9. Cybersecurity and Privacy

Question 1

NICE (National Initiative for Cybersecurity Education)

Answer 1

One taxonomy of computer security work, i.e., of the tasks that need to be accomplished to keep computer systems secure, is advanced by NIST’s NICE framework. The NICE framework divides computer security work into the following categories:
SECURELY PROVISION: “Securely provision. This category encompasses the tasks narrowly focused on developing software to be secure. Software development starts with system requirements planning, during which both security and privacy requirements must be defined. These are drawn from various stakeholders, such as potential customers, and may include legal and regulatory considerations.
OPERATE AND MAINTAIN
PROTECT AND DEFEND
Protecting and defending systems, as well as operating and maintaining them, involves tradeoffs between privacy and security, one of which relates to how much data is collected about how an application, a system or a network is used. Collecting more data may make it possible to detect attacks that might otherwise remain hidden and to better diagnose why a system did not perform as expected. In doing so, collecting more data may make it possible to make systems more secure, and so indirectly lower privacy risks associated with security breaches. On the other hand, collecting detailed usage information itself increases privacy risks, for example, for users whose detailed behavioral information is now stored and could be misused or lost, as well as to the organizations that take on the risks associated with safeguarding this information.
INVESTIGATE
OVERSEE AND GOVERN This category of work deals with aspects of cybersecurity work such as legal advice, executive leadership and training and education.
COLLECT, OPERATE AND ANALYSE
These two areas of work deal with the collection of “intelligence”: information about potential attackers’ capabilities, intentions and possible ongoing activities. Activities in these work areas inform activities in the other work areas. For example, if an attack seems likely, then the level of effort invested into protecting and defending might increase, or the requirements might reflect that a system needs to be constructed to be more robust to attacks.
—all of which can be thought of as focusing on a specific computer system—and analyze, oversee and govern, and collect and operate, all of which generally have a broader scope.

Question 2

Software vulnerability

Answer 2

The software bugs that an attacker can take advantage of to carry out an attack are called software vulnerabilities. Not every bug is a vulnerability.

Question 3

Buffer overflow

Answer 3

A buffer is a contiguous area in the memory used by a program. When copying data into a buffer, it is important to make sure that the data is smaller than the buffer. If the data being copied into the buffer is bigger than the buffer, and appropriate checks to detect this are not in place, then the data that does not fit in the buffer may overwrite memory immediately next to the buffer—hence the name buffer overflow. If the attacker is able to control the data being copied into memory, they may be able to choose how memory is overwritten in a way that allows them to alter the intended behavior of the program. With enough sophistication, such alterations can give attackers the ability to execute arbitrary code on the victim machine.

Question 4

Input Validation Flaw

Answer 4

Software often receives input from untrusted sources that it uses to guide its computation. For example, a search engine allows a user to type in a search string; that string is an input to the program that implements the search functionality. If this input string contains characters or sequences of characters the program is unprepared for, it might execute unexpectedly. Common types of attacks that take advantage of input-validation flaws are buffer overflow attacks, described above, and cross-site scripting (XSS) and structured query language (SQL) injection attacks.

Question 5

Cross site scripting (XSS) attack

Answer 5

XSS attacks take advantage of input-validation flaws in a website or web application to inject code into a user’s web browser, which can then take any data available to a legitimate user and send it to the attacker. XSS was allegedly responsible for a 2018 breach of the British Airways website that led to the theft of financial and personal data belonging to 380,000 customers.

Question 6

SQL Injection Attack

Answer 6

In SQL injection, specially crafted inputs, unexpected by the application, cause database queries to go awry. An SQL injection attack was responsible for the theft over 100 million debit and credit card numbers from Heartland Payment Systems in 2012, which was at the time the biggest data breach ever.

Question 7

Malware

Answer 7

Malware, malicious programs designed by the attacker. Malware is installed on a victim user’s computer either by the exploitation of a software vulnerability or at a time when the attacker has unfettered access to the computer.

Question 8

Keylogger

Answer 8

Keyloggers, for example, are a type of malware that records a user’s keystrokes, including when typing usernames and passwords.

Question 9

Rootkit

Answer 9

Malware often changes the behavior of a computer system so as to avoid being detected; such malware is commonly called a rootkit. Because they are hard to detect, rootkits can run on an infected computer for a long time, potentially stealing user information or using the computer for nefarious purposes, such as distributing spam.

Question 10

Botnet

Answer 10

Malware sometimes coordinates with command-and-control servers to put large sets of computers under the control of a single organization; such a set of computers is called a botnet, and each of the infected computers a bot.

Question 11

DDoS (Distributed Denial of Service)

Answer 11

“distributed denial-of-service (DDoS) attacks, in which the computers that are part of a botnet are instructed to connect to or interact with a victim server; if the botnet is large enough, the victim server may be overwhelmed with requests and crash.

Question 12

Misconfiguration

Answer 12

Sometimes, one of several security mechanisms is misconfigured, which doesn’t leave the system or its data completely exposed but makes it easier for an attack to succeed.

Question 13

Confidentiality

Answer 13

Confidentiality, also called secrecy, refers to keeping sensitive data away from unauthorized users, including attackers.

Question 14

Access-control list

Answer 14

“One approach for specifying access-control policy is using access-control lists (ACLs). In this approach, every object is annotated with a list of the subjects who are allowed to access it, as well as the type of access that they are allowed. The subjects could be identified individually, but they could also be consolidated into groups, such as administrators. In this case, the group name is used as the subject, and a separate specification describes which individuals belong to which groups. Modern versions of Linux generally support ACLs.

Question 15

RBAC

Answer 15

Role-based access control (RBAC), specifies who is allowed access in terms of roles. A user may be associated with a number of roles.

Question 16

ABAC & PBAC

Answer 16

Attribute-based access control (ABAC) and policy-based access control (PBAC) allow access-control policy to be specified in terms of attributes that could describe users, objects or properties of the environment. This flexibility makes it easier to translate a desired policy from the way we would naturally express it in English to a specification in the access-control system. For example, the policy “Charlie is allowed to access sensitive files related to his projects only from the corporate network, but may access nonsensitive files related to his projects from anywhere” might use roles to give Charlie access to specific projects and attribute-based rules to capture the constraint that sensitive files should be accessible only from the corporate network.

Question 17

MAC & DAC

Answer 17

Access-control systems differ by who is authorized to configure the access-control policy. In mandatory access control (MAC), policy is set by administrators; users have no ability to change the policy, even for their own data. In contrast, discretionary access control (DAC) systems allow users to change the access-control policies for the data they own.

Question 18

Federated identity management

Answer 18

Federated identity management, which is the practice of outsourcing authentication not just to a different service within an organization, but to a different organization. “Federated identity management can go beyond just authenticating users: Identity providers can also supply service providers with attributes that describe users. For example, if an identity provider knows a user’s age or nationality, it can provide this information to service providers, in addition to or even instead of the user’s name. “Federated identity management also has other advantages, for both users and service providers: Users no longer have to remember multiple sets of authentication credentials, and service providers are relieved of the burden of implementing authentication and protecting users’ authentication information. This comes with a cost, however. Every time a service provider needs to authenticate a user, the identity provider will be consulted; hence, the identity provider learns all the service providers each user visits as well as in what order, at what times of day and from what locations. This can add up to a far more detailed picture of a user’s behavior and preferences than users may be comfortable sharing with an identity provider—clearly a privacy concern.

Question 19

IdP & SP

Answer 19

In federated identity management, the service that authenticates users is called the identity provider (IdP) and the services that rely on the IdP to authenticate users are called service providers (SPs).

Question 20

Economy of mechanism

Answer 20

Economy of mechanism. A simpler mechanism is less likely to have flaws than a more complex one. Hence, all other things being equal, the simplest security mechanism that suffices for a given task is likely the best one.

Question 21

Open design

Answer 21

“Open design. A long-standing principle is that the defender should not rely on the details of their security mechanisms remaining secret from the attacker—also called security by obscurity—as a means to keep their system secure.

Question 22

Complete mediation

Answer 22

Complete mediation. Complete mediation is achieved when every avenue by which a resource can be accessed is protected by a security check. “This principle has ramifications beyond software design, too: It implies that if some information can only be accessed by authenticated and authorized users of a software, then similar restrictions should be put on how that information can be accessed if a user calls a help desk.

Question 23

Least privilege

Answer 23

“Least privilege. Echoing the economy of mechanism principle, the least-privilege principle asserts that any user, computer system or component of a computer system should have only the privileges it needs to do its job, and no more.

Question 24

Multiple layers of defense

Answer 24

Multiple layers of defense. When possible, the security of a system should be protected redundantly or with complementary mechanisms that are unlikely to be all compromised by the same attack.

Question 25

Psychological acceptability

Answer 25

“Psychological acceptability. Systems have users, and security mechanisms that make unreasonable demands on the users—on their attention, their knowledge, or their ability—are likely to fail.

Question 26

Safe defaults

Answer 26

“Safe defaults. Systems should be configured to provide security out of the box, without any intervention.