Professional Documents
Culture Documents
Page 2 of 1641
Content Management: Tracy Johnson
Content Production: Dr Rajul Jain
Product Management: Tracy Johnson
Product Marketing: Krista Clark and Wayne Stevens
Rights and Permissions: Chandan Kumar
Please contact https://support.pearson.com/getsupport/s/
with any queries on this content.
Cover Image by ra2studio/123RF.
Microsoft and/or its respective suppliers make no
representations about the suitability of the information
contained in the documents and related graphics published
as part of the services for any purpose. All such documents
and related graphics are provided “as is” without warranty of
any kind. Microsoft and/or its respective suppliers hereby
disclaim all warranties and conditions with regard to this
information, including all warranties and conditions of
merchantability, whether express, implied or statutory,
fitness for a particular purpose, title and non-infringement. In
no event shall Microsoft and/or its respective suppliers be
liable for any special, indirect or consequential damages or
any damages whatsoever resulting from loss of use, data or
profits, whether in an action of contract, negligence or other
tortious action, arising out of or in connection with the use or
performance of information available from the services.
Page 3 of 1641
Changes are periodically added to the information herein.
Microsoft and/or its respective suppliers may make
improvements and/or changes in the product(s) and/or the
program(s) described herein at any time. Partial screen shots
may be viewed in full within the software version specified.
Page 4 of 1641
Unless otherwise indicated herein, any third-party
trademarks, logos, or icons that may appear in this work are
the property of their respective owners, and any references
to third-party trademarks, logos, icons, or other trade dress
are for demonstrative or descriptive purposes only. Such
references are not intended to imply any sponsorship,
endorsement, authorization, or promotion of Pearson’s
products by the owners of such marks, or any relationship
between the owner and Pearson Education, Inc., or its
affiliates, authors, licensees, or distributors.
Page 5 of 1641
LC record available at https://lccn.loc.gov/2023000040
ISBN-10: 0-13-809167-6
ISBN-13: 978-0-13-809167-5
Page 6 of 1641
For my loving wife, Tricia
—WS
To my extended family and friends, who helped make this all possible
—LB
Page 7 of 1641
Pearson’s Commitment to Diversity, Equity,
and Inclusion
Pearson is dedicated to creating bias-free content that reflects the diversity, depth, and
breadth of all learners’ lived experiences.
We embrace the many dimensions of diversity, including but not limited to race, ethnicity,
gender, sex, sexual orientation, socioeconomic status, ability, age, and religious or political
beliefs.
Education is a powerful force for equity and change in our world. It has the potential to
deliver opportunities that improve lives and enable economic mobility. As we work with
authors to create content for every product and service, we acknowledge our responsibility to
demonstrate inclusivity and incorporate diverse scholarship so that everyone can achieve
their potential through learning. As the world’s leading learning company, we have a duty to
help drive change and live up to our purpose to help more people create a better life for
themselves and to create a better world.
Accessibility
We are also committed to providing products that are fully accessible to all learners. As per
Pearson’s guidelines for accessible educational Web media, we test and retest the capabilities
of our products against the highest standards for every release, following the WCAG
guidelines in developing new products for copyright year 2022 and beyond.
Contact Us
While we work hard to present unbiased, fully accessible content, we want to hear from you
about any concerns or needs with this Pearson product so that we can investigate and address
them.
Page 8 of 1641
For accessibility-related issues, such as using assistive technology with Pearson products,
alternative text requests, or accessibility documentation, email the Pearson Disability Support
team at disability.support@pearson.com
Page 9 of 1641
Preface
What’s New in the Fifth Edition
Since the fourth edition of this book was published, the field has seen continued innovations
and improvements. In this new edition, we try to capture these changes while maintaining a
broad and comprehensive coverage of the entire field. There have been a number of
refinements to improve pedagogy and user-friendliness, updated references, and mention of
recent security incidents, along with a number of more substantive changes throughout the
book. The most noteworthy of these changes include:
Page 10 of 1641
• The ChaCha20 stream cipher: Chapter 20 includes a new section with details of the
ChaCha20 stream cipher, replacing details of the now depreciated RC4 cipher.
• Galois Counter Mode: Appendix E now includes details of the new Galois Counter
authenticated encryption mode of use for block ciphers.
Background
Interest in education in computer security and related topics has been growing at a dramatic
rate in recent years. This interest has been spurred by a number of factors, two of which stand
out:
Objectives
The objective of this book is to provide an up-to-date survey of developments in computer
security. Central problems that confront security designers and security administrators
include defining the threats to computer and network systems, evaluating the relative risks of
these threats, and developing cost-effective and user friendly countermeasures.
• Principles: Although the scope of this book is broad, there are a number of basic
principles that appear repeatedly as themes and that unify this field. Examples are
issues relating to authentication and access control. The book highlights these
principles and examines their application in specific areas of computer security.
• Design approaches: The book examines alternative approaches to meeting specific
computer security requirements.
• Standards: Standards have come to assume an increasingly important, indeed
dominant, role in this field. An understanding of the current status and future direction
of technology requires a comprehensive discussion of the related standards.
Page 11 of 1641
The book is intended for both an academic and a professional audience. As a textbook, it is
intended as a one- or two-semester undergraduate course for computer science, computer
engineering, and electrical engineering majors. This edition is designed to support the
recommendations of the ACM/IEEE Cybersecurity Curricula 2017 (CSEC2017). The
CSEC2017 curriculum recommendation includes eight knowledge areas. Table P.1 shows the
support for the these knowledge areas provided in this textbook. It also identifies six
crosscutting concepts that are designed to help students explore connections among the
knowledge areas, and are fundamental to their ability to understand the knowledge area
regardless of the underlying computing discipline. These concepts, which are topics we
introduce in Chapter 1, are as follows:
• Confidentiality: Rules that limit access to system data and information to authorized
persons.
• Integrity: Assurance that the data and information are accurate and trustworthy.
• Availability: The data, information, and system are accessible.
• Risk: Potential for gain or loss.
• Adversarial thinking: A thinking process that considers the potential actions of the
opposing force working against the desired result.
• Systems thinking: A thinking process that considers the interplay between social and
technical constraints to enable assured operations.
Table P.1
Coverage of CSEC2017 Cybersecurity Curricula
Page 12 of 1641
• Secure component design
principles
• Supply chain management
security
• Security testing
• Reverse engineering
This text discusses all of these knowledge areas and crosscutting concepts.
Page 13 of 1641
This book provides coverage of all the subject areas specified for CISSP (Certified
Information Systems Security Professional) certification. The CISSP designation from the
International Information Systems Security Certification Consortium is often referred
to as the “gold standard” when it comes to information security certification. It is the only
universally recognized certification in the security industry. Many organizations, including
the U.S. Department of Defense and many financial institutions, now require that cyber
security personnel have the CISSP certification. In 2004, CISSP became the first IT program
to earn accreditation under the international standard ISO/IEC 17024 (General Requirements
for Bodies Operating Certification of Persons).
The CISSP examination is based on the Common Body of Knowledge (CBK), a compendium
of information security best practices developed and maintained by , a nonprofit
organization. The CBK is made up of 8 domains that comprise the body of knowledge that is
required for CISSP certification.
The eight domains are as follows, with an indication of where the topics are covered in this
textbook:
Page 14 of 1641
• Software development security: Security in the software development lifecycle;
development environment security controls; software security effectiveness; and
acquired software security impact. (Part Two)
This book provides extensive coverage in these foundational areas, as well as coverage of
many of the other technical, nontechnical, and optional Knowledge Units.
The text includes an extensive glossary, a list of frequently used acronyms, and a
bibliography. Each chapter includes homework problems, review questions, a list of key
words, and suggestions for further reading.
Page 15 of 1641
Student Resources
For this new edition, a tremendous amount of original supporting material for students is
available online at pearsonhighered.com/stallings. The Companion Website, at
Pearsonhighered.com/cs-resources (search for Stallings).
Page 16 of 1641
The major goal of this text is to make it as effective a teaching tool for this exciting and fast-
moving subject as possible. This goal is reflected both in the structure of the book and in the
supporting material. The text is accompanied by the following supplementary material to aid
the instructor:
• Projects manual: Project resources including documents and portable software, plus
suggested project assignments for all of the project categories listed in the following
section
• Solutions manual: Solutions to end-of-chapter Review Questions and Problems
• PowerPoint slides: A set of slides covering all chapters, suitable for use in lecturing
• PDF files: Reproductions of all figures and tables from the book
• Test bank: A chapter-by-chapter set of questions
All of these support materials are available on the Instructor Resource Center (IRC) for this
textbook, which can be reached through the publisher’s Website www.pearsonhighered.com.
To gain access to the IRC, please contact your local Pearson sales representative via
https://www.pearson.com/us/contact-us/find-your-rep.html or call Pearson Faculty Services
at 1-800-922-0579.
• Hacking exercises: Two projects that enable students to gain an understanding of the
issues in intrusion detection and prevention.
• Laboratory exercises: A series of projects that involve programming and
experimenting with concepts from the book.
• Security education (SEED) projects: The SEED projects are a set of hands-on
exercises, or labs, covering a wide range of security topics.
• Research projects: A series of research assignments that instruct the students to
research a particular topic on the Internet and write a report.
• Programming projects: A series of programming projects that cover a broad range
of topics and that can be implemented in any suitable language on any platform.
• Practical security assessments: A set of exercises to examine current infrastructure
and practices of an existing organization.
• Firewall projects: A portable network firewall visualization simulator is provided,
together with exercises for teaching the fundamentals of firewalls.
• Case studies: A set of real-world case studies, including learning objectives, case
description, and a series of case discussion questions.
• Reading/report assignments: A list of papers that can be assigned for reading and
writing a report, plus suggested assignment wording
• Writing assignments: A list of writing assignments to facilitate learning the material.
Page 17 of 1641
This diverse set of projects and other student exercises enables the instructor to use the book
as one component in a rich and varied learning experience and to tailor a course plan to meet
the specific needs of the instructor and students. See Appendix A in this book for details.
Acknowledgments
This new edition has benefited from review by a number of people, who gave generously of
their time and expertise. The following professors and instructors reviewed all or a large part
of the manuscript: Bernardo Palazzi (Brown University), Jean Mayo (Michigan
Technological University), Scott Kerlin (University of North Dakota), Philip Campbell (Ohio
University), Scott Burgess (Humboldt State University), Stanley Wine (Hunter
College/CUNY), and E. Mauricio Angee (Florida International University).
Thanks also to the many people who provided detailed technical reviews of one or more
chapters: Umair Manzoor (UmZ), Adewumi Olatunji (FAGOSI Systems, Nigeria), Rob
Meijer, Robin Goodchil, Greg Barnes (Inviolate Security LLC), Arturo Busleiman (Buanzo
Consulting), Ryan M. Speers (Dartmouth College), Wynand van Staden (School of
Computing, University of South Africa), Oh Sieng Chye, Michael Gromek, Samuel
Weisberger, Brian Smithson (Ricoh Americas Corp, CISSP), Josef B. Weiss (CISSP),
Robbert-Frank Ludwig (Veenendaal, ActStamp Information Security), William Perry,
Daniela Zamfiroiu (CISSP), Rodrigo Ristow Branco, George Chetcuti (Technical Editor,
TechGenix), Thomas Johnson (Director of Information Security at a banking holding
company in Chicago, CISSP), Robert Yanus (CISSP), Rajiv Dasmohapatra (Wipro Ltd), Dirk
Kotze, Ya’akov Yehudi, and Stanley Wine (Adjunct Lecturer, Computer Information
Systems Department, Zicklin School of Business, Baruch College).
Dr. Lawrie Brown would first like to thank Bill Stallings for the pleasure of working with
him to produce this text. I would also like to thank my colleagues in the School of
Engineering and Information Technology, UNSW Canberra at the Australian Defence Force
Academy for their encouragement and support. In particular, thanks to Gideon Creech,
Edward Lewis, and Ben Whitham for discussion and review of some of the chapter content.
Finally, we would like to thank the many people responsible for the publication of the book,
all of whom did their usual excellent job. This includes the staff at Pearson, particularly our
editor Tracy Johnson, with support from Carole Snyder, Erin Sullivan, and Rajul Jain. Also
Mahalakshmi Usha and the team at Integra for their support with the production of the book.
Thanks also to the marketing and sales staffs at Pearson, without whose efforts this book
would not be in front of you.
Page 18 of 1641
Notation
Symbol Expression Meaning
D, K Symmetric decryption of ciphertext Y using secret key
K
Asymmetric decryption of ciphertext Y using A’s
private key
Asymmetric decryption of ciphertext Y using A’s
public key
E, K Symmetric encryption of plaintext X using secret key
K
Asymmetric encryption of plaintext X using A’s
private key
K Secret key
Logical OR: x OR y
Page 19 of 1641
X Query set of C, the set of records satisfying C
x concatenated with y
Page 20 of 1641
About the Authors
Dr. William Stallings has authored 18 textbooks, and, counting revised editions, a total of 70
books on various aspects of these subjects. His writings have appeared in numerous ACM
and IEEE publications, including the Proceedings of the IEEE and ACM Computing Reviews.
He has 13 times received the award for the best Computer Science textbook of the year from
the Text and Academic Authors Association.
In over 30 years in the field, he has been a technical contributor, technical manager, and an
executive with several high-technology firms. He has designed and implemented both
TCP/IP-based and OSI-based protocol suites on a variety of computers and operating
systems, ranging from microcomputers to mainframes. Currently he is an independent
consultant whose clients have included computer and networking manufacturers and
customers, software development firms, and leading-edge government research institutions.
He created and maintains the Computer Science Student Resource Site at Computer
ScienceStudent.com. This site provides documents and links on a variety of subjects of
general interest to computer science students (and professionals). He is a member of the
editorial board of Cryptologia, a scholarly journal devoted to all aspects of cryptology.
Page 21 of 1641
Dr. Lawrie Brown is a visiting senior lecturer in the School of Engineering and Information
Technology, UNSW Canberra at the Australian Defence Force Academy.
His professional interests include communications and computer systems security and
cryptography, including research on pseudo-anonymous communication, authentication,
security and trust issues in Web environments, the design of secure remote code execution
environments using the functional language Erlang, and on the design and implementation of
the LOKI family of block ciphers.
Page 22 of 1641
Pearson’s Commitment to Diversity, Equity, and Inclusion...................................................... 8
Preface...................................................................................................................................... 10
What’s New in the Fifth Edition .......................................................................................... 10
Background .......................................................................................................................... 11
Objectives ............................................................................................................................. 11
Support of ACM/IEEE Cybersecurity Curricula 2017 ........................................................ 11
Table P.1 ....................................................................................................................... 12
Coverage of CSEC2017 Cybersecurity Curricula ........................................................ 12
Coverage of CISSP Subject Areas ....................................................................................... 13
Support for NCAE-C Certification ...................................................................................... 15
Plan of the Text .................................................................................................................... 15
Student Resources ................................................................................................................ 16
Instructor Support Materials................................................................................................. 16
Projects and Other Student Exercises................................................................................... 17
Acknowledgments ................................................................................................................ 18
Learning Objectives ............................................................................................................. 37
1.1 Computer Security Concepts ............................................................................................. 39
A Definition of Computer Security ...................................................................................... 39
Figure 1.1 Essential Network and Computer Security Requirements .......................... 40
Examples .............................................................................................................................. 41
Confidentiality .................................................................................................................. 41
Integrity ............................................................................................................................ 41
An example of a low-integrity requirement is an anonymous online poll. Many websites,
such as news organizations, offer these polls to their users with very few safeguards.
However, the inaccuracy and unscientific nature of such polls is well
understoodAvailability ..................................................................................................... 42
The Challenges of Computer Security ................................................................................. 43
Table 1.1 ....................................................................................................................... 44
Computer Security Terminology .................................................................................. 44
1.2 Threats, Attacks, and Assets .............................................................................................. 47
Threats and Attacks .............................................................................................................. 47
Confidentiality .................................................................................................................. 50
Integrity ............................................................................................................................ 50
Availability ....................................................................................................................... 51
Threats and Attacks .............................................................................................................. 52
Table 1.2 Threat Consequences and the Types of Threat Actions that Cause Each
Consequence ................................................................................................................. 52
Threats and Assets ................................................................................................................ 55
Figure 1.3 Scope of Computer Security ........................................................................ 55
Page 23 of 1641
Table 1.3 Computer and Network Assets, with Examples of Threats .......................... 55
Hardware .......................................................................................................................... 56
Software ............................................................................................................................ 56
Data ................................................................................................................................... 56
Communication Lines and Networks ............................................................................... 57
1.3 Security Functional Requirements ..................................................................................... 59
1.4 Fundamental Security Design Principles ........................................................................... 62
1.5 Attack Surfaces and Attack Trees ...................................................................................... 66
Attack Surfaces .................................................................................................................... 67
Figure 1.4 Defense in Depth and Attack Surface ......................................................... 67
Attack Trees ......................................................................................................................... 68
1.6 Computer Security Strategy ............................................................................................... 71
Security Policy ..................................................................................................................... 72
Assurance and Evaluation .................................................................................................... 73
1.7 Standards ............................................................................................................................ 74
1.8 Key Terms, Review Questions, and Problems................................................................... 75
Key Terms ............................................................................................................................ 75
Review Questions ................................................................................................................. 77
Problems ............................................................................................................................... 78
2.1 Confidentiality with Symmetric Encryption ...................................................................... 82
Symmetric Encryption.......................................................................................................... 83
Figure 2.1 ...................................................................................................................... 83
Simplified Model of Symmetric Encryption................................................................. 83
Symmetric Block Encryption Algorithms ............................................................................ 84
Data Encryption Standard ................................................................................................. 85
Triple DES ........................................................................................................................ 86
Advanced Encryption Standard ........................................................................................ 87
Practical Security Issues ................................................................................................... 87
Stream Ciphers ..................................................................................................................... 88
2.2 Message Authentication and Hash Functions .................................................................... 90
Authentication Using Symmetric Encryption ...................................................................... 90
Message Authentication without Message Encryption ........................................................ 91
Message Authentication Code .......................................................................................... 92
One-Way Hash Function .................................................................................................. 94
Secure Hash Functions ......................................................................................................... 97
Hash Function Requirements............................................................................................ 98
Security of Hash Functions............................................................................................... 99
Secure Hash Function Algorithms .................................................................................... 99
Page 24 of 1641
Other Applications of Hash Functions ............................................................................... 100
2.3 Public-Key Encryption..................................................................................................... 101
Public-Key Encryption Structure ....................................................................................... 102
Applications for Public-Key Cryptosystems ...................................................................... 105
Requirements for Public-Key Cryptography...................................................................... 106
Asymmetric Encryption Algorithms .................................................................................. 107
RSA ................................................................................................................................ 108
Diffie–Hellman Key Agreement .................................................................................... 108
Digital Signature Standard.............................................................................................. 108
Elliptic Curve Cryptography .......................................................................................... 108
2.4 Digital Signatures and Key Management ........................................................................ 110
Digital Signature ................................................................................................................ 110
Public-Key Certificates ...................................................................................................... 112
Symmetric Key Exchange Using Public-Key Encryption ................................................. 114
Digital Envelopes ............................................................................................................... 115
2.5 Random and Pseudorandom Numbers ............................................................................. 118
The Use of Random Numbers ............................................................................................ 118
Randomness .................................................................................................................... 119
Unpredictability .............................................................................................................. 120
Random versus Pseudorandom .......................................................................................... 120
2.6 Practical Application: Encryption of Stored Data ........................................................... 121
2.7 Key Terms, Review Questions, and Problems................................................................. 123
Key Terms .......................................................................................................................... 123
Review Questions ............................................................................................................... 125
Problems ............................................................................................................................. 126
A Model for Digital User Authentication .......................................................................... 132
Means of Authentication .................................................................................................... 134
Multifactor Authentication ................................................................................................. 134
Assurance Levels for User Authentication......................................................................... 136
3.2 Password-Based Authentication ...................................................................................... 137
The Vulnerability of Passwords ......................................................................................... 138
The Use of Hashed Passwords ........................................................................................... 140
UNIX Implementations .................................................................................................. 143
Password Cracking of User-Chosen Passwords ................................................................. 143
Traditional Approaches .................................................................................................. 144
Modern Approaches ....................................................................................................... 145
Password File Access Control ............................................................................................ 146
Password Selection Strategies ............................................................................................ 147
Page 25 of 1641
Rule Enforcement ........................................................................................................... 149
Password Checker........................................................................................................... 149
Bloom Filter .................................................................................................................... 150
3.3 Token-Based Authentication ........................................................................................... 150
Memory Cards .................................................................................................................... 151
Smart Cards ........................................................................................................................ 152
Electronic Identity Cards .................................................................................................... 154
Eid Functions .................................................................................................................. 155
Password Authenticated Connection Establishment (PACE) ........................................ 157
Hardware Authentication Tokens....................................................................................... 158
Authentication Using a Mobile Phone ............................................................................... 161
3.4 Biometric Authentication ................................................................................................. 163
Physical Characteristics Used in Biometric Applications .................................................. 164
Operation of a Biometric Authentication System .............................................................. 166
Figure 3.8 A Generic Biometric System ..................................................................... 167
Biometric Accuracy............................................................................................................ 167
3.5 Remote User Authentication ............................................................................................ 171
Password Protocol .............................................................................................................. 172
Figure 3.12 Basic Challenge-Response Protocols for Remote User Authentication .. 172
Token Protocol ................................................................................................................... 173
Static Biometric Protocol ................................................................................................... 174
Dynamic Biometric Protocol .............................................................................................. 175
3.6 Security Issues for User Authentication .......................................................................... 176
3.7 Practical Application: An Iris Biometric System............................................................. 179
3.8 Case Study: Security Problems for ATM Systems .......................................................... 182
3.9 Key Terms, Review Questions, and Problems................................................................. 184
Key Terms .......................................................................................................................... 184
Review Questions ............................................................................................................... 185
Problems ............................................................................................................................. 186
Learning Objectives ........................................................................................................... 189
4.1 Access Control Principles ................................................................................................ 191
Access Control Context ...................................................................................................... 192
Figure 4.1 Relationship among Access Control and Other Security Functions ......... 192
Access Control Policies ...................................................................................................... 194
4.2 Subjects, Objects, and Access Rights .............................................................................. 195
4.3 Discretionary Access Control .......................................................................................... 196
Figure 4.2 Example of Access Control Structures ...................................................... 196
Table 4.2 Authorization Table for Files in Figure 4.2 ................................................ 198
Page 26 of 1641
An Access Control Model .................................................................................................. 199
Figure 4.3 Extended Access Control Matrix............................................................... 199
Figure 4.4 An Organization of the Access Control Function ..................................... 200
Table 4.3 Access Control System Commands ............................................................ 201
The ability of one subject to create another subject and to have ‘owner’ access right to
that subject can be used to define a hierarchy of subjects. For example, in Figure 4.3,
owns and so and are subordinate to By the rules of Table 4.3, can grant and delete to
access rights that already has. Thus, a subject can create another subject with a subset
of its own access rights. This might be useful, for example, if a subject is invoking an
application that is not fully trusted and does not want that application to be able to
transfer access rights to other subjects. ....................................................................... 202
Protection Domains ............................................................................................................ 203
4.4 Example: UNIX File Access Control .............................................................................. 204
Traditional UNIX File Access Control .............................................................................. 205
Figure 4.5 UNIX File Access Control ........................................................................ 205
Access Control Lists in UNIX ........................................................................................... 207
4.5 Mandatory Access Control .............................................................................................. 208
Bell-LaPadula (BLP) Model .............................................................................................. 209
4.6 Role-Based Access Control ............................................................................................. 210
Figure 4.7 Access Control Matrix Representation of RBAC ..................................... 212
4.6 Role Base Access Control ............................................................................................ 212
RBAC Reference Models ................................................................................................... 212
Figure 4.8 A Family of Role-Based Access Control Models ..................................... 213
Base Model— ................................................................................................................. 213
Role Hierarchies— ......................................................................................................... 214
Figure 4.9 Example of Role Hierarchy ....................................................................... 214
Constraints— .................................................................................................................. 215
4.7 Attribute-Based Access Control ...................................................................................... 217
Attributes ............................................................................................................................ 218
ABAC Logical Architecture............................................................................................... 219
Figure 4.10 ABAC Scenario ....................................................................................... 219
ABAC Policies ................................................................................................................... 222
4.8 Identity, Credential, and Access Management ................................................................ 225
Figure 4.12 Identity, Credential, and Access Management (ICAM) .......................... 225
Identity Management.......................................................................................................... 226
Credential Management ..................................................................................................... 227
Access Management ........................................................................................................... 228
Identity Federation ............................................................................................................. 229
4.9 Trust Frameworks ............................................................................................................ 230
Traditional Identity Exchange Approach ........................................................................... 231
Page 27 of 1641
Figure 4.13 Identity Information Exchange Approaches ............................................ 231
Open Identity Trust Framework ......................................................................................... 234
4.10 Case Study: RBAC System for a Bank .......................................................................... 237
Table 4.5 Functions and Roles for Banking Example ................................................ 237
Figure 4.14 Example of Access Control Administration ............................................ 239
4.11 Key Terms, Review Questions, and Problems............................................................... 240
Key Terms .......................................................................................................................... 240
Review Questions ............................................................................................................... 242
Problems ............................................................................................................................. 243
Figure 4.15 VAX/VMS Access Modes ...................................................................... 244
Learning Objectives ........................................................................................................... 246
5.1 The Need for Database Security ...................................................................................... 248
5.2 Database Management Systems ....................................................................................... 249
5.3 Relational Databases ........................................................................................................ 251
Elements of a Relational Database System ........................................................................ 253
Table 5.1 Basic Terminology for Relational Databases ............................................. 253
Structured Query Language ............................................................................................... 255
5.4 SQL Injection Attacks...................................................................................................... 256
A Typical SQLi Attack ...................................................................................................... 257
The Injection Technique..................................................................................................... 259
SQLi Attack Avenues and Types ....................................................................................... 260
SQLi Countermeasures ...................................................................................................... 262
5.5 Database Access Control ................................................................................................. 263
SQL-Based Access Definition ........................................................................................... 264
Cascading Authorizations .................................................................................................. 266
Figure 5.6 Teri Revokes Privilege from David ........................................................... 266
Role-Based Access Control ................................................................................................ 268
Table 5.2 Fixed Roles in Microsoft SQL Server ........................................................ 268
5.6 Inference .......................................................................................................................... 271
Figure 5.7 Indirect Information Access via Inference Channel .................................. 271
5.7 Database Encryption ........................................................................................................ 275
Figure 5.10 Encryption Scheme for Database of Figure 5.3 ....................................... 277
5.8 Data Center Security ........................................................................................................ 280
Data Center Elements ......................................................................................................... 281
Figure 5.11 Key Data Center Elements ...................................................................... 281
Data Center Security Considerations ................................................................................. 282
Figure 5.12 Data Center Security Model .................................................................... 283
TIA-492 .............................................................................................................................. 283
Page 28 of 1641
Table 5.4 Data Center Tiers Defined in TIA-942 ....................................................... 284
5.9 Key Terms, Review Questions, and Problems................................................................. 286
Key Terms .......................................................................................................................... 286
Review Questions ............................................................................................................... 287
Problems ............................................................................................................................. 288
Learning Objectives ........................................................................................................... 294
Learning Objectives ........................................................................................................... 297
A Broad Classification of Malware .................................................................................... 301
Attack Kits.......................................................................................................................... 302
Attack Sources.................................................................................................................... 303
Macro and Scripting Viruses .............................................................................................. 310
A Brief History of Worm Attacks ...................................................................................... 321
State of Worm Technology ................................................................................................ 324
Mobile Code ....................................................................................................................... 325
Clickjacking ....................................................................................................................... 328
6.5 Propagation—Social Engineering—Spam E-Mail, Trojans ............................................ 329
Trojan Horses ..................................................................................................................... 332
Mobile Phone Trojans ........................................................................................................ 334
Figure 8.9 Snort Architecture ..................................................................................... 468
Circuit-Level Gateway ....................................................................................................... 497
Figure 13.11 IoT Gateway Security Functions ........................................................... 771
Figure 14.5 Judgment about Risk Treatment .............................................................. 819
Review Questions ............................................................................................................... 864
Problems ............................................................................................................................. 865
Table 16.1 Characteristics of Natural Disasters .......................................................... 871
Table 16.3 Saffir/Simpson Hurricane Scale................................................................ 873
Table 16.4 Temperature Thresholds for Damage to Computing Resources ............... 875
Figure 16.1 Standard Fire Temperature–Time Relations Used for Testing of Building
Elements ...................................................................................................................... 877
Table 16.6 Degrees of Security and Control for Protected Areas [ARMY10] ........... 896
Table 17.1 Comparative Framework .......................................................................... 908
Table 17.3 Examples of Possible Information Flow to and from the Incident-Handling
Service......................................................................................................................... 935
Table 18.1 Security Audit Terminology (RFC 4949) ................................................. 943
Figure 18.1 Security Audit and Alarms Model (X.816) ............................................. 946
Figure 18.2 Distributed Audit Trail Model (X.816) ................................................... 947
Figure 18.3 Common Criteria Security Audit Class Decomposition ......................... 949
Table 18.2 Auditable Items Suggested in X.816 ........................................................ 954
Page 29 of 1641
Monitoring Areas Suggested in ISO 27002 ................................................................ 955
Figure 18.4 Examples of Audit Trails......................................................................... 956
Table 18.4 Windows Event Schema Elements ........................................................... 961
Figure 18.5 Windows System Log Entry Example .................................................... 963
Figure 18.6 .................................................................................................................. 967
Examples of Syslog Messages .................................................................................... 967
Table 18.5 UNIX Syslog Facilities and Severity Levels ............................................ 968
Figure 18.9 Run-Time Environment for Application Auditing .................................. 976
Table 19.1 ................................................................................................................... 996
Cybercrimes Cited in the Convention on Cybercrime ................................................ 996
Table 19.2 CERT 2007 E-Crime Watch Survey Results ............................................ 999
Figure 19.2 DRM Components ................................................................................. 1011
Figure 19.4 Common Criteria Privacy Class Decomposition ................................... 1019
Figure 19.6 ACM Code of Ethics and Professional Conduct ................................... 1030
Figure 19.8 AITP Standard of Conduct .................................................................... 1032
Table 20.1 Types of Attacks on Encrypted Messages .............................................. 1048
Triple DES........................................................................................................................ 1056
Figure 20.2 Triple DES ............................................................................................. 1056
The SHA Secure Hash Function ...................................................................................... 1103
Table 21.1 ................................................................................................................. 1104
Comparison of SHA Parameters ............................................................................... 1104
HMAC Algorithm ............................................................................................................ 1112
Figure 21.4 HMAC Structure ................................................................................... 1112
Figure 21.5 OCB Encryption and Authentication..................................................... 1118
Figure 21.6 ................................................................................................................ 1122
OCB Algorithms ....................................................................................................... 1122
Description of the Algorithm ........................................................................................... 1124
Figure 21.8 Example of RSA Algorithm .................................................................. 1126
Timing Attacks ............................................................................................................. 1129
21.5 Diffie-hellman and Other Asymmetric Algorithms ..................................................... 1132
Diffie-Hellman Key Exchange ......................................................................................... 1132
21.5 Diffie-hellman and Other Asymmetric Algorithms ..................................................... 1132
Diffie-Hellman Key Exchange ......................................................................................... 1132
The Algorithm .............................................................................................................. 1133
Figure 21.9 The Diffie-Hellman Key Exchange Algorithm ..................................... 1134
Key Exchange Protocols ............................................................................................... 1135
Figure 21.10 .............................................................................................................. 1135
Other Public-Key Cryptography Algorithms ................................................................... 1140
Page 30 of 1641
Digital Signature Standard............................................................................................ 1034
Elliptic-Curve Cryptography ........................................................................................ 1034
Post-Quantum Cryptography ........................................................................................ 1034
21.6 Key Terms, Review Questions, and Problems............................................................. 1141
Key Terms ........................................................................................................................ 1141
Problems ........................................................................................................................... 1143
MIME ............................................................................................................................... 1150
S/MIME............................................................................................................................ 1151
Table 22.1 S/MIME Content Types .......................................................................... 1152
Figure 22.1 Simplified S/MIME Functional Flow .................................................... 1153
Signed and Clear-Signed Data ...................................................................................... 1154
Enveloped Data............................................................................................................. 1155
Public-Key Certificates................................................................................................. 1155
22.2 Domainkeys Identified Mail ........................................................................................ 1156
Internet Mail Architecture ................................................................................................ 1157
Figure 22.2 Function Modules and Standardized Protocols Used Between Them in the
Internet Mail Architecture......................................................................................... 1159
DKIM Strategy ................................................................................................................. 1161
Figure 22.3 Simple Example of DKIM Deployment ................................................ 1162
22.3 Secure Sockets Layer (SSL) and Transport Layer Security (TLS).............................. 1164
TLS Architecture .............................................................................................................. 1165
Figure 22.4 SSL/TLS Protocol Stack........................................................................ 1165
TLS Protocols ................................................................................................................... 1167
Record Protocol ............................................................................................................ 1167
Figure 22.5 TLS Record Protocol Operation ............................................................ 1167
Change Cipher Spec Protocol ....................................................................................... 1168
Alert Protocol ............................................................................................................... 1168
Handshake Protocol ...................................................................................................... 1169
Figure 22.6 Handshake Protocol Action ................................................................... 1170
Heartbeat Protocol ........................................................................................................ 1172
SSL/TLS Attacks.............................................................................................................. 1174
Attack Categories ......................................................................................................... 1174
Heartbleed ..................................................................................................................... 1176
Figure 22.7 The Heartbleed Exploit.......................................................................... 1177
22.4 HTTPS ......................................................................................................................... 1179
Connection Initiation ........................................................................................................ 1180
Connection Closure .......................................................................................................... 1181
22.5 IPv4 and IPv6 Security ................................................................................................ 1182
Page 31 of 1641
IP Security Overview ....................................................................................................... 1182
Applications of IPsec .................................................................................................... 1183
Benefits of IPsec ........................................................................................................... 1184
Routing Applications .................................................................................................... 1184
The Scope of IPsec ........................................................................................................... 1186
Security Associations ....................................................................................................... 1187
Encapsulating Security Payload ....................................................................................... 1189
Figure 22.8 IPsec ESP Format .................................................................................. 1190
Transport and Tunnel Modes ........................................................................................... 1191
Transport Mode ............................................................................................................ 1191
Tunnel Mode................................................................................................................. 1191
22.6 Key Terms, Review Questions, and Problems............................................................. 1193
Key Terms ........................................................................................................................ 1193
Review Questions ............................................................................................................. 1194
Figure 22.9 Antireplay Mechanism .......................................................................... 1196
Chapter 23Internet Authentication AChapter 23 Internet Authentication Applicationsications
.............................................................................................................................................. 1198
Learning Objectives ......................................................................................................... 1198
23.1 Kerberos ....................................................................................................................... 1199
The Kerberos Protocol ..................................................................................................... 1200
Figure 23.1 Overview of Kerberos ........................................................................... 1201
Kerberos Realms and Multiple Kerberi ........................................................................... 1207
Figure 23.2 Request for Service in Another Realm .................................................. 1208
Version 4 and Version 5 ................................................................................................... 1210
Performance Issues ........................................................................................................... 1211
23.2 X.509............................................................................................................................ 1212
Figure 23.3 X.509 Formats ....................................................................................... 1213
Public Key Infrastructure X.509 (PKIX) ......................................................................... 1217
Figure 23.4 PKIX Architectural Model .................................................................... 1218
23.4 Key Terms, Review Questions, and Problems............................................................. 1220
Key Terms ........................................................................................................................ 1220
Review Questions ............................................................................................................. 1221
Problems .......................................................................................................................... 1222
ChapterChapter 24 ............................................................................................................... 1225
Wireless Network Securityeless Network Security ............................................................. 1225
Learning Objectives ......................................................................................................... 1226
24.1 Wireless Security ......................................................................................................... 1227
Figure 24.1 Wireless Networking Components ........................................................ 1228
Page 32 of 1641
Wireless Network Threats ................................................................................................ 1229
Wireless Security Measures ............................................................................................. 1231
Securing Wireless Transmissions ................................................................................. 1231
Securing Wireless Access Points .................................................................................. 1232
Securing Wireless Networks ........................................................................................ 1232
24.2 Mobile Device Security ............................................................................................... 1233
Security Threats................................................................................................................ 1235
Lack of Physical Security Controls .............................................................................. 1235
Use of Untrusted Mobile Devices ................................................................................ 1235
Use of Untrusted Networks .......................................................................................... 1236
Use of Untrusted Applications ..................................................................................... 1236
Interaction with Other Systems .................................................................................... 1236
Use of Untrusted Content ............................................................................................. 1236
Use of Location Services .............................................................................................. 1237
Mobile Device Security Strategy ..................................................................................... 1238
Figure 24.2 Mobile Device Security Elements ......................................................... 1238
Device Security............................................................................................................. 1239
Traffic Security ............................................................................................................. 1240
Barrier Security............................................................................................................. 1241
24.3 IEEE 802.11 Wireless LAN Overview ........................................................................ 1242
Table 24.1 IEEE 802.11 Terminology ...................................................................... 1242
The Wi-Fi Alliance........................................................................................................... 1243
IEEE 802 Protocol Architecture ....................................................................................... 1244
Figure 24.3 IEEE 802.11 Protocol Stack .................................................................. 1244
Physical Layer .............................................................................................................. 1245
Medium Access Control ............................................................................................... 1245
Figure 24.4 General IEEE 802 MPDU Format ......................................................... 1246
Logical Link Control .................................................................................................... 1246
IEEE 802.11 Network Components and Architectural Model ......................................... 1247
Figure 24.5 IEEE 802.11 Extended Service Set ....................................................... 1248
IEEE 802.11 Services ....................................................................................................... 1251
Table 24.2 IEEE 802.11 Services ............................................................................. 1251
Distribution of Messages Within a DS ......................................................................... 1252
Association-Related Services ....................................................................................... 1252
24.4 IEEE 802.11i Wireless LAN Security ......................................................................... 1255
Figure 24.6 Elements of IEEE 802.11i ..................................................................... 1257
IEEE 802.11i Phases of Operation ................................................................................... 1259
Figure 24.7 IEEE 802.11i Phases of Operation ........................................................ 1261
Page 33 of 1641
Discovery Phase ............................................................................................................... 1263
Figure 24.8 IEEE 802.11i Phases of Operation: Capability Discovery, Authentication,
and Association ......................................................................................................... 1263
Security Capabilities ..................................................................................................... 1264
MPDU Exchange .......................................................................................................... 1265
Authentication Phase ........................................................................................................ 1268
IEEE 802.1X Access Control Approach ...................................................................... 1268
Figure 24.9 802.1X Access Control .......................................................................... 1269
MPDU Exchange .......................................................................................................... 1269
EAP Exchange .............................................................................................................. 1270
Key Management Phase ................................................................................................... 1272
Figure 24.10 IEEE 802.11i Key Hierarchies ............................................................ 1272
Table 24.3 IEEE 802.11i Keys for Data Confidentiality and Integrity Protocols .... 1273
Pairwise Keys ............................................................................................................... 1275
Group Keys ................................................................................................................... 1276
Pairwise Key Distribution ............................................................................................ 1276
Figure 24.11 IEEE 802.11i Phases of Operation: 4-Way Handshake and Group Key
Handshake ................................................................................................................. 1278
Protected Data Transfer Phase ......................................................................................... 1280
TKIP ............................................................................................................................. 1280
CCMP ........................................................................................................................... 1281
The IEEE 802.11i Pseudorandom Function ..................................................................... 1282
Figure 24.12 IEEE 802.11i Pseudorandom Function ............................................... 1283
24.5 Key Terms, Review Questions, and Problems............................................................. 1284
Key Terms ........................................................................................................................ 1284
Review Questions ............................................................................................................. 1286
Problems ........................................................................................................................... 1287
Figure 24.13 WEP Authentication ............................................................................ 1288
Appendix A: Projects and Other Student Exercises for Teaching Computer Security ........ 1290
A.1 Hacking Project ............................................................................................................. 1292
A.2 Laboratory Exercises..................................................................................................... 1294
A.3 Security Education (Seed) Projects ............................................................................... 1295
Table A.1 Mapping of SEED Labs to Textbook Chapters ....................................... 1296
A.4 Research Projects .......................................................................................................... 1299
A.5 Programming Projects ................................................................................................... 1300
A.6 Practical Security Assessments ..................................................................................... 1301
A.7 Firewall Projects ........................................................................................................... 1302
A.8 Case Studies .................................................................................................................. 1303
Page 34 of 1641
A.9 Reading/Report Assignments ........................................................................................ 1304
A.10 Writing Assignments................................................................................................... 1305
Appendix B: Some Aspects of Number Theory .................................................................. 1306
B.1 Prime and Relatively Prime Numbers ........................................................................... 1307
Divisors ............................................................................................................................ 1308
Prime Numbers ................................................................................................................. 1309
Relatively Prime Numbers ............................................................................................... 1310
B.2 Modular Arithmetic ....................................................................................................... 1311
Figure B.1 The Relationship .................................................................................... 1311
Modular Arithmetic Operations ....................................................................................... 1313
Inverses............................................................................................................................. 1314
(B.1) .......................................................................................................................... 1314
(B.2) .......................................................................................................................... 1314
B.3 Fermat’s and Euler’s Theorems .................................................................................... 1315
Fermat’s Theorem ............................................................................................................ 1316
(B.3) .......................................................................................................................... 1316
Euler’s Totient Function................................................................................................... 1318
Appendix C: Standards and Standard-Setting Organizations .............................................. 1323
C.1 The Importance of Standards ........................................................................................ 1324
C.2 Internet Standards and the Internet Society................................................................... 1326
The Internet Organizations and RFC Publication ............................................................ 1327
Table C.1 IETF Areas ............................................................................................... 1328
The Standardization Process ............................................................................................ 1330
Figure C.1 Internet RFC Publication Process ........................................................... 1331
Internet Standards Categories........................................................................................... 1333
Other RFC Types ............................................................................................................. 1334
C.3 The National Institute of Standards and Technology .................................................... 1336
C.4 The International Telecommunication Union ............................................................... 1338
ITU Telecommunication Standardization Sector ............................................................. 1339
Schedule ........................................................................................................................... 1340
C.5 The International Organization for Standardization...................................................... 1341
C.6 Significant Security Standards and Documents ............................................................ 1344
International Organization for Standardization (ISO) ...................................................... 1345
National Institute of Standards and Technology (NIST) ................................................. 1346
International Telecommunication Union Telecommunication Standardization Sector (ITU-
T) ...................................................................................................................................... 1347
Internet Standards and the Internet Society...................................................................... 1349
Appendix D: Random and Pseudorandom Number Generation .......................................... 1350
Page 35 of 1641
D.1 The Use of Random Numbers ....................................................................................... 1351
Randomness ..................................................................................................................... 1352
Unpredictability ................................................................................................................ 1354
D.2 Pseudorandom Number Generators (PRNGS) .............................................................. 1355
Linear Congruential Generators ....................................................................................... 1356
Cryptographically Generated Random Numbers ............................................................. 1359
Cyclic Encryption ......................................................................................................... 1359
Figure D.1 Pseudorandom Number Generation from a Counter .............................. 1360
DES Output Feedback Mode ........................................................................................ 1361
ANSI X9.17 PRNG ...................................................................................................... 1361
Figure D.2 ANSI X9.17 Pseudorandom Number Generator .................................... 1362
Blum Blum Shub Generator ............................................................................................. 1364
D.3 True Random Number Generators ................................................................................ 1367
Appendix E: Message Authentication Codes Based on Block Ciphers ............................... 1369
E.1 Cipher-Based Message Authentication Code (CMAC) ................................................ 1370
Page 36 of 1641
Chapter 1 Overview
1. Attack Surfaces
2. Attack Trees
6. 1.6 Computer Security Strategy
1. Security Policy
2. Security Implementation
3. Assurance and Evaluation
7. 1.7 Standards
8. 1.8 Key Terms, Review Questions, and Problems
Learning Objectives
After studying this chapter, you should be able to:
This chapter provides an overview of computer security. We begin with a discussion of what
we mean by computer security. In essence, computer security deals with computer-related
assets that are subject to a variety of threats and the various measures that are taken to protect
those assets. Accordingly, the next section of this chapter provides a brief overview of the
categories of computer-related assets that users and system managers wish to preserve and
protect and offers a look at the various threats and attacks that can be made on those assets.
Then, we survey the measures that can be taken to deal with such threats and attacks. This we
do from three different viewpoints in Sections 1.3 through 1.5. We then lay out in general
terms a computer security strategy.
The focus of this chapter, and indeed this book, is on three fundamental questions:
Page 37 of 1641
1. What assets do we need to protect?
2. How are those assets threatened?
3. What can we do to counter those threats?
Page 38 of 1641
1.1 Computer Security Concepts
A Definition of Computer Security
The NIST Internal/Interagency Report NISTIR 7298 (Glossary of Key Information Security
Terms, July 2019) defines the term computer security as follows:
Computer Security: Measures and controls that ensure confidentiality, integrity, and
availability of information processed and stored by a computer, including hardware, software,
firmware, information data, and telecommunications.
This definition introduces three key objectives that are at the heart of computer security:
• Availability: Assures that systems work promptly and service is not denied to
authorized users.
These three concepts form what is often referred to as the CIA triad. The three concepts
embody the fundamental security objectives for both data and information and computing
services. For example, the NIST standard FIPS 199 (Standards for Security Categorization of
Federal Information and Information Systems, February 2004) lists confidentiality, integrity,
and availability as the three security objectives for information and information systems.
FIPS 199 provides a useful characterization of these three objectives in terms of requirements
and the definition of a loss of security in each category:
These three concepts form what is often referred to as the CIA triad. The three concepts
embody the fundamental security objectives for both data and information and computing
services. For example, the NIST standard FIPS 199 (Standards for Security Categorization of
Federal Information and Information Systems, February 2004) lists confidentiality, integrity,
and availability as the three security objectives for information and information systems.
FIPS 199 provides a useful characterization of these three objectives in terms of requirements
and the definition of a loss of security in each category:
Page 39 of 1641
• Integrity: Guarding against improper information modification or destruction,
including ensuring information nonrepudiation and authenticity. A loss of integrity is
the unauthorized modification or destruction of information.
• Availability: Ensuring timely and reliable access to and use of information. A loss of
availability is the disruption of access to or use of information or an information
system.
Although the use of the CIA triad to define security objectives is well established, some in
the security field feel that additional concepts are needed to present a complete picture (see
Figure 1.1). Two of the most commonly mentioned are as follows:
• Authenticity: The property of being genuine and being able to be verified and trusted;
confidence in the validity of a transmission, a message, or a message originator. This
means verifying that users are who they say they are and that each input arriving at
the system came from a trusted source.
• Accountability: The security goal that generates the requirement for actions of an
entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence,
fault isolation, intrusion detection and prevention, and after-action recovery and legal
action. Because truly secure systems are not yet an achievable goal, we must be able
to trace a security breach to a responsible party. Systems must keep records of their
activities to permit later forensic analysis to trace security breaches or to aid in
transaction disputes.
Note that FIPS 199 includes authenticity under integrity.
Page 40 of 1641
Examples
We now provide some examples of applications that illustrate the requirements just
enumerated.2 For these examples, we use three levels of impact on organizations or
individuals should there be a breach of security (i.e., a loss of confidentiality, integrity, or
availability). These levels are defined in FIPS 199:
• Low: The loss could be expected to have a limited adverse effect on organizational
operations, organizational assets, or individuals. A limited adverse effect means that,
for example, the loss of confidentiality, integrity, or availability might (i) cause a
degradation in mission capability to an extent and duration that the organization is
able to perform its primary functions, but the effectiveness of the functions is
noticeably reduced; (ii) result in minor damage to organizational assets; (iii) result in
minor financial loss; or (iv) result in minor harm to individuals.
• Moderate: The loss could be expected to have a serious adverse effect on
organizational operations, organizational assets, or individuals. A serious adverse
effect means that, for example, the loss might (i) cause a significant degradation in
mission capability to an extent and duration that the organization is able to perform its
primary functions, but the effectiveness of the functions is significantly reduced; (ii)
result in significant damage to organizational assets; (iii) result in significant financial
loss; or (iv) result in significant harm to individuals that does not involve loss of life
or serious life-threatening injuries.
• High: The loss could be expected to have a severe or catastrophic adverse effect on
organizational operations, organizational assets, or individuals. A severe or
catastrophic adverse effect means that, for example, the loss might (i) cause a severe
degradation in or loss of mission capability to an extent and duration that the
organization is not able to perform one or more of its primary functions; (ii) result in
major damage to organizational assets; (iii) result in major financial loss; or (iv) result
in severe or catastrophic harm to individuals involving loss of life or serious life-
threatening injuries.
Confidentiality
Integrity
Several aspects of integrity are illustrated by the example of a hospital patient’s allergy
information stored in a database. The doctor should be able to trust that the information is
correct and current. Now, suppose an employee (e.g., a nurse) who is authorized to view and
update this information deliberately falsifies the data to cause harm to the hospital. The
database needs to be restored to a trusted state quickly, and it should be possible to trace the
Page 41 of 1641
error back to the person responsible. Patient allergy information is an example of an asset
with a high requirement for integrity. Inaccurate information could result in serious harm or
death to a patient and expose the hospital to massive liability.
Availability
The more critical a component or service is, the higher the level of availability required.
Consider a system that provides authentication services for critical systems, applications, and
devices. An interruption of service results in the inability of customers to access computing
resources and staff to access the resources they need to perform critical tasks. The loss of the
service translates into a large financial loss in lost employee productivity and potential
customer loss.
Page 42 of 1641
The Challenges of Computer Security
Computer security is both fascinating and complex. Some of the reasons are as follows:
1. Computer security is not as simple as it might first appear to the novice. The
requirements seem to be straightforward; indeed, most of the major requirements for
security services can be given self-explanatory one-word labels: confidentiality,
authentication, nonrepudiation, and integrity. But the mechanisms used to meet those
requirements can be quite complex, and understanding them may involve rather subtle
reasoning.
2. In developing a particular security mechanism or algorithm, one must always consider
potential attacks on those security features. In many cases, successful attacks are
designed by looking at the problem in a completely different way and therefore
exploiting an unexpected weakness in the mechanism.
3. Because of Point 2, the procedures used to provide particular services are often
counterintuitive. Typically, a security mechanism is complex, and it is not obvious
from the statement of a particular requirement that such elaborate measures are
needed. Only when the various aspects of the threat are considered do elaborate
security mechanisms make sense.
4. Once various security mechanisms have been designed, it is necessary to decide
where to use them. This is true both in terms of physical placement (e.g., at what
points in a network are certain security mechanisms needed) and in a logical sense
(e.g., at what layer or layers of an architecture such as TCP/IP [Transmission Control
Protocol/Internet Protocol] should mechanisms be placed).
5. Security mechanisms typically involve more than a particular algorithm or protocol.
They also require that participants possess some secret information (e.g., an
encryption key), which raises questions about the creation, distribution, and protection
of that secret information. There may also be a reliance on communications protocols
whose behavior may complicate the task of developing the security mechanism. For
example, if the proper functioning of the security mechanism requires setting time
limits on the transit time of a message from sender to receiver, then any protocol or
network that introduces variable, unpredictable delays may render such time limits
meaningless.
6. Computer security is essentially a battle of wits between a perpetrator who tries to
find holes and the designer or administrator who tries to close them. The great
advantage that the attacker has is that they need only find a single weakness, while the
designer must find and eliminate all weaknesses to achieve perfect security.
7. There is a natural tendency on the part of users and system managers to perceive little
benefit from security investment until a security failure occurs.
8. Security requires regular, even constant, monitoring, and this is difficult in today’s
short-term, overloaded environment.
9. Security is still too often an afterthought and is incorporated into a system after the
design is complete, rather than being an integral part of the design process.
10. Many users and even security administrators view strong security as an impediment to
efficient and user-friendly operation of an information system or use of information.
The difficulties just enumerated will be encountered in numerous ways as we examine the
various security threats and mechanisms throughout this book.
Page 43 of 1641
A Model for Computer Security
We now introduce some terminology that will be useful throughout the book. Table 1.1
defines terms and Figure 1.2, based on [CCPS12a], shows the relationship among some of
these terms. We start with the concept of a system resource or asset that users and owners
wish to protect. The assets of a computer system can be categorized as follows:
• Hardware: Including computer systems and other data processing, data storage, and
data communications devices.
• Software: Including the operating system, system utilities, and applications.
• Data: Including files and databases, as well as security-related data, such as password
files.
• Communication facilities and networks: Local and wide area network
communication links, bridges, routers, and so on.
Table 1.1
Computer Security Terminology
Individual, group, organization, or government that conducts or has the intent to conduct
detrimental activities.
Attack
Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy
information system resources or the information itself.
Countermeasure
A device or technique that has as its objective the impairment of the operational effectiveness
of undesirable or adversarial activity, or the prevention of espionage, sabotage, theft, or
unauthorized access to or use of sensitive information or information systems.
Risk
Security Policy
A set of criteria for the provision of security services. It defines and constrains the activities
of a data processing facility in order to maintain a condition of security for systems and data.
A major application, general support system, high impact program, physical plant, mission
critical system, personnel, equipment, or a logically related group of systems.
Threat
Page 44 of 1641
Any circumstance or event with the potential to adversely impact organizational operations
(including mission, functions, image, or reputation), organizational assets, individuals, other
organizations, or the Nation through an information system via unauthorized access,
destruction, disclosure, modification of information, and/or denial of service.
Vulnerability
Figure 1.2
Security Concepts and Relationships
In the context of security, our concern is with the vulnerabilities of system resources.
[NRC02] lists the following general categories of vulnerabilities of a computer system or
network asset:
• The system can be corrupted so that it does the wrong thing or gives wrong answers.
For example, stored data values may differ from what they should be because they
have been improperly modified.
• The system can become leaky. For example, someone who should not have access to
some or all of the information available through the network obtains such access.
• The system can become unavailable or very slow. That is, using the system or
network becomes impossible or impractical.
Page 45 of 1641
Another random document with
no related content on Scribd:
I could not always lightly pass
Through the same gateways, sleep where they had slept,
Wake where they waked; I could not always print
Ground where the grass had yielded to the steps
Of generations of illustrious men,
Unmoved....
Their several memories here
Put on a lowly and a touching grace
Of more distinct humanity.