin or authorship; not
counterfeit or copied
♦ Authenticate
– To establish the authenticity of; prove genuine
♦ Authentication
– The verification of the identity of a person or process. In a
communication system, authentication verifies that messages really
really
come from their stated source, like the signature on a (paper) letter
letter
or a check
6
Functions: 1- Authentication
♦ Challenge-
Challenge-Response
♦ Biometrics
♦ Public Key Infrastructure (PKI)/Digital Certificates
♦ Kerberos
♦ Userid/Password
Userid/Password Pairs
Functions: 2 - Authorization
♦ Provides access controls to desired parties.
♦ Determines what you are allowed to do when you have
been authenticated to the system.
Access Token File Object
Entry 1
UserId:
UserId: Mike
Security Deny Sales Write X
GroupId:
GroupId: Users Reference Entry 2
Managers Monitor Allow Users Read X
Everyone Entry 3
Desired Access: Allow Everyone Read X
Read/Write
Entry 4
√
Allow Managers Read/Write
Entry 5
Allow Mike Full Control
08 November 2010 Lecture 1: Introduction to Security 14
7
Functions: 3 - Others
♦ Auditability/Traceability
– Tracking the trails of various actions performed on a system
♦ Nonrepudiation
– Ability to ensure that a party cannot deny the authenticity of their
signature on a document or the sending of a message that they
originated
♦ Accountability
– To answer who, what, when, etc. if required.
Risks
♦ Vulnerability
– Weakness that can be exploited to cause damage
♦ Threat
– Method of exploiting a vulnerability
♦ Attack
– Motivated capable adversary who will mount attacks
8
Classes of Threats
♦ Disclosure: unauthorized access to information
– Snooping, eavesdropping
9
Trust & Trustworthiness
♦ Trust is a belief that a system meets its specification, or
otherwise lives up to its security expectation.
Trusted Systems
♦ Trusted Systems are trustworthy.
– Calling something trusted does not make it so.
10
Trusted Systems
♦ Statement of security
Policy requirements
– Identifies entities
– Defines rules
♦ Justification that the
Assurance
mechanism meets policy
– Assurance Evidence
– Credible approvals
Mechanism ♦ Implements the policy
Assurance
♦ Assurance is to indicate how much to trust a system and is
achieved by ensuring that
– The required functionality is present and correctly implemented
– There is sufficient protection against unintentional errors
– There is sufficient resistance to intentional penetration or by-pass
♦ Basis for determining this aspect of trust
– Specification
• Requirements analysis
• Statement of desired functionality
– Design
• Translate specification into components that satisfy the specification
– Implementation
• Programs/systems that satisfy a design
11
General Security Model
OWNER value
wish to minimize
should be aware of
impose
Countermeasures
to protect
may be may possess
reduced by
Vulnerabilities Risks Assets
exploit lead to
to
Threats
give rise to
wish to abuse and/or may damage
ATTACKER
12