|
Computer Security: A Practical DefinitionDefining "computer security" is not trivial. The difficulty lies in developing a definition that is broad enough to be valid regardless of the system being described, yet specific enough to describe what security really is. In a generic sense, security is "freedom from risk or danger." In the context of computer science, security is the prevention of, or protection against,
This can be re-stated: "Security is the ability of a system to protect information and system resources with respect to confidentiality and integrity." Note that the scope of this second definition includes system resources, which include CPUs, disks, and programs, in addition to information. A Taxonomy of Computer SecurityComputer security is frequently associated with three core areas, which can be conveniently summarized by the acronym "CIA":
A strong security protocol addresses all three of these areas. Take, for example, Netscape's SSL (Secure Sockets Layer) protocol. It has enabled an explosion in ecommerce which is really about trust (or more precisely, about the lack of trust). SSL overcomes the lack of trust between transacting parties by ensuring confidentiality through encryption, integrity through checksums, and authentication via server certificates (see Chapter 15 of Unix System Security Tools). Computer security is not restricted to these three broad concepts. Additional ideas that are often considered part of the taxonomy of computer security include:
These additional elements don't neatly integrate into a singular definition. From one perspective, the concepts of privacy, confidentiality, and security are quite distinct and possess different attributes. Privacy is a property of individuals; confidentiality is a property of data; and security is a property assigned to computer hardware and software systems. From a practical perspective, the concepts are interwoven. A system that does not maintain data confidentiality or individual privacy could be theoretically or even mathematically "secure," but it probably wouldn't be wise to deploy anywhere in the real world. A Functional ViewComputer security can also be analyzed by function. It can be broken into five distinct functional areas:3
Analyzing security by function can be a valuable part of the security planning process; a strong security policy will address all five areas, starting with recovery. This book, however, is primarily concerned with prevention and detection. Security DomainsComputer security is also frequently defined in terms of several interdependent domains that roughly map to specific departments and job titles:
This text is solely concerned with the latter two. System and network security are difficult, if not impossible, to separate in a UNIX system. Nearly every UNIX distribution in the past fifteen years has included a TCP/IP protocol implementation as well as numerous network services such as FTP, Telnet, DNS, and, more recently, HTTP. A Practical DefinitionIn the spirit of practicality, I like the straightforward definition promulgated by Simson Garfinkel and Gene Spafford in Practical UNIX & Internet Security: "A computer is secure if you can depend on it and its software to behave as you expect."4 In essence, a computer is secure if you can trust it. Data entered today will still be there tomorrow in unaltered form. If you made services x, y, and z available yesterday, they're still available today. I also like the practical definition offered by Tomas Olovsson, which is narrowed a bit: "A secure system is a system on which enough trust can be put to use it together with sensitive information."5 These practical definitions circumvent an obvious element: a secure system should be hard for unauthorized persons to break into -- i.e., the value of the work necessary for an unauthorized person to break in should exceed the value of the protected data. Increasing attacker workload and the risks of detection are critical elements of computer security. For the purposes of this book, I define "system security" as: The ongoing and redundant implementation of protections for the confidentiality and integrity of information and system resources so that an unauthorized user has to spend an unacceptable amount of time or money or absorb too much risk in order to defeat it, with the ultimate goal that the system can be trusted with sensitive information. 2. Bryan Pfaffenberger, Webster's New World Dictionary of Computing Terms, Sixth Ed. (New York: Simon and Schuster, 1997). Copyright © 1999 by The McGraw-Hill Companies. Used with permission. HTML Copyright © 1999 Albion.com. |
|
|
Copyright © 1990-2006 Albion.com and Seth T. Ross
|
|||