Introduction to Computer Security Security Goals: Confidentiality - only authorized entities may read info Integrity - more difficult - includes: precision accuracy consistency, only modified in acceptable ways by authorized entities 3 aspects (Welke & Mayfield): authorized actions separation & protection of resources error detection & correction Availability - also difficult - data & services - usability capacity to meet needs timely access/results fairness sometimes also included - Authenticity - know origin of object or modifications Non-repudiation - author not able to deny role Terms computing system - h/w, s/w, stg media, data, people that do computing tasks Exposure - form of loss Vulnerability - weakness that may be exploited for loss Attack - an attempt to exploit a vulnerability Threat - circumstances or agents that could cause loss Control - measure to reduce vulnerability Cost of Controls - $$ time - deployment - operational - computer/network delays convenience, availability CPU cycles space - physical - memory - disk Principle of Effectiveness - a control is only effective if you use it properly. "Use it or lose it" Risk Analysis and Security Planning Risk Assessment - Inventory and valuate assets - what is functional importance to mission - would organization be able to function without this resource? Note that there are both levels (thresholds) and temporal dependencies.... Note also that information resources, especially software and data, are difficult to value properly - incorrect operation of a $39 program could cause great financial liability; incorrect data in an embedded system could cause loss of life and property Evaluate threats - who/what is likely to cause loss/harm? What valuables could others want to steal or damage, who may have political or social agendas that would motivate them to attack us, what types of loss in the infrastructure are likely, what forms of natural disasters are likely, ...? Gauge vulnerabilities - where are the weak points? Systematic approaches are good, but the system may miss entire vulnerability types... Principle of Easiest Penetration - attacker will exploit any vulnerability available, not just the ones of which we are aware, much less those for which we have the strongest controls. "Weak link in chain" Recommend Controls - Provide adequate controls to reduce a) dangerous vulnerabilities (i.e., ones whose exploit would severely impair security of the resource) ... for ... b) critical resources (i.e., ones without which the mission-critical tasks cannot be performed adequately) ... for which there are ... c) significant threats (i.e., the vulnerability is likely to be tested) Principle of Adequate Protection - protection should be comensurate with the value of the asset. "All bikes weigh 50 lbs" Assets: H/W - CPU, memory, disk space, peripherals S/W - applications, OS, utilities Data - config files, application input/output People - data entry, developers, administrators, ... Threats types: Interruption Interception Modification Fabrication Controls by Goal Confidentiality Encryption Access control (for r) Indirection Integrity Access control (for w) Consistency checking Integrity checks MACs Concurrency control Availability Access control (for x, locks) Redundancy Fault tolerance Monitoring Priority mechanisms Scheduling Authenticity Secrets (e.g., passwords, PINs) Digital signatures (symmetric or asymmetric) Non-repudiation Digital signatures (asymmetric) Trusted third party Control Mechanisms by Type Access Control Requires I & A = identification and authentication plus RM = reference monitor Lock & Key ACL CL Change management Obscurity Cryptography Encryption MACs Digital signatures Cryptographic protocols Monitoring Audit facilities Resource pinging Network sniffing/protocol analysis IDSs Anomaly detectors Software Controls Internal program controls (usually I&A, AC) OS controls (I&A, AC, process isolation, file protection, audit) Development Controls Standards for quality, process (ISO 9000) Reviews Testing Separation of duty Policies Establishing policy Training Enforcement/Monitoring Protection Physical Protection Doors, locks, shielding, surge protectors, UPSs, climate control, ... H/W-based protection Mode bits and protected instructions, write protection, base & bounds registgers, VM, tagged memory, dongles, ... OS-based protection I & A, ACLs, protection/net groups, gates/rights amp. Application-level protection password protection, crypto, ... Effectiveness of Controls Policy Awareness Need for security/value of resources Procedures Operational cost/Compliance Overlapping controls "Belt & Suspenders" Periodic Review