ZyBooks 10.1 - Security Goals and Threats#
Types of Security Violations#
Computer security is the freedom of theft of or damage to hardware, software, or information, and from disruption or misdirection of services.
Protection is the set of all mechanisms and policies that guarantee computer security, including the confidentiality, integrity, availability, and authenticity of all data and services.
Types and Consequences of Security Violations#
Security Violation |
Definition |
Typical Consequences |
|---|---|---|
Information disclosure |
An unauthorized release or dissemination of information, which may be the result of theft or a leak |
Violation of confidentiality and/or privacy of users |
Information modification |
An unauthorized modification of data/programs |
Loss of information and/or ability to carry out more security violations |
Information destruction |
A deletion of information or damage to the hardware |
Loss of information or access to services |
Unauthorized use |
A circumvention of the system’s user authentication services to make unauthorized use of a service |
Loss of revenue |
Denial of service |
Preventing a legitimate user from employing a service in a timely manner |
Financial loss, unavailability of a mission-critical or life-critical system |
User deception |
Causing a legitimate user to receive and believe false information |
Loss of information |
Insider Attacks#
A logic bomb is unauthorized code inserted into a system and executed at a specified time to perform some destructive action.
A back door (trapdoor) is a mechanism that bypasses user authentication.
Information leaking is the disclosure of confidential or secret information by a legitimate user to an unauthorized user.
Login spoofing is an approach where a legitimate user presents a fake login screen to an unsuspecting user, who supplies legitimate login credentials to the imposter program.
Exploiting Human Weaknesses#
A Trojan horse is a program that appears to provide a useful service but also contains a hidden function intended to violate computer security.
A virus is a piece of executable code that embeds itself into legitimate programs and copies itself to other programs and services with the intention of causing harm. A virus is execuated whenever the containing host program is executed.
Exploiting Systems Weaknesses#
A buffer overflow attack is an intrusion technique that exploits the fact that many programs do not check for array overflow, allowing an attacker to overwrite the portions of memory beyond the legitimate scope of an input buffer.
A worm is an unauthorized program, which exploits one or more systems weaknesses to spawn copies of itself on other systems via computer networks. Worms typically aim to destroy information or cause a denial of service. A buffer overflow is a common approach for a worm to enter a system.
Confining Mobile Code#
One approach to managing risks brought on by running imported code is to run it through an interpreter, which verifies code before it is run.
A sandbox is a small area of memory within which a program may execute and which guarantees that the program cannot access and jump to any location outside of the designated area. A sandbox consists of an area for executable code and another for data. Each address generated by the code is checked. Branch instructions are limited to addresses within the code section, and load, store, and other data access is limited to the addresses in the data segment.
To check these bounds, consider the following example:
A sandbox’s data section begins at address 10010000 and is 8 words long.
The last address in this section to 10010111
The bit string 10010— can be used to check if an address is in bounds