Analyzing Security With Examples
In the remainder of this book we study computer security by using the threat–vulnerability–control paradigm. That is, we begin each chapter with an example of either a real attack that caused harm or a series of attacks. The remaining chapters address confidentiality of messages, integrity of stored code, correctness of data on a video screen, and availability of network access, among other things. Our cases involve political figures, high school students, countries, government agencies, executives, and ordinary users, which should convince you that computer security affects everyone.
You will encounter examples involving email, missile systems, hospitals, mobile phones, spacecraft, and diplomats. Do not fear; you need not know rocket science to appreciate the security aspect of the examples. This variety of examples should help you appreciate (and convince other people) that there are important security aspects of many important current activities. Computer security analysts like to be involved early in the design of a system, product, or solution; there are many possible countermeasures from which to choose, and they can be selected and integrated more easily and effectively during system requirements definition and design rather than later in development. Being handed an already completed product or system and told to "secure this" is often an impossible task.
From each example we identify four things:
- Threat. What threat is being raised? How does it work? On what does it depend? Who are the potential attackers? What are the potential attacks (also called threat agents)? What tools and knowledge are needed to realize the attack?
- Harm. What harm can or did this attack cause? If the attack can support other attacks, what are they? How serious is the harm?
- Vulnerability. What vulnerability is being exploited? Is it a general weakness or specific to one computer or situation? Is there more than one vulnerability? Are all vulnerabilities required for the threat to be actualized?
- Control. How can the vulnerability be controlled? Does the control nullify the threat or close the vulnerability? Is there more than one control? If yes, do they overlap (and complement each other)? Are the controls partial or complete? Are the controls strong or can they be defeated or bypassed? Are they expensive or hard to use?
These four categories are the basis of all computer security planning, and they form the structure of the rest of this book.
In this book you will encounter attacks with intriguing names like masquerade, ping of death, salami, and man in the middle, as well as terms you may have heard before like virus, worm, and Trojan horse. We also describe a wide range of countermeasures, from defensive programming to biometric authentication and secure protocol design to digital signatures. Do not worry if any of these terms is unfamiliar; you will find complete explanations of all.