# Introduction to Computer Security
## Lecture Set 1

## What is Computer Security?
### (We academics love our definitions)

The **NIST Computer Security Handbook** deﬁnes computer security as:

- "The protection afforded to an automated information system in order to 
attain the applicable objectives of preserving the integrity, availability and 
conﬁdentiality of information system resources"
    - This includes hardware, software, ﬁrmware, information, data, and telecommunications 
(among others that might not be listed)

## Challenges in Computer Security

- Computer security is not as simple as it might ﬁrst appear
- Attackers only need to ﬁnd a single weakness, the engineer needs to ﬁnd all weaknesses
- Users and system managers tend to not see the beneﬁts of security until a failure occurs
- Potential attacks on the security features must be considered
- Procedures used to provide particular services are often counterintuitive
- Physical and logical placement needs to be determined
- Security requires regular and constant monitoring (at high cost)
- Often an afterthought to be incorporated into a system after the design is complete
- Additional algorithms or protocols may be involved (complexity, distribution of "secret" information to users)
- Thought of as an impediment to eﬃcient and user-friendly operation

![Slide 5](attachment:slide_5.png)

## The CIA Triad
### (which has little to do with the Central Intelligence Agency)

### The CIA Triad (2)

- Conﬁdentiality
    - Preserving authorized restrictions on information access and disclosure, including means for 
protecting personal privacy and proprietary information. A loss of conﬁdentiality is the unauthorized 
disclosure of information.

- Integrity
    - Guarding against improper information modiﬁcation or destruction, including ensuring information 
non-repudiation and authenticity. A loss of integrity is the unauthorized modiﬁcation or destruction of 
information.

- Availability
    - Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of 
access to or use of information or an information system

Note: the CIA Triad is a balancing act. As soon as we emphasise one category, we 
sacriﬁce elements of the others. Meaning, we can't have high conﬁdentiality and 
also high availability; those two things are mutually exclusive.

![Slide 7](attachment:slide_7.png)

## Assets of Computing Systems

- Hardware
    - Including computer systems and other data processing, data storage, and data 
communications devices

- Software
    - Including the operating system, system utilities, and applications

- Data
    - Including ﬁles and databases, as well as security-related data, such as password ﬁles

- Communication and Networks
    - Local and wide area network communication links, bridges, routers, and so on.

## Vulnerabilities, Threats and Attacks

- Categories
    - Leaks (loss of *conﬁdentiality*)
    - Corruption (loss of *integrity*)
    - Unavailable or slow (loss of *availability*)

- Threats
    - Things that are capable of exploiting a vulnerability

- Attacks (executed threats)
    - Passive
        - An attempt to learn or make use of information from the system that does not affect system resources
    - Active
        - An attempt to alter system resources or affect their operation
    - Insider
        - Initiated by an entity inside the security perimeter or an authorized user
    - Outsider
        - Initiated from outside the perimeter or an illegitimate user

## Countermeasures

Some means to deal with a security attack:
- Prevent
- Detect
- Recover

Countermeasures are also not without their own issues:
- May not fully neutralize threats
- May introduce their own vulnerabilities
- Ultimately, only used to minimize risk

![Slide 11](attachment:slide_11.png)

![Slide 12](attachment:slide_12.png)

## Passive and Active Threats

- Passive
    - Attempts to learn about system without affecting resources
    - Can consist of eavesdropping or monitoring

- Active
    - Attempts to affect system resources or operations
    - Typically involve some modiﬁcation of data or falsifying data
    - Four categories:
        - Replay
        - Masquerade
        - Modiﬁcation of Messages
        - Denial of Service (DoS)

## Design Principles

These are also good general software engineering principles!

- Economy of Mechanism
- Fail-Safe Defaults
- Complete Mediation
- Open Design
- Separation of Privilege
- Least Privilege
- Least Common Mechanism
- Psychological Acceptability
- Isolation
- Encapsulation
- Modularity
- Layering
- Least Astonishment

### Slide 15

Attack Surfaces

Consist of the reachable and exploitable vulnerabilities in a system

- Examples:
    - Open ports
    - Services within a ﬁrewall
    - Interpretive code (eg. XML, PHP, Oﬃce Docs)
    - Interfaces (eg. SQL, web forms)
    - People! (eg. social engineering)

![Slide 16](attachment:slide_16.png)

## Attack Surfaces, ctd.

Consider an automated teller machine (ATM) at a typical bank:

- In order of priority (high, medium, low) where each priority level has one item, how would you design an ATM machine using the CIA triad?
    - Which item should have a high priority?
    - Which item should have a medium priority?
    - Which item should have a low priority?
    - **Why did you choose** these priority levels?

Remember, you *cannot* make everything a high priority. You must make 
choices based on your design. What are the problems with your design? 
Would changing priorities ﬁx your problems? What problems might be 
introduced by changing priorities?

![Slide 18](attachment:slide_18.png)