Post on 23-Feb-2016
description
transcript
Lecture 2: Overview (cont)
modified from slides of Lawrie Brown
2
Key Security Concepts
Confidentiality
• preserving authorized restrictions on information access and disclosure.
• including means for protecting personal privacy and proprietary information
Integrity
• guarding against improper information modification or destruction,
• including ensuring information nonrepudiation and authenticity
Availability
• ensuring timely and reliable access to and use of information
3
Computer Security Terminology• Adversary (threat agent) - An entity that attacks, or is
a threat to, a system.• Attack - An assault on system security that derives
from an intelligent threat; a deliberate attempt to evade security services and violate security policy of a system.
• Countermeasure - An action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.
4
Computer Security Terminology
• Risk - An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result.
• Security Policy - A set of rules and practices that specify how a system or org provides security services to protect sensitive and critical system resources.
• System Resource (Asset) - Data; a service provided by a system; a system capability; an item of system equipment; a facility that houses system operations and equipment.
5
Computer Security Terminology
• Threat - A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.
• Vulnerability - Flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy.
6
Security Concepts and Relationships
7
Vulnerabilities, Threats and Attacks
• vulnerabilities– leaky (loss of confidentiality)– corrupted (loss of integrity)– unavailable or very slow (loss of availability)
• threats– capable of exploiting vulnerabilities– represent potential security harm
• attacks (threats carried out)– passive or active attempt to alter/affect system resources– insider or outsider
8
Countermeasuresmeans used to deal
with security attacks
may introduce new vulnerabilities
Residual vulnerabilities may
remaingoal is to minimize
residual level of risk to the assets
• prevent• detect• recover
9
Threat Consequences• Unauthorized disclosure is a threat to confidentiality
• Exposure: This can be deliberate or be the result of a human, hardware, or software error
• Interception: unauthorized access to data
• Inference: e.g., traffic analysis or use of limited access to get detailed information
• Intrusion: unauthorized access to sensitive data
10
Threat Consequences• Deception is a threat to either system or data
integrity• Masquerade: e.g., Trojan horse; or an attempt
by an unauthorized user to gain access to a system by posing as an authorized user
• Falsification: altering or replacing of valid data or the introduction of false data
• Repudiation: denial of sending, receiving or possessing the data.
11
Threat Consequences• Disruption is a threat to availability or system
integrity• Incapacitation: a result of physical destruction
of or damage to system hardware• Corruption: system resources or services
function in an unintended manner; unauthorized modification
• Obstruction: e.g. overload the system or interfere with communications
12
Threat Consequences• Usurpation is a threat to system integrity.
• Misappropriation: e.g., theft of service, distributed denial of service attack
• Misuse: security functions can be disabled or thwarted
13
Scope of Computer Security
14
Computer and Network Assets
15
Passive and Active Attacks• Passive attacks attempt to learn or make use of information
from the system but does not affect system resources• eavesdropping/monitoring transmissions• difficult to detect• emphasis is on prevention rather than detection• two types:
– message contents– traffic analysis
• Active attacks involve modification of the data stream• goal is to detect them and then recover• four categories:
– masquerade– replay– modification of messages– denial of service
16
Security Functional Requirementscomputer security technical measures
• access control• identification &
authentication; • system &
communication protection
• system & information integrity
management controls and procedures
• awareness & training• audit & accountability• certification,
accreditation, & security assessments
• contingency planning• maintenance• physical &
environmental protection
• planning• personnel security• risk assessment• systems & services
acquisition
overlap computer security technical
measures and management controls
• configuration management
• incident response• media protection
17
• assuring a communication is from the source that it claims to be from
• interference by a third party masquerading as one of the two legitimate parties
• Peer Entity Authentication– corroboration of the identity
of a peer entity – confidence that an entity is
not performing • a masquerade or • an unauthorized replay
AuthenticationService
Data Origin Authentication corroboration of the source of
a data supports applications where
there are no prior interactions
18
• limit and control the access to host systems and applications
• each entity trying to gain access must first be identified, or authenticated
Access ControlService
NonrepudiationService
prevents either sender or receiver from denying a transmitted message
19
• protection of transmitted data from passive attacks
• Protects user data transmitted over a period of time
– connection confidentiality
– connectionless confidentiality
– selective-field confidentiality
– protects the traffic flow from analysis
– traffic-flow confidentiality
Data Confidentiality
Service
20
• can apply to a stream of messages, a single message, or selected fields within a message
• with and without recovery
• connectionless integrity service – provides protection against
message modification only
• connection-oriented integrity service – assures that messages are
received as sent• no duplication, insertion
modification, reordering, or replays
Data IntegrityService
21
• a service that protects a system to ensure its availability– being accessible and
usable upon demand by an authorized system entity
• a variety of attacks can result in the loss of or reduction in availability
• some of these attacks are amenable to authentication and encryption
• some attacks require a physical action to prevent or recover from loss of availability
• depends on proper management and control of system resources
AvailabilityService
Security Mechanism• Feature designed to
– Prevent attackers from violating security policy– Detect attackers’ violation of security policy– Recover, continue to function correctly even if attack
succeeds.
• No single mechanism that will support all services– Authentication, authorization, availability,
confidentiality, integrity, non-repudiation22
23
Security Trends
24
Security Technologies
25
Computer Security Strategy
Specification & policy
what is the security scheme supposed to do?
Implementation & mechanisms
how does it do it?
Correctness & assurance
does it really work?
26
Security Policy• formal statement of rules and practices that
specify or regulate security services• factors to consider:
– value of the protected assets– vulnerabilities of the system– potential threats and the likelihood of attacks
• trade-offs to consider:– ease of use versus security– cost of security versus cost of failure and recovery
27
Security Implementation
prevention
detection
recovery
response
complementary courses of
action
28
Assurance and Evaluation• assurance
– the degree of confidence one has that the security measures work as intended
– both system design and implementation
• evaluation– process of examining a system with respect to
certain criteria– involves testing and formal analytic or
mathematical techniques
29
30
Answers to Questions• 1 - The protection afforded to an automated information system in
order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).
• 3 - Passive attacks have to do with eavesdropping on, or monitoring, transmissions. Electronic mail, file transfers, and client/server exchanges are examples of transmissions that can be monitored.
Active attacks include the modification of transmitted data and attempts to gain unauthorized access to computer systems.
• 4 - Passive attacks: release of message contents and traffic analysis. Active attacks: masquerade, replay, modification of messages, and denial of service.
31
Answers to Questions• 5 - Authentication: The assurance that the communicating
entity is the one that it claims to beAccess control: The prevention of unauthorized use of a resourceData confidentiality: The protection of data from unauthorized disclosureData integrity: The assurance that data received are exactly as sent by an authorized entityNonrepudiation: Provides protection against denial by one of the entities involved in a communication. Availability service: Resource being accessible/usable by an authorized system entity