Computer Science and Information Systems 499-01/899P01 ( 2000 Fall )

INFORMATION SECURITY

Textbook and

References:

Textbook:

· Matt Bishop, Introduction to Computer Security, Addison Wesley, 2004. ISBN: 0-321-24744-2.

References:

· Charles P. Pfleeger and Shari L. Pfleeger, Security in Computing, Prentice Hall, Upper Saddle River, NJ 07458, 3^rd edition, 2003. ISBN: 0-13-035548-8.

· Ed Skoudis, Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Prentice Hall, Upper Saddle River, NJ 07458, 2002. ISBN: 0-13-033273-9.

· Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, John Wiley & Sons, Inc., 2001. ISBN 0-471-38922-6.

Grading Scheme:

90.0 -- 100% A = 450 -- 500 Points

80.0 -- 89.9% B = 400 -- 449 Points

70.0 -- 79.9% C = 350 -- 399 Points

60.0 -- 69.9% D = 300 -- 349 Points

00.0 -- 59.9% F = 000 -- 299 Points

Tentative Point Distribution:

Tests 2 * 100 points each 200 Points 40%

Project 1 * 100 points each 100 Points 20%

Assignments 6 * 20 points each 120 Points 24%

Participation Attendance + Involvement 80 Points 16%

---------------------------------------------------------------------------------------------------

TOTAL: 500 Points 100%

Important Note: I reserve the right to change this grading system as the course progresses and various circumstances develop.

Tests:

Two tests will be given. Each test will cover the material from that unit only. Test questions will consist of multiple choices, fill blanks, programming, and/or essay questions. Questions will cover topics discussed in class that may or may not be covered in the textbook. Students are encouraged to attend class often so as to maximize their exam scores.

Projects:

There is one course project in this course worth 100 points. The project is intended to test the range of knowledge sets and skills developed by students in their prior CS/SWE/IT courses and this course as well. Each student will work as a member of a 2~4-person team to complete one research topic in information security. More details about the nature of the project, suggested topics, grading policy, deliverables, and the instructor's expectations will be provided as a separated handout in class. Each student is expected to contribute equally to the success of the project and to participate in the presentation of the final results. Grading will be subjective based on the quality and completeness of the project.

Assignments:

Assignments are individual work testing the understanding of the course materials. Students should complete their assignments independently and turn in their solutions in time according to the assignment requirements.

Thesis/Research Topics:

As information security represents a challenging research arena in Computer Science / Software Engineering / Information Technology, many topics covered in this course are potential research topics for your MS thesis projects. Some of the topics will be briefly discussed in class. More details will be provided by the instructor upon request. Please contact the instructor if you are interested in doing MS thesis in Information Security, or visit the instructor’s web page at http://lovelace.spsu.edu/jwang/.

Late Work:

All assignments and deliverables, including all project progress reports, source code, presentations, group reports, individual reports, homework assignments, and peer evaluations, are due at the beginning of the class time on the due date. Any late item will be discounted by 10 points per hour delay. Students should be responsible for their homework and project result reaching the instructor in time. (Don't trust the department drop-box.)

Makeup Tests:

You must contact the instructor prior to the test to explain your reasons for being absent in the test. The instructor will decide whether a makeup test is allowed or not. If your application for a makeup test is accepted, in any case, the makeup test must be done before the next scheduled class unless you could provide official documents from the Student Health Service or the Office of the Senior Vice President for Academic Affairs for attending authorized and official University activities.

No makeup project-work (reports or presentations) are allowed.

Class Participation:

Class participation includes class attendance, contributions during class discussion, and sense of teamwork. Class participation will contribute to your overall grade up to 80 points. The instructor expects you to attend lectures regularly and to arrive on time. Attendance checking (roll-call) will be conducted at the beginning of each class. Students are responsible to inform the instructor their attendance if they miss the roll call but actually attend the class. Your attendance grade for each class time is determined by the following grading sheet for this summer semester:

Class attendance Time T (minute)	Late or Left-early by (minute)	Your Attendance Grade
T ≥ 100	< 10	3
90 ≤ T < 100	< 20	2
60 ≤ T < 90	< 40	1
T < 60	≥ 50	0
Approved absence		1.5

Maximum attendance grade: 3 * 16 = 48 points.

You are responsible for all course work. Being absent does not excuse work from the stated due dates. In addition to attendance, there will be a contribution grade to encourage class discussion and sense of teamwork. You can earn up to 32 points in the whole semester by

actively asking/answering questions – maximum grade: 16 points
being a good team player – maximum grade: 10 points
providing accurate peer evaluations – maximum grade 6 points

Academic Dishonesty:

SPSU values academic integrity. Therefore all students must understand the meaning and consequences of cheating, plagiarism and other academic offenses. Work submitted for this course must represent your own efforts. Copying assignments or tests, or allowing others to copy your work, will not be tolerated. Note that introducing syntactic changes into a copied program is still considered plagiarism. The grade for all involved parties for any course work (homework, assignment, project, programming, or test) will be zero if plagiarism is evidenced.

Academic dishonesty is an extremely serious offense. All cases of academic dishonesty will be dealt with in accordance with the policies of the University as published in the Undergraduate Catalog and Graduate Student Handbook. Penalties may include expulsion from the University.

Disability:

Students with disabilities who believe that they may need accommodations in this class are encouraged to contact the counselor working with disabilities at 678-915-7226 as soon as possible to better ensure that such accommodations are implemented in a timely fashion.

Return and Destruction of Papers:

Homework, floppy disks, and other completed class assignments will be brought to class once to be returned after they are graded. If you are absent on a day that a paper is returned you will need to arrange to pick up the paper in the instructor's office. All tests and papers may be destroyed after the end of the first week of the following semester. Test papers will not be returned and you will not be allowed to keep or to photocopy exams. You may examine your tests in the instructor's office during scheduled exam review periods.

Course Homepage:

The URL for the course homepage is:

http://webct.usg.edu/

You will need a WebCT account to access the course web site.

Course Description

Prerequisites: CS 5123: Advanced Programming and Data Structures; and CS 5423: Mathematical Structures for Computer Science

Catalog Description:

This course covers the fundamentals of computing security, access control technology, cryptographic algorithms, implementations, tools and their applications in communications and computing systems security. Topics include public key infrastructure, operating system security, database security, network security, web security, firewalls, security architecture and models, and ethical and legal issues in information security.

Additional Description:

This course covers a variety of topics that will prepare those students who wish to develop a skill set in information security or who wish to enhance their current computer science expertise by gaining additional knowledge in the field of computing security.

The topics will range from operating systems security, database security, program security, network security, wireless security, legal and ethical issues, access controls, cryptography and risk management. Students will also be instructed in how to design and create disaster recovery plans, computer policies and standards, system security architectures and physical security controls. Legal aspects of computer security will also be covered as will auditing in a secured environment and managing as a day-to-day security administrator. In-class project and assignments will focus upon critical thinking for security managers in mainframe, midrange and network environments as well as research assignments and basic policy creation. Reading and assignments will also provide additional insight to selected topics during the semester.

Course Objectives:

The course covers a wide range of skills for information security. On completion of this course, students should be able to

Establish a working knowledge to understand the basic concepts and principles of information security and information assurance.
Identify key issues and solutions in the important areas of information security and assurance and understand how those solutions work.
Design, execute, or evaluate personal or organizational security procedures and practices, assessing the risk to information assets from vulnerabilities and exploits.
Integrate advisories and alerts into security practices and procedures.
Identify the security risks that need to be addressed and apply appropriate techniques to secure and protect information systems while performing their tasks.

As a part of your general education, this course will also help you to

Communicate (written and verbally) about a complex, technical topic simply and coherently.
Work and interact collaboratively in groups to examine, understand and explain key aspects of information security.

Course Outline:

Chapter 1. An Overview of Computer Security.

1.1 The Basic Components.

1.1.1 Confidentiality.

1.1.2 Integrity.

1.1.3 Availability.

1.2 Threats.

1.3 Policy and Mechanism.

1.3.1 Goals of Security

1.4 Assumptions and Trust.

1.5 Assurance.

1.5.1 Specification.

1.5.2 Design.

1.5.3 Implementation.

1.6 Operational Issues.

1.6.1 Cost-Benefit Analysis.

1.6.2 Risk Analysis.

1.6.3 Laws and Customs.

1.7 Human Issues.

1.7.1 Organizational Problems.

1.7.2 People Problems.

1.8 Tying It All Together.

Chapter 2. Access Control Matrix.

2.1 Protection State.

2.2 Access Control Matrix Model.

2.3 Protection State Transitions.

2.3.1 Conditional Commands.

Chapter 3. Foundational Results.

3.1 The General Question.

3.2 Basic Results.

Chapter 4. Security Policies.

4.1 Security Policies.

4.2 Types of Security Policies.

4.3 The Role of Trust.

4.4 Types of Access Control.

4.5 Example: Academic Computer Security Policy.

4.5.1 General University Policy.

4.5.2 Electronic Mail Policy.

4.5.2.1 The Electronic Mail Policy Summary.

4.5.2.2 The Full Policy.

4.5.2.3 Implementation at UC Davis.

Chapter 5. Confidentiality Policies.

5.1 Goals of Confidentiality Policies.

5.2 The Bell-LaPadula Model.

5.2.1 Informal Description.

5.2.2 Example: The Data General B2 UNIX System.

5.2.2.1 Assigning MAC Labels.

5.2.2.2 Using MAC Labels.

Chapter 6. Integrity Policies.

6.1 Goals.

6.2 Biba Integrity Model.

6.3 Clark-Wilson Integrity Model.

6.3.1 The Model.

6.3.2 Comparison with the Requirements.

6.3.3 Comparison with Other Models.

Chapter 7. Hybrid Policies.

7.1 Chinese Wall Model.

7.1.1 Bell-LaPadula and Chinese Wall Models.

7.1.2 Clark-Wilson and Chinese Wall Models.

7.2 Clinical Information Systems Security Policy.

7.2.1 Bell-LaPadula and Clark-Wilson Models.

7.3 Originator Controlled Access Control.

7.4 Role-Based Access Control.

Chapter 8. Basic Cryptography.

8.1 What Is Cryptography?

8.2 Classical Cryptosystems.

8.2.1 Transposition Ciphers.

8.2.2 Substitution Ciphers.

8.2.2.1 Vigenère Cipher.

8.2.2.2 One-Time Pad.

8.2.3 Data Encryption Standard.

8.2.4 Other Classical Ciphers.

8.3 Public Key Cryptography.

8.3.1 RSA.

8.4 Cryptographic Checksums.

8.4.1 HMAC.

Chapter 9. Key Management.

9.1 Session and Interchange Keys.

9.2 Key Exchange.

9.2.1 Classical Cryptographic Key Exchange and Authentication.

9.2.2 Kerberos.

9.2.3 Public Key Cryptographic Key Exchange and Authentication.

9.3 Cryptographic Key Infrastructures.

9.3.1 Certificate Signature Chains.

9.3.1.1 X.509: Certification Signature Chains.

9.3.1.2 PGP Certificate Signature Chains.

9.4 Storing and Revoking Keys.

9.4.1 Key Storage.

9.4.2 Key Revocation.

9.5 Digital Signatures.

9.5.1 Classical Signatures.

9.5.2 Public Key Signatures.

Chapter 10. Cipher Techniques.

10.1 Problems.

10.1.1 Precomputing the Possible Messages.

10.1.2 Misordered Blocks.

10.1.3 Statistical Regularities.

10.1.4 Summary.

10.2 Stream and Block Ciphers.

10.2.1 Stream Ciphers.

10.2.1.1 Synchronous Stream Ciphers.

10.2.1.2 Self-Synchronous Stream Ciphers.

10.2.2 Block Ciphers.

10.2.2.1 Multiple Encryption.

10.3 Networks and Cryptography.

10.4 Example Protocols.

10.4.1 Secure Electronic Mail: PEM.

10.4.1.1 Design Principles.

10.4.1.2 Basic Design.

10.4.1.3 Other Considerations.

10.4.1.4 Conclusion.

10.4.2 Security at the Network Layer: IPsec.

10.4.2.1 IPsec Architecture.

10.4.2.2 Authentication Header Protocol.

10.4.2.3 Encapsulating Security Payload Protocol.

10.4.3 Conclusion.

Chapter 11. Authentication.

11.1 Authentication Basics.

11.2 Passwords.

11.2.1 Attacking a Password System.

11.2.2 Countering Password Guessing.

11.2.2.1 Random Selection of Passwords.

11.2.2.2 Pronounceable and Other Computer-Generated Passwords.

11.2.2.3 User Selection of Passwords.

11.2.2.4 Reusable Passwords and Dictionary Attacks.

11.2.2.5 Guessing Through Authentication Functions.

11.2.3 Password Aging.

11.3 Challenge-Response.

11.3.1 Pass Algorithms.

11.3.2 One-Time Passwords.

11.3.3 Hardware-Supported Challenge-Response Procedures.

11.3.4 Challenge-Response and Dictionary Attacks.

11.4 Biometrics.

11.4.1 Fingerprints.

11.4.2 Voices.

11.4.3 Eyes.

11.4.4 Faces.

11.4.5 Keystrokes.

11.4.6 Combinations.

11.4.7 Caution.

11.5 Location.

11.6 Multiple Methods.

Chapter 12. Design Principles.

12.1 Overview.

12.2 Design Principles.

12.2.1 Principle of Least Privilege.

12.2.2 Principle of Fail-Safe Defaults.

12.2.3 Principle of Economy of Mechanism.

12.2.4 Principle of Complete Mediation.

12.2.5 Principle of Open Design.

12.2.6 Principle of Separation of Privilege.

12.2.7 Principle of Least Common Mechanism.

12.2.8 Principle of Psychological Acceptability.

Chapter 13. Representing Identity.

13.1 What Is Identity?

13.2 Files and Objects.

13.3 Users.

13.4 Groups and Roles.

13.5 Naming and Certificates.

13.5.1 The Meaning of the Identity.

13.5.2 Trust.

13.6 Identity on the Web.

13.6.1 Host Identity.

13.6.1.1 Static and Dynamic Identifiers.

13.6.1.2 Security Issues with the Domain Name Service.

13.6.2 State and Cookies.

13.6.3 Anonymity on the Web.

13.6.3.1 Anonymity for Better or Worse.

Chapter 14. Access Control Mechanisms.

14.1 Access Control Lists.

14.1.1 Abbreviations of Access Control Lists.

14.1.2 Creation and Maintenance of Access Control Lists.

14.1.2.1 Which Subjects Can Modify an Object’s ACL?

14.1.2.2 Do the ACLs Apply to a Privileged User?

14.1.2.3 Does the ACL Support Groups and Wildcards?

14.1.2.4 Conflicts.

14.1.2.5 ACLs and Default Permissions.

14.1.3 Revocation of Rights.

14.1.4 Example: Windows NT Access Control Lists.

14.2 Capabilities.

14.1.5 Implementation of Capabilities.

14.1.6 Copying and Amplifying Capabilities.

14.1.7 Revocation of Rights.

14.1.8 Limits of Capabilities.

14.1.9 Comparison with Access Control Lists.

14.3 Locks and Keys.

14.3.1 Type Checking.

14.4 Ring-Based Access Control.

14.5 Propagated Access Control Lists.

Chapter 15. Information Flow.

15.1 Basics and Background.

15.1.1 Information Flow Models and Mechanisms.

15.2 Compiler-Based Mechanisms.

15.2.1 Declarations.

15.2.2 Program Statements.

15.2.2.1 Assignment Statements.

15.2.2.2 Compound Statements.

15.2.2.3 Conditional Statements.

15.2.2.4 Iterative Statements.

15.2.2.5 Goto Statements.

15.2.2.6 Procedure Calls.

15.2.3 Exceptions and Infinite Loops.

15.2.4 Concurrency.

15.2.5 Soundness.

15.3 Execution-Based Mechanisms.

15.3.1 Fenton’s Data Mark Machine.

15.3.2 Variable Classes.

15.4 Example Information Flow Controls.

15.4.1 Security Pipeline Interface.

15.4.2 Secure Network Server Mail Guard.

Chapter 16. Confinement Problem.

16.1 The Confinement Problem.

16.2 Isolation.

16.2.1 Virtual Machines.

16.2.2 Sandboxes.

16.3 Covert Channels.

16.3.1 Detection of Covert Channels.

16.3.2 Mitigation of Covert Channels.

Chapter 17. Introduction to Assurance.

17.1 Assurance and Trust.

17.1.1 The Need for Assurance.

17.1.2 The Role of Requirements in Assurance.

17.1.3 Assurance Throughout the Life Cycle.

17.2 Building Secure and Trusted Systems.

17.2.1 Life Cycle.

17.2.1.1 Conception.

17.2.1.2 Manufacture.

17.2.1.3 Deployment.

17.2.1.4 Fielded Product Life.

17.2.2 The Waterfall Life Cycle Model.

17.2.2.1 Requirements Definition and Analysis.

17.2.2.2 System and Software Design.

17.2.2.3 Implementation and Unit Testing.

17.2.2.4 Integration and System Testing.

17.2.2.5 Operation and Maintenance.

17.2.2.6 Discussion.

17.2.3 Other Models of Software Development.

17.2.3.1 Exploratory Programming.

17.2.3.2 Prototyping.

17.2.3.3 Formal Transformation.

17.2.3.4 System Assembly from Reusable Components.

17.2.3.5 Extreme Programming.

17.3 Building Security In or Adding Security Later.

Chapter 18. Evaluating Systems.

18.1 Goals of Formal Evaluation.

18.1.1 Deciding to Evaluate.

18.1.2 Historical Perspective of Evaluation Methodologies.

18.2 TCSEC: 1983 - 1999.

18.2.1 TCSEC Requirements.

18.2.1.1 TCSEC Functional Requirements.

18.2.1.2 TCSEC Assurance Requirements.

18.2.2 The TCSEC Evaluation Classes.

18.2.3 The TCSEC Evaluation Process.

18.2.4 Impacts.

18.2.4.1 Scope Limitations.

18.2.4.2 Process Limitations.

18.2.4.3 Contributions.

18.3 FIPS 140: 1994 - Present.

18.3.1 FIPS 140 Requirements.

18.3.2 FIPS 140-2 Security Levels.

18.3.3 Impact.

18.4 The Common Criteria: 1998 - Present.

18.4.1 Overview of the Methodology.

18.4.2 CC Requirements.

18.4.3 CC Security Functional Requirements.

18.4.4 Assurance Requirements.

18.4.5 Evaluation Assurance Levels.

18.4.6 Evaluation Process.

18.4.7 Impacts.

18.4.8 Future of the Common Criteria.

18.4.8.1 Interpretations.

18.4.8.2 Assurance Class AMA and Family ALC_FLR.

18.4.8.3 Products Versus Systems.

18.4.8.4 Protection Profiles and Security Targets.

18.4.8.5 Assurance Class AVA.

18.4.8.6 EAL5.

18.5 SSE-CMM: 1997 - Present.

18.5.1 The SSE-CMM Model.

18.5.2 Using the SSE-CMM.

Chapter 19. Malicious Logic.

19.1 Introduction.

19.2 Trojan Horses.

19.3 Computer Viruses.

19.3.1 Boot Sector Infectors.

19.3.2 Executable Infectors.

19.3.3 Multipartite Viruses.

19.3.4 TSR Viruses.

19.3.5 Stealth Viruses.

19.3.6 Encrypted Viruses.

19.3.7 Polymorphic Viruses.

19.3.8 Macro Viruses.

19.4 Computer Worms.

19.5 Other Forms of Malicious Logic.

19.5.1 Rabbits and Bacteria.

19.5.2 Logic Bombs.

19.6 Defenses.

19.6.1 Malicious Logic Acting as Both Data and Instructions.

19.6.2 Malicious Logic Assuming the Identity of a User.

19.6.2.1 Information Flow Metrics.

19.6.2.2 Reducing the Rights.

19.6.2.3 Sandboxing.

19.6.3 Malicious Logic Crossing Protection Domain Boundaries by Sharing.

19.6.4 Malicious Logic Altering Files.

19.6.5 Malicious Logic Performing Actions Beyond Specification.

19.6.5.1 Proof-Carrying Code.

19.6.6 Malicious Logic Altering Statistical Characteristics.

19.6.7 The Notion of Trust.

Chapter 20. Vulnerability Analysis.

20.1 Introduction.

20.2 Penetration Studies.

20.2.1 Goals.

20.2.2 Layering of Tests.

20.2.3 Methodology at Each Layer.

20.2.4 Flaw Hypothesis Methodology.

20.2.4.1 Information Gathering and Flaw Hypothesis.

20.2.4.2 Flaw Testing.

20.2.4.3 Flaw Generalization.

20.2.4.4 Flaw Elimination.

20.2.5 Example: Penetration of the Michigan Terminal System.

20.2.6 Example: Compromise of a Burroughs System.

20.2.7 Example: Penetration of a Corporate Computer System.

20.2.8 Example: Penetrating a UNIX System.

20.2.9 Example: Penetrating a Windows NT System.

20.2.10 Debate.

20.2.11 Conclusion.

20.3 Vulnerability Classification.

20.3.1 Two Security Flaws.

20.4 Frameworks.

20.4.1 The RISOS Study.

20.4.1.1 The Flaw Classes.

20.4.1.2 Legacy.

20.4.2 Protection Analysis Model.

20.4.2.1 The Flaw Classes.

20.4.2.2 Legacy.

20.4.3 The NRL Taxonomy.

20.4.3.1 The Flaw Classes.

20.4.3.2 Legacy.

20.4.4 Aslam’s Model.

20.4.4.1 The Flaw Classes.

20.4.4.2 Legacy.

20.4.5 Comparison and Analysis.

20.4.5.1 The xterm Log File Flaw.

20.4.5.2 The fingerd Buffer Overflow Flaw.

Chapter 21. Auditing.

21.1 Definitions.

21.2 Anatomy of an Auditing System.

21.2.1 Logger.

21.2.2 Analyzer.

21.2.3 Notifier.

21.3 Designing an Auditing System.

21.3.1 Implementation Considerations.

21.3.2 Syntactic Issues.

21.3.3 Log Sanitization.

21.3.4 Application and System Logging.

21.4 A Posteriori Design.

21.4.1 Auditing to Detect Violations of a Known Policy.

21.4.1.1 State-Based Auditing.

21.4.1.2 Transition-Based Auditing.

21.4.2 Auditing to Detect Known Violations of a Policy.

21.5 Auditing Mechanisms.

21.5.1 Secure Systems.

21.5.2 Nonsecure Systems.

21.6 Examples: Auditing File Systems.

21.6.1 Audit Analysis of the NFS Version 2 Protocol.

21.6.2 The Logging and Auditing File System (LAFS).

21.6.3 Comparison.

21.7 Audit Browsing.

Chapter 22. Intrusion Detection.

22.1 Principles.

22.2 Basic Intrusion Detection.

22.3 Models.

22.3.1 Anomaly Modeling.

22.3.2 Misuse Modeling.

22.3.3 Specification Modeling.

22.3.4 Summary.

22.4 Architecture.

22.4.1 Agent.

22.4.1.1 Host-Based Information Gathering.

22.4.1.2 Network-Based Information Gathering.

22.4.1.3 Combining Sources.

22.4.2 Director.

22.4.3 Notifier.

22.5 Organization of Intrusion Detection Systems.

22.5.1 Monitoring Network Traffic for Intrusions: NSM.

22.5.2 Combining Host and Network Monitoring: DIDS.

22.5.3 Autonomous Agents: AAFID.

22.6 Intrusion Response.

22.6.1 Incident Prevention.

22.6.2 Intrusion Handling.

22.6.2.1 Containment Phase.

22.6.2.2 Eradication Phase.

22.6.2.3 Follow-Up Phase.

Chapter 23. Network Security.

23.1 Introduction.

23.2 Policy Development.

23.2.1 Data Classes.

23.2.2 User Classes.

23.2.3 Availability.

23.2.4 Consistency Check.

23.3 Network Organization.

23.3.1 Firewalls and Proxies.

23.3.2 Analysis of the Network Infrastructure.

23.3.2.1 Outer Firewall Configuration.

23.3.2.2 Inner Firewall Configuration.

23.3.3 In the DMZ.

23.3.3.1 DMZ Mail Server.

23.3.3.2 DMZ WWW Server.

23.3.3.3 DMZ DNS Server

23.3.3.4 SMZ Log Server.

23.3.3.5 Summary.

23.3.4 In the Internal Network.

23.3.5 General Comment on Assurance.

23.4 Availability and Network Flooding.

23.4.1 Intermediate Hosts.

23.4.2 TCP State and Memory Allocations.

23.5 Anticipating Attacks.

Chapter 24. System Security.

24.1 Introduction.

24.2 Policy.

24.2.1 The Web Server System in the DMZ.

24.2.2 The Development System.

24.2.3 Comparison.

24.2.4 Conclusion.

24.3 Networks.

24.3.1 The Web Server System in the DMZ.

24.3.2 The Development System.

24.3.3 Comparison.

24.4 Users.

24.4.1 The Web Server System in the DMZ.

24.4.2 The Development System.

24.4.3 Comparison.

24.5 Authentication.

24.5.1 The Web Server System in the DMZ.

24.5.2 Development Network System.

24.5.3 Comparison.

24.6 Processes.

24.6.1 The Web Server System in the DMZ.

24.6.2 Development Network System.

24.6.3 Comparison.

24.7 Files.

24.7.1 The Web Server System in the DMZ.

24.7.2 Development Network System.

24.7.3 Comparison.

24.8 Retrospective.

24.8.1 The Web Server System in the DMZ.

24.8.2 Development Network System.

Chapter 25. User Security.

25.1 Policy.

25.2 Access.

25.2.1 Passwords.

25.2.2 The Login Procedure.

25.2.2.1 Trusted Hosts.

25.2.3 Leaving the System.

25.3 Files and Devices.

25.3.1 Files.

25.3.1.1 File Permissions on Creation.

25.3.1.2 Group Access.

25.3.1.3 File Deletion.

25.3.2 Devices.

25.3.2.1 Writable Devices.

25.3.2.2 Smart Terminals.

25.3.2.3 Monitors and Window Systems.

25.4 Processes.

25.4.1 Copying and Moving Files.

25.4.2 Accidentally Overwriting Files.

25.4.3 Encryption, Cryptographic Keys and Passwords.

25.4.4 Start-up Settings.

25.4.5 Limiting Privileges.

25.4.6 Malicious Logic.

25.5 Electronic Communications.

25.5.1 Automated Electronic Mail Processing.

25.5.2 Failure to Check Certificates.

25.5.3 Sending Unexpected Content.

Chapter 26. Program Security.

26.1 Introduction.

26.2 Requirements and Policy.

26.2.1 Requirements.

26.2.2 Threats.

26.2.2.1 Group 1: Unauthorized Users Accessing Role Accounts.

26.2.2.2 Group 2: Authorized Users Acessing Role Accounts.

26.3 Design.

26.3.1 Framework.

26.3.1.1 User Interface.

26.3.1.2 High-Level Design.

26.3.2 Access to Roles and Commands.

26.3.2.1 Interface.

26.3.2.2 Internals.

26.3.2.3 Storage of the Access Control Data.

26.4 Refinement and Implementation.

26.4.1 First-Level Refinement.

26.4.2 Second-Level Refinement.

26.4.3 Functions.

26.4.3.1 Obtaining Location.

26.4.3.2 The Access Control Record.

26.4.3.3 Error Handling in the Reading and Matching Routines.

26.5 Common Security-Related Programming Problems.

26.5.1 Improper Choice of Initial Protection Domain.

26.5.1.1 Process Privileges.

26.5.1.2 Access Control File Permissions.

26.5.1.3 Memory Protection.

26.5.1.4 Trust in the System.

26.5.2 Improper Isolation of Implementation Detail.

26.5.2.1 Resource Exhaustion and User Identifiers.

26.5.2.2 Validating the Access Control Entries.

26.5.2.3 Restricting the Protection Domain of the Role Process.

26.5.3 Improper Change.

26.5.3.1 Memory.

26.5.3.2 Changes in File Contents.

26.5.3.3 Race Conditions in File Accesses.

26.5.4 Improper Naming.

26.5.5 Improper Deallocation or Deletion.

26.5.6 Improper Validation.

26.5.6.1 Bounds Checking.

26.5.6.2 Type Checking.

26.5.6.3 Error Checking.

26.5.6.4 Checking for Valid, not Invalid, Data.

26.5.6.5 Checking Input.

26.5.6.6 Designing for Validation.

26.5.7 Improper Indivisibility.

26.5.8 Improper Sequencing.

26.5.9 Improper Choice of Operand or Operation.

26.6 Testing, Maintenance, and Operation.

26.6.1 Testing.

26.6.1.1 Testing the Module.

26.6.2 Testing Composed Modules.

26.6.3 Testing the Program.

26.7 Distribution.

26.8 Conclusion.

Chapter 27. Assess Network Security.

27.1 Assessment Fundamentals.

27.2 Requirements and Metrics.

27.3 Emissions Security (EMSEC) and TEMPEST

27.4 Wireless Network Security and Assessment

Chapter 28. Information Security Administration Issues.

28.1 Accountability for Classified/Sensitive Data

28.2 Automated Security Tools.

28.3 Backups.

28.4 Change Control/Configuration management.

28.5 Declassification /Downgrade of Media

28.6 Destruction/Purging/Sanitization of Classified/Sensitive Information