CHAPTER 6

SECURITY
BASICS
CONFIDENTIALITY, INTEGRITY, AVAILABILITY

The CIA Triad

The three letters in "CIA triad" stand for Confidentiality, Integrity, and Availability.
It is a model that forms the basis for the development of security systems.
They are designed to guide security policies, finding vulnerabilities and methods
for creating solutions to security problems.
Ideally, when all three standards have been met, the security profile of an
organization is stronger and better equipped to handle threat incidents.
CONFIDENTIALITY, INTEGRITY, AVAILABILITY

Confidentiality - if the owner of data decides to make available only to certain

people and no others, the system should guarantee that release of the data to
unauthorized people never occurs

Integrity - unauthorized users should not be able to modify any data (changing
the data, removing data and adding false data) without the owner’s permission

Availability - nobody can disturb the system to make it unusable, such as in the
form of denial-of-service attacks that are increasingly common
CONFIDENTIALITY, INTEGRITY, AVAILABILITY

Goal Threat

Confidentiality Exposure of data

Integrity Tampering with data

Availability Denial of service

OPERATING SYSTEM SECURITY

Often the ways to compromise the security of a computer system are not very
sophisticated.
e.g. easy to guess passwords, writing down passwords
Exploiting such behaviors of humans, social engineering, is a significant challenge.
e.g. requirement to frequent password change vs. writing down passwords
However, operating systems should also account for targeted attacks that are
more sophisticated in nature, targeting the security framework of operating
systems.
OPERATING SYSTEM SECURITY

Passive attacks
try to steal information passively
sniff the network traffic and tries to break the encryption to get to the data
Active attacks
try to make a computer program misbehave
take control of a user’s Web browser to make it execute malicious code
CAN WE BUILD SECURE SYSTEMS?

Is it possible to build a secure computer system?

In principle, software can be free of bugs and we can even verify that it is secure—
as long as that software is not too large or complicated
Unfortunately, computer systems today are complex
If so, why is it not done?
People are not willing to leave what they are using, even if it’s not secure
The only known way to build a secure system is to keep it simple.
Features are the enemy of security.
Today’s feature-rich software have more complexity, more code, more bugs,
and more security errors.
TRUSTED COMPUTING BASE (TCB)
In the security world, people often talk about trusted systems rather
than secure systems.
These are systems that have formally stated security requirements and
meet these requirements.
At the heart of every trusted system is a minimal TCB (Trusted Computing Base)
consisting of the hardware and software necessary for enforcing all the security
rules.
If the trusted computing base is working to specification, the system security
cannot be compromised, no matter what else is wrong.
CONTROLLING ACCESS TO RESOURCES
A computer system contains many resources, or ‘‘objects’’ that need to be
protected.
These objects can be hardware (e.g., CPUs, memory, disk drives, or printers)
or software (e.g., processes, files, or databases).
There are various ways for protecting objects:
1. Protection Domains
2. Access Control Lists
3. Capabilities
PROTECTION DOMAINS
A domain is a set of (object, rights) pairs.
Each pair specifies an object and subset of operations that can be performed on
the object.
A right in this context means permission to perform operations.
ACCESS CONTROL LISTS
An Access Control List (ACL) consists of associating each object with an (ordered)
list containing all the domains that may access the object, and how.
CAPABILITIES
A capability list (or C-list) is a list of objects associated with each process that
may be accessed, along with an indication of which operations are permitted on
each.
AUTHENTICATION
Every secured computer system must require all users to be authenticated at login
time.
General principles of authenticating users:
1. Something the user knows – Known things, e.g. password, PIN
2. Something the user has – Physical objects like smartcard, phone
3. Something the user is – Biometrics like fingerprint, iris scan
AUTHENTICATION
A key problem with password login is the use of weak passwords
Challenge-Response Authentication is a variation on the password idea is to
have each new user provide a long list of questions and answers that are then
stored on the server securely, and asked for at the time of authentication
Authentication using a physical object or authentication using biometrics can add
additional layer of security to the authentication process
ATTACK SURFACES
An attack surface consists of the reachable and exploitable vulnerabilities in a
system
Examples:
Open ports on Web and other servers, and code listening on those ports
Services available in a firewall
Code that processes incoming data, email, XML, office documents, etc.
Interfaces and Web forms
An employee with access to sensitive information vulnerable to a social
engineering attack
ATTACK SURFACES
Network attack surface
Refers to vulnerabilities over an enterprise network, wide-area network, or the
Internet
E.g. DoS, intruders exploiting network protocol vulnerabilities
Software attack surface
Refers to vulnerabilities in application, utility, or operating system code
Human attack surface
Refers to vulnerabilities created by personnel or outsiders
E.g. social engineering, insider traitors
COMMON NETWORK ATTACKS AND COUNTERMEASURES

Finding a way into the network Packet sniffing

Firewalls Encryption (SSH, SSL, HTTPS)
Exploiting software bugs Social problems
Intrusion Detection Systems (IDS) Education
Denial of Service
Ingress filtering, IDS
TCP hijacking
IPSec (Internet Protocol Security)
DENIAL OF SERVICE
An interruption in an authorized user's access to a computer network,
typically one caused with malicious intent.
To make a network service unusable, usually by overloading the server or
network
Flooding network to make a server unavailable by consuming all available
server resources. By repeatedly sending connection requests, the attacker is
able to overwhelm all available ports on a server, causing it to respond to
legitimate traffic sluggishly or not at all.
Distributed DoS has same techniques as regular DoS, but on a much larger
scale
MALWARE & SPYWARE
Malware is malicious software that is commonly spread over the internet,
which can be used for a form of blackmail
Example: Encrypts files on victim disk, then displays a message asking for
money transfer to decrypt the file system

Spyware is software that is stealthily loaded onto a PC without the owner’s

knowledge and runs in the background doing things behind the owner’s back.
INSIDER ATTACKS
These are executed by programmers or employees:
Logic Bombs
a piece of code written by one of a company’s (currently employed) programmers
and secretly inserted into the production system
in the event of their firing and absence of a daily input of password, the system can
do any pre-programmed malicious actions
Back Doors
a programmer could add code to the login program to allow anyone to log in using
a login name no matter what was in the password file
Login Spoofing - passwords and other personal information are stolen through
an infected login portal
SOCIAL ENGINEERING
Social engineering is a collection of techniques intended to trick people into
divulging private information. Includes calls emails, web sites, text messages,
interviews, etc.

Hello, I'm calling from Technology for

America – we're a non-profit organization,
working to help ensure that the U.S. stays
at the forefront of computer technology.

Today we're conducting a telephone survey

about the usage of computer systems. Can
I ask you a few questions about your
computer system?
DEFENCES
Defence in depth:
there should be multiple layers of security so that if one of them is breached,
there are still others to overcome
There are various layers of security that can be applied to an OS:
Anti Virus
Code Signing
Model-based Intrusion Detection
Sandboxing
Firewalls
Virtual Private Networks
BASIC CRYPTOGRAPHY
Cryptography plays an important role in security
Operating systems use cryptography in many places
Some file systems can encrypt all the data on disk
Protocols like IPSec may encrypt and/or sign all network packets
Most operating systems scramble authentication passwords
BASIC CRYPTOGRAPHY
Example: a message or file called the
plaintext is encrypted into ciphertext
in such a way that only authorized
people know how to convert it back to
plaintext.

Monoalphabetic substitution:
Plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext: QWERTYUIOPASDFGHJKLZXCVBNM

Plaintext ATTACK would be transformed into the ciphertext QZZQEA

SECRET-KEY CRYPTOGRAPHY
The secret key cryptography is used to encrypt plaintext message using a
series of bits called the secret key.
It uses the same key to decipher the corresponding ciphertext message and to
retrieve the initial plain text.
Because both encrypting and decrypting data is achieved with the same key,
a secret key is often called as a symmetric key.
PUBLIC-KEY CRYPTOGRAPHY
In contrast, public key cryptography involves the use of a public and private key
pair.
The way public-key cryptography works is that everyone picks a (public key,
private key) pair and publishes the public key.
The public key is the encryption key; the private key is the decryption key.
To send a secret message to a user, a correspondent encrypts the message with
the receiver’s public key.
Since only the receiver has the private key, only the receiver can decrypt the
message.
PUBLIC-KEY CRYPTOGRAPHY
DIGITAL SIGNATURES
A digital signature is an electronic stamp of authentication on digital
information. Digital signatures make it possible to sign emails and other digital
documents in such a way that they cannot be repudiated by the sender later.
One common way is to first run the document through a one-way cryptographic
hashing algorithm that is very hard to invert.
The hashing function typically produces a fixed-length result independent of the
original document size.
The most popular hashing functions used is SHA-1 (Secure Hash Algorithm),
which produces a 20-byte result (NIST, 1995).
DIGITAL SIGNATURES
An digital signature:
Unequivocally identifies the signatory.
Guarantees the integrity of the document - securing that it has not been
modified or altered after signing.
Ensures non-repudiation since it is reliable proof of the consent granted by
the signatory, who cannot deny having signed the document in question.