July 1, 2004 Computer Security: Art and Science©2002-2004 Matt BishopSlide #1-1Chapter 1: Introduction• Components of computer security• Threats• Policies and mechanisms• The role of trust• Assurance• Operational Issues• Human IssuesJuly 1, 2004 Computer Security: Art and Science©2002-2004 Matt BishopSlide #1-2Basic Components• Confidentiality– Keeping data and resources hidden• Integrity– Data integrity (integrity)– Origin integrity (authentication)• Availability– Enabling access to data and resourcesJuly 1, 2004 Computer Security: Art and Science©2002-2004 Matt BishopSlide #1-3Classes of Threats• Disclosure– Snooping• Deception– Modification, spoofing, repudiation of origin, denial ofreceipt• Disruption– Modification• Usurpation– Modification, spoofing, delay, denial of serviceJuly 1, 2004 Computer Security: Art and Science©2002-2004 Matt BishopSlide #1-4Policies and Mechanisms• Policy says what is, and is not, allowed– This defines “security” for the site/system/etc.• Mechanisms enforce policies• Composition of policies– If policies conflict, discrepancies may createsecurity vulnerabilitiesJuly 1, 2004 Computer Security: Art and Science©2002-2004 Matt BishopSlide #1-5Goals of Security• Prevention– Prevent attackers from violating security policy• Detection– Detect attackers’ violation of security policy• Recovery– Stop attack, assess and repair damage– Continue to function correctly even if attacksucceedsJuly 1, 2004 Computer Security: Art and Science©2002-2004 Matt BishopSlide #1-6Trust and Assumptions• Underlie all aspects of security• Policies– Unambiguously partition system states– Correctly capture security requirements• Mechanisms– Assumed to enforce policy– Support mechanisms work correctlyJuly 1, 2004 Computer Security: Art and Science©2002-2004 Matt BishopSlide #1-7Types of Mechanismssecureprecisebroadset of reachable states set of secure statesJuly 1, 2004 Computer Security: Art and Science©2002-2004 Matt BishopSlide #1-8Assurance• Specification– Requirements analysis– Statement of desired functionality• Design– How system will meet specification• Implementation– Programs/systems that carry out designJuly 1, 2004 Computer Security: Art and Science©2002-2004 Matt BishopSlide #1-9Operational Issues• Cost-Benefit Analysis– Is it cheaper to prevent or recover?• Risk Analysis– Should we protect something?– How much should we protect this thing?• Laws and Customs– Are desired security measures illegal?– Will people do them?July 1, 2004 Computer Security: Art and Science©2002-2004 Matt BishopSlide #1-10Human Issues• Organizational Problems– Power and responsibility– Financial benefits• People problems– Outsiders and insiders– Social engineeringJuly 1, 2004 Computer Security: Art and Science©2002-2004 Matt BishopSlide #1-11Tying TogetherThreatsPolicySpecificationDesignImplementationOperationJuly 1, 2004 Computer Security: Art and Science©2002-2004 Matt BishopSlide #1-12Key Points• Policy defines security, and mechanismsenforce security– Confidentiality– Integrity– Availability• Trust and knowing assumptions• Importance of assurance• The human