1.

Understand the basic concepts in computer security

Computer security is a branch of computer technology known as information security as applied to computers
and networks. The objective of computer security includes protection of information and property from theft,
corruption, or natural disaster, while allowing the information and property to remain ac accessible and
productive to its intended users.

Computer Security: Protection to an automated information system in order to attain the applicable objectives
of preserving the confidentiality, integrity, and availability (CIA) of information system resources (includes
hardware, software, firmware, information/data, and telecommunications).
Computer security-The protection of assets from unauthorized access, use, alteration, or destruction

Physical security- Includes tangible protection devices „

Logical security- Protection of assets using nonphysical means „

Principles of Computer Security

 Principle of Easiest Penetration
 Principle of Adequate Protection
 Principle of Effectiveness: Controls must be efficient, easy to use, and appropriate.
 Principle of Weakest Link: Security can be no stronger than its weakest link.
 Principles of Least Privilege: ―Do not give any more privileges than absolutely necessary to do/perform
the required job.
 Defense in Depth: having more than one layer or type of defense
 Minimization: ―do not run any software, or applications that are not strictly required to do the entrusted
job.
 Compartmentalization: limits the damage in other compartments when one compartment is compromised.
 Keep Things Simple: Complexity is the worst enemy of security.
 Fail Securely: if a security measure or control has failed for whatever reason, the system is not rendered
to an insecure state.
 Balancing Security and Access
Goals of computer security
3 key objectives of computer security: CIA triad (W. Stallings)
 Confidentiality: Data confidentiality and Privacy o is the prevention of unauthorized disclosure of
information.
o In other words, confidentiality means keeping informationprivate or safe.
o it may be important for military, business or personal reasons.
 oit may also be known as privacy or secrecy.
Integrity: covers Data integrity and System integrity
o the prevention of unauthorized writing or modification of information.
o Integrity in a computer system means that there is an external consistency in the system – everything
is as it is expected to be.
o Data integrity: the data stored on the computer is the same as what is intended.
Availability:
o Assures that systems work promptly and service is not denied to authorized users.
o Information should be accessible and usable upon appropriate demand by an authorized user.
o Denial of service (DOS) attacks are a common form of attack against computer systems whereby
authorized users are denied access to the computer system.

Additional objectives:
 Non-repudiation: is the prevention of either the sender or the receiver denying a transmitted message.
o It is the ability to prove the occurrence of a claimed event or action and its originating entities
o It assures that a sender of data is provided with proof of delivery and the recipient is provided with proof
of the sender's identity, so neither can later deny having processed the data.
o often implemented by using digital signatures
 Authentication
o is proving a claim – usually that you are who you say you are.
o for example it may be obtained by the provision of a password or by a scan of your retina.
 Access controls
o provide the limitation and control of access to authorized users through identification and authentication.
o A system needs to be able to identify and authenticate users for access to data, applications and hardware.
o In a large system there may be a complex structure determining which users and applications have access
to which objects.
 Accountability
o Ensuring an entity’s action is traceable uniquely to that entity.
o Ascertains the responsibility of an entity (like a person) for its actions and decisions.
o All relevant activities events and operations on a system,
e.g., failed and successful authentication attempts, are recorded in a log.

2. Understand issues related to program security and the common

vulnerabilities in computer programs

2. Application Security
 Vulnerability:
o any mistakes or weakness in the system security that may result the possibility for intruders to get
unauthorized access
  Vulnerability Assessment :
o a software testing technique to evaluate the sudden increase of risks involved in the system in order
to reduce the probability of the event.
o depends on two mechanisms:
 Vulnerability Assessment: the process of scanning (locating & reporting) vulnerabilities to
provide a way to detect and resolve security problems by ranking the vulnerabilities.
 Penetration Testing: an authorized simulated attack on a computer system, performed to evaluate
the security of the system.
 Types of vulnerability scanner:
o Host Based :
 Identifies the issues in the host or the system.
 carried out by using host-based scanners .
o Network Based :
 will detect the open port, and identify the unknown services running on these ports.
 carried out by using Network-based Scanners.
o Database Based :
 identify the security exposure in the database systems to prevent from SQL Injections.
 Vulnerability Testing Methods:
o Active Testing: While doing the test, the tester will actively involve in the process of finding out the
new test cases and analyzes the results.
o Passive Testing: monitoring the result of running SW under test without introducing new test cases or
data. o Network Testing: the process of measuring the state of network operation over a period of time
to find out the problems created by new services.
o Distributed Testing: applied for testing distributed applications.
o Penetration Test (pen test):
 To identify both weaknesses (vulnerabilities) & strengths, to enable a full risk assessment.
 Determine whether a system is vulnerable, defenses were sufficient and which defenses (if any) the
test defeated.
 Secure Shell (SSH):
oA cryptographic protocol for operating NW services securely over an unsecured NW.
o Best-known application: for remote login to computer systems by users.
o Common applications: remote command-line login and execution.
 Secure Email:
o Adds confidentiality and integrity protection to ordinary e-mail.
o E.g. PGP.
 Secure Web servers:
o The main vulnerability of web applications is Cross-Site Scripting (XSS).
o Securing the website or web application itself and the network around it.
o Common web servers: Apache, and IIS.
 TLS-based client digital certificates
 Apache or Oracle penetration testing
 VPN Apps
 Application firewall / proxy server
Firewall
 a program or network devices (e.g. router) which filters access to a protected network from the internet
connection.
 protects a local or network of systems from network-based security threats,
 monitors & controls incoming & outgoing network traffic based on predetermined security rules.
 Firewall Objectives
o Keep intruders, malicious code and unwanted traffic out
o Keep private and sensitive information in
o security wall b/n private (protected) NW & outside word.
 Categorizes of firewalls
a) Network firewalls: Filter traffic b/n two or more networks and run-on NW hardware.
 Implemented at a specific point in the network path and protects all computers on the internal
side of the firewall from all computers on the external side of the fire wall.
b) Host-based firewalls: Run on host computers and control network traffic in/out of those machines.
a) Packet Filtering Router: Examines TCP/IP header information of network data packets going in
both directions. Applies set of rules to each incoming IP packets & then forwards or discards the
packets.

b) Application-Level Gateway (application firewall / proxy server): runs special software that acts as a
proxy for a service request. Proxy server receives requests for Web pages, accesses the Web server on
behalf of the external client, and returns the requested pages to the users.

c) Circuit Level Gateway: Standalone Software that sets up two TCP connections (inside & outside). It
determines which connections will be allowed.

 Firewalls implementation

a) Hardware firewalls: a stand-alone product or integrated into the router. It will have a minimum of four
network ports to connect other computers.
b) Software firewalls: installed on your computer and will protect your computer from outside and then
determine whether the request is valid or not. Combination of both #
 3. Explain the basic requirements for trusted operating systems, and describe the
independent evaluation, including evaluation criteria and evaluation process

Assurance in Trusted Operating Systems in Computer Security

Assurance in trusted operating systems refers to the level of confidence or trust that can be placed
in the security mechanisms and features of an operating system. It involves evaluating and
verifying the security properties and functionalities of the operating system to ensure that it meets
specific security requirements.
Assurance in trusted operating systems is important because it helps establish trust in the system's
ability to protect sensitive information, maintain system integrity, and resist attacks. It provides
assurance to users, administrators, and organizations that the operating system has been designed,
implemented, and tested to meet certain security standards.
There are several aspects to assurance in trusted operating systems:
1. Design Assurance: This involves evaluating the security features and mechanisms incorporated into the design
of the operating system. It includes analyzing the system's architecture, access control mechanisms, secure
communication protocols, and other security-related components.
2. Implementation Assurance: This focuses on the actual implementation of the operating system and ensures
that it adheres to the design specifications. It involves code reviews, vulnerability assessments, and testing to
identify and fix any security vulnerabilities or weaknesses.
3. Testing and Evaluation: This involves subjecting the operating system to rigorous testing and evaluation
processes to assess its security properties. This may include penetration testing, vulnerability scanning, and
formal verification techniques to identify and address any security flaws.
4. Certification and Accreditation: Once an operating system has undergone the assurance process, it may be
certified and accredited by a recognized authority. Certification provides an independent validation that the
operating system meets specific security requirements and standards.
Assurance in trusted operating systems is crucial for organizations that handle sensitive data or
operate in high-security environments. It helps ensure that the operating system can be trusted to
protect critical information and maintain the confidentiality, integrity, and availability of the
system.
By establishing assurance in trusted operating systems, organizations can have confidence in the
security of their computer systems and mitigate the risks associated with cyber threats and
attacks.

There are three main services of operating systems that interact with security.
User Interface authenticates a user, allows him access to the system,
and handles all interaction with the user.

Service Management this allows a user access to many of the low-level services
of the operating system.

Resource Allocation this allocates resources, such as memory, I/O devices, time
on the CPU, etc.
In a trusted operating system, designed from the beginning with security in mind, each of these
main services is written as a distinct object with its own security controls, especially
user authentication, least privilege (don’t let a user do more than is necessary), and complete
mediation (verifying that the input is of the expected form and adheres to the “edit” rules). Here
the UNIX operating system shows its major flaw – users are either not trusted or, being super-
users, given access to every resource.

Some of the features of a security-oriented operating system are obvious, while other features
require a bit of explanation. We discuss those features that are not obvious.

Mandatory access control (MAC) refers to the granting of access by a central authority, not by
individual users. If I have SECRET data to show you and you do not have a SECRET clearance,
I cannot of my own volition grant you a SECRET clearance (although I have actually seen it
done – I wonder what the Defense Department would think of that). MAC should exist along
with discretionary access control (DAC) in that objects not managed by the central authority
can be managed by the individual user owning them.

Object reuse protection refers to the complete removal of an object before it is returned to the
object pool for reuse. The simplest example of this is protection of files. What happens when a
file is deleted.

Audit log management refers to the practice of logging all events with potential security impact,
protecting that log from unauthorized access and modification, and creation of procedures and
software to examine the log periodically and analyze it for irregularities. A security log is of no
use if nobody looks at it.

Intrusion detection refers to the creation and use of system software that scans all activity
looking for unusual events. Such software is hard to write, but one should try. For example, this
author has a 128 MB flash drive that he occasionally attaches to his computer at work via the
USB port. The intrusion detection software always reports that the number of hard drives on the
system has changed and says to call the administrator if this was not an intentional act.

A kernel is the part of an operating system that performs low-level functions. This is distinct
from the high-level services part of the operating system that does things such as handle shared
printers, provides for e-mail and Internet access, etc. The kernel of an operating system is often
called the nucleus, and rarely the core. In an operating system designed with security in mind
there are two kernels: the security kernel and the operating system kernel, which includes the
security kernel.

The security kernel is responsible for enforcing the security mechanisms of the operating system,
including the handling of most of the functions normally allocated to the operating system kernel
itself, as most of these low-level facilities have impact on security.
The reference monitor is one of the most important parts of the security kernel. This is the
process that controls access to all objects, including devices, files, memory, interprocess
communication, and other objects. Naturally, the reference monitor must monitor access
to itself and include protection against its being modified in an unauthorized way.

The Trusted Computing Base (TCB)

The trusted computing base is the name given to the part of the operating system used to
enforce security policy. Naturally, this must include the security kernel. Functions of the TCB
include the following:
1) hardware management, including processors, memory, registers, and I/O devices,
2) process management, including process scheduling,
3) interrupt handling, including management of the clocks and timing functions, and
4) management of primitive low-level I/O operations.

Virtualization is one of the more important tools of a trusted operating system. By this term we
mean that the operating system emulates a collection of the computer system’s sensitive
resources. Obviously virtualized objects must be supported by real objects, but the idea is that
these real objects can be managed via the virtual objects.

A virtual machine is a collection of hardware facilities, each of which could be real or simulated
in software. One common feature is virtual memory, in which each process appears to have
access to all of the memory of the computer, with the possible exception of memory allocated to
the operating system.

Assurance in Trusted Operating Systems

For an operating system designed to be secure, assurance is the mechanism for convincing
others that the security model is correct, as are the design and implementation of the OS. How
does one gain confidence that an operating system should be trusted? One way is by gaining
confidence that a number of the more obvious security vulnerabilities have been addressed in the
design of the system.

Input/Output processing represents one of the larger vulnerabilities in operating systems. There
are a number of reasons for the vulnerability of this processing, including
1) the fact that I/O processing is interrupt driven, and
2) the fact that I/O processing is often performed by independent hardware systems, and
3) the complexity of the I/O code itself, and
4) the desire to have the I/O process bypass the security monitors as an efficiency issue.

Methods for gaining assurance include testing by the creator of the software, formal testing by a
unit that is independent of the software development process, formal verification (when possible
– it is very difficult), and formal validation by an outside vendor. The author of these notes had
been part of a software V&V (verification and validation) team, assigned to be sure that the code
was written correctly and that it adhered to the requirements.
Formal Evaluation
We now turn to formal evaluation of an operating system against a published set of criteria. One
of the earliest attempts for formal evaluation was called the Trusted Computer System
Evaluation Criteria (TCSEC), more loosely the “Orange Book” because that was the color of
the book. The TCSEC defined a number of levels of assurance.

D – basically, no protection. Any system can get this level.

C1 – discretionary access control
C2 – controlled access protection ( a finer grained discretionary access control)
B1 – labeled security protection
Each object is assigned a security level and mandatory access controls are used.
B2 – structured protection. This is level B1 with formal testing of a verified design.
B3 – security domains. The security kernel must be small and testable.
A1 – verified design. A formal design exists and has been thoroughly examined.

The TCSEC was a good document for its day, but it was overtaken by the arrival of the Internet
and connectivity to the Internet. Several operating systems were rated as C1 or better, provided
that the system was running without connection to the Internet.

4. Describe security requirements for database security, and describe techniques for
ensuring database reliability and integrity, secrecy, inference control, and multi-level
databases.
Data Base Security
Database security encompasses hardware, software, people and data
Database security and integrity is about protecting the database from being inconsistent and being
disrupted.
Multi-user database system - DBMS must provide a database security and authorization
subsystem to enforce limits on individual and group access rights and privileges.
Database security is considered in relation to the following situations:
– Theft and fraud
– Loss of confidentiality (secrecy)
– Loss of integrity
– Loss of availability
Database security - the mechanisms that protect the database against intentional or accidental
threats. • Examples of threats:
– Unauthorized modification or copying of data
– Program alteration
– Wire-tapping
– Illegal entry by hacker
– Theft of data, programs, and equipment
– Failure of security mechanisms, giving greater access than normal
– Inadequate staff training
– Electronic interference and radiation
– Data corruption owing to power loss or surge
– Fire (electrical fault, lightning strike, arson), flood, bomb
– Physical damage to equipment
– Breaking cables or disconnection of cables
– Introduction of viruses
Computer-based security controls for a multi-user environment:
• Authorization – The granting of a right or privilege that enables a subject to have legitimate
access to a system or a system’s object
– Authorization controls can be built into the software, and govern not only what system or
object a specified user can access, but also what the user may do with it
– Authorization controls are sometimes referred to as access controls
– The process of authorization involves authentication of subjects (i.e. a user or program)
requesting access to objects (i.e. a database table, view, procedure, trigger, or any other object
that can be created within the system)
Backup and recovery
– Backup is the process of periodically taking a copy of the database and log file (and possibly
programs) on to offline storage media
– A DBMS should provide backup facilities to assist with the recovery of a database following
failure
– Database recovery is the process of restoring the database to a correct state in the event of a
failure
– Journaling is the process of keeping and maintaining a log file (or journal) of all changes made
to the database to enable recovery to be undertaken effectively in the event of a failure
– The advantage of journaling is that, in the event of a failure, the database can be recovered to
its last known consistent state using a backup copy of the database and the information contained
in the log file
– If no journaling is enabled on a failed system, the only means of recovery is to restore the
database using the latest backup version of the database
– However, without a log file, any changes made after the last backup to the database will be lost
Integrity
– Integrity constraints contribute to maintaining a secure database system by preventing data
from becoming invalid and hence giving misleading or incorrect results
• Domain Integrity
• Entity integrity
• Referential integrity
• Key constraints
Levels of Security Measures
• Security measures can be implemented at several levels
– Physical Level: concerned with securing the site containing the computer system should be
physically secured. The backup systems should also be physically protected from access except
for authorized users.
– Human Level: concerned with authorization of database users for access the content at
different levels and privileges.
– Operating System: concerned with the weakness and strength of the operating system security
on data files. Weakness may serve as a means of unauthorized access to the database. This also
includes protection of data in primary and secondary memory from unauthorized access.
– Database System: concerned with data access limit enforced by the database system. Access
limit like password, isolated transaction and etc.
Inference Policy
It is very essential to protect data at specific level.It can be applied when analysis of particular
data in the form of facts are required to be prevented at a certain higher security level. It helps to
determines how to protect information from being released.
The aim of the inference control is to avoid indirect disclosure of information.
Generally there are three ways to unauthorized data disclosure:
1. Correlated data - typical channel when visible data X are semantically related with invisible
data Y
2. Missing data - result of query contains NULL values that mask sensitive data. Existence of
that data may by detect that way.
3. Statistical inference - typical for databases that provide statistical information about entities.