![Page 1: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/1.jpg)
Security Mechanisms
University of Sunderland
CSEM02
Harry R. Erwin, PhD
![Page 2: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/2.jpg)
Resources
• The Common Criteria
• The ‘Orange Book’
• CCTool
• See the Multics paper.
![Page 3: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/3.jpg)
Basic Rules of Security
• Concentrate valuable assets• Defense in depth• Coordinate all aspects of security
– Software– Hardware– Physical– Procedural
We will examine software security mechanisms first and then survey the other areas.
![Page 4: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/4.jpg)
Definition
• A security mechanism is ‘a hardware or software component, system, or product that supports one or more security objectives.’
• Another term that might be applied is a ‘security service.’
• “The function of a security mechanism is to detect, prevent, or recover from a security attack (William Stallings).”
![Page 5: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/5.jpg)
Typical Security Mechanisms
• Identification and Authentication• Access Control• Audit• Firewalls• Intrusion Detection• Cryptography and Public Key Infrastructure (PKI)• Virus Protection• Object Reuse/Media Sanitizing• Electronic Signatures
![Page 6: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/6.jpg)
Identification and Authentication
• Identifies someone to the system.• At least one of the following must be supplied:
– Something known (user name and password)
– Something owned (password token)
– Some physical characteristic (fingerprint, retinal scan, voice scan)
• Authentication is ‘weak’ if only one is supplied.• Two required for ‘strong’ authentication.
![Page 7: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/7.jpg)
Access Control
• Based on what the user is authorized to do.• ‘Discretionary access control (DAC)’ is where the
document owner controls who has access to it. This is designed for benign environments.
• ‘Mandatory access control (MAC)’ defines a security level for documents and resources. A potential user or process has to have that level.
• Commercial organizations may go further—time of day, location, task being performed.
• Should be enforced by operating system kernel.
![Page 8: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/8.jpg)
Audit
• Tracks who did what and when.• Done right, can stand up in court as
evidence.• Usually must be turned on (selectively).• May result in large audit files.• Audit trails are extremely interesting to
hackers—show what can and cannot be seen.
![Page 9: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/9.jpg)
Firewalls
• Control access to protected assets.
• Workstation firewalls are the minimum.
• Bridge/router/switch firewalls should:– Control access to TCP/IP ports selectively.– Track outgoing as well as incoming packets.– Monitor packet contents if possible.
• SOAP “bypasses corporate firewalls.” (M$)
![Page 10: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/10.jpg)
Intrusion Detection
• Must be based on documented policies for use of the system. Uses expertise.
• Can detect evidence of– Break-ins– Remote exploitation– Application-level exploitation
• Generates log files of great interest to hackers.• Does not detect one-time events
![Page 11: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/11.jpg)
Cryptography and Public Key Infrastructure (PKI)
• May support virtual private networks (VPNs) and closed user groups (CUGs) where information is sent using encrypted tunneling. Usually peer-to-peer.
• May support strong authentication.• ssh, sftp, ssl, Kerberos, PGP, etc.• Functional infrastructure required is extensive.
Distribution of keys is extremely manpower-intensive and expensive.
• PKI allows the distribution of keys ‘in-band’ (over the network).
![Page 12: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/12.jpg)
Virus Protection
• Viruses (and other malware) are the most serious vulnerability of modern computer systems. They are usually malicious.
• Many websites upload ‘malware’ when you visit them. Consider using adaware to detect these programs.
• Virus protection depends on:– Careful procedures for dealing with untrusted programs
and data.– Programs to detect the ‘signatures’ of viruses that manage
to penetrate the installation procedures.
![Page 13: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/13.jpg)
Object Reuse/Media Sanitizing
• The random bits in memory or on the disk contain information. Most operating systems do not zero these bits when they reallocate resources.
• A secure operating system zeros memory and other resources before allocating them (and often when the resources are released).
![Page 14: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/14.jpg)
Electronic Signatures
• Provide– Authentication– Data integrity– Non-repudiation
• The same legal status as a hand-written signature (Electronic Communications Act 2000)
![Page 15: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/15.jpg)
Rules for Writing Secure Software
• Least privilege—limit access rights to those necessary for the function
• Economy—keep the design simple• Complete mediation—check all accesses for
authorization• Open design—don’t hide your code!• Separation of privilege—no single key for access• Least common mechanism—isolate users• Psychological acceptability—make security easy to
use
![Page 16: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/16.jpg)
Non-Software Security Mechanisms
• Physical Security• Environmental Security• Personnel Security• Training and Security Awareness• Guidance and Policy Documentation• Configuration Management
(based on Qinetiq recommendations, Spafford et al., 2003, are similar)
![Page 17: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/17.jpg)
Physical Security
To deny unauthorized access:– Perimeter defense
– Building security
– Inner protection of the office and server rooms
– Workstation protection
![Page 18: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/18.jpg)
Perimeter defense
• Defined security perimeter
• Controlled access points
• Pass system and visitor control
• Guards during quiet hours
![Page 19: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/19.jpg)
Office Security
• Office layout and design
• Anonymity
• Location of support services
• Inventory sensitive assets
![Page 20: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/20.jpg)
Workstation Security
• Control unauthorized access
• Removable media
• Peripherals protected
• Regular inspections to verify user configuration modification has not subverted security.
![Page 21: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/21.jpg)
Environmental Security
• Natural disasters– Fire– Flood– Storm– Earthquake
• Utilities• Communications• Hardware failure
![Page 22: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/22.jpg)
Personnel Security
To ensure you can trust people with access to sensitive information and other assets. Tasks include:– Establishing identity– Verification of details– Credit checks– Maintenance of records
![Page 23: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/23.jpg)
Training and Security Awareness
• Important vulnerabilities are to – Social engineering and – Non-malicious actions by insiders
• To mitigate these vulnerabilities, the most effective approach is a training program.– Trust your people, but– Make sure they understand these vulnerabilities
and what they should do to mitigate them.
![Page 24: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/24.jpg)
Guidance and Policy Documentation
Provide:
• Administrator guidance documentation
• User guidance documentation
• Defined security policies
• Defined security procedures
![Page 25: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/25.jpg)
Configuration Management
It is difficult to secure a system whose configuration is not defined and managed.
– User software and hardware modifications to workstations may occur. (e.g., personal modems)
– Security may not be enabled.
– Security may not be managed and configured.
– Threats may not be addressed in a timely fashion.
Keep track of your configuration!
![Page 26: Security Mechanisms University of Sunderland CSEM02 Harry R. Erwin, PhD](https://reader036.vdocuments.site/reader036/viewer/2022062518/56649e985503460f94b9b9cc/html5/thumbnails/26.jpg)
Conclusions
General Principles of Security:– Concentrate valuable assets– Defense in depth– Coordinate all aspects of security
• Software
• Hardware
• Physical
• Procedural