Security engineering

Question 1

What are the four types of security threats?

Answer 1

1. Interception threats that allow an attacker to gain access to an asset.
2. Interruption threats that allow an attacker to make part of the system unavailable.
3. Modification threats that allow an attacker to tamper with a system asset.
4. Fabrication threats that allow an attacker to insert false information into a system.

Question 2

What controls can you input to enhance security system?

Answer 2

1. Vulnerability avoidance: Controls that are intended to ensure that attacks are unsuccessful. The strategy here is to design the system so that security problems are avoided. For example, sensitive military systems are not connected to the Internet so that external access is more difficult.
2. Attack detection and neutralisation: Controls that are intended to detect and repel attacks. These controls involve including functionality in a system that monitors its operation and checks for unusual patterns of activity.
3. Exposure limitation and recovery: Controls that support recovery from problems. These can range from automated backup strategies and information “mirroring” through to insurance policies that cover the costs associated with a successful attack on the system.

Question 3

What are the security dependability attributes?

Answer 3

1. Security and reliability: If a system is attacked and the system or its data are corrupted as a consequence of that attack, then this may induce system failures that compromise the reliability of the system. For example, failure to check the validity of an input may mean that an attacker can inject and execute malicious code.
2. Security and availability: A common attack on a web-based system is a denial-of-service attack, where a web server is flooded with service requests from a range of different sources.
3. Security and safety: The key problem is an attack that corrupts the system or its data. Safety checks are based on the assumption that we can analyse the source code of safety-critical software and that the executing code is a completely accurate translation of that source code.
4. Security and resilience: This is a system characteristic that reflects its ability to resist and recover from damaging events.

Question 4

What security policies must organizations document?

Answer 4

1. The assets that must be protected: It is not cost-effective to apply stringent security procedures to all organisational assets. Many assets are not confidential and can be made freely available.
2. The level of protection that is required for different types of asset: For sensitive personal information, a high level of security is required; for other information, the consequences of loss may be minor so a lower level of security is adequate.
3. The responsibilities of individual users, managers and the organisation: The security policy should set out what is expected of users e.g., strong passwords, log out of computers, office security, etc.
4. Existing security procedures and technologies that should be maintained: For reasons of practicality and cost, it may be essential to continue to use existing approaches to security even where these have known limitations.

Question 5

What are the stages of risk assessment?

Answer 5

1. Preliminary risk assessment: The aim of this initial risk assessment is to identify generic risks that are applicable to the system and to decide if an adequate level of security can be achieved at a reasonable cost.
2. Design risk assessment: This risk assessment takes place during the system development life cycle and is informed by the technical system design and implementation decisions.
3. Operational risk assessment: This risk assessment process focuses on the use of the system and the possible risks that can arise. For example, when a system is used in an environment where interruptions are common, a security risk is that a logged-in user leaves his or her computer unattended to deal with a problem.

Question 6

Why is security more of a problem than safety?

Answer 6

1. When considering safety, you can assume that the environment in which the system is installed is not hostile.
2. When system failures occur that pose a risk to safety, you look for the errors or omissions that have caused the failure.
3. It is usually acceptable to shut down a system or to degrade system services to avoid a safety-related failure.
4. Safety-related events are accidental and are not created by an intelligent adversary.

Question 7

What are the 10 types of security requirements included in a system specification?

Answer 7

1. Identification requirements specify whether or not a system should identify its users before interacting with them.
2. Authentication requirements specify how users are identified.
3. Authorisation requirements specify the privileges and access permissions of identified users.
4. Immunity requirements specify how a system should protect itself against viruses, worms, and similar threats.
5. Integrity requirements specify how data corruption can be avoided.
6. Intrusion detection requirements specify what mechanisms should be used to detect attacks on the system.
7. Nonrepudiation requirements specify that a party in a transaction cannot deny its involvement in that transaction.
8. Privacy requirements specify how data privacy is to be maintained.
9. Security auditing requirements specify how system use can be audited and checked.
10. System maintenance security requirements specify how an application can prevent authorized changes from accidentally defeating its security mechanisms.

Question 8

What are the security requirements strategies?

Answer 8

1. Risk avoidance requirements set out the risks that should be avoided by designing the system so that these risks simply cannot arise.
2. Risk detection requirements define mechanisms that identify the risk if it arises and neutralize the risk before losses occur.
3. Risk mitigation requirements set out how the system should be designed so that it can recover from and restore system assets after some loss has occurred.

Question 9

What are the risk assessment processes for security requirements?

Answer 9

1. Asset identification, where the system assets that may require protection are identified. The system itself or particular system functions may be identified as assets as well as the data associated with the system.
2. Asset value assessment, where you estimate the value of the identified assets.
3. Exposure assessment, where you assess the potential losses associated with each asset. This process should take into account direct losses such as the theft of information, the costs of recovery, and the possible loss of reputation.
4. Threat identification, where you identify the threats to system assets.
5. Attack assessment, where you decompose each threat into attacks that might be made on the system and the possible ways in which these attacks may occur.
6. Control identification, where you propose the controls that might be put in place to protect an asset.
7. Feasibility assessment, where you assess the technical feasibility and the costs of the proposed controls.
8. Security requirements definition, where knowledge of the exposure, threats, and control assessments is used to derive system security requirements.