CS 573- Information Security

Instructor:
Dr. Haseeb Ur Rahman
Department of CS&IT, University of Malakand

Discovering Computers 2012: Chapter 1 Proprietary: Dr. M. Faisal

 CIPHERS
Additive
Multiplicative
Affine
Security kernels and Secure programming
 Security kernel: In computer and communications security, the central part of a
computer or communications system hardware, firmware, and software that
implements the basic security procedures for controlling access to system
resources.
 The security kernel stores the hardware descriptor and returns a reference to the
descriptor to the process for subsequent use.
 A hardware descriptor includes an object reference and the authorized access
permissions for that process.
 Secure programming is a way of writing codes in a software so that it is protected
from all kinds of vulnerabilities, attacks or anything that can cause harm to the
software or the system using it.
 Because it deals with securing the code, secure programming is also known
as secure coding
Information Auditing (IA )and
Intrusion detection and response (ID&R)
 The information audit (IA) extends the concept of auditing holistically from
a traditional scope of accounting and finance to the
organizational information management system. 
 Information is representative of a resource which requires effective
management and this led to the development of interest in the use of an IA.
 An intrusion detection system (IDS) is a device or software application that
monitors a network or systems for malicious activity or policy violations.
 Any intrusion activity or violation is typically reported either to an
administrator or collected centrally using a security information and event
management (SIEM) system.
 A SIEM system combines outputs from multiple sources and uses alarm
filtering techniques to distinguish malicious activity from false alarms.
Operational security issues, Physical
security issues and Personnel security
 There are two types of operational security problems: Accidental
misconfigurations: These are accidental in nature, and are by far the
most frequent type of operational issues.
 Mistyping a value such as computer name is one example, or forgetting
statements in a firewall is another example.
 Physical Security issues includes protection from fire, flood, natural
disasters, burglary, theft, vandalism and terrorism. 
 Physical security is often overlooked -- and its importance
underestimated -- in favor of more technical threats such as hacking,
malware, and cyber espionage.
 Personnel security protects your people, information, and assets by
enabling your organization to: reduce the risk of harm to your people,
customers and partners. reduce the risk of your information or assets
being lost, damaged, or compromised.
Policy formation and enforcement, Access
controls,
 In a computing context, policy enforcement typically refers to
the creation, categorization, management, monitoring, and
automated execution of a specific set of requirements for use of a
computer or communications network.
 That is, not only the enforcement of policies but policy definition,
application, and management.
 Access control is a method of guaranteeing that users are who they
say they are and that they have the appropriate access to company
data.
 At a high level, access control is a selective restriction of access to
data.
Information flow, Legal, privacy and social issues,
 Information flow is the movement of information between people
and systems.
 Efficient and secure information flows are a central factor in the
performance of decision making, processes and communications.
 LEGAL, Privacy and Social issues are:
 Evidence collection, searching of private premises, obtaining samples
for genetic and various biochemical examinations, and questioning
suspects are all parts of a forensic investigation.
 Although the need to acquire evidence is pressing, the need to
preserve and protect the privacy and liberty of individuals is also
paramount.
 Classification and trust modelling
 In information security, computational trust is the generation of trusted
authorities or user trust through cryptography.
 In centralized systems, security is typically based on the authenticated identity
of external parties.
Trust and reputation model can be characterized as:
Cognitive
In models based on a cognitive approach, Trust and reputation are made up of
beliefs and are a function of the degree of these beliefs.
Neurological
In neurological trust models based neurological theories on the interaction
between affective and cognitive states are modeled on a neurological level as
well by using theories on the embodiment of emotions.
Game-theoretical
In this approach, trust and reputation are not the result of a mental state of the
agent in a cognitive sense, but the result of a more practical game with utility
functions and numerical aggregation of past interactions.
Database security, Host-based and network-based
security issues
 Database security refers to the range of tools, controls, and
measures designed to establish and preserve
database confidentiality, integrity, and availability.
 Host-based intrusion detection systems are aimed at collecting
information about activity on a particular single system, or host.
 The host-based intrusion detection system can detect internal
changes (e.g., such as a virus accidentally downloaded by an
employee and spreading inside your system),
 Network-based intrusion detection systems offer a different
approach. “These systems collect information from the network
itself,” rather than from each separate host.
 while a network-based IDS will detect malicious packets as they
enter your network or unusual behavior on your network such as
flooding attacks.