Secure Application Development

Chapter 01
Introduction To Computer Security
● Computer Security Concepts
● Computer Security Challenges
● Computer Security Model
● Attacks
● Computer Security Strategy
Computer Security Concepts (CIA Traid)
● Confidentiality: This term covers two related concepts:
○ Data confidentiality: Assures that private or confidential information is not made
available or disclosed to unauthorized individuals.
○ Privacy: Assures that individuals control or influence what information related to them
may be collected and stored and by whom and to whom that information may be
disclosed.
● Integrity: This term covers two related concepts:
○ Data integrity: Assures that information and programs are changed only in a specified
and authorized manner.
○ System integrity: Assures that a system performs its intended function in an unimpaired
manner, free from deliberate or inadvertent unauthorized manipulation of the system.
● Availability: Assures that systems work promptly and service is not
denied to authorized users.
Computer Security Concepts (cont.)
Although the use of the CIA triad to define security objectives is well established, some in the
security field feel that additional concepts are needed to present a complete picture. Two of
the most commonly mentioned are as follows:
● Authenticity: The property of being genuine and being able to be verified and trusted;
confidence in the validity of a transmission, a message, or message originator. This
means verifying that users are who they say they are and that each input arriving at the
system came from a trusted source.
● Accountability: The security goal that generates the requirement for actions of an
entity to be traced uniquely to that entity. This supports non-repudiation, deterrence,
fault isolation, intrusion detection and prevention, and after-action recovery and legal
action. Because truly secure systems are not yet an achievable goal, we must be able to
trace a security breach to a responsible party. Systems must keep records of their
activities to permit later
Computer Security Challenges
● Computer security is not as simple as it might first appear to the novice. The requirements
seem to be straightforward; indeed, most of the major requirements for security services
can be given self-explanatory one-word labels: confidentiality, authentication,
nonrepudiation, integrity. But the mechanisms used to meet those requirements can be
quite complex, and understanding them may involve rather subtle reasoning.
● In developing a particular security mechanism or algorithm, one must always consider
potential attacks on those security features. In many cases, successful attacks are
designed by looking at the problem in a completely different way, therefore exploiting an
unexpected weakness in the mechanism.
● Because of point 2, the procedures used to provide particular services are often
counterintuitive. Typically, a security mechanism is complex, and it is not obvious from the
statement of a particular requirement that such elaborate Measures are needed. It is only
when the various aspects of the threat are considered that elaborate security mechanisms
make sense.
Computer Security Challenges (Cont.)
● Having designed various security mechanisms, it is necessary to decide where to use
them. This is true both in terms of physical placement (e.g., at what points in a network
are certain security mechanisms needed) and in a logical sense [e.g., at what layer or
layers of an architecture such as TCP/IP (Transmission Control Protocol/Internet Protocol)
should mechanisms be Placed].
● Security mechanisms typically involve more than a particular algorithm or Protocol. They
also require that participants be in possession of some secret information (e.g., an
encryption key), which raises questions about the Creation, distribution, and protection
of that secret information. There may also be a reliance on communications protocols
whose behavior may complicate the task of developing the security mechanism. For
example, if the proper functioning of the security mechanism requires setting time limits
on the transit time of a message from sender to receiver, then any protocol or network
that introduces variable, unpredictable delays may render such time limits meaningless.
Computer Security Challenges (Cont.)
● Computer security is essentially a battle of wits between a perpetrator who tries to find
holes and the designer or administrator who tries to close them. The great advantage
that the attacker has is that he or she need only find a single weakness while the
designer must find and eliminate all weaknesses to achieve perfect security.
● There is a natural tendency on the part of users and system managers to Perceive little
benefit from security investment until a security failure occurs.
● Security requires regular, even constant, monitoring, and this is difficult in today’s short-
term, overloaded environment.
● Security is still too often an afterthought to be incorporated into a system after the
design is complete rather than being an integral part of the design process.
● Many users and even security administrators view strong security as an impediment to
efficient and user-friendly operation of an information system or use of information.
Computer Security Model
The concept of a system resource, or asset, that users and owners wish to
protect. The assets of a computer system can be categorized as follows

● Hardware: Including computer systems and other data processing,

data storage, and data communications devices
● Software: Including the operating system, system utilities, and
applications.
● Data: Including data in any state (in transit, at rest, processing) files
and databases, as well as security-related data, such as password files.
● Communication facilities and networks: Local and wide area
network communication links, bridges, routers, and so on.
Computer Security Model
In the context of security, our concern is with the vulnerabilities of
system resources.
● It can be corrupted, so that it does the wrong thing or gives wrong
answers. For example, stored data values may differ from what
they should be because they have been improperly modified.
● It can become leaky. For example, someone who should not have
access to some or all of the information available through the
network obtains such access.
● It can become unavailable or very slow. That is, using the system or
network becomes impossible or impractical.
Attacks
We can classify attacks based on the behavior of the attack
● Active attack: An attempt to alter system resources or affect their operation.
● Passive attack: An attempt to learn or make use of information from the system that
does not affect system resources.

We can also classify attacks based on the origin of the attack:

● Inside attack: Initiated by an entity inside the security perimeter (an “ insider”). The
insider is authorized to access system resources but uses them in a way not approved
by those who granted the authorization.
● Outside attack: Initiated from outside the perimeter, by an unauthorized or illegitimate
user of the system (an “outsider”). On the Internet, potential Outside attackers range
from amateur pranksters to organized criminals, international terrorists, and hostile
governments.
Attacks Surface
Attack surfaces can be categorized in the following way:
● Network attack surface: This category refers to vulnerabilities over an enterprise
network, wide-area network, or the Internet. Included in this category are
network protocol vulnerabilities, such as those used for a denial-of-service
Attack, disruption of communications links, and various forms of intruder attacks.
● Software attack surface: This refers to vulnerabilities in application, utility, or
operating system code. A particular focus in this category is Web server
software.
● Human attack surface: This category refers to vulnerabilities created by
personnel or outsiders, such as social engineering, human error, and trusted
insiders.
Computer Security Strategy
A comprehensive security strategy involves three aspects:
● Specification/policy: What is the security scheme supposed to do?
● Implementation/mechanisms: How does it do it?
● Correctness/assurance: Does it really work?

The first step in devising security services and mechanisms is to

develop a security policy.
Security Policy
In developing a security policy, a security manager needs to consider
the Following factors
● The value of the assets being protected
● The vulnerabilities of the system
● Potential threats and the likelihood of attacks
Security Policy (Cont.)
Further, the manager must consider the following trade-offs:

Ease of use versus security: Virtually all security measures involve some
penalty in the area of ease of use. The following are some examples.
Access control mechanisms require users to remember passwords and
perhaps perform other access control actions. Firewalls and other
network security measures may reduce available transmission capacity
or slow response time. Virus-checking software reduces available
processing power and introduces the possibility of system crashes or
malfunctions due to improper interaction between the security software
and the operating system.
Security Policy (Cont.)
Cost of security versus cost of failure and recovery: In addition to ease
of use and performance costs, there are direct monetary costs in
implementing and maintaining security measures. All of these costs
must be balanced against the cost of security failure and recovery if
certain security measures are lacking. The cost of security failure and
recovery must take into account not only the value of the assets being
protected and the damages resulting from a security violation, but also
the risk, which is the probability that a particular threat will exploit a
particular vulnerability with a particular harmful result.
Security Implementation
Security implementation involves four complementary courses of
action:
● Prevention
● Detection
● Response
● Recovery
Security Implementation - Prevention
An ideal security scheme is one in which no attack is successful.
Although this is not practical in all cases, there is a wide range of
threats in which prevention is a reasonable goal. For example, consider
the transmission of encrypted data. If a secure encryption algorithm is
used, and if measures are in place to prevent unauthorized access to
encryption keys, then attacks on confidentiality of the transmitted data
will be prevented.
Security Implementation - Detection
In a number of cases, absolute protection is not feasible, but it is
practical to detect security attacks. For example, there are intrusion
detection systems designed to detect the presence of unauthorized
individuals logged onto a system. Another example is detection of a
denial of service attack, in which communications or processing
resources are consumed so that they are unavailable to legitimate
users.
Security Implementation - Response
If security mechanisms detect an ongoing attack, such as a denial of
service attack, the system may be able to respond in such a way as to
halt the attack and prevent further damage.
Security Implementation - Recovery
An example of recovery is the use of backup systems, so that if data
integrity is compromised, a prior, correct copy of the data can be
reloaded.