History of Computer Security

Question 1

what are the common themes of computer security?

Answer 1

• memory protection
• authentication and authorization
• threat detection and modelling
• countermeasures
• Linux commands

Question 2

What was the main development in the 40s?

Answer 2

the first electronic computers, built from vacuum tubes or relays

Question 3

what were the security issues of the 40s?

Answer 3

secrecy was paramount, there were a small group of trusted operators whose values aligned

Question 4

What are the 3 biggest developments of the 50s?

Answer 4

• General purpose machines,
• Von Neumann machines,
• Commercial computing,
• IBM 700 series
• Batch processing,
• Early traces of OS

Question 5

What changed about security with the introduction of Von Neumann machines?

Answer 5

Rogue programs can now overwrite data and code

Question 6

What were 3 security issues that were relevant in the 50s?

Answer 6

• no user authentication
• operators had to be trusted
• diminished sense of secrecy and value alignment

Question 7

What operating systems were released in the 60s?

Answer 7

Multics (designed with security in mind)

Unix (then: UNICS), a stripped down version of Multics

Question 8

What 2 reports were published in the 60s?

Answer 8

The Ware Report and the Rand Report

Question 9

What categories of threats did the Ware report identify?

Answer 9

• files
• enables by lack of or weak access control
• leading to subversion of the monitor
• unauthorized use

Question 10

What is the Origin of Trusted Computing Base idea?

Answer 10

Critical security functions (in particular the software handling the “interrupts” that transfer control from user programs to the monitor) should be embedded
in relatively small amounts of code.

Question 11

What did the ware report cause?

Answer 11

The start of the Rand report task force

Question 12

What requirements did the Rand report identify?

Answer 12

Central processor must provide some or all of the following mechanisms:

• user/process/memory isolation
• supervisory software protection
• hardware controlled supervisor states
• assurance against unanticipated conditions

Question 13

What was the 70s the age of?

Answer 13

The Mainframe

Question 14

What happened in the 70s for security for military and classified applications?

Answer 14

• the Anderson report
• Multi-Level Security (MLS)
• Bell LaPadula model

Question 15

What happened in the 70s for security for non-classified but sensitive applications?

Answer 15

• public research on cryptography
• privacy legislation
• statistical database security

Question 16

What was the Anderson report?

Answer 16

a panel installed by the USAF to investigate solutions

Question 17

what were the 3 types of security violations defined by the Anderson report?

Answer 17

confidentiality, integrity, availability

Question 18

what are the 2 main technical contributions of the Anderson report?

Answer 18

formal security models and access control

Question 19

Define Access Control Mechanism

Answer 19

Hardware, software, and procedural checks that validate a user’s rights

Question 20

Define Reference Monitor

Answer 20

The notion that all references by any program to nay program, data, or device are validated against a list of authorized types of reference based on user and/or program function.

Question 21

Define Reference Validation Mechanism

Answer 21

the combination of hardware and software that implements the reference monitor concept. Also referred to as security kernel.

Question 22

What are the requirements for reference validation mechanisms?

Answer 22

1. tamper proof - impossible to tamper with the mechanism
2. completeness - mechanism must always be invoked
3. verifiability - mechanism must be small enough to be subject to analysis and tests, the completeness of which can be assured.

Question 23

What are the 8 Saltzer and Schroeder Principles?

Answer 23

1. Economy of mechanism
2. fail - safe defaults
3. complete mediation
4. open design
5. least privilege
6. least common mechanism
7. separation of privilege
8. ease of use

Question 24

What were the 80s the age of?

Answer 24

The PC

Question 25

What was the first computer virus?

Answer 25

Brain (1986)

Question 26

What 6 vulnerability axes did Bishop propose?

Answer 26

• nature
• time of introduction
• exploitation domain
• effect domain
• minimum number
• source

Question 27

What were the security issues of the 90s?

Answer 27

• crypto wars
• popularization of buffer overflow attacks
• java as a network-centred language
• trusted computing, DRM

Question 28

What were the security issues of the 2000s?

Answer 28

• e-commerce has evolved without PKIs
• problems shifting from OS to applications
• security controls moving to application layer
• security of end systems managed by the user

Question 29

What are assets?

Answer 29

hardware, software, data, people, processes, reputation, etc. value is subjective and based on the owners perspective.

Question 30

What is the attack surface?

Answer 30

A conceptualization of how you can be attacked. “all entry points available to the attacker”