Other Security Objectives
Authenticity
» Users and system inputs are genuine and can be verified
and trusted
» Data authentication
» Source authentication
Accountability
> Actions of an entity can be traced uniquely to that
entity
> Supports: non-repudiation, deterrence, fault isolation,
intrusion detection and prevention, after-action recovery
and legal actionKey Security Objectives
Confidentiality
» Data confidentiality: assure confidential information not
made available to unauthorized individuals
» Privacy: assure individuals can control what information
related to them is collected, stored, distributed
Integrity
> Data integrity: assure information and programs are
changed only in a authorized manner
> System integrity: assure system performs intended
function
Availability
> Assure that systems work promptly and service is not
denied to authorized usersComputer Security Challenges
>
v
v
computer security is not as simple as it might first
appear to the novice
potential attacks on the security features must be
considered
procedures used to provide particular services are often
counter-intuitive
physical and logical placement needs to be determined
additional algorithms or protocols may be involved
attackers only need to find a single weakness, the
developer needs to find all weaknesses
users and system managers tend to not see the benefits
of security until a failure occurs
> security requires regular and constant monitoring
vy
v
is often an afterthought to be incorporated into a
system after the design is complete
thought of as an impediment to efficient and
user-friendly operationComputer Security Concepts
Assets
» System resources that the users/owners wish to protect
» Hardware, software, data, communication lines
Vulnerabilities
» Weakness in system implementation or operation
> Can make asset: corrupted, leaky, unavailable
Security Policy
» Set of rules and practices that specifies how a system
provides security services to protect assets
Threats
> Potential violation of security policy by exploiting a
vulnerability :Computer Security Concepts
wish to minimize
wish (o abuse and/or may damage1 Threat Consequence: Unauthorized Disclosure
A circumstance of event whereby an entity gains access to data for which the entity is
not authorized. The following threat actions can cause unauthorized dlisclkesure:
1.1 Threat Action
A threat action whereby sensitive data iv directly relewes! to an unamthotized entity:
This includes:
Exposure
Deliberate Exposure: Intentional release of sensitive data to an unauthorized entity,
in asystem to gain unauthorized krumledge
Human error®; Human action or inaction that unintentionally results in an entity saine
ing wnauthurizesl kuimledige of sensitive data
Mardware/software error: System failure that results in an entity gaining unautho-
tizal knowledge of sensitive dat
1.2 Threat Action: Interception
A threat action whereby an unauthorzed entity directly accewes sensitive data traveling,
between authorized sources and destinations. This includes:Scavenging: Seu
of sensitive data,
hing through data residue in a system to gain unanthorianl knowledge
Human error: Human setion of inactinn that unintentionally revults im an entity gain
ing unauthorized kuinmledze of sensiti
Hardware/software error®: System failure that results in at
tized) knowledge of sensitive da
ntity gaining anaut
1.2 Threat Action: Interception b
A threat action whereby an inauthorized entity diteetly accesses: sensitive data traveling
Detwren authorized! sources and destinations. ‘Thiy includes
Theft: Gaining acces to sensitive data liv steading a shipment of a physical ancien,
stich as a magnetic tape or disk, that bobls the data.
tis flowing between two
Wirctapping (passive): Monitoring and reconting data ¢
points in a communication systent
Gaining diect knowledge of communicated data ly monitoring,
Emanations analysis:
‘a system and that contains the data but is not
and reselving a signal that is emitted by
intended to cotnmunicate the
vu
Threat Consequenes1.3 Threat Action: Inference
A threat action whetety an inanthonzed entity indirectly accesses sensitive lata (but not
ceemarily the data contained in the nication) ly reasoning from characteristics
ot byproducts of communications, This includes
Traffic analysis: Gaining knowledge of data by olserving the characteristics of comm
nications that carry the data,
Signals analysis: Gaining indirect knowledge of communicated data lylmanitoring and
analyzing a signal that is emitted Iy a system and that contains the data but i not
intended to communicate the data.
140 Threat Action trusion
A threat action wherely an
venting a system's security protections, This includes:
uthoriny! entity gains access 10 sensitive data by cirenm-
Trespass: Gaining unauthorized physical acces to sensitive data by circumventing a
system's protections,
ining tmauthorized logical acess to sensitive data by circumventing a
Reverse engineering: Acquiring sensitive data ty disassembling and analyzing the de
sign of a system component.
Cryptanalysis: Transforming encrypted data into plaintext without having price knen!-
edge of encryption parameters of process.2 Threat Consequence: Deception
A Greumstance or ewnt may result in an authorized entity reeviving false
believing it to be true. The following threat actions can cause deception:
2.1 Threat Action: Masquerade
ely an unauthorized entity gains access to a system of performs a
ing av an authorized entity b
A threat action wh
malicons act by
Spook: Attempt ly an unauthorized entity to gain acess to a system by posing as an
authocuenl user
Malicious logic: In context of masqyetaile, any hardware, firmware, of software that
appears to perform a weful or desiratie function, but actually gains unauthorized access
to systeta rources oF tricks a user into executing other mulicious logic.
2.2 Threat Action: Falsification
A thivat action whereby fabe data deceives an authorizes! entity.
Thivat Consequences 29 August 2008 2Ce)
Thivat Consequences 29 Nepwst 2010
Sirndlorn Intermatwonal Inahitate of Technatogy Scowrity
ty
Substitution: Altering or replacing valid data with false data that serves to deceive an,
authorized! entity.
Insertion: Introducing fabo data that serves to deceive an authorized entity.
2.3. Threat Action: Repudiation
A threat action whereby an cutity deceives another by falsely denying responsibility for
an act.
False denial of origin: Action whereby the onginator of data denies responsibility for
its generation,
False denial of receipt: Action wherety the recipient of data denies reeviving anil pos
sensitig the eLata,
3 Threat Conseauence: Disruption
)3 Threat Consequence: Disruption
A circumstance or event that interrupts of prevents (he comtect operation of systern
serviers and functions. The following threat actions can cause disruption:
3.1 Threat Action: Incapacitation
A threat action that prewnts or interrupts systan operation by disabling a system com-
ponent, h
Malicious logic: In context of incapacitation, any hardware, Grnmeae, or software in-
tentionally introduced into @ system to destruy systent functions oF reanrees,
Physical destruction: Deliberate destriction of a system component to intermpt or
prevent system operation,
Taman error®: Action of inaction that uniitentionally disbles a system component —
Hardware of software error®: Ertor that cates failure of a system component and
Teauls tes dseuption of system operation.
Natural disaster*; Any “act of Gol” (e.g. fire, flood, earthepake, lightning, or winl)
that ddiables a system component.
3.2 Threat Action: Corruption
A threat action that undesirably: alters system operation ti adversely modifying system
functions or
lata,tentionally introdieed into a avstem to destroy system functions
Physical destruction: Deliberate destriction of a system component to intermpt or
prevent system operation
Human error*: Action or inaction that unintentionally dishes a system component.
Hardware or software error*: Error that causes failure of a syste
Jeads to disruption of system operation,
Natural disaster*: Any “act of
that disables a systern component
component and
(e.g. fire, tlood, earthquake, lightning, ‘or wind)
.2 Threat Action: Corruption
A thivat actiot that undesirablly altets systems operation Ly adversely tnadifying systeta
functions or data,
Tamper: In context of corruption, deliberate alteration of a syvtem’s logic, dau
control information to interrupt or prevent cuerect operation uf system functions.
OF
Malicious logics In contest of corruption, any liandware, firmware, of software (e.g.
computer virus) intentionally introduced into a system to modify system funetions oF
ata
Thavat Consequences 29 Aquat 2015 aOverload: Hindrance
capabilities of a systern ccnponent
system operation by placing exces burden on the performance
4 Threat Consequence: Usurpation
A circumstance or event that results in control of system services of functions ty an
unauthoriand entity, The following threat actions can cause usurpation:
bh
4.1. ‘Threat Action: Misappropriation
A threat action wherely an entity asutes anauthceizel logical or physical control of a
system router.
Theft of service: Unauthorized use of service by an entity.
Theft of functionality: Unauthorized acquisition of actual hardware, software, of firmwate
of a system component,
Theft of data: Unauthorized acquisition aril use of data.
4.2) Threat Action: Misuse
A thvat action that causes a system component to perform a function
detrimental to system security.
on service that ix
Tamper: In context of misise, dediberate alteration of a system's Jygic, data, ar control
information to cause the sytem to perform unauthorized functions o services,
Malicious logic: fn cuntext of misuse, any hardware, software, or firmware intentionally:4.1 Threat Actio
A threat action whereby an entity meatpes unauthorized logical or physical control of a
ayntem resource,
Misappropriation
Theft of service: Unauthorized tse of serview by an entity.
Theft of functlonality: Unautherizel acquisition of actual hardware, software, of firtuwate
of a syste ceanponent
Theht of data: Unauthorized acquisition and use of data. h
Misuse
4.2) Threat Actio
action that canes a system component to perform a function or service that is
detrimental to system sacurity.
Tamper: In context of misuse, deliberate alteration of a system's bygic, data, or control
mation to cause the xystem to perform unauthorized functions or series
Malicious logic: In context of misuse, any hardware, software, or firmware intentionally,
introduced into a system to perform or control execution of an unauthorized function or
service.
Violation of permisions: Action by an entity that exeee y's aystemn privi-
Ieges by executing an unauthorized function,
Threat Fonarmeence # 29 Avewet 2007 ‘NEY AL ICH Say
Leslee Xe oh sal a fel] ek ar le -Yo1ef
theca comequences and ats
of attach tha ssl each ene
UUnauthorred dslvare shot ty comfy The lowing ype af
attacks Ean esl in ths teat ermine!
+ Exponere: Ths com he dsr, as when
‘seve info mat, sacha te ear Hu, (oa ee
‘eth esltata humans bardwarecreofvarc emmy, which teatsinanen
{pun unsitorial bnoaldge ol semine data Thctehane Bech numer
{estacos of thc Auch ac unsertienaciently posting ld seme
{elormation om the Web
20 aw
{atte 13 “Tea Comegmenen andthe Hope Teel Ain hal ata ach Camegneee
Ties Comeqeene “Tat Aon (Ama
Cate Dire Tape Sn ai nan
‘Reaenumecnewarabasty | “on
Rematencccesnh, | eam staid omy we
=I S
See a puerta
Traveeanniag etc a cna
Tigers Armd cy pe ere
‘ecem amici tbr potef manor ea
attra tated neve renee
‘egetanc Anca densa yb ie
Teapetaies rer aa eOrTSEST
‘Seemann tc | Comegnan (ier senor oper hee
trerutmatmeomsemecemt | “Dias mamun elon
oo (eee tet tt ee em
Sreertn nig em re
enitmctarat |e mest state se
+ aterception Inercptica 2 comme atch the coment
tone On shated fecal tea network (LAN), noch av wich
oudsat Eilerac, any deve tached 1 the LAN cam vee
faskets lend for anther device. the Terme, a
= SURELY sates At
walaAssets and Examples of Threats
ray 7 new
“Hardware Equipment a stolen or
diaabled, thus denying
service
Soltware Programa wre deleted, An wnauthorired copy f__ Awavhing program a moc
denying access to mers fied, either to cause it to fail
during execution or to couse
into do some unintended
tak
Data Filer we deleted, Tar onsathorired read Canating Wiss are woded or
denying access to users. of dat is performed. ‘now fles are fatsicated.
anahjin of statistical
lata reveals underlying.
lat.
jonas Messages are dest fessages are Fea fenages are moahed.
nication or dekted ‘aff pattem of ddayed, reordered, or dupli-
Lines Communication lines of messages is observed cated. Fae messages are
networks are rendered fabricated
Credit: Table 1.3 in Stallings and Brown, Computer Security, 2nd Ed., Peanon 2012Security Services
1.
Authentication Assure that the communicating entity is
the one that it claims to be. (Peer entity and data
origin authentication)
. Access Control Prevent unauthorised use of a resource
. Data Confidentiality Protect data from unauthorised
disclosure
. Data Integrity Assure data received are exactly as sent
by authorised entity
. Non-repudiation Protect against denial of one entity
involved in communications of having participated in
communications
. Availability System is accessible and usable on demand
by authorised users according to intended goalAspects of Security
Security Attack
Any action that attempts to compromise the security of
information or facilities
Security Mechanism
A method for preventing, detecting or recovering from an
attack
Security Service
Uses security mechanisms to enhance the security of
information or facilities in order to stop attacksComputer Security Concepts
Attack
> A threat that is carried out; a successful attack leads to
violation of security policy
» Active attack: attempt to alter system resources or
operation
» Passive attack: attempt to learn information that does
not affect system resources
» Inside attack: initiated by entity with authorized access
to system
> Outside attack: initiated by unauthorized user of system
Countermeasure
> Means to deal with an attack
» Prevent, detect, respond, recover
» Even with countermeasures, vulnerabilities may exist,
leading to risk to the assets
» Aim ta minimize the ricke ~ .