L16: Security Engineering Flashcards

1
Q

What is security engineering?

A

Security engineering is concerned with how to develop systems that can resist malicious attacks.

The tools, techniques and methods to support the development and maintenance of systems that can resist malicious attacks intended to damage a computer-based system or its data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is security?

A

A system property that reflects the system’s ability to protect itself from accidental or deliberate external attack.

Security is important. Most systems are networked so that external access to the system through the network is possible.

Security is an essential pre-requisite for availability, reliability and safety.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is an asset?

A

Something of value which has to be protected. The asset may be the software system itself or data used by that system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an attack?

A

An exploitation of a system’s vulnerability. Generally, this is from outside the system and is a deliberate attempt to cause some damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a control?

A

A protective measure that reduces a system’s vulnerability. Encryption is an example of a control that reduces a vulnerability of a weak access control system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is exposure?

A

Possible loss or harm to a computing system. This can be loss or damage to data, or can be a loss of time and effort if recovery is necessary after a security breach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a threat?

A

Circumstances that have potential to cause loss or harm. You can think of these as a system vulnerability that is subjected to an attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is vulnerability?

A

A weakness in a computer-based system that may be exploited to cause loss or harm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is confidentiality in security?

A

Information in a system may be disclosed or made accessible to people or programs that are not authorised to have access to that information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is integrity in security?

A

Information in a system may be damaged or corrupted making it inconsistent or unreliable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is availability in security?

A

Access to a system or its data, which is normally available, may not be possible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the levels of security in an organisation?

A
  1. Infrastructure security
  2. Application security
  3. Operational security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is infrastructure security?

A

Infrastructure security is concerned with maintaining the security of all systems and networks that provide an infrastructure and a set of shared services to the organisation.

Infrastructure security is a systems management problem where the infrastructure is configured to resist attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is application security?

A

Application security is concerned with the security of individual application systems or related groups of systems.

Application security is a software engineering problem where the system is designed to resist attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is operational security?

A

Operational security is concerned with the secure operation and use of the organisation’s systems.

Operational security is primarily a human and social issue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are some types of security threats?

A

Interception threats allow an attacker to gain access to an asset. Threat to confidentiality.

Interruption threats allow an attacker to make part of the system unavailable. Threat to availability.

Modification threats allow an attacker to tamper with a system asset. Threat to integrity.

Fabrication threats allow an attacker to insert false information into a system. Threat to integrity.

17
Q

What is vulnerability avoidance?

A

The system is designed so that vulnerabilities do not occur.

For example, if there is no external network connection then external attack is impossible

18
Q

What is attack detection and elimination?

A

The system is designed so that attacks on vulnerabilities are detected and
neutralised before they result in an exposure.

For example, virus checkers find and remove viruses before they infect a system

19
Q

What is exposure limitation and recovery?

A

The system is designed so that the adverse consequences of a successful attack are minimised.

For example, a backup policy allows damaged information to be restored.

20
Q

What are 3 methods of security assurance?

A
  1. Vulnerability avoidance
  2. Attack detection and elimination
  3. Exposure limitation and recovery
21
Q

How are threats to security and dependability linked?

A

Security and reliability
E.g. corrupted data

Security and availability
E.g. denial of service attack

Security and safety
Example problem: corrupted code or data

Security and resilience
Example problem: a cyberattack on a networked system

22
Q

How should organisations view security?

A
  • Security is expensive. It is important that security decisions are made in a cost-effective way.
  • Organisations use a risk-based approach to support security decision making.
  • Should have a defined security policy based on security risk analysis.
  • Security risk analysis is a business rather than a technical process.
23
Q

What should organisational security policies do?

A
  • Security policies should set out information access strategies that should apply across the organisation
  • The purpose of security policies is to inform everyone in an organisation about security
  • So these should not be long and detailed technical documents
  • The security policy defines, in broad terms, the security goals
    of the organisation
  • The security engineering process is concerned with implementing these goals
24
Q

What security policies should organisations have?

A

Organisations should have security policies on:

  • the assets that must be protected
  • the level of protection that is required for different types of asset
  • the responsibilities of individual users, managers and the organisation
  • existing security procedures and technologies that should be maintained
25
Q

What are some security requirements?

A

Risk avoidance requirements
Risk detection requirements
Risk mitigation requirements

26
Q

What are risk avoidance requirements?

A

They set out the risks that should be avoided by designing the system so that these risks simply cannot arise.

27
Q

What are risk detection requirements?

A

They define mechanisms that identify the risk if it arises and neutralise the
risk before losses occur.

28
Q

What are risk mitigation requirements?

A

They set out how the system should be designed so that it can recover from and restore system assets after some loss has occurred (recovery strategies).

29
Q

What are some types of security requirements?

A
  • Identification
  • Authentication (password, biometrics)
  • Authorisation (determine permissions, access levels)
  • Immunity (resistance to attacks)
  • Integrity (data is accurate)
  • Intrusion detection (breach identification and response)
  • Non-repudiation (evidence of actions, proof)
  • Privacy (safeguarding sensitive info)
  • Security auditing (validating security measures)
  • System maintenance security
30
Q

How can we ensure secure system design?

A

Security should be designed into a system. It is very difficult to make an insecure system secure after it has been designed and implemented. Should be accounted for during all stages of the development process.

Architectural design should include security considerations.

Good design practices

31
Q

What are some design compromises for security?

A

Adding security features to a system to enhance its security affects other attributes of the system.

Performance- Additional security checks slow down a system so its response time
or throughput may be affected

Usability- Security measures may require users to remember information or require additional interactions to complete a transaction. Can make the system less usable and frustrate system users.

32
Q

How do we include security in architecture design?

A

Protection
- How should the system be organised so that critical assets can be protected
against external attack?

Distribution
- How should system assets be distributed so that the effects of a successful attack are minimised?

Key issues in designing a secure systems architecture include organising the system structure to protect key assets and distributing the system assets to minimise the losses from a successful attack

These can be conflicting- if assets are distributed, then they are more expensive to protect. If assets are protected, then usability and performance requirements may be compromised.

33
Q

What are the protection levels?

A

Layered protection architecture

Platform-level protection
- Top-level controls on the platform on which a system runs

Application-level protection
- Specific protection mechanisms built into the application itself such as additional password protection

Record-level protection
- Protection that is invoked when access to specific information is requested

34
Q

What is distribution in security?

A
  • Distributing assets means that attacks on one system do not necessarily lead to complete loss of system service
  • Each platform can have separate protection features and may be different from other platforms so that they do not share a common vulnerability
  • Distribution is particularly important if the risk of denial of service attacks is high
35
Q

What are some design guidelines for security?

A
  • Base security decisions on an explicit policy
  • Avoid single point of failure
  • Fail securely
  • Consider balance between security and usability
  • Reduce risks with redundancy and diversity
  • Design for deployment and recoverability
  • Compartmentalise assets
36
Q

What is security testing?

A

Testing the extent to which the system can protect itself from external attacks.

37
Q

What are some challenges of security testing?

A

Security validation is difficult because security requirements state what should not happen in a system, rather than what should.

It is not usually possible to define security requirements as simple constraints that can be checked by the system.

Attackers look for vulnerabilities and can experiment to discover weaknesses and loopholes in the system.

38
Q

What are security threats?

A

Security threats can be threats to confidentiality, integrity or availability of a system and/or its data.