Information security
1. The process of preventing and detecting unauthorised use of your information.
2. The science of guarding information systems and assets against malicious behaviours of intelligent adversaries.
3. Security vs. reliability
Examples of malicious behaviour
1. Fraud: deceiving to get money, goods or service. 欺诈
2. Theft: stealing from a person or a place. 盗窃
3. Terrorism: causing damage, disruption and intimidation. 恐怖主义
4. Vandalism: damaging or destroying, deliberately and for no good reason. 无故破坏
5. Espionage: stealing info or (commercial) secrets by a spy. 间谍
6. Sabotage: causing damage/destruction to gain advantage. 竞争破坏
Types of security violations
1. unauthorised information release; 信息发布
2. unauthorised information modification; 信息修改
3. unauthorised denial of use. 拒绝使用
authorised” or “unauthorised” defined by the security policy
Why security violations occur:
1. Inadequate physical controls. 物理 比如门禁 监控
2. Inadequate controls within the computer system. 计算机系统
Example: unauthorised information release
An unauthorised user reads and copies encrypted passwords from a password file
Then he/she may be able to decrypt passwords offline using brute force (thereby bypassing methods to prevent on-line password cracking).暴力破解是一种尝试所有可能的密码组合,直到找到正确密码的方法。由于这种破解尝试是在攻击者的系统上进行的,而不是直接针对目标系统,因此它可以绕过目标系统上可能存在的防止在线密码破解的措施,如账户锁定策略或登录尝试限制。
Example: unauthorized information modification
An unauthorised user changes the password file:
1. might then insert a new entry in the password file (a “backdoor”) and
2. subsequently be authenticated by the system;
3. might simply change the root password.
插入后门 更改root密码使用权限高的账户来执行任何操作。
Goals for computer security
1. Confidentiality - prevention of unauthorised information release (info is accessible only to authorised user); 防止发布release 确保信息仅对经过授权的用户和实体可见
2. Integrity - prevention of unauthorised information modification; 防止修改modification
3. Availability - authorised users should not be prevented from accessing to info and associated assets when required; 不阻止授权用户正常访问
Confidentiality
1. Confidentiality is about preventing unauthorised users reading information to
which they are not entitled.
2. Traditionally, the notions of security and confidentiality are often confused, e.g.
In a military environment, security was traditionally associated with keeping
information secret, e.g. by using ciphers to protect communicated information.
3. Variants of confidentiality:
1. anonymity, copy protection, information flow control, unlinkability, unobservabability, ...
security > Confidentiality 后者只是前者之一
Integrity
1. In the context of computing: preventing unauthorised users writing information
to which they are not entitled.
2. In a general context: ensuring that the system state has not been modified by
those not authorised to do so.例如,在服务器管理中,只有授权的系统管理员才能进行系统更新和配置更改。
3. In the context of data communication: detection of modifications to transmitted data.
Availability
1. Availability can be defined as ensuring that the services provided by a system
are accessible on demand by an authorised entity. 按需访问
2. Availability covers areas beyond the normal scope of security, e.g., fault-
tolerant computing.
Fault-tolerance is beyond the scope of this subject.
3. For the purposes of security we are primarily concerned with preventing denial
of service attacks by unauthorised entities.
e.g., Internet ’flooding’ attacks, where the attacker(s) overwhelm a server by
sending it large numbers of connection requests.
Additional security goals
1. Authentication:
the process of verifying an identity claimed by or for a system entity
example potential authentication protocol: Kerberos protocol 一种广泛使用的网络认证协议,它使用加密技术来允许实体在一个不安全的网络环境中安全地证明自己的身份。Kerberos依赖于密钥中心来分发“票证”,这些票证用于在网络上进行身份验证。
2. Access control (Authorisation):
protection of system resources against unauthorised access
example: ACL 是一种用于定义哪些用户或系统进程可以访问或执行特定文件系统对象的列表。每个对象都有一个与之关联的权限列表,指定哪些用户或组可以执行读取、写入或执行操作。
3. Non-repudiation:
protection against false denial of involvement in a communication
Vulnerability
1. A vulnerability is a flaw in the design or implementation of a computer system
that could lead to a security violation.
2. Examples include:
program bugs; 软件中的编程错误可能导致安全漏洞。例如,缓冲区溢出错误可能允许攻击者执行任意代码。
configuration errors; 不当的系统或应用程序配置可能暴露安全漏洞。例如,一个错误配置的防火墙可能允许不必要的网络流量。
poor choice of passwords;
flawed management of passwords.例如,密码重用、未定期更换密码或未加密存储密码都可能增加安全风险。
3. A vulnerability represents a threat to the security of a system.
Vulnerability (cont’d)
1. A vulnerability might be exploited by an attacker to create a security violation:
The attacker must know about the vulnerability:
if an attacker doesn’t know of the existence of a potential buffer overrun in a
program, then the attacker cannot exploit this vulnerability.
2. The attacker must be able to exploit the vulnerability:
if the computer system can detect buffer overruns at run-time then the vulnerability cannot be exploited
Personal data
1. What personal data can reveal?
1. Shopping habits, family status, career, health, finances, sports/hobbies, etc.
2. Our data is everywhere and computers are good at collecting it:
1. Bank: transfers, investments, credit card purchases, taxes.
2. Telephone: source/destination, time, location.
3. Shopping/travel: from (online) shops, loyalty programs.
4. Entertainment: movies watched online.
2. Valuable to sales departments, agencies, employers, ...
1. but all for criminals
3. Risks: Surveillance, Limitation of Privacy, “Right to be forgotten”, ..
4. Limitations: Regulation vs Self-Regulation
An example: e-voting
1. Potentially a win-win situation for Citizens and Government:
1. efficiency gain
2. cost reduction
3. service improvement
1. Security considerations:
1. How will the system ensure that only registered voters vote?
2. How will it ensure that each voter can only vote once?
3. How does the system ensure that votes are not later changed and are correctly counted?
4. How are votes kept private and identities secret?
5. System availability? Functional correctness?
Information security analysis
1. Key elements
1. Assets: what we want to protect
1. Hardware, Software, Data, User
2. Vulnerability: a weakness that could be exploited to cause harm.
3. Threat: a set of circumstances that could cause harm.
4. An attack is performed exploiting a vulnerability of the system.
5. Countermeasure: action, device, procedure, or technique that remove or reduce a vulnerability.
Example: Confidentiality
1. Asset: E-mail message
2. Vulnerability: E-mail is not a letter but rather a post card 传统的电子邮件传输方式类似于明信片,消息在传输过程中未加密,因此任何人拦截到邮件都可以阅读其内容。
3. Threat: Everyone can read it along the way! (interception)
4. Countermeasures:
1. protect the communication (network security)
2. protect the message content (encryption)
Example: Integrity
1. Asset: financial records (bank transfer)
2. Vulnerability:
1. a defective software component allows unauthorized insider users to read and write
records from the database
3. Threat:
1. the payment amount can be changed (Modification)
2. an unauthorized payment can be generated (Fabrication)
4. Countermeasures:
1. protect the integrity of the records (digital signature)
2. protect the access to the system (access control)
Example: Availability
1. Asset: online store (Communication with a server)
2. Vulnerability:
1. there is no limit to the number of parallel transactions a user can begin
3. Threat:
1. denial of service (Interruption)
4. Countermeasures:
1. Authenticate the user and do not allow beginning a new transaction unless the
previous one is terminated or aborted (secure software engineering)
2. Limit the number of incoming connections from the same network address
(network security)
Security: Intuitive strategies
1. Prevention: take measures that prevent your assets from being damaged
1. E-commerce as example: encrypt your orders, rely on the merchant to perform
checks on the caller, don’t use internet (?⌣¨ )...
2. Detection: take measures so that you can detect when, how and by whom an
asset has been damaged.
1. An unauthorised transaction appears on your credit card statement!
3. Reaction: take measures so that you can recover your assets or to recover from
a damage to your assets.
1. Complain, ask for a new card number, etc.
Risk assessment
1. The challenge for the IT and Operations managers in this type of environment is
to:
1. properly analyse the threats to and vulnerabilities of an information system,
2. identify the potential impact that the loss of information or capabilities of a system
would have on the business, and, based upon these analyses,
3. identify appropriate and cost-effective counter-measures.
1. There are a number of ways of judging the security features of a computer
system:
1. can the operating system and hardware implement memory protection?
2. is it possible to identify authorised users?
3. is it possible to define and enforce a discretionary security policy?
4. is it possible to define and enforce a mandatory security policy?
5. is it possible to store and protect audit information?
6. can it be proved that the system meets the above requirements?
Tackling an information protection problem
1. Drawing up a threat model via security requirement analysis.
2. Formulating a suitable security policy modelling what ought to be protected.
3. Implementing specific protection mechanisms to enforce the policy.
Threat model
1. Identify assets to be protected and their value.
2. Identify vulnerabilities, threats and risk priorities.
3. Identify legal and contractual requirements.
Security policy
1. Which activities are or are not authorised, which states are or are not required,
and which information flows are or are not prohibited.
2. Precise and even formal definition of such protection goals; can be procedural
instructions for employees.
3. Should be well documented and followed.
Protection mechanism
1. Hardware protection mechanisms.
2. Secure operating systems.
3. Secure coding.
4. Capabilities and access control lists.
5. End user security training.
6. Response to breaches.