- Forward


Security
An Introduction


Prof. David Bernstein
James Madison University

Computer Science Department
bernstdh@jmu.edu

Print

Security Concepts
Back SMYC Forward
  • Asset:
    • A valuable component in a system (that should be protected)
  • Vulnerability:
    • An aspect of a system that can be exploited to cause loss/harm (e.g. a weak password system)
  • Threat:
    • Circumstances that have the potential to cause loss or harm (e.g., gaining unauthorized access)
  • Adversary (a.k.a. Attacker):
    • An individual that has the potential to exploit a vulnerability
  • Attack/Exploit:
    • A possible realization of a threat resulting from the exploitation of a vulnerability by an adversary (e.g., impersonation of an authorized user)
  • Incident:
    • A particular instance of an attack (e.g., the break-in at JMU in AY1415)
  • Mitigation/Countermeasure:
    • An action taken that reduces the likelihood of an attack or the number/extent of attacks
Categories of Loss/Harm - CIA
Back SMYC Forward
  • Confidentiality/Secrecy:
    • The improper disclosure of information
  • Integrity:
    • The improper modification of information
  • Availability:
    • The improper denial of access to services
Categories of Threats - STRIDE
Back SMYC Forward
  • Spoofing:
    • Impersonation (i.e., false authentication)
  • Tampering:
    • Improper modification of information
  • Repudiation:
    • Denial of past behavior
  • Information Disclosure:
    • Improper disclosure of information
  • Denial of Service:
    • Reduced availability
  • Elevation of Privelege:
    • Capabilities without authorization
STRIDE (cont.)
Back SMYC Forward
  • Overlap?
    • The categories don't seem to be disjoint (e.g., spoofing can be seen as a repudiation threat or an elevation of privelege threat)
  • Conceptually Confused?
    • Threats and harms/losses seem to be intermingled (e.g., an elevation of privelege can result in tampering)
Categories of Threats - IIMF
Back SMYC Forward
  • Interception:
    • Improper disclosure of information
  • Interruption:
    • Reduced availability
  • Modification:
    • Improper modification of information
  • Fabrication:
    • Improper creation of data
IIMF vs. STRIDE
Back SMYC Forward
  • What about Repudiation:
    • Is considered modification or fabrication in IIMF
  • What about Spoofing:
    • Is considered a horizontal privelege change in IIMF (i.e., the attacker assumes the identity of a user with equal priveleges) that is obtained for another purpose
  • Elevation of Privelege:
    • Is considered a vertical privelege change in IIMF that is obtained for another purpose
Categories of Mitigations/Countermeasures
Back SMYC Forward
  • Identification and Authentication:
    • Ensure that a user provides an identity and determine that it is legitimate
  • Authorization/Access Control:
    • Ensure that the user is permitted to use an asset
  • Logging/Auditing:
    • Ensure that users can't deny that they have used an asset
  • Asset Hiding:
    • Hide assets (e.g., using encryption)
  • Intrusion Detection:
    • Detect (usually in real-time) identification, authentication, authorization failures
Vulnerabilities Arise During All Phases of the Software Process
Back SMYC Forward
  • Project Planning Examples:
    • Inadequate risk management
    • Inadequate resource allocation
  • Product Design Examples:
    • A GUI that encourages "bad behavior"
    • Ease of use vs. security tradeoffs
  • Engineering Design Examples:
    • Failure to consider capture-and-replay attacks
    • Failure to consider covert timing channels
  • Implementation Examples:
    • API/Protocol abuse
    • Error handling vulnerabilities
    • Input validation vulnerabilities
  • Deployment, Support and Maintenance Examples:
    • Network configuration vulnerabiltiies
    • Missing patches/updates
Some Additional Security Concepts
Back SMYC Forward
  • Trust:
    • One party (the trustor) is willing to rely on the actions of another party (the trustee)
  • Tainted Data:
    • Data from an untrusted source or derived from data from an untrusted source
  • Sanitization:
    • Ensuring that data confroms to a set of constraints (usually provided by the "consumer" of the data)
There's Always More to Learn
Back -