1. Confidentiality: Concealment of information
(prevent unauthorized disclosure of information).
2. Integrity: Trustworthiness of data/resources
(prevent unauthorized modifications).
• Data integrity
• Origin integrity (authentication)
3. Availability: Ability to use information/resources.
(prevent unauthorized withholding of
Authenticity, accountability, reliability, safety,
dependability, survivability . . .
Historically, security is closely linked to secrecy.
Security involved a few organizations dealing mainly
with classified data.
However, nowadays security extends far beyond
• privacy: protection of private data,
• secrecy: protection of organizational data.
“Making sure that everything is as it is supposed to be.”
For Computer Security this means:
Preventing unauthorized writing or modifications.
For Computer Systems this means that:
Services are accessible and useable (without undue
Delay) whenever needed by an authorized entity.
For this we need fault-tolerance.
Faults may be accidental or malicious (Byzantine).
Denial of Service attacks are an example of malicious
Relationship between Confidentiality
Integrity and Availability
Other security requirements
• Reliability – deals with accidental damage,
• Safety – deals with the impact of system failure on the
• Dependability – reliance can be justifiably placed on the system
• Survivability – deals with the recovery of the system after
• Accountability -- actions affecting security must be traceable
to the responsible party. For this,
– Audit information must be kept and protected,
– Access control is needed.
Threats – potential violations of security
Attacks – violations
Attackers – those who execute the violations
• Disclosure or unauthorized access
• Deception or acceptance of falsified data
• Disruption or interruption or prevention
• Usurpation or unauthorized control
• Snooping (unauthorized interception)
• Modification or alteration
– Active wiretapping
– Man-in-the-middle attacks
• Masquerading or spoofing
• Repudiation of origin
• Denial of receipt
• Denial of Service
Policy and Mechanisms
1. A security policy is a statement of what is / is not
2. A security mechanism is a method or tool that
enforces a security policy.
Assumptions of trust
• P be the set of all possible states of a system
• Q be the set of secure states
A mechanism is secure if P ≤ Q
A mechanism is precise if P = Q
A mechanism is broad if there are states in P which
are not in Q
Trust cannot be quantified precisely.
System specifications design and implementation can
provide a basis for how much one can trust a system.
This is called assurance.
Goals of Computer Security
Security is about protecting assets.
• Reaction (recover/restore assets)
How to achieve Computer Security:
1. Security principles/concepts: explore general
principles/concepts that can be used as a guide to design
secure information processing systems.
2. Security mechanisms: explore some of the security
mechanisms that can be used to secure information
3. Physical/Organizational security: consider physical &
organizational security measures (policies)
Even at this general level there is disagreement on
the precise definitions of some of the required security
• Orange book – US Dept of Defense, Trusted Computer
System Evaluation Criteria.
• ITSEC – European Trusted Computer System Product Criteria.
• CTCPEC – Canadian Trusted Computer System Product
Fundamental Dilemma: Functionality or Assurance
• Security mechanisms need additional computational
• Security policies interfere with working patterns, and
can be very inconvenient.
• Managing security requires additional effort and
• Ideally there should be a tradeoff.
– Cost-benefit analysis
• Example: a database with salary info, which is used by a
second system to print pay checks
– Risk analysis
• Environmental dependence
• Time dependence
• Remote risk
Laws and Customs
• Export controls
• Laws of multiple jurisdiction
• Human issues
– Organizational problems (who is responsible for what)
– People problems (outsiders/insiders)
Tying it all together: how ????