INFORMATION SECURITY
SUMMARY
"#$%-"#"#
Table of Contents
Lecture 1: Introduction ................................................................................................................................................. 2
Lecture 2: Authentication & Access Control ........................................................................................................... 6
Lecture 3: Risk Analysis with CORAS ...................................................................................................................... 13
Lecture 4: Cryptography (Part I) .............................................................................................................................. 29
Lecture 5: Programs, Malware and Defensive Meganisms .............................................................................. 38
Lecture 7: Security requirements with STS-ml ................................................................................................... 48
Lecture 8: Managing conflicts in STS-ml ................................................................................................................ 59
Lecture 9: Web Security: User Side .......................................................................................................................... 65
Lecture 10: Computer networks: basics ................................................................................................................ 70
Lecture 11: Privacy ....................................................................................................................................................... 77
,Lecture 1: Introduction
CHAPTER ) PFLEEGER
In this chapter:
• Threats, vulnerabilities, and controls
• Confidentiality, integrity, and availability
• Attackers and attack types; method, opportunity, and motive
• Valuing assets
1. Basics of security
Information security (course name) vs Computer security (the difference is not relevant)
• Computer security
Measures and controls that ensure confidentiality, integrity, and availability of information assets
including hardware, software, firmware, and information being processed, stored and communicated
• Information security
The protection of information and information systems from unauthorized access, use, disclosure,
disruption, modification, or destruction in order to provide confidentiality, integrity and availability.
Assets
Security is about protecting assets, things one values
• Hardware à e.g., your laptop’s hard disk
• Software à e.g., UU’s Osiris software
• Data à e.g., your holiday’s photos
• Processes (what are examples of these?)
Much hardware and software is off-the- shelf, meaning that it is commercially available (not custom-made
for your purpose) and that you can easily get a replacement. The thing that makes your computer unique
and important to you is its content: photos, tunes, papers, email messages, projects, calendar information,
ebooks (with your annotations), contact information, code you created, and the like. Thus, data items on a
computer are assets, too.
The value of assets
Security is about protecting assets, things one values
• Not all assets are equally valuable
• How to measure? Not only monetary value for loss
o Holiday photos
• Difference between off-the-self and custom-made-software
o Why does it matter to assess value?
• Assets’ values are personal, time dependent, and often imprecise.
The Vulnerability–Threat–Control Paradigm
The goal of computer security is protecting valuable assets. To study different ways of protection, we use a
framework that describes how assets may be harmed and how to counter or mitigate that harm.
• Vulnerability: is a weakness in the system, for example, in procedures, design, or
implementation, that might be exploited to cause loss or harm. For instance, a particular system
may be vulnerable to unauthorized data manipulation because the system does not verify a user’s
identity before allowing data access.
• A threat to a computing system is a set of circumstances that has the potential to cause loss or
harm.
• Attacker: a human who exploits a vulnerability perpetrates an attack on the system.
• How do we address these problems? We use a
control or countermeasure as protection. That is, a
control is an action, device, procedure, or technique
that removes or reduces a vulnerability
• A threat is blocked by control of a vulnerability.
2
, 2. Threats and the CIA triad
Three aspects, confidentiality, integrity, and availability make your computer valuable to you. But viewed
from another perspective, they are three possible ways to make it less valuable, that is, to cause you harm.
These characteristics are both basic security properties and the objects of security threats.
We can define these three properties as follows.
• availability: the ability of a system to ensure that an asset can be used by any authorized parties
• integrity: the ability of a system to ensure that an asset is modified only by authorized parties
• confidentiality: the ability of a system to ensure that an asset is viewed only by authorized
parties
Taken together (and rearranged), the properties are called the C-I-A triad or the security triad.
Two dimensions of threats
A. What bad things can occur that affect assets?
o Security properties that are endangered
o Basic three properties of security: C-I-A triad
o The ability of a system to ensure that an asset…
§ Can be used by any authorized parties (availability)
§ Is modified only by authorized parties (integrity)
§ Is viewed only by authorized parties (confidentiality)
o Also known as security standard
B. Who/what can cause or allow those bad things to occur?
o The C-I-A triad can be viewed from a different
perspective: the nature of the harm caused to assets.
Harm can also be characterized by four acts:
interception, interruption, modification, and
fabrication.
o Who/what should we defend ourselves from?
o Confidentiality can suffer if someone intercepts data
o Availability is lost if someone or something
interrupts a flow of data or access to a computer
o Integrity can fail if someone or something modifies
data or fabricates false data.
§ Integrity: modification and fabrication
1) Confidentiality as access control policies à
Confidentiality: Only authorized people or systems
can access protected data
2) Integrity
This is a broad term, which can be specialized into
many sub-properties, such as
• Precise
• Accurate
• Unmodified
• Modified only by authorized people
• Internally consistent
• …
Three particular aspects of integrity—authorized actions, separation and protection of resources, and
error detection and correction. Integrity can be enforced in much the same way as can confidentiality: by
rigorous control of who or what can access which resources in what ways.
3
, 3) Availability
Applies both to data and services
• My data can be retrieved
• The weather forecast service can be invoked
Defining availability
• Timely response to requests
• Resources are allocated fairly
• Services and systems are fault tolerant
• The system/service can be used as intended
BTW, 100% cannot be achieved à why?
Things can happen that are out of your control, such as power shortages. For example, you cannot guarantee
that blackboard will be always available (there may be a server error). Or for example, too many users at
once, and the website crashes.
Computer security seeks to prevent unauthorized viewing (confidentiality) or modification (integrity) of
data while preserving access (availability).
Threats
Malicious intent: attackers
Attacker types:
• Terrorist
• Hacker
• Criminal-for-hire
• Individual
• Loosly connected group
• Organized crime member
We call a potential cause of harm a threat. Harm can be caused by
either nonhuman events or humans. Examples of nonhuman
threats include natural disasters like fires or floods; loss of
electrical power; failure of a component such as a communications
cable, processor chip, or disk drive.
Human threats can be either benign (nonmalicious) or malicious. Nonmalicious kinds of harm include
someone’s accidentally spilling a soft drink on a laptop
Most computer security activity relates to malicious, human-caused harm: A malicious person actually
wants to cause harm, and so we often use the term attack for a malicious computer security event.
Malicious attacks can be random or directed. In a random attack the attacker wants to harm any
computer or user.
In a directed attack, the attacker intends harm to specific computers, perhaps at one organization (think
of attacks against a political organization) or belonging to a specific individual (think of trying to drain a
specific person’s bank account, for example, by impersonation). Another class of directed attack is against
a particular product, such as any computer running a particular browser.
Ø Threats are caused both by human and other sources.
Ø Threats can be malicious or not.
Ø Threats can be targeted or random.
Advanced Persistent Threat !
3. Harms
Harm = the negative consequence of an actualized threat
How to derive value of a harm?
Risk and its management
• Risk management = a process aimed at choosing what threats to mitigate and how; involves
choosing which threats to control and what resources to devote to protection.
• How many threats do exist? Practically unlimited
o Not all threats can be tackled (too many, too expensive)
4
SUMMARY
"#$%-"#"#
Table of Contents
Lecture 1: Introduction ................................................................................................................................................. 2
Lecture 2: Authentication & Access Control ........................................................................................................... 6
Lecture 3: Risk Analysis with CORAS ...................................................................................................................... 13
Lecture 4: Cryptography (Part I) .............................................................................................................................. 29
Lecture 5: Programs, Malware and Defensive Meganisms .............................................................................. 38
Lecture 7: Security requirements with STS-ml ................................................................................................... 48
Lecture 8: Managing conflicts in STS-ml ................................................................................................................ 59
Lecture 9: Web Security: User Side .......................................................................................................................... 65
Lecture 10: Computer networks: basics ................................................................................................................ 70
Lecture 11: Privacy ....................................................................................................................................................... 77
,Lecture 1: Introduction
CHAPTER ) PFLEEGER
In this chapter:
• Threats, vulnerabilities, and controls
• Confidentiality, integrity, and availability
• Attackers and attack types; method, opportunity, and motive
• Valuing assets
1. Basics of security
Information security (course name) vs Computer security (the difference is not relevant)
• Computer security
Measures and controls that ensure confidentiality, integrity, and availability of information assets
including hardware, software, firmware, and information being processed, stored and communicated
• Information security
The protection of information and information systems from unauthorized access, use, disclosure,
disruption, modification, or destruction in order to provide confidentiality, integrity and availability.
Assets
Security is about protecting assets, things one values
• Hardware à e.g., your laptop’s hard disk
• Software à e.g., UU’s Osiris software
• Data à e.g., your holiday’s photos
• Processes (what are examples of these?)
Much hardware and software is off-the- shelf, meaning that it is commercially available (not custom-made
for your purpose) and that you can easily get a replacement. The thing that makes your computer unique
and important to you is its content: photos, tunes, papers, email messages, projects, calendar information,
ebooks (with your annotations), contact information, code you created, and the like. Thus, data items on a
computer are assets, too.
The value of assets
Security is about protecting assets, things one values
• Not all assets are equally valuable
• How to measure? Not only monetary value for loss
o Holiday photos
• Difference between off-the-self and custom-made-software
o Why does it matter to assess value?
• Assets’ values are personal, time dependent, and often imprecise.
The Vulnerability–Threat–Control Paradigm
The goal of computer security is protecting valuable assets. To study different ways of protection, we use a
framework that describes how assets may be harmed and how to counter or mitigate that harm.
• Vulnerability: is a weakness in the system, for example, in procedures, design, or
implementation, that might be exploited to cause loss or harm. For instance, a particular system
may be vulnerable to unauthorized data manipulation because the system does not verify a user’s
identity before allowing data access.
• A threat to a computing system is a set of circumstances that has the potential to cause loss or
harm.
• Attacker: a human who exploits a vulnerability perpetrates an attack on the system.
• How do we address these problems? We use a
control or countermeasure as protection. That is, a
control is an action, device, procedure, or technique
that removes or reduces a vulnerability
• A threat is blocked by control of a vulnerability.
2
, 2. Threats and the CIA triad
Three aspects, confidentiality, integrity, and availability make your computer valuable to you. But viewed
from another perspective, they are three possible ways to make it less valuable, that is, to cause you harm.
These characteristics are both basic security properties and the objects of security threats.
We can define these three properties as follows.
• availability: the ability of a system to ensure that an asset can be used by any authorized parties
• integrity: the ability of a system to ensure that an asset is modified only by authorized parties
• confidentiality: the ability of a system to ensure that an asset is viewed only by authorized
parties
Taken together (and rearranged), the properties are called the C-I-A triad or the security triad.
Two dimensions of threats
A. What bad things can occur that affect assets?
o Security properties that are endangered
o Basic three properties of security: C-I-A triad
o The ability of a system to ensure that an asset…
§ Can be used by any authorized parties (availability)
§ Is modified only by authorized parties (integrity)
§ Is viewed only by authorized parties (confidentiality)
o Also known as security standard
B. Who/what can cause or allow those bad things to occur?
o The C-I-A triad can be viewed from a different
perspective: the nature of the harm caused to assets.
Harm can also be characterized by four acts:
interception, interruption, modification, and
fabrication.
o Who/what should we defend ourselves from?
o Confidentiality can suffer if someone intercepts data
o Availability is lost if someone or something
interrupts a flow of data or access to a computer
o Integrity can fail if someone or something modifies
data or fabricates false data.
§ Integrity: modification and fabrication
1) Confidentiality as access control policies à
Confidentiality: Only authorized people or systems
can access protected data
2) Integrity
This is a broad term, which can be specialized into
many sub-properties, such as
• Precise
• Accurate
• Unmodified
• Modified only by authorized people
• Internally consistent
• …
Three particular aspects of integrity—authorized actions, separation and protection of resources, and
error detection and correction. Integrity can be enforced in much the same way as can confidentiality: by
rigorous control of who or what can access which resources in what ways.
3
, 3) Availability
Applies both to data and services
• My data can be retrieved
• The weather forecast service can be invoked
Defining availability
• Timely response to requests
• Resources are allocated fairly
• Services and systems are fault tolerant
• The system/service can be used as intended
BTW, 100% cannot be achieved à why?
Things can happen that are out of your control, such as power shortages. For example, you cannot guarantee
that blackboard will be always available (there may be a server error). Or for example, too many users at
once, and the website crashes.
Computer security seeks to prevent unauthorized viewing (confidentiality) or modification (integrity) of
data while preserving access (availability).
Threats
Malicious intent: attackers
Attacker types:
• Terrorist
• Hacker
• Criminal-for-hire
• Individual
• Loosly connected group
• Organized crime member
We call a potential cause of harm a threat. Harm can be caused by
either nonhuman events or humans. Examples of nonhuman
threats include natural disasters like fires or floods; loss of
electrical power; failure of a component such as a communications
cable, processor chip, or disk drive.
Human threats can be either benign (nonmalicious) or malicious. Nonmalicious kinds of harm include
someone’s accidentally spilling a soft drink on a laptop
Most computer security activity relates to malicious, human-caused harm: A malicious person actually
wants to cause harm, and so we often use the term attack for a malicious computer security event.
Malicious attacks can be random or directed. In a random attack the attacker wants to harm any
computer or user.
In a directed attack, the attacker intends harm to specific computers, perhaps at one organization (think
of attacks against a political organization) or belonging to a specific individual (think of trying to drain a
specific person’s bank account, for example, by impersonation). Another class of directed attack is against
a particular product, such as any computer running a particular browser.
Ø Threats are caused both by human and other sources.
Ø Threats can be malicious or not.
Ø Threats can be targeted or random.
Advanced Persistent Threat !
3. Harms
Harm = the negative consequence of an actualized threat
How to derive value of a harm?
Risk and its management
• Risk management = a process aimed at choosing what threats to mitigate and how; involves
choosing which threats to control and what resources to devote to protection.
• How many threats do exist? Practically unlimited
o Not all threats can be tackled (too many, too expensive)
4
