MT5104 Computer SecurityIntroduction - The plan for todayReferences for this lectureWhat is security?Example 1 - Private PropertyExample 2 - eCommerceComputer Security?ConfidentialityIntegrityIntegrity ctd.AvailabilityAccountability - AuthorisationReliability - DependabilityThe main conclusionThe Fundamental Dilemma of Computer SecurityPrinciples of Computer Security The Dimensions of Computer Security1st Fundamental Design Decision Where is the focus of security controls?2nd Fundamental Design Decision Where to place security controls?The Man-Machine ScaleSlide 20Data vs InformationData vs Information ctd.3rd Fundamental Design Decision complexity vs assuranceExample: Security Evaluation4th Fundamental Design Decision centralised or decentralised controls?5th Fundamental Design Decision blocking access to the layer belowThe Layer Below - ExamplesThe Layer Below - more examplesStructure of the courseBooks on Computer SecurityExercisesMT5104 - Computer Security - Lecture 11MT5104Computer SecurityDieter GollmannMicrosoft [email protected] - Computer Security - Lecture 12Introduction - The plan for today•Search for a definition of computer security•Propose fundamental design principles for computer security•Give a preview of the course•Books and further reading•Questions??MT5104 - Computer Security - Lecture 13References for this lecture•Orange Book: US Trusted Computer Systems Evaluation Criteria •ITSEC: European Information Technology Security Evaluation Criteria•CTCPEC: Canadian Trusted Computer Product Evaluation Criteria•ISO 7498-2 (International Standard): Basic Reference Model for Open Systems Interconnection (OSI) Part 2: Security Architecture •Clark, D.R. and Wilson, D.R., A Comparison of Commercial and Military Computer Security Policies, Proceedings of the 1987 IEEE Symposium on Security and Privacy, pages 184-194MT5104 - Computer Security - Lecture 14What is security?•Prevention: take measures that prevent your assets from being damaged•Detection: take measures so that you can detect when, how, and by whom an asset has been damaged•Reaction: take measures so that you can recover your assets or to recover from a damage to your assetsMT5104 - Computer Security - Lecture 15Example 1 - Private Property•Prevention: locks at doors, window bars, walls round the property•Detection: stolen items aren’t there anymore, burglar alarms, closed circuit TV•Reaction: call the police, replace stolen items, make an insurance claim …•Footnote: Parallels to the physical world can illustrate aspects of computer security but they are also misleading.MT5104 - Computer Security - Lecture 16Example 2 - eCommerce•Prevention: encrypt your orders, rely on the merchant to perform checks on the caller, don’t use the Internet (?) …•Detection: an unauthorized transaction appears on your credit card statement•Reaction: complain, ask for a new card number, etc. •Footnote: your credit card number has not been stolen.MT5104 - Computer Security - Lecture 17Computer Security?•Confidentiality: prevent unauthorised disclosure of information•Integrity: prevent unauthorised modification of information•Availability: prevent unauthorised with- holding of information or resources •Other aspects: accountability, authenticity•Definitions taken from ITSECMT5104 - Computer Security - Lecture 18Confidentiality•Historically, security and secrecy were closely related. Sometimes, security and confidentiality are used as synonyms•Prevent unauthorised disclosure of information (prevent unauthorised reading)•Privacy: protection of personal data•Secrecy: protection of date belonging to an organisationMT5104 - Computer Security - Lecture 19Integrity•ITSEC: prevent unauthorised modification of information (prevent unauthorised writing)•Clark and Wilson: No user of the system, even if authorized, may be permitted to modify data items in such a way that assets or accounting records of the company are lost or corrupted.•Orange Book: Data Integrity - The state that exists when computerized data is the same as that in the source document and has not been exposed to accidental or malicious alteration or destruction. (Integrity synonymous for external consistency.)MT5104 - Computer Security - Lecture 110Integrity ctd.•Integrity in communications: detection (and correction) of modifications of transmitted data, including both intentional modifications and random transmission errors.•In the most general sense: make sure that everything is as it is supposed to be; the data in a computer system should correctly reflect some reality outside the computer system. (This is highly desirable but cannot be guaranteed by mechanisms internal to the computer system.)•Integrity is a prerequisite for many other security services. Operating systems security has a lot to do with integrity.MT5104 - Computer Security - Lecture 111Availability•CTCPEC: the property that a product’s services are accessible when needed and without undue delay•ISO 7498-2: the property of being accessible and usable upon demand by an authorised entity•Denial of Service (DoS): The prevention of authorised access of resources or the delaying of time-critical operations•Availability may be the most important aspect of computer security, but there are few methods around. Distributed denial of service have recently become notorious.MT5104 - Computer Security - Lecture 112Accountability - Authorisation•Accountability (Orange Book): audit information must be selectively kept and protected so that actions affecting security can be traced to the responsible party•Users are identified and authenticated to have a basis for access control decisions.•The security system keeps an audit log (audit trail) of security relevant events to detect and investigate intrusions.MT5104 - Computer Security - Lecture 113Reliability - Dependability•Areas related to security: reliability, safety similar engineering methods, similar efforts in standardisation, possible requirement conflicts•There is an overlap in notation: is security part of reliability or vice versa?•Dependability (IFIP WG 10.4): the property of a com- puter system such that reliance can justifiably be placed on the service it delivers. The service delivered by a system is its behaviour as it is perceived by its user(s); a user is another system (physical, human) which interacts with the former.MT5104 -