Beruflich Dokumente
Kultur Dokumente
Part I: Introduction
Introductory Security
Concepts
Outline
1.
2.
3.
4.
5.
Introduction
Security domains and policies
Security threats
Security services
Security mechanisms
1 Introduction
ISO 7498-2:
provides standard definitions of security
terminology,
provides standard descriptions for security
services and mechanisms,
defines where in OSI reference model security
services may be provided,
introduces security management concepts.
Security Life-Cycle
Model is as follows:
Policy Types
ISO 7498-2 distinguishes between 2 types of
security policy:
identity-based: where access to and use of
resources are determined on the basis of the
identities of users and resources,
rule-based: where resource access is controlled by
global rules imposed on all users, e.g. using
security labels.
3 Security Threats
A threat is:
a person, thing, event or idea which poses some danger to an
asset (in terms of confidentiality, integrity, availability or
legitimate use).
Risk
Risk is a measure of the cost of a vulnerability
(taking into account probability of a successful
attack).
Risk analysis determines whether expenditure
on (new/better) safeguards is warranted.
10
Fundamental Threats
Four fundamental threats (matching
Confidentiality, Integrity, Availability
legitimate use):
11
Information leakage,
Integrity violation,
Denial of service,
Illegitimate use.
Denial of service
Yahoo, 2/2000, 1Gbps
Information Leakage
Prince Charles mobile phone calls, 1993
Illegitimate use
Vladimir Levin, Citibank, $3.7M, 1995
12
13
Masquerade,
Bypassing controls,
Authorization violation,
Trojan horse,
Trapdoor.
Masquerade
Bypassing controls
ADSL modem passwords Illegitimate Use
Authorization violation
Cross site scripting Information Leakage
Trojan horse
PWSteal.Trojan, 1999 Information Leakage
Trapdoor
Ken Thompson, Unix login Reflections on Trusting Trust,
1975 - Illegitimate Use
14
4 Security Services
Security services in ISO 7498-2 are a special
class of safeguard applying to a
communications environment.
Hence they are the prime focus of IC3.
Computer security safeguards are covered in
IC4.
15
16
Authentication
Entity authentication provides checking of a
claimed identity at a point in time.
Typically used at start of a connection.
Addresses masquerade and replay threats.
Origin authentication provides verification of
source of data.
Does not protect against duplication or
modification of data.
GSM, web servers
17
Access Control
Provides protection against unauthorized use
of resource, including:
use of a communications resource,
reading, writing or deletion of an information
resource,
execution of a processing resource.
Remote users
18
Data Confidentiality
Protection against unauthorized disclosure of
information.
Four types:
Connection confidentiality,
Connectionless confidentiality,
Selective field confidentiality,
Traffic flow confidentiality.
Data Integrity
Provides protection against active threats to
the validity of data.
Five types:
MD5 hashes
http://www.apache.org/dist/httpd/binaries/linux/
20
Non-repudiation
Protects against a sender of data denying that
data was sent (non-repudiation of origin).
Protects against a receiver of data denying
that data was received (non-repudiation of
delivery).
Analogous to signing a letter and sending recorded
delivery
21
5 Security mechanisms
Exist to provide and support security services.
Can be divided into two classes:
Specific security mechanisms, used to provide
specific security services, and
Pervasive security mechanisms, not specific to
particular services.
22
23
encryption,
digital signature,
access control mechanisms,
data integrity mechanisms,
authentication exchanges,
traffic padding,
routing control,
notarization.
Specific Mechanisms I
Encryption mechanisms = encryption or
cipher algorithms.
Can provide data and traffic flow confidentiality.
Specific Mechanisms II
Access Control mechanisms
A server using client information to decide
whether to grant access to resources
E.g. access control lists, capabilities, security labels.
25
Notarization mechanisms
Integrity, origin and/or destination of data can be
guaranteed by using a 3rd party trusted notary.
Notary typically applies a cryptographic transformation to the
data.
26
27
trusted functionality,
security labels,
event detection,
security audit trail,
security recovery.
Pervasive Mechanisms I
Trusted functionality
Any functionality providing or accessing security
mechanisms should be trustworthy.
May involve combination of software and hardware.
Security labels
Any resource (e.g. stored data, processing power,
communications bandwidth) may have security label
associated with it to indicate security sensitivity.
Similarly labels may be associated with users. Labels may
need to be securely bound to transferred data.
28
Pervasive Mechanisms II
Event detection
Includes detection of
attempted security violations,
legitimate security-related activity.
29
Pervasive Mechanisms II
Security recovery
Includes mechanisms to handle requests to recover from
security failures.
May include immediate abort of operations, temporary
invalidation of an entity, addition of entity to a blacklist.
30
31
Service/Mechanism Table I
Service/ Mechanism
Encryption
Entity authentication
Origin authentication
Access control
Connection confidentiality
Connectionless confidentiality
Selective field confidentiality
Traffic flow confidentiality
Connection integrity with recovery
Connection integrity without recovery
Selective field connection integrity
Connectionless integrity
Selective field connectionless integrity
Non-repudiation of origin
Non-repudiation of delivery
32
Y
Y
Digital
Signature
Y
Y
Access
Control
Data
Integrity
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Y
Service/Mechanism Table II
Service Mechanism
Entity authentication
Origin authentication
Access control
Connection confidentiality
Connectionless confidentiality
Selective field confidentiality
Traffic flow confidentiality
Connection integrity with recovery
Connection integrity without recovery
Selective field connection integrity
Connectionless integrity
Selective field connectionless integrity
Non-repudiation of origin
Non-repudiation of delivery
33
Authorization
exchange
Y
Y
Y
Y
Y
Y
34
Service/Layer Table
Service / Layer
Entity authentication
Origin authentication
Access control
Connection confidentiality
Connectionless confidentiality
Selective field confidentiality
Traffic flow confidentiality
Connection integrity with recovery
Connection integrity without recovery
Selective field connection integrity
Connectionless integrity
Selective field connectionless integrity
Non-repudiation of origin
Non-repudiation of delivery
35
Layer 4
Y
Y
Y
Y
Y
Y
Y
Y
Y