Computer security

Computer Security refers to the measures taken to assure that only the allowed persons or processes can control a computer system and have access to the data inside it. Computer security can be regarded as a specialist field within the field of security engineering.

As computer systems serve increasingly important functions and hold more valuable data and, the importance of computer security grows. Systems are constantly becoming more complex, but as its possible to separate security-related parts from security-unrelated, this doesn't necessarily make security unattainable.

There are two different cultures of computer security. One focuses mainly on external threats, and generally treats the computer system itself as a trused system. The other regards the computer system itself as largely an untrusted system, and implements fine-grained security measures within the system itself.

Severe financial damage has been caused by computer security breaches, but estimating reliable costs is quite difficult. Figures in the billions of dollars have been quoted in relation to the damage caused by computer worms like Code Red, but such estimates are likely exaggerated. However, very large amounts have been lost by the compromising of credit card details, for instance.

There are many similarities (yet many fundamental differences) between computer and real world security.

Just like real-world security, the motivation for breaches of computer security vary between attackers, sometimes called hackers or crackers. Some are teenage thrill-seekers or vandals (the kind often responsible for defacing web sites) - similarly, some web site defacements are done to make political statements. However, some attackers are highly skilled and motivated with the goal of compromising computers for financial gain or espionage. For those seeking to prevent security breaches, the first step is therefore to identify what might motivate an attack on the system, how much the continued operation and information security of the system are worth, and who might be motivated to breach it. The precautions required for a home PC are very different for those of bank's internet banking system, and different again for a classified military network.

To understand the various techniques for securing a computer system, it is important to first understand the various types of threats, or "attacks" that can be made against it. These threats can typically be classified into a number of categories:

• Code exploits: Software flaws are often exploited to gain control of a computer, or to cause it to operate in an unexpected manner. Many development methodologies rely on testing to insure the quality of any code released; this process often fails to discover extremely unusual potential exploits.

• Eavesdropping: Any data that is transmitted over a network is at some risk of being intercepted, or even modified by a malicious person. Even machines that operate in a closed system can be eavesdropped via sophisticated technologies capable of monitoring the faint electro-magnetic transmissions generated by their hardware.

• Social engineering and human error: A computer systems is no more secure than the human systems responsible for its operation. Malicious individuals have regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them.

• Denial of service attacks: Denial of service attacks differ slightly from those listed above, in that they are not primarily a means to gain unauthorized access or control of a system. They are instead designed to overload the capabilities of a machine or network, and thereby render it unusable.

Computer code is regarded by some as just a form of mathematics. It's possible to prove its correctness, though the likelihood of actually achieving this is regarded as nonsensical by many with experience in the industry - see Bruce Schneier et al.

It's also possible to protect communication by means of cryptography. One method of encryption - one-time pad is proved to be unbreakable. Unfortunately it's very inconvenient to use. Other methods of encryption, while breakable in theory, are often virtually impossible to break by means we have today. One specific type of attack - denial of service is in practice very hard to prevent, because behavior of whole network needs to be analyzed, not only of small piece of code.

Social engineering and physical attacks can only be prevented by non-computer means, which are very difficult to enforce. Even in a highly disciplined environment, such as in military organizations, social engineering attacks are still difficult to prevent.

In practice, only a small fraction of code is mathematically proven or at least goes through extensive security audit, so it's usually possible for determined cracker to read, copy, alter or destroy data in well secured computer. You can reduce a cracker's chances by keeping your systems up to date, using a security scaner or and hiring competent person responsible for security. The effects of data loss can be reduced by careful backing up and insurance.

'Computer security' may be generally accomplished by three distinct processes: 1) Prevention, 2) Detection, and 3) Response. Firewalls are by far the most common prevention systems from a network security perspective, while access controls and cryptography can protect systems and data, respectively. IDS or Intrustion Detection Systems are designed to detect network attacks in progress and/or assist in post-attack forensics, while audit trails and logs serve a similar function for individual systems. "Response" is necessarily defined by the security requirements of an individual system and may cover the range from complete destruction of the system to notification of legal authorities, counter-attacks, and the like.

Today, computer security is composed mainly from "preventative" measures, like firewalls or an Exit Procedure. We could liken a firewall to the building of a good fence around your warehouse. Firewalls are common amongst meachines that are permanently connected to the Internet (though not universal, as demonstrated by the large numbers of machines "cracked" by worms like Code Red which would have been protected by a properly-configured firewall). However, fewer organisations maintaining computer systems operate effective detection systems, and fewer still have organised response mechanisms in place.

Responding forcefully to attempted security breaches (in the manner that one would for attempted physical security breaches) is often very difficult for a variety of reasons:

• Identifying attackers is difficult, as they are often in a different jurisdiction to the systems they attempt to breach, and operate through proxies, temporary anonymous dial-up accounts, and other anonymising procedures which make backtracing difficult and are often located in yet another jurisdiction. If they successfully breach security, they are often able to delete logs to cover their tracks.

• The sheer number of attempted attacks is so large that organisations cannot spend time pursuing each attacker (a typical home user with a cable modem connection will be attacked at least several times per day, so more attractive targets could be presumed to see many more).

• Law enforcement officers are often unfamiliar with information technology, and so lack the skills and interest in pursuing attackers.

A computer system is secure when those agents who should not be able to perform certain actions cannot do them while those agents who should be able to perform certain actions can do them.

It is important to understand that in a secure system, the legitimate users of that system are still able to do what they should do. In the case of a computer system sequestered in a vault without any means of power or communication, the term 'secure' is applied in a derogatory manner only.

It is also important to distinguish the techniques employed to increase a system's security from the issue of that system's security status. Many systems to which extensive computer security has been applied remain insecure.

Within computer systems, the two fundamental means of making operations secure are access control lists (ACLs) and capabilities. The semantics of ACLs have been proven to be insecure in many situations (eg, Confused Deputy Problem. It has also been shown that ACL's promise of giving access to an object to only one person can never be guaranteed in practice. Both of these problems are resolved by capabilities.

Unfortunately, for various historical reasons, capabilities have been restricted to research operating systems and commercial OSes still use ACLs.

The Cambridge CAP computer demonstrated the use of capabilities, both in hardware and software, in the 1970s, so this technology is hardly new. The reason for the lack of adoption of capabilities may be that ACLs appeared to offer a 'quick fix' for security without pervasive re-design of the operating system and hardware.

Computer security is a highly complex field, and is relatively immature. The ever-greater amounts of money dependant on electronic information make protecting it a growing industry and an active research topic.

There is a big culture around electronic security called the Electronic Underground Community.

Related topics: Security engineering, cryptology, cryptography, Physical Security, hacking, Secure coding practice, full disclosure.

References:

• Ross J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, ISBN 0471389226
• Bruce Schneier, Secrets & Lies: Digital Security in a Networked World, ISBN 0471253111
• Anderson, Ross - Why Information Security is Hard - An Economic Perspective
• Henry M. Levy - Capability-Based Computer Systems. Digital Press, Bedford, Massachusetts, 1984, ISBN 0932376223 (out of print -- text available online on author's website)

External Links:

• Computer Security Fact Forum Framework
• Intro to Caps
• ACLs vs. Caps
• Intro to Cap Security
• Why aren't Caps and ACLs equivalent?
• Open Source Distributed Capabilities
• The Cambridge CAP capability-based computer architecture