Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Lecture 1
3/15/2011
CIVE-UDOM
3/15/2011
CIVE-UDOM
A Different View of IA
According to Debra Herrmann (Complete Guide to Security and Privacy Metrics), IA should be viewed as spanning four security engineering domains:
physical security personnel security IT security operational security
The simple truth is that IT security cannot be accomplished in a vacuum, because there are a multitude of dependencies and interactions among all four security engineering domains. (Herrmann, p. 10) So threats/risks to IA should be considered along these dimensions as well.
3/15/2011 CIVE-UDOM 4
3/15/2011
CIVE-UDOM
3/15/2011
CIVE-UDOM
3/15/2011
CIVE-UDOM
Security Services
(What is protected)
Availability
Data When You Need It
Integrity
Data is unchanged (how you left it)
Authentication
Verifying who is trying to see the data
Confidentiality
Only the authorized people see the data
Non-Repudiation
Cant say it wasnt you (sending, receiving or accessing)
3/15/2011
CIVE-UDOM
Security Countermeasures
(How it is protected) Technology Policy and Practice People
3/15/2011
CIVE-UDOM
Information States
(Where is the data) Transmission Storage Processing
3/15/2011
CIVE-UDOM
10
Importance of IA
Human safety Environmental safety Property safety Economic stability and security Social stability Privacy, both individual and corporate National security
CIVE-UDOM 11
3/15/2011
3/15/2011
CIVE-UDOM
12
3/15/2011
CIVE-UDOM
13
Prevention
The foundation of the security trinity is prevention. To provide some level of security, it is necessary to implement measures to prevent the exploitation of vulnerabilities.
3/15/2011
CIVE-UDOM
14
Detection
Once preventative measures are implemented, procedures need to be put in place to detect potential problems or security breaches, in the event preventative measures fail. It is very important that problems be detected immediately. The sooner a problem is detected the easier it is to correct and cleanup.
3/15/2011
CIVE-UDOM
15
Response
Organizations need to develop a plan that identifies the appropriate response to a security breach. The plan should be in writing and should identify who is responsible for what actions and the varying responses and levels of escalation.
3/15/2011
CIVE-UDOM
16
Security Attacks
Passive Attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are release of message contents and traffic analysis.
3/15/2011 CIVE-UDOM 17
Active Attacks
Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service. A masquerade takes place when one entity pretends to be a different entity
3/15/2011 CIVE-UDOM 18
Active Attacks
Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect The denial of service prevents or inhibits the normal use or management of communications facilities
3/15/2011 CIVE-UDOM 19
Security Attacks
3/15/2011
CIVE-UDOM
20
Security Attacks
Interruption: This is an attack on availability Interception: This is an attack on confidentiality Modification: This is an attack on integrity Fabrication: This is an attack on authenticity
3/15/2011 CIVE-UDOM 21
Security Goals
Security Goals:
Confidentiality: Need access control, Cryptography, Existence of data Integrity: No change, content, source, prevention mechanisms, detection mechanisms Availability: Denial of service attacks, Confidentiality, Integrity and Availability (CIA)
Military Example
Confidentiality: target coordinates of a missile should not be improperly disclosed Integrity: target coordinates of missile should be correct Availability: missile should fire when proper command is issued
3/15/2011
CIVE-UDOM
23
Commercial Example
Confidentiality: patients medical information should not be improperly disclosed Integrity: patients medical information should be correct Availability: patients medical information can be accessed when needed for treatment
3/15/2011 CIVE-UDOM 24
Security Policies
A security policy is a statement of what is, and what is not, allowed. Example 1: "do not delete or corrupt another's files, and any file not protected may be read." Example 2 Students are not allowed to share solutions of the assignments
3/15/2011
CIVE-UDOM
25
A security policy sets the context in which we can define a secure system. What is secure under one policy may not be secure under a different policy. More precisely: A secure system is a system that starts in an authorized state and cannot enter an unauthorized state.
3/15/2011
CIVE-UDOM
26
A security policy considers all relevant aspects of confidentiality, integrity, and availability. With respect to confidentiality, it identifies those states in which information leaks to those not authorized to receive it. This includes not only the leakage of rights but also the illicit transmission of information without leakage of rights, called information flow. Also, the policy must handle dynamic changes of authorization, so it includes a temporal element. For example, a contractor working for a company may be authorized to access proprietary information during the lifetime of a nondisclosure agreement, but when that nondisclosure agreement expires, the contractor can no longer access that information. This aspect of the security policy is often called a confidentiality policy.
3/15/2011 CIVE-UDOM 27
With respect to integrity, a security policy identifies authorized ways in which information may be altered and entities authorized to alter it. Authorization may derive from a variety of relationships, and external influences may constrain it; for example, in many transactions, a principle called separation of duties forbids an entity from completing the transaction on its own. Those parts of the security policy that describe the conditions and manner in which data can be altered are called the integrity policy.
3/15/2011 CIVE-UDOM 28
With respect to availability, a security policy describes what services must be provided. It may present parameters within which the services will be accessiblefor example, that a browser may download Web pages but not Java applets. It may require a level of service for example, that a server will provide authentication data within 1 minute of the request being made. This relates directly to issues of quality of service.
3/15/2011 CIVE-UDOM 29
3/15/2011
CIVE-UDOM
30
Two other terms describe policies related to security needs: A confidentiality policy is a security policy dealing only with confidentiality. An integrity policy is a security policy dealing only with integrity.
3/15/2011
CIVE-UDOM
31
Both confidentiality policies and military policies deal with confidentiality; however, a confidentiality policy does not deal with integrity at all, whereas a military policy may. A similar distinction holds for integrity policies and commercial policies.
3/15/2011
CIVE-UDOM
32
Security Mechanism
A security mechanism is a method, tool, or procedure for enforcing a security policy. Example 1: Default access for new files set to owner read, write, execute; group read; and no access for other.
3/15/2011
CIVE-UDOM
33
Security Mechanisms
Encryption: transforming data into something an attacker cannot understand, i.e., providing a means to implement confidentiality, as well as allowing user to check whether data have been modified. Authentication: verifying the claimed identity of a subject, such as user name, password, etc. Authorization: checking whether the subject has the right to perform the action requested. Auditing: tracing which subjects accessed what, when, and which way. In general, auditing does not provide protection, but can be a tool for analysis of problems.
3/15/2011
CIVE-UDOM
34