Computer Security Concepts and Services

A Definition of Computer Security

The NIST Computer Security Handbook
[NIST95] defines the term computer security as follows:
COMPUTER SECURITY
The protection afforded to an automated
information system in order to attain the applicable
objectives of preserving the integrity, availability, and
confidentiality of information system resources
(includes hardware, software, firmware, information/
data, and telecommunications).
This definition introduces three key objectives that are
at the heart of computer security:
Confidentiality: This term covers two related
concepts:
1. Data confidentiality: Assures that private or
confidential information is not made available or
disclosed to unauthorized individuals.
2. Privacy: Assures that individuals control or influence
what information related to them may be collected and
stored and by whom and to whom that information
may be disclosed.
Integrity: This term covers two related concepts:
1. Data integrity: Assures that information and
programs are changed only in a specified and
authorized manner.
2. System integrity: Assures that a system performs its
intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation
of the system.
Availability: Assures that systems work promptly and
service is not denied to authorized users.
CIA Triad
 FIPS 199 provides a useful characterization of these three objectives
in terms of requirements and the definition of a loss of security in each
category:

 Confidentiality: Preserving authorized restrictions on information access

and disclosure, including means for protecting personal privacy and
proprietary information. A loss of confidentiality is the unauthorized
disclosure of information.
 Integrity: Guarding against improper information modification or
destruction, including ensuring information nonrepudiation and
authenticity. A loss of integrity is the unauthorized modification or
destruction of information.
 Availability: Ensuring timely and reliable access to and use of
information. A loss of availability is the disruption of access to or use of
information or an information system.
THE OSI SECURITY ARCHITECTURE
 Responsibility of a security manager:
1. Assess effectively the security needs of an
organization
2. Evaluate and choose various security products and
policies.
So there is a need for a systematic way of defining the
requirements for security and characterizing the
approaches to satisfy those requirements.
 ITU-T Recommendation X.800, Security Architecture for
OSI, defines such a systematic approach.
THE OSI SECURITY ARCHITECTURE
As developed as an international standard,
computer and communications vendors have
developed security features for their products and
services that relate to this structured definition of
services and mechanisms.
 THE OSI SECURITY ARCHITECTURE
 The OSI security architecture focuses on security attacks, mechanisms, and
services. These can be defined briefly as
 Security attack:

Any action that compromises the security of information owned

by an organization.
 Security mechanism:

A process (or a device incorporating such a process) that is

designed to detect, prevent, or recover from a security attack.
 Security service:

A processing or communication service that enhances the security

of the data processing systems and the information transfers of an
organization. The services are intended to counter security attacks, and
they make use of one or more security mechanisms to provide the
service.
SECURITY ATTACKS
Both in X.800 and RFC 2828, security attack is
classified in terms of passive attacks and active
attacks.
A passive attack attempts to learn or make use of
information from the system but does not affect system
resources.
An active attack attempts to alter system resources or
affect their operation.
Passive Attacks
Passive attacks are in the nature of eavesdropping on,
or monitoring of, transmissions.
The goal of the opponent is to obtain information that
is being transmitted.
Two types of passive attacks are the,
1. Release of message contents and
2. Traffic analysis.
Passive Attacks - Release of message
contents
Passive Attacks – Traffic analysis

• To determine the location and identity of communicating hosts .

• To observe the frequency and length of messages being exchanged.
This information might be useful in guessing the nature of the communication
that was taking place.
PASSIVE ATTACKS - CHARACTERISTICS
Passive attacks are very difficult to detect, as they do
not involve any alteration of the data.
Message traffic is sent and received in normal fashion,
and neither the sender nor receiver is aware that a third
party has read the messages or observed the traffic
pattern.
However, it is feasible to prevent the success of these
attacks, usually by means of encryption.
Thus, the emphasis in dealing with passive attacks is
on prevention rather than detection.
Active Attacks
Active attacks involve some modification of the data
stream or the creation of a false stream and can be
subdivided into four categories:
1. Masquerade
2. Replay
3. Modification of messages, and
4. Denial of service.
Active Attacks - Masquerade
• One entity pretends to be a different entity.
Active Attacks - Replay
Passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect
Active Attacks - Modification of
messages
 Some portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an
unauthorized effect
 Active Attacks - Denial of service
Prevents or inhibits the normal use or management of
communications facilities
Breaking all the network provided by the server.
Active Attacks - Characteristics
It is quite difficult to prevent active attacks absolutely
because of the wide variety of potential physical,
software, and network vulnerabilities.
Instead the goal is to detect active attacks and to
recover from any disruption or delays caused by them.
SECURITY SERVICES
Services: Some of the techniques used for providing
the security.
X.800 defines a security service as a service that is
provided by a protocol layer of communicating open
systems and that ensures adequate security of the
systems or of data transfers.
RFC 2828, which provides the following definition: a
processing or communication service that is provided
by a system to give a specific kind of protection to
system resources; security services implement security
policies and are implemented by security mechanisms.
SECURITY SERVICES
SECURITY SERVICES
SECURITY SERVICES
SECURITY SERVICES
SECURITY SERVICES
SECURITY MECHANISMS
A security mechanism is a process (or a device
incorporating such a process) that can be used
in a system to implement a security service that is provided
by or within the system.
 According to X.800, security mechanisms can be classified
into,
 Specific security mechanisms
mechanisms that are implemented in a specific protocol
layer, such as TCP or an application-layer protocol
 Pervasive security mechanisms
mechanisms that are not specific to any particular
protocol layer or security service.
SPECIFIC SECURITY MECHANISMS
Encipherment
The use of mathematical algorithms to
transform data into a form that is not readily
intelligible. The transformation and Subsequent
recovery of the data depend on an algorithm and
zero or more encryption keys.
Digital Signature
Data appended to, or a cryptographic
transformation of, a data unit that allows a
recipient of the data unit to prove the source and
integrity of the data unit and protect against
forgery (e.g., by the recipient).-
SPECIFIC SECURITY MECHANISMS
Access Control
A variety of mechanisms that enforce access
rights to resources.
Data Integrity
A variety of mechanisms used to assure the
integrity of a data unit or stream of data units.
SPECIFIC SECURITY MECHANISMS
 Authentication Exchange
A mechanism intended to ensure the identity of an entity by means of
information exchange.
 Traffic Padding
The insertion of bits into gaps in a data stream to frustrate traffic
analysis attempts.
 Routing Control
Enables selection of particular physically secure routes for certain
data and allows routing changes, especially when a breach of security
is suspected.
 Notarization
The use of a trusted third party to assure certain
properties of a data exchange.
SECURITY FUNCTIONAL REQUIREMENTS
1. Access Control
2. Awareness and Training
3. Audit
4. Certification, Accreditation, and Security Assessments: and
Accountability
5. Configuration Management:
6. Contingency Planning
7. Identification and Authentication:
8. Incident Response
9. Maintenance:
10. Media Protection
11. Physical and Environmental Protection
12. Planning:
13. Personnel Security
14. Risk Assessment
15. Systems and Services Acquisition
16. System and Communications Protection
17. System and Information Integrity
Security functional requirements

Access Control:
Limit information system access to
• authorized users,
• processes acting on behalf of authorized users, or
devices
• types of transactions and functions that authorized
users are permitted to exercise.
Security functional requirements

Awareness and Training:

(i) Ensure that managers and users of organizational
information systems are made aware of the security
risks associated with their activities.
(ii) Ensure that personnel are adequately trained to carry
out their assigned information security-related duties
and responsibilities.
Security functional requirements
Audit and Accountability:
(i) Create, protect, and retain information system audit
records
(ii) Ensure that the actions of individual information
system users can be uniquely traced to those users so
they can be held accountable for their actions.
Security functional requirements
Certification, Accreditation, and Security
Assessments:
(i) Periodically assess the security controls in
organizational information systems to determine if the
controls are effective in their application;
(ii) Develop and implement plans of action designed to
correct deficiencies and reduce or eliminate
vulnerabilities in organizational information systems;
Security functional requirements
Configuration Management:
(i) Establish and maintain baseline configurations
(ii) Establish and enforce security configuration settings
for information technology products employed in
organizational information systems.
Security functional requirements
Contingency Planning:
 Establish, maintain, and implement plans for,
 Emergency response,
 backup operations, and
 post disaster recovery
to ensure the availability of critical information resources and
continuity of operations in emergency situations.
Security functional requirements
Identification and Authentication:
 Identify information system users, processes
acting on behalf of users, or devices,
 Authenticate (or verify) the identities of those users,
processes, or devices,
Security functional requirements
 Incident Response:
(i) Establish an operational incident-handling capability for
organizational information systems that includes adequate
preparation, detection, analysis, containment, recovery, and user-
response activities; and
(ii) track, document, and report incidents to appropriate
organizational officials and/or authorities.
 Maintenance:
(i) Perform periodic and timely maintenance on organizational
information systems; and
(ii) provide effective controls on the tools, techniques, mechanisms,
and personnel used to conduct information system maintenance.
Security functional requirements
Media Protection:
(i) Protect information system media, both paper and
digital;
(ii) limit access to information on information system
media to authorized users; and
(iii) sanitize or destroy information system media
before disposal or release for reuse.
Security functional requirements
Physical and Environmental Protection:
(i) Limit physical access to information systems,
equipment, and the respective operating environments to
authorized individuals;
(ii) protect the physical plant and support infrastructure
for information systems;
(iii) provide supporting utilities for information systems;
(iv) protect information systems against environmental
hazards; and
(v) provide appropriate environmental controls in
facilities containing information systems.
Security functional requirements
Personnel Security:
(i) Ensure that individuals occupying positions of
responsibility within organizations (including third-party
service providers) are trustworthy and meet established
security criteria for those positions;
(ii) Ensure that organizational information and
information systems are protected during and after
personnel actions such as terminations and transfers; and
(iii) Employ formal sanctions for personnel failing to
comply with organizational security policies and
procedures.
 Planning:
Develop, document, periodically update, and
implement security plans for organizational information
systems.
 Risk Assessment:
Periodically assess the risk to organizational
operations.
Systems and Services Acquisition:
(i) Allocate sufficient resources to adequately protect
organizational information systems;
(ii) employ system development life cycle processes that
incorporate information security considerations;
(iii) employ software usage and installation
restrictions; and
(iv) ensure that third party providers employ adequate
security measures to protect information, applications,
and/or services outsourced from the organization.
System and Communications Protection:
(i) Monitor, control, and protect organizational
communications at the external boundaries and key
internal boundaries of the information systems; and (ii)
employ architectural designs, software development
techniques, and systems engineering principles that
promote effective information security within
organizational information systems.
System and Information Integrity:
(i) Identify, report, and correct information and
information system flaws in a timely manner;
(ii) provide protection from malicious code at
appropriate locations within organizational information
systems; and
(iii) monitor information system security alerts and
advisories and take appropriate actions in response.