BAIT1093

Introduction to
Computer Security

Chapter 1: Introduction
 Objectives
● Describe the key security requirements of
confidentiality, integrity, and availability
● Discuss the types of security threats and attacks
that must be dealt with and give examples of the
types of threats and attacks that apply to different
categories of computer and network assets
● Explain the security goals
● Discuss the use of attack surfaces and attack trees
● Understand the available controls
2
The NIST Internal/Interagency Report NISTIR
7298 (Glossary of Key Information Security
Terms , May 2013) defines the term computer
security as follows:
“ Measures and controls that ensure confidentiality,
integrity, and availability of information system
assets including hardware, software, firmware, and
information being processed, stored, and
communicated.”
 What Is Computer Security?
● Computer Security is the protection of the items you
value, called the assets of a computer or computer system.

● The protection of the assets of a computer

system
● Hardware
● Software
● Data

4
 Assets

● Computer systems—hardware, software, and data—have

value and deserve security protection.

5
Values of Assets

6
 Basic Terms

● Vulnerability
● Threat
● Attack
● Countermeasure or Control
Vulnerabilities, Threats, Attacks,
Controls
● Vulnerability is a weakness in the security system.
● (i.e., in procedures, design, or implementation), that might be exploited to
cause loss or harm.

● Threat to a computing system is a set of circumstances that has the potential to

cause loss or harm.
● a potential violation of security

● An attack is a threat that is carried out (threat action) and, if successful, leads to an
undesirable violation of security, or threat consequence. The agent carrying out the
attack is referred to as an attacker, or threat agent.

● A human (criminal) who exploits a vulnerability perpetrates an attack on the

system.

● How do we address these problems?

● We use a control as a protective measure.
● That is, a control is an action, device, procedure, or technique that removes or
reduces a vulnerability.

8
 Threat and Vulnerability
Relationship among threats, controls, and vulnerabilities:
• A threat is blocked by control of a vulnerability.
• To devise controls, we must know as much about threats as possible.

The fact that the

violation might occur
means that the actions
that might cause it
should be guarder
against.

9
Types of Threats

10
Types of Attackers

11
Types of Harm

12
 Threats

● In an interception means that some unauthorized party

has gained access to an asset.

● In an interruption, an asset of the system becomes lost,

unavailable, or unusable.

● If an unauthorized party not only accesses but tampers

(forges) with an asset, the threat is a modification.

● Finally, an unauthorized party might create a fabrication

of counterfeit objects on a computing system.
 Method—Opportunity—Motive
(MOM)
● A malicious attacker must have three
things (MOM):

● method: the skills, knowledge, tools, and

other things with which to be able to pull
off the attack
● Knowledge of systems are widely available

● opportunity: the time and access to

accomplish the attack
● Systems available to the public are accessible
to them

● motive: a reason to want to perform this

attack against this system
14
 Passive and Active Attacks
Passive Attack
● Attempts to learn or make use
of information from the system
but does not affect system
resources
● Eavesdropping on, or
monitoring of, transmissions
● Goal of attacker is to obtain
information that is being
transmitted
● Two types:
● Release of Message Contents
● Traffic Analysis
Active Attack
● Attempts to alter system
resources or affect their
operation
● Involve some modification of
the data stream or the creation
of a false stream
● Four categories:
● Replay
● Masquerade
● Modification of Messages
● Denial of Service
 Passive Attack

1. Release of Message Content

2. Traffic Analysis
Read Contents (Eavesdropping),
Observe Patterns (Packet Sniffing),
Illegal Copying

Network

• This is an attack on confidentiality.

 Active Attack
● Active attacks involve modification of the data stream or the creation of a false stream
● Difficult to prevent because of the wide variety of potential physical, software, and
network vulnerabilities
● Goal is to detect attacks and to recover from any disruption or delays caused by them

Four categories of Active Attacks:

• Takes place when one entity pretends to be a different entity.

Masquerade • Usually includes one of the other forms of active attack.
• This is an attack on Authenticity.

• Involves the passive capture of a data unit and its subsequent

Replay retransmission to produce an unauthorized effect.
• This is an attack of Integrity.

Modification of • Some portion of a legitimate message is altered, or messages are delayed

or reordered to produce an unauthorized effect.
Messages • This is an attack of Integrity.

• Prevents or inhibits the normal use or management of communications

Denial of Service facilities.
• This is an attack of Availability.
 Active Attack

1. Masquerade
Unauthorized assumption of
another’s identity.

Network

• This is an attack on authenticity.

 Active Attack

2. Replay (without tampering)

3. Modification of Messages
Intercept messages,
tamper, release again.

Network

• This is an attack on integrity.

 Active Attack

4. Denial of Service
Overwhelm or crash servers,
disrupt infrastructure.

Network

• This is an attack on availability.

 Table 1.3
Computer and Network Assets, with Examples of Threats
 C-I-A Triad
● Confidentiality
● Integrity
● Availability
● Sometimes two other desirable characteristics:
● Authentication
● the process or action of proving or showing something to be true,
genuine, or valid.
● Nonrepudiation
● is the assurance that someone cannot deny something.
● i.e. nonrepudiation refers to the ability to ensure that a party to a
contract or a communication cannot deny the authenticity of their
signature on a document or the sending of a message that they
originated

22
 Security Goals
● When we talk about computer security, we mean that we are addressing
three important aspects of any computer-related system: confidentiality,
integrity, & availability (CIA)

● Confidentiality ensures that computer-related assets are

accessed only by authorized parties.
● i.e. reading, viewing, printing, or even knowing their existence
● Secrecy or privacy

● Integrity means that assets can be modified only by authorized

parties or only in authorized ways.
● i.e. writing, changing, deleting, creating

● Availability means that assets are accessible to authorized

parties at appropriate times.
● i.e. often, availability is known by its opposite, denial of service.
 Relationship between Confidentiality,
Integrity and Availability
• In fact, these three characteristics can be independent,
can overlap, and can even be mutually exclusive.

Confidentiality

Secure

Integrity Availability
 Key Security Concepts

Confidentiality Integrity Availability

• preserving • guarding against • ensuring timely

authorized improper and reliable
restrictions on information access to and
information modification or use of
access and destruction, information
disclosure, including
including means ensuring
for protecting information
personal privacy nonrepudiation
and proprietary and authenticity
information
 Approaches Lead to
Breach of Security
Confidentiality Integrity Availability
● Approaches ● Approaches ● Approaches
● Eavesdropping ● Destruction of
● Changing a hardware
● Link Monitoring
record in a ● Physical
● Packet Capturing
● System database damages to
Compromisation communication
● System links
● How it happens? compromisation ● Introduction of
● In wireless ● Making use of noise
communication, ● Removal of
broadcast and delays in
routing
multicast communication ● Erase of a
● Store and forward program or a file
● Modify
approach in
protocols hardware ● DoS attacks
 Levels of Impact

Low Moderate High

The loss could
The loss could The loss could
be expected to
be expected to be expected to
have a severe or
have a limited have a serious
catastrophic
adverse effect on adverse effect on
adverse effect on
organizational organizational
organizational
operations, operations,
operations,
organizational organizational
organizational
assets, or assets, or
assets, or
individuals individuals
individuals
Other Security Concepts: A.A.A.

Authenticity

Anonymity

Assurance
 Assurance
● Assurance refers to how trust is provided and managed in computer
systems.
● Trust management depends on:
● Policies, which specify behavioral expectations that people or systems have
for themselves and others.
● For example, the designers of an online music system may specify policies
that describe how users can access and copy songs.
● Permissions, which describe the behaviors that are allowed by the agents
that interact with a person or system.
● For instance, an online music store may provide permissions for limited
access and copying to people who have purchased certain songs.
● Protections, which describe mechanisms put in place to enforce
permissions and polices.
● We could imagine that an online music store would build in protections to
prevent people from unauthorized access and copying of its songs.
 Authenticity
● Authenticity is the ability to determine that statements,
policies, and permissions issued by persons or systems
are genuine.
● Primary tool:
● digital signatures 🡪 These are cryptographic computations
that allow a person or system to commit to the authenticity of
their documents in a unique way that achieves nonrepudiation,
which is the property that authentic statements issued by
some person or system cannot be denied.
 Anonymity
● Anonymity: the property that certain records or transactions not
to be attributable to any individual.

● Tools:
● Aggregation: the combining of data from many individuals so that
disclosed sums or averages cannot be tied to any individual.
● Mixing: the intertwining of transactions, information, or
communications in a way that cannot be traced to any individual.
● Proxies: trusted agents that are willing to engage in actions for an
individual in a way that cannot be traced back to that person.
● Pseudonyms: fictional identities that can fill in for real identities in
communications and transactions, but are otherwise known only to
a trusted entity.
Controls / Countermeasures

32
 Goals of Security

● Prevention
● Prevent attackers from violating security policy

● Detection
● Detect attackers’ violation of security policy

● Recovery
● Stop attack, assess and repair damage
● Continue to function correctly even if attack succeeds
 Trust and Assumptions

● Trust underlies all aspects of security

● Policies
● Unambiguously partition system states
● Correctly capture security requirements

● Mechanisms
● Assumed to enforce policy
● Support mechanisms work correctly
Computer Security Strategy
Security Policy
• Formal statement of rules
and practices that specify or
regulate how a system or
organization provides
security services to protect
sensitive and critical system
resources
Assurance
• Encompassing both system
design and system
implementation, assurance is
an attribute of an information
system that provides grounds
for having confidence that
the system operates such
that the system’s security
policy is enforced
Security
Implementation
• Involves four complementary
courses of action:
• Prevention
• Detection
• Response
• Recovery
Evaluation
• Process of examining a
computer product or system
with respect to certain criteria
• Involves testing and may also
involve formal analytic or
mathematical techniques
Different Types of Controls

36
 Effectiveness of Controls
● Likelihood of Use
● Of course, no control is effective unless it is used

● Principle of Effectiveness:
● Controls must be used properly to be effective.
● They must be efficient, easy to use, and appropriate.

● This principle implies that computer security controls

● must be efficient enough, in terms of time, memory space,
human activity, or other resources used,
● using the control does not seriously affect the task being
protected.
● Controls should be selective so that they do not exclude
legitimate accesses.
 Principle of Weakest Link

● Security can be no stronger than its weakest link !!!

● Whether it is the power supply that powers the firewall or the
operating system under the security application or the
human who plans, implements, and administers controls, a
failure of any control can lead to a security failure.
 Standards
● Standards have been developed to cover management practices and
the overall architecture of security mechanisms and services

● The most important of these organizations are:

● National Institute of Standards and Technology (NIST)
● NIST is a U.S. federal agency that deals with measurement science,
standards, and technology related to U.S. government use and to the
promotion of U.S. private sector innovation
● Internet Society (ISOC)
● ISOC is a professional membership society that provides leadership in
addressing issues that confront the future of the Internet, and is the
organization home for the groups responsible for Internet infrastructure
standards
● International Telecommunication Union (ITU-T)
● ITU is a United Nations agency in which governments and the private sector
coordinate global telecom networks and services
● International Organization for Standardization (ISO)
● ISO is a nongovernmental organization whose work results in international
agreements that are published as International Standards
 Summary

● Vulnerabilities are weaknesses in a system;

● threats exploit those weaknesses;
● controls protect those weaknesses from exploitation
● Confidentiality, integrity, and availability are the three
basic security primitives
● Different attackers pose different kinds of threats based
on their capabilities and motivations
● Different controls address different threats; controls come
in many flavors and can exist at various points in the
system

40