Security Concepts
- Asset:
- A valuable component in a system (that should be protected)
- Vulnerability:
- An aspect of a system that can be exploited to cause
loss/harm (e.g. a weak password system)
- Threat:
- Circumstances that have the potential to cause loss or harm
(e.g., gaining unauthorized access)
- Adversary (a.k.a. Attacker):
- An individual that has the potential to exploit a
vulnerability
- Attack/Exploit:
- A possible realization of a threat resulting from the
exploitation of a vulnerability by an adversary
(e.g., impersonation of an authorized user)
- Incident:
- A particular instance of an attack
(e.g., the break-in at JMU in AY1415)
- Mitigation/Countermeasure:
- An action taken that reduces the likelihood of an attack or
the number/extent of attacks
Categories of Loss/Harm - CIA
- Confidentiality/Secrecy:
- The improper disclosure of information
- Integrity:
- The improper modification of information
- Availability:
- The improper denial of access to services
Categories of Threats - STRIDE
- Spoofing:
- Impersonation (i.e., false authentication)
- Tampering:
- Improper modification of information
- Repudiation:
- Information Disclosure:
- Improper disclosure of information
- Denial of Service:
- Elevation of Privelege:
- Capabilities without authorization
STRIDE (cont.)
- Overlap?
- The categories don't seem to be disjoint (e.g., spoofing can
be seen as a repudiation threat or an elevation
of privelege threat)
- Conceptually Confused?
- Threats and harms/losses seem to be intermingled
(e.g., an elevation of privelege can result in tampering)
Categories of Threats - IIMF
- Interception:
- Improper disclosure of information
- Interruption:
- Modification:
- Improper modification of information
- Fabrication:
- Improper creation of data
IIMF vs. STRIDE
- What about Repudiation:
- Is considered modification or fabrication in IIMF
- What about Spoofing:
- Is considered a horizontal privelege change in IIMF (i.e., the
attacker assumes the identity of a user with equal priveleges)
that is obtained for another purpose
- Elevation of Privelege:
- Is considered a vertical privelege change in IIMF
that is obtained for another purpose
Categories of Mitigations/Countermeasures
- Identification and Authentication:
- Ensure that a user provides an identity and determine that
it is legitimate
- Authorization/Access Control:
- Ensure that the user is permitted to use an asset
- Logging/Auditing:
- Ensure that users can't deny that they have used an asset
- Asset Hiding:
- Intrusion Detection:
- Detect (usually in real-time) identification, authentication,
authorization failures
Vulnerabilities Arise During All Phases of the Software Process
- Project Planning Examples:
- Inadequate risk management
- Inadequate resource allocation
- Product Design Examples:
- A GUI that encourages "bad behavior"
- Ease of use vs. security tradeoffs
- Engineering Design Examples:
- Failure to consider capture-and-replay attacks
- Failure to consider covert timing channels
- Implementation Examples:
- API/Protocol abuse
- Error handling vulnerabilities
- Input validation vulnerabilities
- Deployment, Support and Maintenance Examples:
- Network configuration vulnerabiltiies
- Missing patches/updates
Some Additional Security Concepts
- Trust:
- One party (the trustor) is willing to rely on the actions
of another party (the trustee)
- Tainted Data:
- Data from an untrusted source or derived from data from an
untrusted source
- Sanitization:
- Ensuring that data confroms to a set of constraints
(usually provided by the "consumer" of the data)
There's Always More to Learn