L16: Security Engineering Flashcards
What is security engineering?
Security engineering is concerned with how to develop systems that can resist malicious attacks.
The tools, techniques and methods to support the development and maintenance of systems that can resist malicious attacks intended to damage a computer-based system or its data.
What is security?
A system property that reflects the system’s ability to protect itself from accidental or deliberate external attack.
Security is important. Most systems are networked so that external access to the system through the network is possible.
Security is an essential pre-requisite for availability, reliability and safety.
What is an asset?
Something of value which has to be protected. The asset may be the software system itself or data used by that system.
What is an attack?
An exploitation of a system’s vulnerability. Generally, this is from outside the system and is a deliberate attempt to cause some damage.
What is a control?
A protective measure that reduces a system’s vulnerability. Encryption is an example of a control that reduces a vulnerability of a weak access control system.
What is exposure?
Possible loss or harm to a computing system. This can be loss or damage to data, or can be a loss of time and effort if recovery is necessary after a security breach.
What is a threat?
Circumstances that have potential to cause loss or harm. You can think of these as a system vulnerability that is subjected to an attack.
What is vulnerability?
A weakness in a computer-based system that may be exploited to cause loss or harm.
What is confidentiality in security?
Information in a system may be disclosed or made accessible to people or programs that are not authorised to have access to that information
What is integrity in security?
Information in a system may be damaged or corrupted making it inconsistent or unreliable.
What is availability in security?
Access to a system or its data, which is normally available, may not be possible
What are the levels of security in an organisation?
- Infrastructure security
- Application security
- Operational security
What is infrastructure security?
Infrastructure security is concerned with maintaining the security of all systems and networks that provide an infrastructure and a set of shared services to the organisation.
Infrastructure security is a systems management problem where the infrastructure is configured to resist attacks.
What is application security?
Application security is concerned with the security of individual application systems or related groups of systems.
Application security is a software engineering problem where the system is designed to resist attacks.
What is operational security?
Operational security is concerned with the secure operation and use of the organisation’s systems.
Operational security is primarily a human and social issue
What are some types of security threats?
Interception threats allow an attacker to gain access to an asset. Threat to confidentiality.
Interruption threats allow an attacker to make part of the system unavailable. Threat to availability.
Modification threats allow an attacker to tamper with a system asset. Threat to integrity.
Fabrication threats allow an attacker to insert false information into a system. Threat to integrity.
What is vulnerability avoidance?
The system is designed so that vulnerabilities do not occur.
For example, if there is no external network connection then external attack is impossible
What is attack detection and elimination?
The system is designed so that attacks on vulnerabilities are detected and
neutralised before they result in an exposure.
For example, virus checkers find and remove viruses before they infect a system
What is exposure limitation and recovery?
The system is designed so that the adverse consequences of a successful attack are minimised.
For example, a backup policy allows damaged information to be restored.
What are 3 methods of security assurance?
- Vulnerability avoidance
- Attack detection and elimination
- Exposure limitation and recovery
How are threats to security and dependability linked?
Security and reliability
E.g. corrupted data
Security and availability
E.g. denial of service attack
Security and safety
Example problem: corrupted code or data
Security and resilience
Example problem: a cyberattack on a networked system
How should organisations view security?
- Security is expensive. It is important that security decisions are made in a cost-effective way.
- Organisations use a risk-based approach to support security decision making.
- Should have a defined security policy based on security risk analysis.
- Security risk analysis is a business rather than a technical process.
What should organisational security policies do?
- Security policies should set out information access strategies that should apply across the organisation
- The purpose of security policies is to inform everyone in an organisation about security
- So these should not be long and detailed technical documents
- The security policy defines, in broad terms, the security goals
of the organisation - The security engineering process is concerned with implementing these goals
What security policies should organisations have?
Organisations should have security policies on:
- the assets that must be protected
- the level of protection that is required for different types of asset
- the responsibilities of individual users, managers and the organisation
- existing security procedures and technologies that should be maintained
What are some security requirements?
Risk avoidance requirements
Risk detection requirements
Risk mitigation requirements
What are risk avoidance requirements?
They set out the risks that should be avoided by designing the system so that these risks simply cannot arise.
What are risk detection requirements?
They define mechanisms that identify the risk if it arises and neutralise the
risk before losses occur.
What are risk mitigation requirements?
They set out how the system should be designed so that it can recover from and restore system assets after some loss has occurred (recovery strategies).
What are some types of security requirements?
- Identification
- Authentication (password, biometrics)
- Authorisation (determine permissions, access levels)
- Immunity (resistance to attacks)
- Integrity (data is accurate)
- Intrusion detection (breach identification and response)
- Non-repudiation (evidence of actions, proof)
- Privacy (safeguarding sensitive info)
- Security auditing (validating security measures)
- System maintenance security
How can we ensure secure system design?
Security should be designed into a system. It is very difficult to make an insecure system secure after it has been designed and implemented. Should be accounted for during all stages of the development process.
Architectural design should include security considerations.
Good design practices
What are some design compromises for security?
Adding security features to a system to enhance its security affects other attributes of the system.
Performance- Additional security checks slow down a system so its response time
or throughput may be affected
Usability- Security measures may require users to remember information or require additional interactions to complete a transaction. Can make the system less usable and frustrate system users.
How do we include security in architecture design?
Protection
- How should the system be organised so that critical assets can be protected
against external attack?
Distribution
- How should system assets be distributed so that the effects of a successful attack are minimised?
Key issues in designing a secure systems architecture include organising the system structure to protect key assets and distributing the system assets to minimise the losses from a successful attack
These can be conflicting- if assets are distributed, then they are more expensive to protect. If assets are protected, then usability and performance requirements may be compromised.
What are the protection levels?
Layered protection architecture
Platform-level protection
- Top-level controls on the platform on which a system runs
Application-level protection
- Specific protection mechanisms built into the application itself such as additional password protection
Record-level protection
- Protection that is invoked when access to specific information is requested
What is distribution in security?
- Distributing assets means that attacks on one system do not necessarily lead to complete loss of system service
- Each platform can have separate protection features and may be different from other platforms so that they do not share a common vulnerability
- Distribution is particularly important if the risk of denial of service attacks is high
What are some design guidelines for security?
- Base security decisions on an explicit policy
- Avoid single point of failure
- Fail securely
- Consider balance between security and usability
- Reduce risks with redundancy and diversity
- Design for deployment and recoverability
- Compartmentalise assets
What is security testing?
Testing the extent to which the system can protect itself from external attacks.
What are some challenges of security testing?
Security validation is difficult because security requirements state what should not happen in a system, rather than what should.
It is not usually possible to define security requirements as simple constraints that can be checked by the system.
Attackers look for vulnerabilities and can experiment to discover weaknesses and loopholes in the system.
What are security threats?
Security threats can be threats to confidentiality, integrity or availability of a system and/or its data.
