Some general principles in computer security

1
Some general principles in computer security

• Tomasz Bilski
• email bilski_at_sk-kari.put.poznan.pl
• Chair of Control, Robotics and Computer Science
• Poznan University of Technology
• Poznan, Poland
•  
• Parts of presentation
• 1.     Introduction
• 2.     Minimum necessary functionality
• 3.     Integration and cooperation
• 4.     Internal versus external threats
• 5.     Other important principles

2
1. Introduction

•      Diversity of security tools
• anti-virus software, firewalls, intrusion
  detection systems, port scanners, dial-up
  connection scanners, system log analysers, access
  control list analysers, password analysers,
  secure file deletion software, source code
  vulnerabilities scanners, deception toolkits,
  packet generators for security testing and so on

The security tools should be recognised as only
one part of the complex security system.
        Some foundations of computer
security         security models (such as
Bell-LaPadula model, access matrix model,
take-grant model, Biba model, Dion model, Sea
View model, Jajodia-Sandhu model)        
security standards (such as Trusted Computer
System Evaluation Criteria, Information
Technology Security Evaluation Criteria, Common
Criteria for Information Technology Security
Evaluation)
Are the models and standards well known to
security practitioners?
3
2. Minimum necessary functionality
Increase of the computer system functionality
decreases its security.
       Higher functionality means        
greater complexity of the system         more
access points to resources         possibility
of new threats         higher probability of
software errors
        Inconsistency between different security
aspects The availability protection methods are
potential threats to confidentiality and
integrity.
Some relations between new functions and new
threats
4
3. Integration and co-operation
     Security features (such as confidentiality,
integrity and availability) should be integrated
with system from a starting point. They shouldnt
be the features that are added at some final
step. First of all the concept of the system
should be based on a proper security model and
then one must keep in mind security during all
other phases (design, testing, implementation,
configuration, employment, maintaining) of
computer system life.        The lack of
security features in foundations of modern
computer networks.  
The unsecured protocols on every layer of the
protocol stack should be replaced as quickly as
possible by secure versions.
 
The security mechanisms should be integrated with
other modules of information systems and should
maintain and tighten co-operation. There is a
need of tools, data formats, exchange procedures
and other standards for such co-operation.
          Many levels of co-operation        
tool level         system level        
corporation and international level 
New security applications should be compatible
with the existing and the emerging standards in
the area of mutual co-operation. In testing the
different aspects of security information systems
it is very important to check if the many
protection tools implemented in the system are
able to communicate and to co-operate with each
other.

5
4. Internal versus external threats
     The majority of computer security incidents
originate within organisation itself. Some
sources indicate that up to 85 of all threats to
security come from the inside of the company.
        Some steps may and must be taken in
order to change current, intolerable situation.
These steps comprise definition and
incorporation of security policy, greater
awareness of threats among users, automation of
security procedures, improved systems for user
identification and authentication, wider use of
cryptography, audit and intrusion detection
systems, internal firewalls.
6
5. Other important principles
it should be memorised that there arent 100
secure systems, achieving full security is not
possible    security mechanisms and methods of
their usage must be accepted by users   the
mechanisms should be effective but simple,
standardised, user-friendly and should not be
time consuming    as much as possible, security
mechanisms should be automated and made invisible
to users   the security tools should be
periodically and automatically updated   high
security should be a default system attribute,
not the one that is manually chosen  the system
protection should be complete, redundant,
periodically tested  strong encryption is
necessary but not sufficient to secure
information confidentiality   redundancy
should be incorporated on many levels from chip
level to complete system level  each
organisation should have defined and implemented
security policy with essential rules of procedure