Security

Security
An Introduction

Prof. David Bernstein
James Madison University

Computer Science Department

bernstdh@jmu.edu

Security Concepts

Asset:
- A valuable component in a system (that should be protected)
Vulnerability:
- An aspect of a system that can be exploited to cause loss/harm (e.g. a weak password system)
Threat:
- Circumstances that have the potential to cause loss or harm (e.g., gaining unauthorized access)
Adversary (a.k.a. Attacker):
- An individual that has the potential to exploit a vulnerability
Attack/Exploit:
- A possible realization of a threat resulting from the exploitation of a vulnerability by an adversary (e.g., impersonation of an authorized user)
Incident:
- A particular instance of an attack (e.g., the break-in at JMU in AY1415)
Mitigation/Countermeasure:
- An action taken that reduces the likelihood of an attack or the number/extent of attacks

Categories of Loss/Harm - CIA

Categories of Threats - STRIDE

STRIDE (cont.)

Overlap?
- The categories don't seem to be disjoint (e.g., spoofing can be seen as a repudiation threat or an elevation of privelege threat)
Conceptually Confused?
- Threats and harms/losses seem to be intermingled (e.g., an elevation of privelege can result in tampering)

Categories of Threats - IIMF

IIMF vs. STRIDE

What about Repudiation:
- Is considered modification or fabrication in IIMF
What about Spoofing:
- Is considered a horizontal privelege change in IIMF (i.e., the attacker assumes the identity of a user with equal priveleges) that is obtained for another purpose
Elevation of Privelege:
- Is considered a vertical privelege change in IIMF that is obtained for another purpose

Categories of Mitigations/Countermeasures

Identification and Authentication:
- Ensure that a user provides an identity and determine that it is legitimate
Authorization/Access Control:
- Ensure that the user is permitted to use an asset
Logging/Auditing:
- Ensure that users can't deny that they have used an asset
Asset Hiding:
- Hide assets (e.g., using encryption)
Intrusion Detection:
- Detect (usually in real-time) identification, authentication, authorization failures

Vulnerabilities Arise During All Phases of the Software Process

Project Planning Examples:
- Inadequate risk management
- Inadequate resource allocation
Product Design Examples:
- A GUI that encourages "bad behavior"
- Ease of use vs. security tradeoffs
Engineering Design Examples:
- Failure to consider capture-and-replay attacks
- Failure to consider covert timing channels
Implementation Examples:
- API/Protocol abuse
- Error handling vulnerabilities
- Input validation vulnerabilities
Deployment, Support and Maintenance Examples:
- Network configuration vulnerabiltiies
- Missing patches/updates

Some Additional Security Concepts

Trust:
- One party (the trustor) is willing to rely on the actions of another party (the trustee)
Tainted Data:
- Data from an untrusted source or derived from data from an untrusted source
Sanitization:
- Ensuring that data confroms to a set of constraints (usually provided by the "consumer" of the data)