Other Security Objectives Authenticity » Users and system inputs are genuine and can be verified and trusted » Data authentication » Source authentication Accountability > Actions of an entity can be traced uniquely to that entity > Supports: non-repudiation, deterrence, fault isolation, intrusion detection and prevention, after-action recovery and legal actionKey Security Objectives Confidentiality » Data confidentiality: assure confidential information not made available to unauthorized individuals » Privacy: assure individuals can control what information related to them is collected, stored, distributed Integrity > Data integrity: assure information and programs are changed only in a authorized manner > System integrity: assure system performs intended function Availability > Assure that systems work promptly and service is not denied to authorized usersComputer Security Challenges > v v computer security is not as simple as it might first appear to the novice potential attacks on the security features must be considered procedures used to provide particular services are often counter-intuitive physical and logical placement needs to be determined additional algorithms or protocols may be involved attackers only need to find a single weakness, the developer needs to find all weaknesses users and system managers tend to not see the benefits of security until a failure occurs > security requires regular and constant monitoring vy v is often an afterthought to be incorporated into a system after the design is complete thought of as an impediment to efficient and user-friendly operationComputer Security Concepts Assets » System resources that the users/owners wish to protect » Hardware, software, data, communication lines Vulnerabilities » Weakness in system implementation or operation > Can make asset: corrupted, leaky, unavailable Security Policy » Set of rules and practices that specifies how a system provides security services to protect assets Threats > Potential violation of security policy by exploiting a vulnerability :Computer Security Concepts wish to minimize wish (o abuse and/or may damage1 Threat Consequence: Unauthorized Disclosure A circumstance of event whereby an entity gains access to data for which the entity is not authorized. The following threat actions can cause unauthorized dlisclkesure: 1.1 Threat Action A threat action whereby sensitive data iv directly relewes! to an unamthotized entity: This includes: Exposure Deliberate Exposure: Intentional release of sensitive data to an unauthorized entity, in asystem to gain unauthorized krumledge Human error®; Human action or inaction that unintentionally results in an entity saine ing wnauthurizesl kuimledige of sensitive data Mardware/software error: System failure that results in an entity gaining unautho- tizal knowledge of sensitive dat 1.2 Threat Action: Interception A threat action whereby an unauthorzed entity directly accewes sensitive data traveling, between authorized sources and destinations. This includes:Scavenging: Seu of sensitive data, hing through data residue in a system to gain unanthorianl knowledge Human error: Human setion of inactinn that unintentionally revults im an entity gain ing unauthorized kuinmledze of sensiti Hardware/software error®: System failure that results in at tized) knowledge of sensitive da ntity gaining anaut 1.2 Threat Action: Interception b A threat action whereby an inauthorized entity diteetly accesses: sensitive data traveling Detwren authorized! sources and destinations. ‘Thiy includes Theft: Gaining acces to sensitive data liv steading a shipment of a physical ancien, stich as a magnetic tape or disk, that bobls the data. tis flowing between two Wirctapping (passive): Monitoring and reconting data ¢ points in a communication systent Gaining diect knowledge of communicated data ly monitoring, Emanations analysis: ‘a system and that contains the data but is not and reselving a signal that is emitted by intended to cotnmunicate the vu Threat Consequenes1.3 Threat Action: Inference A threat action whetety an inanthonzed entity indirectly accesses sensitive lata (but not ceemarily the data contained in the nication) ly reasoning from characteristics ot byproducts of communications, This includes Traffic analysis: Gaining knowledge of data by olserving the characteristics of comm nications that carry the data, Signals analysis: Gaining indirect knowledge of communicated data lylmanitoring and analyzing a signal that is emitted Iy a system and that contains the data but i not intended to communicate the data. 140 Threat Action trusion A threat action wherely an venting a system's security protections, This includes: uthoriny! entity gains access 10 sensitive data by cirenm- Trespass: Gaining unauthorized physical acces to sensitive data by circumventing a system's protections, ining tmauthorized logical acess to sensitive data by circumventing a Reverse engineering: Acquiring sensitive data ty disassembling and analyzing the de sign of a system component. Cryptanalysis: Transforming encrypted data into plaintext without having price knen!- edge of encryption parameters of process.2 Threat Consequence: Deception A Greumstance or ewnt may result in an authorized entity reeviving false believing it to be true. The following threat actions can cause deception: 2.1 Threat Action: Masquerade ely an unauthorized entity gains access to a system of performs a ing av an authorized entity b A threat action wh malicons act by Spook: Attempt ly an unauthorized entity to gain acess to a system by posing as an authocuenl user Malicious logic: In context of masqyetaile, any hardware, firmware, of software that appears to perform a weful or desiratie function, but actually gains unauthorized access to systeta rources oF tricks a user into executing other mulicious logic. 2.2 Threat Action: Falsification A thivat action whereby fabe data deceives an authorizes! entity. Thivat Consequences 29 August 2008 2Ce) Thivat Consequences 29 Nepwst 2010 Sirndlorn Intermatwonal Inahitate of Technatogy Scowrity ty Substitution: Altering or replacing valid data with false data that serves to deceive an, authorized! entity. Insertion: Introducing fabo data that serves to deceive an authorized entity. 2.3. Threat Action: Repudiation A threat action whereby an cutity deceives another by falsely denying responsibility for an act. False denial of origin: Action whereby the onginator of data denies responsibility for its generation, False denial of receipt: Action wherety the recipient of data denies reeviving anil pos sensitig the eLata, 3 Threat Conseauence: Disruption )3 Threat Consequence: Disruption A circumstance or event that interrupts of prevents (he comtect operation of systern serviers and functions. The following threat actions can cause disruption: 3.1 Threat Action: Incapacitation A threat action that prewnts or interrupts systan operation by disabling a system com- ponent, h Malicious logic: In context of incapacitation, any hardware, Grnmeae, or software in- tentionally introduced into @ system to destruy systent functions oF reanrees, Physical destruction: Deliberate destriction of a system component to intermpt or prevent system operation, Taman error®: Action of inaction that uniitentionally disbles a system component — Hardware of software error®: Ertor that cates failure of a system component and Teauls tes dseuption of system operation. Natural disaster*; Any “act of Gol” (e.g. fire, flood, earthepake, lightning, or winl) that ddiables a system component. 3.2 Threat Action: Corruption A threat action that undesirably: alters system operation ti adversely modifying system functions or lata,tentionally introdieed into a avstem to destroy system functions Physical destruction: Deliberate destriction of a system component to intermpt or prevent system operation Human error*: Action or inaction that unintentionally dishes a system component. Hardware or software error*: Error that causes failure of a syste Jeads to disruption of system operation, Natural disaster*: Any “act of that disables a systern component component and (e.g. fire, tlood, earthquake, lightning, ‘or wind) .2 Threat Action: Corruption A thivat actiot that undesirablly altets systems operation Ly adversely tnadifying systeta functions or data, Tamper: In context of corruption, deliberate alteration of a syvtem’s logic, dau control information to interrupt or prevent cuerect operation uf system functions. OF Malicious logics In contest of corruption, any liandware, firmware, of software (e.g. computer virus) intentionally introduced into a system to modify system funetions oF ata Thavat Consequences 29 Aquat 2015 aOverload: Hindrance capabilities of a systern ccnponent system operation by placing exces burden on the performance 4 Threat Consequence: Usurpation A circumstance or event that results in control of system services of functions ty an unauthoriand entity, The following threat actions can cause usurpation: bh 4.1. ‘Threat Action: Misappropriation A threat action wherely an entity asutes anauthceizel logical or physical control of a system router. Theft of service: Unauthorized use of service by an entity. Theft of functionality: Unauthorized acquisition of actual hardware, software, of firmwate of a system component, Theft of data: Unauthorized acquisition aril use of data. 4.2) Threat Action: Misuse A thvat action that causes a system component to perform a function detrimental to system security. on service that ix Tamper: In context of misise, dediberate alteration of a system's Jygic, data, ar control information to cause the sytem to perform unauthorized functions o services, Malicious logic: fn cuntext of misuse, any hardware, software, or firmware intentionally:4.1 Threat Actio A threat action whereby an entity meatpes unauthorized logical or physical control of a ayntem resource, Misappropriation Theft of service: Unauthorized tse of serview by an entity. Theft of functlonality: Unautherizel acquisition of actual hardware, software, of firtuwate of a syste ceanponent Theht of data: Unauthorized acquisition and use of data. h Misuse 4.2) Threat Actio action that canes a system component to perform a function or service that is detrimental to system sacurity. Tamper: In context of misuse, deliberate alteration of a system's bygic, data, or control mation to cause the xystem to perform unauthorized functions or series Malicious logic: In context of misuse, any hardware, software, or firmware intentionally, introduced into a system to perform or control execution of an unauthorized function or service. Violation of permisions: Action by an entity that exeee y's aystemn privi- Ieges by executing an unauthorized function, Threat Fonarmeence # 29 Avewet 2007 ‘NEY AL ICH Say Leslee Xe oh sal a fel] ek ar le -Yo1ef theca comequences and ats of attach tha ssl each ene UUnauthorred dslvare shot ty comfy The lowing ype af attacks Ean esl in ths teat ermine! + Exponere: Ths com he dsr, as when ‘seve info mat, sacha te ear Hu, (oa ee ‘eth esltata humans bardwarecreofvarc emmy, which teatsinanen {pun unsitorial bnoaldge ol semine data Thctehane Bech numer {estacos of thc Auch ac unsertienaciently posting ld seme {elormation om the Web 20 aw {atte 13 “Tea Comegmenen andthe Hope Teel Ain hal ata ach Camegneee Ties Comeqeene “Tat Aon (Ama Cate Dire Tape Sn ai nan ‘Reaenumecnewarabasty | “on Rematencccesnh, | eam staid omy we =I S See a puerta Traveeanniag etc a cna Tigers Armd cy pe ere ‘ecem amici tbr potef manor ea attra tated neve renee ‘egetanc Anca densa yb ie Teapetaies rer aa eOrTSEST ‘Seemann tc | Comegnan (ier senor oper hee trerutmatmeomsemecemt | “Dias mamun elon oo (eee tet tt ee em Sreertn nig em re enitmctarat |e mest state se + aterception Inercptica 2 comme atch the coment tone On shated fecal tea network (LAN), noch av wich oudsat Eilerac, any deve tached 1 the LAN cam vee faskets lend for anther device. the Terme, a = SURELY sates At walaAssets and Examples of Threats ray 7 new “Hardware Equipment a stolen or diaabled, thus denying service Soltware Programa wre deleted, An wnauthorired copy f__ Awavhing program a moc denying access to mers fied, either to cause it to fail during execution or to couse into do some unintended tak Data Filer we deleted, Tar onsathorired read Canating Wiss are woded or denying access to users. of dat is performed. ‘now fles are fatsicated. anahjin of statistical lata reveals underlying. lat. jonas Messages are dest fessages are Fea fenages are moahed. nication or dekted ‘aff pattem of ddayed, reordered, or dupli- Lines Communication lines of messages is observed cated. Fae messages are networks are rendered fabricated Credit: Table 1.3 in Stallings and Brown, Computer Security, 2nd Ed., Peanon 2012Security Services 1. Authentication Assure that the communicating entity is the one that it claims to be. (Peer entity and data origin authentication) . Access Control Prevent unauthorised use of a resource . Data Confidentiality Protect data from unauthorised disclosure . Data Integrity Assure data received are exactly as sent by authorised entity . Non-repudiation Protect against denial of one entity involved in communications of having participated in communications . Availability System is accessible and usable on demand by authorised users according to intended goalAspects of Security Security Attack Any action that attempts to compromise the security of information or facilities Security Mechanism A method for preventing, detecting or recovering from an attack Security Service Uses security mechanisms to enhance the security of information or facilities in order to stop attacksComputer Security Concepts Attack > A threat that is carried out; a successful attack leads to violation of security policy » Active attack: attempt to alter system resources or operation » Passive attack: attempt to learn information that does not affect system resources » Inside attack: initiated by entity with authorized access to system > Outside attack: initiated by unauthorized user of system Countermeasure > Means to deal with an attack » Prevent, detect, respond, recover » Even with countermeasures, vulnerabilities may exist, leading to risk to the assets » Aim ta minimize the ricke ~ .