Chapter One

Introduction to Computer Security

Outline

 Basic concepts of computer security

 Threats, vulnerabilities, controls, risk

 Goals of computer security

 Security attack

 Security policies and mechanisms

 Prevention, detection, and deterrence

 Software security assurance

Computer Security
• Computer security is about provisions and policies
adopted to protect information and property from
theft, corruption, or natural disaster while allowing
the information and property to remain accessible and
productive to its intended users.
Computer Security
• Computer Security when there is connection to networks
(Network security) on the other hand deals with provisions and
policies adopted to prevent and monitor unauthorized access,
misuse, modification, or denial of the computer network and
network-accessible resources.

Not Sufficient!!

Internet
Internet
The Definition of Computer Security

• Security is a state of well-being of information and

infrastructures in which the possibility of successful yet
undetected theft, tampering, and disruption of information and
services is kept low or tolerable

• Security rests on confidentiality, authenticity, integrity, and

availability

• Computer Security: The protection of computer assets from

unauthorized access, use, alteration, degradation, destruction,
and other threats.
What Is Computer Security?
• The protection of the assets of a computer
system
– Hardware
– Software
– Data
Assets
Values of Assets
Basic Concepts of Computer Security

• Confidentiality is the concealment of information or resources.

– E.g., only sender, intended receiver should “understand” message
contents

• Authenticity is the identification and assurance of the origin of

information.
• Integrity refers to the trustworthiness of data or resources in
terms of preventing improper and unauthorized changes.
• Availability refers to the ability to use the information or
resource desired or (Ensuring data and systems are accessible
when needed).
Basic Concepts of Computer Security

• Authentication: Verifying user identities.

Common methods of authentication include
username/password, biometrics (like fingerprints),

• Authorization: the process of granting or denying

specific permissions to users or systems after they
have been authenticated..
• Non-repudiation: Preventing denial of actions by users.
Vulnerabilities, Threats, Attacks,
Controls
• Vulnerability is a weakness in the security system
– (i.e., in procedures, design, or implementation), that might be
exploited to cause loss or harm.

• Threat to a computing system is a set of circumstances that has

the potential to cause loss or harm.
– a potential violation of security

• A human (criminal) who exploits a vulnerability perpetrates an

attack on the system.

• How do we address these problems?

– We use a control as a protective measure.
– That is, a control is an action, device, procedure, or technique that removes
or reduces a vulnerability.
Threat and Vulnerability
• Vulnerability: we can see a small
crack in the wall—a vulnerability
that threatens the man’s security.

• Threat: the water to the left of the

wall is a threat to the man on the
right of the wall:
The water could rise, overflowing
onto the man, or it could stay
beneath the height of the wall, causing the wall to collapse.
Threats, Vulnerabilities, Controls,
and Risk
• Threats: Potential dangers like malware, hackers, or
system failures.

• Vulnerabilities: Weaknesses that can be exploited,

like software bugs.
Threats, Vulnerabilities, Controls,
and Risk
• Controls: Measures such as firewalls, encryption, and
antivirus software.

• Risk: Likelihood of a threat exploiting a vulnerability

and causing harm.
Goals of Computer Security

• Confidentiality: Protecting sensitive

information.
• Integrity: Ensuring accuracy of information.
• Availability: Making data available to
authorized users.
Goals of Computer Security
• Authentication: Verifying the identity of users.
• Authorization: Ensuring users have necessary
permissions.
• Non-repudiation: Preventing denial of actions
(e.g., through logs).
Security Attacks
• An attack is any action that violates security.
– Active adversary
• An attack has an implicit concept of “intent”
– Router mis-configuration or server crash can also
cause loss of availability, but they are not attacks
Security Attacks

• Passive Attacks: Eavesdropping or monitoring

data without altering it.
• Active Attacks: Altering or destroying data
during transmission.
Security Attacks

• Insider Attacks: Attacks from authorized

individuals within the organization.
• External Attacks: Attacks from outside the
organization.
Friends and enemies: Alice, Bob, Trudy
• well-known in network security world
• Bob, Alice (lovers!) want to communicate “securely”
• Trudy (intruder) may intercept, delete, add messages

Alice Bob
data, control
channel
messages

data secure secure data

sender receiver

Trudy
Computer Security and Privacy/Attacks

Categories of Attacks
• Interruption: An attack on availability
• Interception: An attack on confidentiality
• Modification: An attack on integrity
• Fabrication: An attack on authenticity
Categories of Attacks/Threats (W.
Stallings)

Source

Destination
Normal flow of information
Attack

Interruption Interception

Modification Fabrication
Classify Security Attacks as
• Passive attacks - eavesdropping on, or monitoring
of, transmissions to:
– obtain message contents, or
– monitor traffic flows
• Active attacks – modification of data stream to:
– masquerade of one entity as some other
– replay previous messages
– modify messages in transit
– denial of service
Eavesdropping - Message Interception
(Attack on Confidentiality)
• Unauthorized access to information
• Packet sniffers and wiretappers
• Illicit copying of files and programs

A B

Eavesdropper
Integrity Attack - Tampering With Messages

• Stop the flow of the message

• Delay and optionally modify the message
• Release the message again

A B

Perpetrator
Authenticity Attack - Fabrication
• Unauthorized assumption of other’s identity
• Generate and distribute objects under this
identity

A B

Masquerader: from A
Attack on Availability
• Destroy hardware (cutting fiber) or software
• Modify software in a subtle way (alias commands)
• Corrupt packets in transit

A B

• Blatant denial of service (DoS):

– Crashing the server
– Overwhelm the server (use up its resource)
Security Policies and Mechanisms

• Security Policies: Guidelines on how data

should be protected.
• Examples: Access control policies, password
policies, acceptable use policies.
Security Policies and Mechanisms
• Security Mechanisms: Tools used to enforce
security policies.
Examples: Firewalls, encryption, access control
lists (ACLs), antivirus software.
Security Policy and
Mechanism
• Policy: a statement of what is allowed, and is
not allowed.
• Security Mechanism: a procedure, tool, or
method of enforcing a policy. E.g.
• Encryption
• Authentication
• Authorization
• Auditing…

• Security mechanisms implement functions

that help prevent, detect, and respond to
recovery from security attacks.
Prevention, Detection, and Deterrence

• Prevention: This involves using tools and practices

such as firewalls, antivirus software, and access
controls to stop cyber attacks before they
happen.
Examples: Firewalls, antivirus software, encryption.

• Detection: Identifying when an attack occurs

(e.g., through intrusion detection systems).
Prevention, Detection, and Deterrence

• Detection Examples: Intrusion detection

systems, log monitoring.
• Deterrence: Discouraging attacks by enforcing
legal penalties and strong policies.
Examples: Legal action, strong security policies,
public security disclosures.
Software Security Assurance

• Software Security Assurance: Ensuring

software is developed and deployed securely.
• Secure Coding: Writing code that minimizes
security vulnerabilities.
Software Security Assurance

• Testing: Regularly testing software to identify

and fix vulnerabilities.
• Patch Management: Ensuring that software is
regularly updated to fix known security issues.
• Common Software Vulnerabilities: SQL
injection, cross-site scripting, buffer overflows.
Common Software Vulnerabilities
• SQL Injection: A vulnerability that allows attackers
to manipulate SQL queries, potentially gaining
unauthorized access to a database.
• Cross-Site Scripting (XSS): This involves injecting
malicious scripts into web pages viewed by other
users, potentially leading to data theft or session
hijacking.
• Buffer Overflows: This occurs when a program
writes more data to a buffer than it can hold, which
can lead to arbitrary code execution and system
crashes.