that glue these systems together mustnot fail, or computers will no longer be able to communicate accurately or reliably. Given the magnitude of se-curing cyberspace, a reﬂection onwhat we are trying to do seems inorder. Several questions arise, such aswhat exactly the infrastructure is,what threats it must be securedagainst, and how protection can beprovided on a cost-effective basis. Butunderlying all these questions is howto deﬁne a secure system.What is security? Having it is ob-viously good; everyone says so. Butfew people deﬁne it exactly, or evennebulously. This column tries toplace cybersecurity in perspective,because it is, of course, central tocountries, organizations, and evenhome users now and in the future.
Consider the differences betweenthe needs of a university and a cryp-tographic organization, in whichforeign governments’ ciphers andcodes are decoded. The key differ-ence lies in their approach to sharinginformation. The university fostersscholarship and open research: pa-pers, discoveries, and work are avail-able to the general public as well as toother academics. The cryptographicorganization, on the other hand,prizes secrecy. Not only can the gen-eral public not know which ciphershave been broken, it might not evenlearn that ciphers
being broken.This sort of difference drives theneed to deﬁne security.When an organization wants tosecure its systems, it must ﬁrst deter-mine what requirements to meet.The university will need to protectthe integrity—and conﬁdentiality,such as grades—of the data on its sys-tems. It might also want to ensure thatits systems are available via the Inter-net so students, faculty, staff, andother researchers and educators haveaccess to information. The cryp-tographic organization, though, willemphasize conﬁdentiality of all itswork. Its systems should not be avail-able over the network, becausetelecommuters, for examples, coulddownload information (deliberatelyor accidentally) that would reside onan unsecured remote system indeﬁ-nitely. Data integrity is important,but the organization would rather data be deleted than read by unautho-rized people.
Requirements dictate that some ac-tions (and system states) be allowedand others disallowed. A
a speciﬁc statement of what is and isnot allowed, deﬁnes the system’s se-curity. If the system always stays instates that are allowed, and users canonly perform actions that are al-lowed, the system is
. If the sys-tem can enter a disallowed state, or a if user can successfully execute a disal-lowed action, the system is
.The type of explicit deﬁnition re-quired to design and implement se-curity measures throughout nationaland international networks wouldsomehow have to reconcile thesedisparate policies or, more likely,specify the services that the infra-structure could provide. Then, thosewho use the infrastructure could de-termine how to use these services toenforce their policies.
enforce the poli-cies; their goal is to ensure that thesystem never enters a disallowedstate. The mechanisms may be tech-nical or operational (sometimescalled procedural). For example,suppose the cryptographic organiza-tion has both unclassiﬁed and top-secret documents. Users who are notcleared to read top-secret documentscannot access them. A type of accesscontrol mechanism, called manda-tory access controls, enforces this re-striction. These controls are techni-cal mechanisms.Technical mechanisms are unsuit-able for some policies. The universitywants to prevent students from hav-ing music on their computers. Sys-tem administrators can scan systemslooking for music ﬁles, but clever stu-
Editor: Matt Bishop, email@example.com
PUBLISHED BY THE IEEE COMPUTER SOCIETY
1540-7993/03/$17.00 © 2003 IEEE
IEEE SECURITY & PRIVACY
University of California,Davis
omputer and network security, or cybersecurity, arecritical issues. But merely protecting the systemsthat hold data about citizens, corporations, andgovernment agencies it is not enough. The infra-structure of networks, routers, domain name servers, and switches
What Is Computer Security?