Professional Documents
Culture Documents
1. 2. 3. 4. Ethical Issues State of the Art Fundamentals of Computer Security Security Engineering :Lifecycle and Principles
Answers
$201,797,340
Detected attacks during the last 12 months Acknowledged financial losses due to security breaches Use a mixture of prevention, detection, and reaction technologies Use prevention technologies such as firewall, access control, and physical security Also use intrusion detection systems
75%
Protection
Provided by a set of security services (countermeasures), each designed to prevent a specific kind of bad thing (threat) from happening. Example: a file system access control mechanism Three kinds of protection: authorization, accountability, and availability
The Rules
Protected Resources
Two broad categories of authorization mechanisms: Access control mechanisms: -enforce the rules -used in environments that can be trusted to run a program to check whether the rules are being violated. Data protection mechanisms: -used when the environment isnt able to run a program to check the rules or isnt trusted to enforce the rules even if it can check them. Example: a telephone wire cant run a program; a PC running DOS can run programs, but DOS isnt a secure OS. -normally implemented using encryption. -Confidentiality protection keeps unauthorized readers from snooping through protected data. -Integrity protection keeps vandals from making unauthorized changes to protected data
Accountability Assumption: Theres no way to prevent authorized users with evil intent from doing things which the rules dont allow. Hence, the only rule that can keep all your resources safe: no one is allowed to do anything. Accountability: you can tell who did what, when. Two strengths of accountability: audit and non-repudiation.
Audit: A weak form of accountability When someone suspects foul play, the audit log is examined to discover evidence of the deed and the identity of the perpetrator. Limitations: some kinds of foul play cant be accurately diagnosed using audit.
The System
Audit Log
Non-repudiation: A stronger form of accountability Requires users to sign their requests for systems actions
The System
Signature
Audit Log
Depends on: -the strength of a digital signature algorithm -the secrecy of each users signature key to guarantee that privileged users and system administrators cant forge other users signatures.
Availability A resource is available if its there when you need it. A bad guy can do various things to deny the use of a resource: Destroy or damage the resource Interfere with the communications between you and the resource Interfere with your ability to pass the authorization check required for use of the resource
network
User
attacks
Server
Hacker
Two approaches to availability protection: service continuity and disaster recovery. -Service continuity: Make sure that you can always get to your resources Usually involves keeping many active copies of each resource and keeping a couple of independent communication paths to each copy.
-Disaster recovery: Assumes that service will eventually be interrupted, and figures out how you can get back up and running after the interruption. Consists of keeping backup copies of everything and planning in advance how the backups will be activated and used in emergency.
Assurance
The set of things the builder and the operator of a system do to convince you that it really is safe to use. Means that the system keeps its security promises: the system can enforce the policy youre interested in; the system works. Based on an assurance argument, which tries to prove three things: the systems protection mechanisms are correct (e.g. not full of bugs, enforce the stated policy) the system always uses its protection mechanisms when they are needed theres no way to circumvent the systems protection mechanisms Assurance has to be done throughout the systems lifetime.
Design assurance: use of good security engineering practices to identify important threats and to choose appropriate countermeasures. Development assurance: use of disciplined processes to implement the design correctly and to deliver the final system securely and reliably. Operational assurance: mandates secure installation, configuration and day-to-day operation of the system.
Good records of what has been done during every phase of systems life must be kept as evidence, and can help in deciding how much faith in the systems security is justified.
Estimate risks Prioritize risks Risk is Acceptably low Establish security policy
Repeat procedure when certain interval has expired or circumstances have changed
Deploy& Maintain