SHAMMAH NJENGA

ID: 659033
UNITED STATES INTERNATIONAL UNIVERSITY - AFRICA
SCHOOL OF COMPUTING
ISC 6110 NETWORK SECURITY & MANAGEMENT

Abstract
With the advent of new attack surfaces, Information security cannot be only confined to select
technical approaches but also incorporate a wholesome perspective of securing systems that
organizations rely on to keep their information secure. It is proven beyond reasonable doubt
that, information related to intelligence as well as financial systems rest on the apex of the
information security trust scale. In the coming dispensation, humanity will still be surrounded
by billions of devices as we inch closer into the realm of internet of things (IoT) our
overreliance on machine-to-machine systems to govern and initiate decisions on our behalf
which implicates on the level of trust we accord within our day to day human to machine
interactions. Trust is generally achieved by cryptographic extents, use of defined digital
signatures, and electronic certificates. Aside from the identified technical aspects, human
dynamics should also be considered since it is an aspect that greatly impacts the integrity of
data with regards to personal and selfish agendas. This warrants for a discussion on how
important trust should be handled and communicated. This paper critiques existing frameworks
and suggests a wholistic approaches to administrating trust in information systems through
dynamic firewalling capabilities, port knocking prevention, advancement of traditional
methods like unused ports blocking and redefined human-interest control over information
systems.

Keywords

Information Security, Trust, Zero Trust Model, Confidentiality, Integrity, Availability

Introduction

Identity is becoming a key concern since every communication relies on the proof that the
entity in communication truly is who they say they are, this forms the fundamental of trust in
information systems. Techniques in place have birthed the fast-growing industry of “trust as a
service” since many ecosystems fear the sidelines of identity management which gives rise to
third party authentication like Facebook, Google, GitHub and Microsoft. Management controls
are the methods which can be both administrative, methodological as well as technical
commonly put in place to roll out a given set of security policy(s). Traditional controls were
equivocally implored with keeping information and information systems in a state considered
to be safe, but beyond this percept bears much more than a given machine/endpoint specific
role in pursuing security measures that build on trust across the security domain. In order to
build trust, this should be a wholesome effort, the idea of a system being iron clad only to the
level of its weakest and vulnerable link is not farfetched since any trust management controls
in place from a management view only cascades down if it had been accepted by the users.
Effectiveness of trust should encompass the physical security, classification of
data/information, business continuity plans, incidence response plans and literal awareness
creation. A key distinction between technical and procedural models is prudent to be discussed,
since where technical approaches do not work as per expectations, it is anticipated that
procedural methods can be able to combat trust functions. Example given, in the military
environment, from a systems perspective, if users are not allowed to perform a write down yet
a classified level document is revealed to a low class officer due to social networking or social
engineering, might refer to a situation where technical procedures prevail yet procedural one
fails due to human bargains or not creating enough awareness on the importance of trust within
the information security domain.

This paper begins by providing a background of why trust is considered of significance in

information systems security by reviewing previous works done across time and geographies,
it further proceeds to mention about the Confidentiality, Integrity and Availability (CIA)
framework, zero trust model and the Bell-LaPadula Model framework which attempt to address
trust as a construct of interest in information systems. Finally, it concludes by offering
contributions on why and how to increase trust within information systems security as well as
identification of future works in the same domain.
Background & Related Works

Trust has always been referred as a gem due to its delicate nature, it’s revolution around human
psychology being the anchoring factor around the predisposed intricate nature. The construct
of not believing at surface value what the person next door says or purports to say who they
are but rather only after a critical review of provided evidence, is the core fundamentals factors
that build a black box around trust-based relationships. Understanding trust from a day to day
perspective pipes up the conversations around what happens to the intricacies that complicate
granting access to information systems in the modern day. Trust within information security
can be generally classified within the CIA triad of Confidentiality, Integrity and
Authentication; any mechanism that attempts to undermine any of these facets are considered
to breach the trust metric with an Information Technology (IT) artefact. The CIA triad is further
extrapolated by the Authentication, Authorization and Accounting (AAA) model, which will
be further discussed in the next section.

The two models, CIA and AAA as explored by (Obiora Nweke, 2017) infer Authentication as
the process of delivering proof of who you suggest you are via something you know, something
you are or something you have to fully imply yourself after identification. Authorization can
be described as provision of legal/ predefined access based on the credentials provided where
in the army least privilege; any additional rights accorded to a user might provide avenues for
information systems security infringements. Accounting basically keeps a log of what an
authorized user does within the confines of an information system to encourage non-
repudiation and forensic purposes. Trust in IS by extensions resonates with these components
as further studies from (Ruo Yun, Andrew, Korryn, 2019) suggest that no system is secure thus
it cannot be 100% trustworthy but design with the CIA and AAA frameworks in mind foster
for trust sensations in IS.

In an attempt to put a conceptualization format in the broad field of trust within information
systems(IS), (Jensen et al., 2016), discuss access control, technical security, social security as
the fundamental building blocks of IS trust. Access control as interpreted by the researchers to
be mechanisms designed to methodologically bar unauthorized users from accessing an IT
artefacts or resources fully administered by a system as well as every authenticated user only
accessing what they are authorized to during their tenure in a given system. They are broadly
classified into Mandatory; where global rules that define which system facets are accessible by
who are centrally administered and cascaded to all levels of use voiding out the possibility of
a single entity to manipulate these set rules. On the other hand, discretionary methods give the
owner of the artefact the capabilities to set or edit some entities on the security setup in order
to granularly fit their requirements as shown in Figure 1 below.

Figure 1: Discretionary Methods

Jensen further related technical trust as policies that bank on pre-authenticated identities of the
entity making a request for a given resource disposable to them. It forms the basis of
identification and authentication whereby identification is the establishment of the identity of
who the entity suggests to be while authentication builds on the concept of verification who
the user is. Case in point having a valid email address is first identification while holding the
right password to access your emails being the verification of who you are. Their research also
uncovered that factors which impose trust variations in systems include the effect of
management, religious affiliations, legislations, peer influence as well as social norms that
drive trust levels around information systems.

A study conducted by (Vance et al., 2008) revealed that the impact of an IT artefact on user’s
trusting beliefs are very significant in the sense that the design of an information system should
be critically reviewed in researches under trust reviewability. They further realized that, the
extent of trust in a piece of information system will most likely be manifested in the intention
to adapt it, willingness shows higher trust levels while the contrary is true. Navigational edifice
and visual petition were also extracted as key factors that act as building blocks for trust
establishment in information systems. designers can now pay specific attention to visual
components as an element to build on trust from users. (Dennis, 2017) contributed further to
this ideology by splitting trust in information security across individual entities rather than
focusing on user aesthetics; he suggests that information system security has to migrate from
ancient trust definition to actual customer trust which can be handled via intraorganizational,
interorganizational and institutional trust. They are brought about when multiple users agree to
a common use case in point enterprise resource systems that expose extranets to partners and
client bases. The concept of uncertainty was also studied by Dennis as a hypothesis that
addresses perception management which refers to objective and measurable uncertainty being
a driver to what a customer perceives with regards to information security. The proposed
framework within the study which combined exploratory knowledge on the myriad
components of trust and with management approaches that can have a positive influence on a
newly devised perspective of trust as an information system security construct.

Existing Frameworks

1. CIA Framework

The CIA triangle is a metric for information security trust management since IS influences the
trust setup within each setup. The measures in place protect valuable entities which ensure
primary elements that must be included to protect data in transit, processing as well as in
storage. The three goals within the CIA triad considered to be of importance are confidentiality,
integrity and availability that govern all fundamental efforts to build trust in information
systems security.

Figure 2: CIA Triad

Confidentiality - involves segregation or denial of access to information from unauthorized

users with special emphasis on the protection of data. This relates to trust since control over
information security necessitates control over data that is protected or defined for specific use.
Integrity - the emphasis on this facet is, information is securely maintained in an accurate state
as well as consistent over time unless only authorized users make changes to it. it is significant
to trust since end users of information security handle high risk data requiring consistent
integral format. Availability - At the very least definition, concerns itself with information
systems being available promptly as required. The reliability that an information system
possesses build on the trust requirements since effective security solutions ensure systems are
not only reliable but accessible on demand. As defined by (Andress & Winterfeld, 2014) the
information security personnel, or the individual user to decide on which goal should be
prioritized based on actual needs. Prioritizing which side of the triangle works for your
organization is a strategic move that defines different priorities at a given timescale. The CIA
model is further extended to Accounting, Authorization and Authentication of information
systems.

Gaps identified

Humans are the biggest risks when it comes to the CIA triad, it is always mentioned that an
information system is as secure as the least educated employee. Education in this sense entails
awareness of security policies in place to attempt to secure the trust of an information system
security. Man-in-the-middle attacks are the biggest attack vectors that ill intent users might use
to counter the confidentiality and integrity of the system. Replay attacks and re-origination can
be used to manipulate data in transit challenging the CIA triad, the model seeks new ways to
address these challenges.

2. Zero Trust Framework

The Zero Trust Model is depicted as an information security framework where entities should
not trust any entity within or without their perimeter at any given time. It provides the
transparency and an in-control perception that is required keep information safe and manage
within the business ecosystem. The focus is on the technology artefacts like information rather
than network segments which also enhances focus on over-the-air resources also referred to as
cloud resources. Initially, the notion of; whoever has been authenticated is well authorized to
access any system facets has been revolutionized with the Zero Trust model to enforce an
always-verify assets even within a "safe" or cleared environment. Trust is always questioned
in this model irrespective of the level thus ensuring a consistent view of information. It retracts
the need to extend more than enough trust levels to system objects.
The cycle is defined in image 3; where a user is verified, validated and limits applied as per the
authorization required by the entity attempting to access the information system, this maintains
a trust nature within information system security.

Figure 3: Zero Trust Cycle

“The strategy around Zero Trust boils down to don’t trust anyone. We’re talking about, ‘Let’s
cut off all access until the network knows who you are. Don’t allow access to IP addresses,
machines, etc. until you know who that user is and whether they’re authorized,’” says Charlie
Gero, CTO of Enterprise and Advanced Projects Group at Akamai Technologies in Cambridge,
Mass.

According to (Ruo Yun, Andrew, Korryn, 2019) no system is secure which is proven by the
(Access, 2019) who record that 48% of organizations want to improve endpoint security,
remediation prior to access, 45% of organizations fear unauthorized app/resource access
including lax authentication or encryption, 44% want to fortify network and cloud access
visibility and resource segmentation since trust is not necessarily determined by location or
other physical attributes like IP address. This model further enhances trust by offering
transparency irrespective of the channel of access.

Gaps identified

Network locality or physical location is not sufficient a factor to fence a trusted or untrusted
network of an information security system, depending on how cloud deployments are implored
the aspect of distributed networks impact the way the zero-trust model works. Secondly
undefined communications like peer to peer models within Windows 10 as well as other
operating systems poise a security threat against this model.
 3. Bell-LaPadula Model

The Bell-LaPadula trust model was initially proposed by David Elliott Bell and Leonard J.
LaPadula with a major bias of enforcement of trust in the military background and government
structures where the subjects are clearly defined in form of trust and accessibility of
information. As specific focus on data confidentiality (which is a major trust factor as
discussed in the first model), the model addresses typically environments where a clear
separation between protection and security is not defined.

Figure 4: Bell-LaPadula Facets

The following properties that govern its working:

- Simple Security Property: “No-read-up”; an entity at a specific clearance level cannot

access an object at a higher system classification level. Example given, subjects with a
Secret clearance cannot access Top Secret objects.
- Security Property: “No-write-down”; a system entity at a higher clearance level cannot
write to a lower classification system entity. For instance: Users who are using a Top-
Secret system cannot share a document with users of a Secret system.
- Strong Tranquility Property: Identified security labels are guaranteed not to change
while the system is in operation.
 - Weak Tranquility Property: In an instance that defined security labels change, they
should not conflict with the established security properties.

Gaps Identified

This model constitutes some limitations which provides pathways to further research, first, it
only tackles issues around confidentiality of information, control of writing of data sets and
discretionary access control policies leaving out matters around integrity of data as well as
authentication which considered important for a standalone framework to be implemented end-
to-end. Secondly, covert channels aren't addressed comprehensively which describes passing
around information in pre-arranged actions. Lastly, the tranquility policy discussed above ties
its usefulness only to systems where security entities do not change quite often specifically
allowing managed read/writes via allowed subjects.

Contributions

As discussed above, covert channels; which are avenues of sharing information created that are
outside the allowed scope of a computer security policy document, this can be reduced
significantly by careful design and analysis example given firewall specific configurations
against port knocking like the intervals allowed in milliseconds between connection retrials to
aid in arbitrary formation of secured ports. Second suggestion to countermeasure covert
channels, after their identification includes; limiting bandwidth across the channel dynamically
could aid combat unscrupulous connections which can further be audited to conceive their
intended intentions. Lastly involves an extended eye on traditional yet effective methods like
blocking unrequired protocols example given ICMP commonly used for ping services i.e. host-
up look ups. Dynamic host solution can be accomplished by administering a service or cron to
check for unscrupulous attempts to access a given port then dynamically modify existing
configurations in a firewall to combat such attempts. Finally, on the human aspect, trust is
cultured over time and by setting clear boundaries on moral compasses within a group of
people; as explained by

Conclusion & Future Works

This paper has considered trust in information system as a wholesome umbrella that governs
how security policies are built, a measure of the effectiveness of existing policies as well as
contributions from researchers across time. An overview of what the impact of trust is and
could be is given across the study. As explained by (Zander et al., 2007) additional analysis of
TCP packets to modulate the IP Time To Live value, packet rate timing, message sequencing,
modulation of timestamps could be avenues to better existing solutions in network security
trust since the trust cycle in information security begins from the aspect of packet transfers on
layer one of the Open Systems Interconnect (OSI) model. More research should also be
conducted on a wholesome taxonomy and definition of what trust means in information
security as well as avenues of capacity estimation of existing methods to maintain trust at
acceptable levels.

References

Access, S. (2019). Demystifying Zero Trust Network Access.

Andress, J., & Winterfeld, S. (2014). The Basics of Information Security: Understanding the
Fundamentals of InfoSec in Theory and Practice: Second Edition. 1–217.

Dennis, M. (2017). TRUST MANAGEMENT Research in Progress. 1–13.

Jensen, C., Jensen, C., Importance, T., Ifip, S., Conference, I., & Jensen, C. D. (2016). The
Importance of Trust in Computer Security To cite this version : HAL Id : hal-01381672
The Importance of Trust in Computer Security. 1–12.

Obiora Nweke, L. (2017). Using the CIA and AAA Models to Explain Cybersecurity
Activities. PM World Journal, 6(12), 1–3. www.pmworldlibrary.net

Ruo Yun, Andrew, Korryn, C. (2019). No System is Secure. Data and Society.

Vance, A., Elie-dit-cosaque, C., & Straub, D. W. (2008). Examining Trust in Information
Technology Artifacts : The Effects of System Quality and Culture. 24(4), 73–100.
https://doi.org/10.2753/MIS0742-1222240403

Zander, S., Armitage, G., & Branch, P. (2007). Covert channels and countermeasures in
computer network protocols. IEEE Communications Surveys and Tutorials, 9, 44–57.
https://doi.org/10.1109/COMST.2007.4317620