You are on page 1of 11


Confidentiality ensures that computer-related assets
are accessed only by authorized parties. That is, only
those who should have access to something will actually
get that access. By "access," we mean not only reading
but also viewing, printing, or simply knowing that a particular
asset exists. Confidentiality is sometimes called secrecy or privacy.
Integrity means that assets can be modified only by authorized
parties or only in authorized ways. In this context, modification
includes writing, changing, changing status, deleting, and creating.
Availability means that assets are accessible to authorized parties
at appropriate times. In other words, if some person or system
has legitimate access to a particular set of objects, that access
should not be prevented. For this reason, availability is sometimes
known by its opposite, denial of service.
Attack-related terms
Vulnerability : is a weakness in the security system that might
be exploited to cause loss or harm.
Threat : is a set of circumstances that has the potential
to cause loss or harm.
Attack : an attack is launched when a threat exploits a vulnerability.
Control : is an action, device, procedure, or technique
that removes or reduces a vulnerability.

Vulnerabilities of Computing System
Hardware Vulnerabilities: Hardware is more visible than software,
largely because it is composed of physical objects. H/W Vulnerabilities
are drenched with water, burned, frozen, electrocuted with power surges
and People have spilled soft drinks, corn chips, ketchup, beer, and many
other kinds of food on computing devices.
Software Vulnerabilities: Computing equipment is of little use without
the software (operating system, controllers, utility programs,
and application programs) that users expect. Software can be replaced,
changed, or destroyed maliciously, or it can be modified, deleted,
or misplaced accidentally. Whether intentional or not, these attacks
exploit the software's vulnerabilities.
Data Vulnerabilities: A data attack is a more widespread and serious problem
than either a hardware or software attack, Because of its visible nature . Thus,
data items have greater public value than hardware and software because
more people know how to use or interpret data. Data vulnerabilities are loss of data,
fabrication of data and interception of data...etc.

Threads Types
1.Interception: An interception means that some unauthorized party has gained
access to an asset. The outside party can be a person, a program, or a computing system.
Examples of this type of failure are illicit copying of program or data files,
or wiretapping to obtain data in a network.
2.Interruption: In an interruption, an asset of the system becomes lost,
unavailable, or unusable. An example is malicious destruction of a hardware device,
erasure of a program or data file, or malfunction of an operating system file manager
so that it cannot find a particular disk file.
3.Modification: If an unauthorized party not only accesses but tampers with an asset,
the threat is a modification. For example, someone might change the values in a database,
alter a program so that it performs an additional computation, or modify data being transmitted
4.Fabrication: Finally, an unauthorized party might create a fabrication of counterfeit objects
on a computing system. The intruder may insert spurious transactions to
a network communication system or add records to an existing database. Sometimes these
can be detected as forgeries, but if skillfully done, they are virtually indistinguishable from the
real thing.

passive attacks
which attempt to learn or make use of information
from the system but does not affect system resources.
By eavesdropping on, or monitoring of, transmissions to:
+ obtain message contents (as shown above in Stallings Figure 1.3a), or
+ monitor traffic flows
Are difficult to detect because they do not involve any alteration of the data.
active attacks which attempt to alter system resources or affect their
Operation By modification of data stream to:
+ masquerade of one entity as some other
+ replay previous messages
+ modify messages in transit
+ denial of service
Active attacks present the opposite characteristics of passive attacks.
Whereas passive attacks are difficult to detect, measures are available
to prevent their success. On the other hand, it is quite difficult to prevent
active attacks absolutely, because of the wide variety of potential
physical,software,and network vulnerabilities. Instead, the goal is to detect
active attacks and to recover from any disruption or delays caused by them.

malicious attacker must have three things:
Method: the skills, knowledge, tools, and other things
with which to be able to pull off the attack
Opportunity: the time and access to accomplish the attack
Motive: a reason to want to perform this attack against this system

computer criminals
have access to enormous amounts of hardware, software, and data;
- Amateurs
- Crackers or Malicious Hackers
- Career Criminals
- Career Criminals

Methods of Defense
An attack occurs when a threat is realized against a vulnerability.
We can deal with an attack in several ways:
Prevent it , by blocking the attack or closing the vulnerability
Deter it , by making the attack harder but not impossible
Deflect it , by making another target more attractive
Detect it , either as it happens or some time after the fact
Recover from its effects

Controls for defense
Software Controls
Hardware Controls :
Program Controls
Operating System Controls
Network System Controls
Development Controls

Hardware Controls
hardware or smart card implementations of encryption
locks or cables limiting access or deterring theft
devices to verify users' identities
intrusion detection systems
circuit boards that control access to storage media

Policies and Procedures :
frequent changes of passwords
Training to the users
Applying policies immediately
Physical Controls :
Locks on door
Guards at entry point
Back up copies of important s/w and data
Physical site planning that reduces the risk of natural disasters

Plaintext: is the original form of a message.
Ciphertext: is the encrypted form of a message.
Encrypt: the process of scrambling a message.
Decrypt: the process of unscrambling a message.
Encryption: is the process of encrypting a message
so that its meaning is not clear.
Decryption: is the reverse process of encryption,
transforming an encrypted message back into its original form.
Cryptography: is the practice and study of techniques
for secure communication in the presence of third parties.
Cryptographer: is the practitioner of cryptography.
Cryptanalysis: the science of breaking ciphertexts.
Cryptanalyst: is the practitioner of cryptanalysis.

General Goals of Cryptography
Cryptography can be used to provide us with:
Confidentiality: is the term used to prevent the disclosure
of information to unauthorized individuals or systems.
Integrity: means that data cannot be modified
or forged undetectably.
Authentication: is any process by which you verify
that someone is who they claim they are.
Authorization: is finding out if a party, once identified,
is permitted to have a resource.
Non-repudiation: it prevents either sender or receiver
from denying a transmitted message.
Theses 5 are also called Security Services

The Uses of Encryption
Encryption algorithms alone are not the answer
to everyones encryption needs.
Encryption can be used in several other applications
than encryption.
There are four examples for different uses of encryption:
1 Cryptographic Hash Functions
2 Key Exchange
3 Digital Signatures
4 Certificates

Data Encryption Standard (DES) is a system developed for the US government,
and was intended for use by the general public; because mainly cryptographic
systems were used for military and governmental uses.
-It was accepted as a cryptographic standard both in US and abroad.
-Many hardware and software systems have been designed with the DES.
-DES is a careful and complex combination of the two fundamental building
blocks of encryption: substitution and transposition
-DES gets its strength from repeated application of the two techniques for 16 cycles
algorithm steps:
Split plaintext into two halves left(L) and right(R)
combine the key(K) with the right half (R)
Make substitution operations on R
Make permutation operations on R
Add L and R using XOR operation
Swap the old R to be the new L
Security of DES
Key length is 56 bits long, which is argued to be too short
-Being too short means it is easier to break using different
techniques e.g. brute force attack
Advanced Encryption Standard (AES)
In 1997, National Institute of Standards and Technology (NIST) called for
Cryptographers to develop a new encryption system that adheres to several criteria:
1 Open
2 Symmetric block cipher algorithms, for blocks of 128 bits
3 Usable with keys of 128, 192, 256 bits
The winning algorithm was Rijndael, which was invented by two Dutch
cryptographers Vincent Rijmen and Joan Daemen.
Advanced Encryption Standard (AES) is a fast algorithm that can be
implemented on simple processors.
=Although it has a strong mathematical foundation, it primarily uses substitution,
transposition, and the shift, XOR , and addition operations.
=Like DES, AES uses repeat cycles; such that there are 10,12, or 14 cycles (rounds)
for keys of 128, 192, and 256 bits, respectively.
=Each cycle consists of four steps:
1 Byte substitution: substituting each byte of a 128-bit block according to a substitution table
2 Shift row: a transposition step
3 Mix column: involves shifting left and exclusive-ORing bits with themselves
4 Add subkey: a portion of the key unique to this cycle is exclusive-Ored with the cycle result

Uses a fixed key size of 56 bits Variable key size of 128, 192, and 256 bits
Encrypts blocks of 64-bit size Encrypts blocks of 128-bit size
Uses substitution, and
Uses substitution, shift, and transposition
Number of cycles is fixed and cannot be
more than 16
The number of cycles is variable and can
be more than 14
(which is the number of cycles for 256-bit
It is approved by the US government for
protecting Secret and Top Secret
classified documents
Secret Key
Public Key (Asymmetric)
Number of keys 1 2
Protection of keys Must be kept secret One key must be kept secret; the
other can be published
Best uses Cryptographic
workhorse; secrecy
and integrity of data
Key exchange,
Key distribution Must be out-of-band
(sent separately)
Public key can be used to
distribute other keys
Speed Fast Slow, 10,000 times slower than
secret key
refer to all the pieces of code in operating systems, drivers, networks, dbms, and
executable files.
a program satisfies three characteristics: confidentiality, integrity, and availability. However,
from the point of view of programs
assessing security in software?
Fixing Faults
Unexpected Behavior
Types of Flaws

Non-malicious Program Errors
1. Buffer overflows
2. Incomplete mediation
3. Time-of-Check to Time-of-Use Errors

Buffer overflows: a buffer (array/string) is a space in memory in which data can be held.
Because memory is limited, a buffers capacity is limited. For this reason, in many programming
languages the programmer must declare the buffers maximum size so that the compiler can set
aside that amount of required space.
Mediation means checking; which is the process of verifying that a subject (user, program,) is
authorized to perform the operation on an object (file, database, ).
ncomplete mediation makes it easy to attackers to cause security problems.
Time-of-Check to Time-of-Use (TOCTTOU) is another security flaw, this flaw involves
Synchronization is used by modern processors and operating systems to improve efficiency

Malicious code is written to exploit flaws in programs
Malicious code can do anything a program can
Malicious code can change Data ,Other programs
Malicious code has been officially defined by Cohen in 1984 but virus behaviour
known since at least 1970
Trojan horse
Bacteria or Rabbit
Logic bomb
Time bomb
Trapdoor / backdoor
Keystroke Logging
How Viruses Work
When you install a program, the setup process calls maybe hundreds of other programs, if
anyone there programs contains a virus, this virus could be activated
By sending a virus as an email attachment, by including the virus into photo, presentation slides
... etc

Trapdoors: is an undocumented entry point to a module.
Salami attack: Merges inconsequential pieces to get big results


operating system has two goals:
,controlling shared access.
,implementing an interface to allow that access.
And those goals are support activities, including identification
and authentication, naming, filing objects, scheduling, communication among processes,
and reclaiming and reusing objects.
Operating system functions;
access control
identity and credential management
information flow
audit and integrity protection

protected objects;
The rise of multiprogramming meant that several aspects
of a computing system required protection.
sharable I/O devices, such as disks
serially reusable I/O devices, such as printers and tape drives
sharable programs and sub procedures
sharable data

Types of Separation:
1.Physical separation
2 Temporal separation
3 Logical separation
4 Cryptographic separation

Fence: A fence is a method to confine users to one side of a boundary.
Fence Register: It contains the address of the end of the operating system.
Relocation: It is the process of taking a program written as if it began at address 0 and changing all
addresses to reflect the actual address at which the program is located in memory.
Bounds Register: It is an upper address limit, in the same way that a base or fence register is a lower
address limit.
Segmentation:- It involves the simple notion of dividing a program into separate pieces.
Advantages of Segmentation:-
Each address reference is checked for protection.
Many different classes of data items can be assigned different levels of protection.
Two or more users can share access to a segment, with potentially different access rights.
A user cannot generate an address or access to an unpermitted segment.
Paging: One alternative to segmentation is paging.

complementary goals in protecting objects
1. Check every access
2. Enforce least privilege
3. Verify acceptable usage
Directory: One simple way to protect an object is to use a mechanism that works like a file directory.
Access control list: Here is one such list for each object, and the list shows all subjects who should have
access to the object and what their access is.
Access control matrix: a table in which each row represents a subject, each column represents an object,
and each entry is the set of access rights for that subject to that object.

Reasons because of all none protection was unacceptable:
Lack of trust
Too coarse
Rise of sharing
File listings

Group Protection: Because the all-or-nothing approach has so many drawbacks, researchers sought an
improved way to protect files.