Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
EDUCATION-What is Computer Security

EDUCATION-What is Computer Security

Ratings: (0)|Views: 4|Likes:
Published by IT Special Force

More info:

Published by: IT Special Force on Jun 02, 2012
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





that glue these systems together mustnot fail, or computers will no longer be able to communicate accurately or reliably. Given the magnitude of se-curing cyberspace, a reflection onwhat we are trying to do seems inorder. Several questions arise, such aswhat exactly the infrastructure is,what threats it must be securedagainst, and how protection can beprovided on a cost-effective basis. Butunderlying all these questions is howto define a secure system.What is security? Having it is ob-viously good; everyone says so. Butfew people define it exactly, or evennebulously. This column tries toplace cybersecurity in perspective,because it is, of course, central tocountries, organizations, and evenhome users now and in the future.
Security requirements 
Consider the differences betweenthe needs of a university and a cryp-tographic organization, in whichforeign governments’ ciphers andcodes are decoded. The key differ-ence lies in their approach to sharinginformation. The university fostersscholarship and open research: pa-pers, discoveries, and work are avail-able to the general public as well as toother academics. The cryptographicorganization, on the other hand,prizes secrecy. Not only can the gen-eral public not know which ciphershave been broken, it might not evenlearn that ciphers
being broken.This sort of difference drives theneed to define security.When an organization wants tosecure its systems, it must first deter-mine what requirements to meet.The university will need to protectthe integrity—and confidentiality,such as grades—of the data on its sys-tems. It might also want to ensure thatits systems are available via the Inter-net so students, faculty, staff, andother researchers and educators haveaccess to information. The cryp-tographic organization, though, willemphasize confidentiality of all itswork. Its systems should not be avail-able over the network, becausetelecommuters, for examples, coulddownload information (deliberatelyor accidentally) that would reside onan unsecured remote system indefi-nitely. Data integrity is important,but the organization would rather data be deleted than read by unautho-rized people.
Security policy 
Requirements dictate that some ac-tions (and system states) be allowedand others disallowed. A
security policy,
a specific statement of what is and isnot allowed, defines the system’s se-curity. If the system always stays instates that are allowed, and users canonly perform actions that are al-lowed, the system is
. If the sys-tem can enter a disallowed state, or a if user can successfully execute a disal-lowed action, the system is
.The type of explicit definition re-quired to design and implement se-curity measures throughout nationaland international networks wouldsomehow have to reconcile thesedisparate policies or, more likely,specify the services that the infra-structure could provide. Then, thosewho use the infrastructure could de-termine how to use these services toenforce their policies.
Security mechanisms 
Security mechanisms
enforce the poli-cies; their goal is to ensure that thesystem never enters a disallowedstate. The mechanisms may be tech-nical or operational (sometimescalled procedural). For example,suppose the cryptographic organiza-tion has both unclassified and top-secret documents. Users who are notcleared to read top-secret documentscannot access them. A type of accesscontrol mechanism, called manda-tory access controls, enforces this re-striction. These controls are techni-cal mechanisms.Technical mechanisms are unsuit-able for some policies. The universitywants to prevent students from hav-ing music on their computers. Sys-tem administrators can scan systemslooking for music files, but clever stu-
Editor: Matt Bishop, bishop@cs.ucdavis.edu
1540-7993/03/$17.00 © 2003 IEEE
University of California,Davis 
omputer and network security, or cybersecurity, arecritical issues. But merely protecting the systemsthat hold data about citizens, corporations, andgovernment agencies it is not enough. The infra-structure of networks, routers, domain name servers, and switches
What Is Computer Security?
dents can encode the music files astext files. Music file scanners wouldnot be able to determine that a textfile was really an encoded music file.A procedural mechanism that forbidsstudents from putting music files ontheir computers upon pain of suspen-sion would be more appropriate thanusing such scanners.Whether a system’s set of mecha-nisms, taken as a whole, correctlyimplements the security policy is aquestion of assurance. For example,firewalls are systems that mediatenetwork connections between a sys-tem (or set of systems on an intranet)and the Internet. The firewall canblock attempts to connect to the sys-tem from the Internet. However, if the firewall software is not writtencorrectly, the firewall might blockconnections that the security policyrequires be blocked.Two examples illustrate this. First,suppose the organizational policybans the use of external peer-to-peer networks. The simplest way to en-force this policy would be to have thefirewall refuse to accept messages onthe relevant port. However, if thefirewall is incorrectly configured, themessages will be passed on eventhough the policy forbids it. Theprotection mechanism—the fire-wall—is intended to enforce a secu-rity policy component. However,the mechanism is not configuredproperly, and so will fail in its in-tended task.Second, suppose the university hasa Web site for documents that areavailable to outside researchers. Thesystem’s security policy is that files inthe Web server’s data directories maybe sent in reply to external requests,but no other files may be sent. TheWeb server program is configured toenforce this policy. Unfortunately, theserver has a bug. By sending a speciallycrafted URL, the external request canaccess any file on the system. Here themechanism fails—not because of in-adequate configuration, but becauseof a programming error. (The ubiqui-tous buffer overflow error, in whichthe buffer is too small to hold the datacopied into it, is another example of aprogramming error.)
Security assurances 
The problem of measuring howwell requirements conform toneeds, policy conforms to require-ments, and mechanisms implementthe policy is in the realm of 
. Many different methodologieshelp evaluate assurance. Themethodology can be structured aspart of the software engineeringprocess (for high-assurance systems,this is necessary): it could test thesystem in particular environmentsto see if a policy can be violated(penetration testing falls into thiscategory). No methodology canprovide absolute assurance that asystem is secure, but different meth-ods provide different degrees of se-curity, and the methods for evaluat-ing assurance depend not only onthe system, but also on the environ-ment in which the evaluation oc-curs and on the process used tospecify, design, implement, and testthe system.Assurance comes into play withpeople, too. How well do the systemadministrators understand the poli-cies that they have to implement andenforce? Do policymakers encour-age people to ask questions when as-pects of the policy are not clear? Aretheir answers consistent? Do they askfor help when they need to under-stand the ramifications of the tech-nology as they plan policies? Howcan the company’s security staff bestbe organized to provide the supportthe policies require? Most impor-tantly, will the staff work with peoplewho regard security as a problem tofind other ways of doing their jobs?These questions touch on educa-tion of computer security profession-als. “Education” in its broadest senseincludes academic education andtraining. The differences between the
   I   L   L   U   S   T   R   A   T   I   O   N    B   Y   R   O   B   E   R   T   S   T   A   C   K

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->