L16: Security Engineering

Question 1

What is security engineering?

Answer 1

Security engineering is concerned with how to develop systems that can resist malicious attacks.

The tools, techniques and methods to support the development and maintenance of systems that can resist malicious attacks intended to damage a computer-based system or its data.

Question 2

What is security?

Answer 2

A system property that reflects the system’s ability to protect itself from accidental or deliberate external attack.

Security is important. Most systems are networked so that external access to the system through the network is possible.

Security is an essential pre-requisite for availability, reliability and safety.

Question 3

What is an asset?

Answer 3

Something of value which has to be protected. The asset may be the software system itself or data used by that system.

Question 4

What is an attack?

Answer 4

An exploitation of a system’s vulnerability. Generally, this is from outside the system and is a deliberate attempt to cause some damage.

Question 5

What is a control?

Answer 5

A protective measure that reduces a system’s vulnerability. Encryption is an example of a control that reduces a vulnerability of a weak access control system.

Question 6

What is exposure?

Answer 6

Possible loss or harm to a computing system. This can be loss or damage to data, or can be a loss of time and effort if recovery is necessary after a security breach.

Question 7

What is a threat?

Answer 7

Circumstances that have potential to cause loss or harm. You can think of these as a system vulnerability that is subjected to an attack.

Question 8

What is vulnerability?

Answer 8

A weakness in a computer-based system that may be exploited to cause loss or harm.

Question 9

What is confidentiality in security?

Answer 9

Information in a system may be disclosed or made accessible to people or programs that are not authorised to have access to that information

Question 10

What is integrity in security?

Answer 10

Information in a system may be damaged or corrupted making it inconsistent or unreliable.

Question 11

What is availability in security?

Answer 11

Access to a system or its data, which is normally available, may not be possible

Question 12

What are the levels of security in an organisation?

Answer 12

1. Infrastructure security
2. Application security
3. Operational security

Question 13

What is infrastructure security?

Answer 13

Infrastructure security is concerned with maintaining the security of all systems and networks that provide an infrastructure and a set of shared services to the organisation.

Infrastructure security is a systems management problem where the infrastructure is configured to resist attacks.

Question 14

What is application security?

Answer 14

Application security is concerned with the security of individual application systems or related groups of systems.

Application security is a software engineering problem where the system is designed to resist attacks.

Question 15

What is operational security?

Answer 15

Operational security is concerned with the secure operation and use of the organisation’s systems.

Operational security is primarily a human and social issue

Question 16

What are some types of security threats?

Answer 16

Interception threats allow an attacker to gain access to an asset. Threat to confidentiality.

Interruption threats allow an attacker to make part of the system unavailable. Threat to availability.

Modification threats allow an attacker to tamper with a system asset. Threat to integrity.

Fabrication threats allow an attacker to insert false information into a system. Threat to integrity.

Question 17

What is vulnerability avoidance?

Answer 17

The system is designed so that vulnerabilities do not occur.

For example, if there is no external network connection then external attack is impossible

Question 18

What is attack detection and elimination?

Answer 18

The system is designed so that attacks on vulnerabilities are detected and
neutralised before they result in an exposure.

For example, virus checkers find and remove viruses before they infect a system

Question 19

What is exposure limitation and recovery?

Answer 19

The system is designed so that the adverse consequences of a successful attack are minimised.

For example, a backup policy allows damaged information to be restored.

Question 20

What are 3 methods of security assurance?

Answer 20

1. Vulnerability avoidance
2. Attack detection and elimination
3. Exposure limitation and recovery

Question 21

How are threats to security and dependability linked?

Answer 21

Security and reliability
E.g. corrupted data

Security and availability
E.g. denial of service attack

Security and safety
Example problem: corrupted code or data

Security and resilience
Example problem: a cyberattack on a networked system

Question 22

How should organisations view security?

Answer 22

• Security is expensive. It is important that security decisions are made in a cost-effective way.
• Organisations use a risk-based approach to support security decision making.
• Should have a defined security policy based on security risk analysis.
• Security risk analysis is a business rather than a technical process.

Question 23

What should organisational security policies do?

Answer 23

• Security policies should set out information access strategies that should apply across the organisation
• The purpose of security policies is to inform everyone in an organisation about security
• So these should not be long and detailed technical documents
• The security policy defines, in broad terms, the security goals
  of the organisation
• The security engineering process is concerned with implementing these goals

Question 24

What security policies should organisations have?

Answer 24

Organisations should have security policies on:

• the assets that must be protected
• the level of protection that is required for different types of asset
• the responsibilities of individual users, managers and the organisation
• existing security procedures and technologies that should be maintained

Question 25

What are some security requirements?

Answer 25

Risk avoidance requirements Risk detection requirements Risk mitigation requirements

Question 26

What are risk avoidance requirements?

Answer 26

They set out the risks that should be avoided by designing the system so that these risks simply cannot arise.

Question 27

What are risk detection requirements?

Answer 27

They define mechanisms that identify the risk if it arises and neutralise the risk before losses occur.

Question 28

What are risk mitigation requirements?

Answer 28

They set out how the system should be designed so that it can recover from and restore system assets after some loss has occurred (recovery strategies).

Question 29

What are some types of security requirements?

Answer 29

- Identification - Authentication (password, biometrics) - Authorisation (determine permissions, access levels) - Immunity (resistance to attacks) - Integrity (data is accurate) - Intrusion detection (breach identification and response) - Non-repudiation (evidence of actions, proof) - Privacy (safeguarding sensitive info) - Security auditing (validating security measures) - System maintenance security

Question 30

How can we ensure secure system design?

Answer 30

Security should be designed into a system. It is very difficult to make an insecure system secure after it has been designed and implemented. Should be accounted for during all stages of the development process. Architectural design should include security considerations. Good design practices

Question 31

What are some design compromises for security?

Answer 31

Adding security features to a system to enhance its security affects other attributes of the system. Performance- Additional security checks slow down a system so its response time or throughput may be affected Usability- Security measures may require users to remember information or require additional interactions to complete a transaction. Can make the system less usable and frustrate system users.

Question 32

How do we include security in architecture design?

Answer 32

**Protection** - How should the system be organised so that critical assets can be protected against external attack? **Distribution** - How should system assets be distributed so that the effects of a successful attack are minimised? Key issues in designing a secure systems architecture include organising the system structure to protect key assets and distributing the system assets to minimise the losses from a successful attack These can be conflicting- if assets are distributed, then they are more expensive to protect. If assets are protected, then usability and performance requirements may be compromised.

Question 33

What are the protection levels?

Answer 33

Layered protection architecture Platform-level protection - Top-level controls on the platform on which a system runs Application-level protection - Specific protection mechanisms built into the application itself such as additional password protection Record-level protection - Protection that is invoked when access to specific information is requested

Question 34

What is distribution in security?

Answer 34

- Distributing assets means that attacks on one system do not necessarily lead to complete loss of system service - Each platform can have separate protection features and may be different from other platforms so that they do not share a common vulnerability - Distribution is particularly important if the risk of denial of service attacks is high

Question 35

What are some design guidelines for security?

Answer 35

- Base security decisions on an explicit policy - Avoid single point of failure - Fail securely - Consider balance between security and usability - Reduce risks with redundancy and diversity - Design for deployment and recoverability - Compartmentalise assets

Question 36

What is security testing?

Answer 36

Testing the extent to which the system can protect itself from external attacks.

Question 37

What are some challenges of security testing?

Answer 37

Security validation is difficult because security requirements state what should not happen in a system, rather than what should. It is not usually possible to define security requirements as simple constraints that can be checked by the system. Attackers look for vulnerabilities and can experiment to discover weaknesses and loopholes in the system.

Question 38

What are security threats?

Answer 38

Security threats can be threats to confidentiality, integrity or availability of a system and/or its data.