BIM VI IT 225: Computer Security and Cyber Law

CHAPTER 1

Introduction to Computer Security

1.1 Introduction to Computer Security

 Computer Security is the protection of computer systems from theft and damage to their
hardware, software or information, as well as from disruption or misdirection of the services they
provide.
 Cybersecurity is the protection of internet-connected systems such as hardware, software and
data from cyber threats.

1.2 Attacks, Services and Mechanisms

Cyber Security Attack

 Cyber Security attacks refer to the sets of actions that the threat actors perform to gain any
unauthorized access, cause damage to systems or computers, steal data, or compromise the
computer networks. An attacker can launch a cyber-attack from any location. The attacker can
also be an individual or even a group. There are various TTP (tactics, techniques, and procedures)
to do so.

Cyber security attacks can be of the following two types:

o Active attacks
An active assault tries to change system resources or interfere with their functionality. Active
attacks entail some form of data stream manipulation or false statement generation.
An active attack is a network exploit in which a hacker attempts to make changes to data on
the target or data en route to the target.

o Passive attacks
A passive attack does not eat up system resources and instead makes an effort to gather or
use information from the system. Attacks that are passive in nature spy on or keep tract of
transmission.

Cyber Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security
attack.

Cyber Security Service: A service that enhances the security of data, information, systems or network.
Example, Authentication, Authorization, confidentiality, integrity etc. A security service makes use of one
or more security mechanisms.

1.3 Basic Components of Security

A. Confidentiality
Confidentiality if one of the core concepts of cybersecurity. Simply put, confidentiality ensures that
secret information is protected from unauthorized disclosure.
Protecting confidentiality is a responsibility shared between technologists and everyone else in the
organization.

Prepared By: Er. Mini Madav Khanal

BIM VI IT 225: Computer Security and Cyber Law

Confidentiality concerns data, whereas privacy concern people.

B. Integrity
The term ‘integrity’ means guarding against improper information modification or destruction, and
includes ensuring information non-repudiation and authenticity.
Data Integrity: Assures that information and programs are changed only in a specified and authorized
manner.
System Integrity: Assures that a system performs its intended function in appropriate manner, free
from unauthorized manipulation of the system.
C. Availability
Assures that systems works normally and service is not denied to authorize users. It ensures timely
and reliable access to intended users when they need it under any circumstances, including power
outage or natural disasters.

Figure: The Security Requirements Triad

D. Authenticity
What is Authenticity in Information Security? Authenticity validates the source of origin of data and
other file transfers through proof of identity. This is important because it ensures that the message
(email, payment transaction, digital file, etc.) was not corrupted or intercepted during transmission.
E. Accountability
It means that every individual who works with an information system should have specific
responsibilities for information assurance.
The tasks for which a individual is responsible are port of the overall information security plan and
can be readily measurable by a person who has managerial responsibility for information assurance.

Prepared By: Er. Mini Madav Khanal

BIM VI IT 225: Computer Security and Cyber Law

1.4 Security Threats

A threat is a potential violation of security which might or might not occur.
A cyber security threats are acts performed by individuals with harmful intent, whose goal is to steal
data, cause damage to or disrupt computing systems.
A. Snooping
It is the unauthorized interception of information and disclosure. Passively listening (or reading)
to communications or browsing through files or system information.
Example, passive wiretapping is a form of snooping inn which a network is monitored.

B. Modification or Alteration
Unauthorized change of information. If modified data controls the operation of the system,
threats of failure may arise.
It is an active for of security attack.
Example, man-in-the-middle attack in which intruder reads messages from sender and sends
modified data to the receiver without knowing the changes.

C. Masquerading or Spoofing
Imitate (something) while exaggerating its characteristic feature for cosmic effect.
One entity pretends to be a different entity.
Example, if a user tried to log into a computer across the internet but instead reaches another
computer that claims to be the desired one.
Or if a user tried to read a file, but an attacker has arranged for the user to be given a different
file.

D. Repudiation of Origin
Repudiation is the ability to deny that you did something. Non repudiation is the ability to prove
that you did something.
Example: in a mobile banking app, a user (and potentially an abuser or attacker) creates a
transaction and sends money from one account to another. Afterward, the user claims that they
did not create the transaction and that the money must have been sent by someone else.

E. Denial of Receipt
A false denial that an entity received some information or message.
Example, a customer orders an expensive product with earlier payment and the vendor ships it.
If the customer has already received the product, the attacker may deny that the product is
delivered. The vendor can defend against this attack only by providing that the customer did,
despite his denials, receive the product.

F. Delay
Usually delivery of a message or service requires some time t.

Prepared By: Er. Mini Madav Khanal

BIM VI IT 225: Computer Security and Cyber Law

If an attacker can force the delivery to take more than time t, the attacker successfully delayed
delivery. This involves manipulation of system control structures, such as network components or
server components which is a form of attack.

G. Denial of Service
The attacker prevents a server from providing a service.
The denial may occur at the source (by preventing the server from obtaining the resources), at
the destination (by blocking the communications from the server) or along the intermediate path
(by discarding messages from either the client or the server, or both).
It possess the same threat as an infinite delay.

1.5 Issues and Challenges with Computer Security

Providing security is not as easy as it seems to be. The requirements for providing security
(confidentiality, authentication, integrity) are quite complex, and understanding them involves
complex reasoning.
In developing a particular security mechanism or algorithm, potential attacks should be considered.
But unexpected attacks may occur.
The procedures used to provide particular services are complex. The security mechanisms should be
updated regularly to adapt to the changes.
Having designed various security mechanism, it is necessary to decide where to use them: both in
terms of physical and logical sense.
Security mechanisms typically involve more than a particular algorithm or protocol. It also requires
the knowledge of system and network.
Strong security as burden to efficient and user friendly environment and operations.
Computer and network security is a battle between the intruder and the designer and administrator.
The users or system managers hesitate to invest on security due to little benefits until a security failure
occurs.
Security requires regular and constant monitoring which is a difficult in today’s short-term and
overloaded environment.
Security is implemented after the system design rather than as a part of the design process.

Operational Issues:
A. Cost- Benefit Analysis
Balance between benefits of the protection and the cost of designing, implementing and using
the mechanism.
If the data or resources cost less than their protection, adding security mechanisms or procedures
is not cost-effective.
Example, Database of salary information system in banks: main office and branch offices.

B. Risk Analysis
Priority should be given to the tasks that have higher importance.
Potential threats and possible effects of attack should be analyzed.
Example, network with internet and without internet.

Prepared By: Er. Mini Madav Khanal

BIM VI IT 225: Computer Security and Cyber Law

C. Laws and Customs

Any policy or mechanism for security must consider legal constraints.
Restrictions affect procedural controls.

Human Issues:
A. Organizational Problems
Unless the loss occurs, organization believes that they are wasting effort in security.
Security adds added complexity to simple operations, which may cause decrease in productivity.
Comparison between losses caused due to security attack and financial loss due to added security
mechanisms.

B. People Problem
Technological controls depends on human operations.
Risk of human intervention.
Example, A computer system authenticates a user by asking that user for a secret code. If the
correct code is supplied, the computer assumes that the user is authorized to use the system. So,
unauthorized person can masquerade the system.

1.6 Security Policies

Security policy defines the goals and elements of an organization’s computer systems that specifies
what is allowed to do and what is not.
With respect confidentiality, security policy identifies the leakage of information flow.
With respect to integrity, a security policy identifies authorized ways in which information may be
altered and entities authorized to alter it.
With respect to availability, a security policy describes what services must be provided.

Type of Security Policy:

1. Military Security Policy or Governmental Security Policy

Developed primarily to provide confidentiality
The name comes from military’s need to keep information secret.
Confidentiality is one of the primary concerns in governmental agencies.

2. Commercial Security Policy

It is a type of security policy developed primarily to provide integrity.
The name comes from the need of commercial firms to prevent tampering with their data.
If the confidentiality of a bank’s computer is compromised, a customer’s account balanced may
be revealed.
But, if the integrity of the computer holding the accounts is compromised, the balances in the
customers’ accounts could be altered, which has vulnerable effects.

3. Confidentiality Policy
A confidentiality policy is a security policy dealing only with confidentiality.
Both Military policies and Confidentiality policies deal with the confidentiality. However, a
confidentiality policy does not deal with integrity all all whereas a military policy may.

Prepared By: Er. Mini Madav Khanal

BIM VI IT 225: Computer Security and Cyber Law

4. Integrity Policy
An integrity policy is a security policy dealing only with integrity.
Commercial policy may deal with confidentiality also but integrity policy does not.

1.7 Access Control

Access control is a security techniques that can be used to regulate who or what can view or use
resources in a computing environment.
Access control is a way of limiting access to a system or to physical or virtual resources. In computing,
access control is a process by which users are granted access and certain privileges to systems,
resources or information.

Type of Access Control:

1. Mandatory Access Control (MAC)
2. Discretionary Access Control (DAC)
3. Originator Controlled Access Control
4. Role based Access Control

1. Mandatory Access Control (MAC)

 MAC is considered the strictest of all levels of access control systems.
 The design and implementation of MAC is commonly used by the government. It uses a
hierarchical approach to control access to files/resources.
 Under a MAC environment, access to resource objects is controlled by the settings defined by a
system administrator.
 This means access to resource objects is controlled by the operating system based on what the
system administrator configured in the settings.
 It is not possible for users to change access control of a resource.
 MAC uses “security labels” to assign resource objects on a system.
 There are two pieces of information connected to these security labels: classification (high,
medium, low) and category (specific department or project – provides “need to know”).
 Each user account is also assigned classification and category properties.
 This system provides users access to an object if both properties match.
 If a user has high classification but is not part of the category of the object, then the user cannot
access the object.
 MAC is the most secure access control but requires a considerable amount of planning and
requires a high system management due to the constant updating of objects and account labels.
 User works in a company and the company decides how data should be shared.
 Hospital owns patient records and limits their sharing.
 Regulatory requirements may limit sharing, HIPAA for health information.

2. Discretionary Access Control

 The owner of the item is the one who decides which subjects have access to the asset when using
Discretionary Access Control, often known as DAC. The Mandatory Access Control system, often
known as MAC, uses categorization labels rather than the users themselves to decide which
subjects are permitted access to which data items.
 In discretionary access control (DAC), owner of a resource decides how it can be shared.

Prepared By: Er. Mini Madav Khanal

BIM VI IT 225: Computer Security and Cyber Law

 Owner can choose to give read or write access to other users.

 This popular model is utilized by some of the most popular operating systems, like the Microsoft
Windows file systems.
 A typical example of DAC is Unix file mode, which defines the read, write and execute permission.

3. Originator Controlled Access Control

 Originator Controlled Access Control (ORGCN) is an access control policy that requires recipients
to gain originator’s approval for re-dissemination of disseminated digital object.
 The owner (not the creator) of an object can’t change the access controls of the object.
 When an object is copied, the access control restrictions of that source are copied and bound to
the target of the copy.
 The creator (originator) can alter the access control restrictions.
 Information is controlled by originator or creator of information not owner.
 The goal of this control is to allow the originator of the file (or of the information it contains) to
control the broadcasting of the information.

4. Role Based Access Control

 Role Based access control is a method of regulating access to computer or network resources
based on the roles of individual user within an enterprise.
 In this context, access is the ability of an individual user to perform a specific task, such as view,
create, or modify a file.

Prepared By: Er. Mini Madav Khanal

BIM VI IT 225: Computer Security and Cyber Law

 Roles are defined according to job competency, authority, and responsibility within the
enterprise.
 In RBAC, roles can be easily created, changed, or discontinued as the needs of the enterprise
evolve.
 The components of RBAC such as role-permissions and user-role relationships make it simple to
perform user assignment.
 It is used by the majority of enterprises with more than 500 employees.

1.8 Overview of the Bell-LaPadula Model and Biba Integrity Model

The Bell-LaPadula Model:

 The Bell-LaPadula Model (BLP) is a state machine model used for enforcing access control in
government and military applications.
 The model is a formal state transition model of computer security policy that describes a set of
access control rules which use security labels on objects and clearances for subjects.
 The Bell-LaPadula model focuses on data confidentiality and controlled access to classified
information.
 Classified information is a term applied to material that a government or group of government’s
claims is sensitive information that requires secrecy based on national or regional security needs.
 This model introduces the concept of state machine with a set of allowable states in security of a
computer system.
 The security labels are: Top Secret, Secret, Confidential and Unclassified.
 The concept of state machine is used for the state transitions between these labels.

 This model is the combination of mandatory Access Control and Discretionary Access Control.
 The Bell-LaPadula Model stands on the basis of 3 properties.

Prepared By: Er. Mini Madav Khanal

BIM VI IT 225: Computer Security and Cyber Law

 Property 1: No read-up
o This is a property which says an associate can’t read any documents prepared by his/her
higher officials.
o The documents are highly confidential or may be strategic and can’t be disclosed to lower
level officials.
 Property 2
o A user is not allowed to write (alter) access to object with lower security level than the
current security level of subject.
 Property 3:
o This is an access control which is based on the identity of the subjects. If a subject has
certain type of access on the object, he/she can transfer rights to other subject of their
choice.
[A subject is usually a human user or process running in memory. An object is any resource that
exists anywhere a subject can access it (in memory, on disk, across a communications channel, in
"the cloud", etc.). Subjects are active and objects are passive.]

Example 1
The truth about the existence of space aliens would probably be something that is Top Secret.
***TOP SECRET***

Prepared By: Er. Mini Madav Khanal

BIM VI IT 225: Computer Security and Cyber Law

Example 2
Compared to aliens, the statistics on the number of Navy SEALS unofficially fighting with the Peshmerga
in Kurdistan would probably be labeled a Secret.
***SECRET***

Example 3
What about the number of staplers being delivered to the Pentagon? It seems like a trivial piece of
information, but according to the government it could also be considered a secret. It's not as secretive as
aliens or military commandos, so it might just get a classification label of "Confidential".
***CONFIDENTIAL***

 All these types of secret may one day have to transverse from one secure system to the next.
 Intelligence may need to go from a server that is Secret, to a server that is Top Secret.
 This was why The Bell-LaPadula Model was created, to manage a multiple-level security system.
 To manage the flow of different types of secrets, the Bell-LaPadula model utilizes 3 rules:

Prepared By: Er. Mini Madav Khanal

BIM VI IT 225: Computer Security and Cyber Law

 The Simple Security Rule:

o A person in one classification level, cannot read data in a higher classification level. If you have a
Secret Clearance, then you cannot read objects with a label of Top Secret. This is also known as
No Read Up.
 The Star Property Rule:
o A person in a higher classification level, cannot write messages to someone in a lower
classification level. If you have a clearance of Top Secret, then you cannot write messages to
someone with a Secret clearance. This is known as No Write Down.
 The Strong Star Property Rule:
o A person in one classification level can’t read or write intelligence to any other classification level.
If you have a clearance of Secret, then you are only allowed to read and write data to objects with
the same classification level.
Tranquility Principle

The tranquility principle of the Bell–LaPadula model states that the classification of a subject or object
does not change while it is being referenced. There are two forms to the tranquility principle: the
"principle of strong tranquility" states that security levels do not change during the normal operation of
the system. The "principle of weak tranquility" states that security levels may never change in such a way
as to violate a defined security policy. Weak tranquility is desirable as it allows systems to observe
the principle of least privilege. That is, processes start with a low clearance level regardless of their
owner’s clearance, and progressively accumulate higher clearance levels as actions require it.

Limitations:

 Address confidentiality but limits integrity.

 The overall process may take more time due to the transitions between the states.
 The tranquility principle limits its applicability to systems where security levels do not change
dynamically. It allows controlled copying from high to low via trusted subjects. [Ed. Not many systems
using BLP include dynamic changes to object security levels.]

Prepared By: Er. Mini Madav Khanal

BIM VI IT 225: Computer Security and Cyber Law

Biba Integrity Model:

 The Biba model was created to prevent a weakness in the Bell-LaPadula Model. The Bell-LaPadula
Model only addresses data confidentiality and not integrity.
 The Biba Model or Biba Integrity Model is a formal state transition system of data security policies
designed to express a set of access control rules in order to ensure data integrity.
 Data and subjects are ordered by their levels of integrity into groups or arrangements.
 The levels of integrity are Untrusted, Slightly trusted, Trusted, Highly trusted and Unimpeachable.
 Biba is designed so that a subject cannot corrupt data in a level ranked higher than the subject’s and
to restrict corruption of data at a lower level than the subject’s.
 Read up, write down (in contrast to Bell LaPadula Model).
 In the Biba Model, users can only create content at or below their own integrity level (a monk may
write a prayer book that can be read by commoners, but not one to be read by a high priest).
 Conversely, users can only view content at or above their own integrity level (or monk may read a
book written by the high priest, but may not read a pamphlet written by a lowly commoner).
 Consider a military chain of command. A General may write orders to a Colonel, who can issue these
orders to a Major.
 In this fashion, the General’s original orders are kept integral and the mission of the military is
protected (thus, “read up” integrity).
 Conversely, a Private can never issue orders to his Sergeant, who may never issue orders to a
lieutenant, also protecting the integrity of the mission (“write down”).
 In the context of a computer system, privileged processes having the highest levels of integrity are
able only to read data with the highest integrity level, while being shielded from all data with a lower
level of integrity.
 The Biba model defines a set of security rules, the first two of which are similar to the Bell-LaPadula
model but reverse in nature.
1. The Simple Integrity Property
It states that a subject at a given level of integrity must not read data at a lower integrity level (read
up).
2. The Star Integrity Property
It states that a subject at a given level of integrity must not write to data at a higher level of integrity
(write down).
3. Invocation Property
It states that a process from below cannot request higher access; only with subjects at an equal or
lower level.

Limitations:
 Focuses only on integrity.
 System performance and monitoring is difficult due to the denied access to lower level
information.

Prepared By: Er. Mini Madav Khanal