This document outlines the NCAE13 fundamental security design principles, which were developed by the National Centers of Academic Excellence in Information Assurance/Cyber Defense. It discusses 13 principles: economy of mechanism, fail-safe defaults, complete mediation, open design, separation of privilege, least privilege, least common mechanism, psychological acceptability, isolation, encapsulation, modularity, and simplicity. For each principle, it provides a brief explanation of what the principle means and how it can be applied to system design.
Information and network security 3 security challengesVaibhav Khanna
Misconfiguration. Misconfigurations of cloud security settings are a leading cause of cloud data breaches.
Unauthorized Access.
Insecure Interfaces/APIs.
Hijacking of Accounts.
Lack of Visibility.
External Sharing of Data.
Malicious Insiders.
Cyberattacks
This document discusses security elements and goals in IT systems, including integrity, confidentiality, availability, non-repudiation, and authentication. It also covers threats to IT systems and technical controls like vulnerability management. Operating system security is then discussed, including changing threats, why OS's are hard to secure, trust models, threat models, and key security features like access control and network protection. Application security topics like malware protection, application verification, sandboxing, and execution are also summarized.
The document outlines 10 security design principles for developers to follow when building applications:
1. Minimize the attack surface area by restricting unnecessary features and access.
2. Establish secure defaults so that applications are secure out of the box.
3. Use the principle of least privilege so that users only have necessary access privileges.
4. Employ the principle of defense in depth with multiple layers of security controls.
5. Ensure applications fail securely and don't expose sensitive information when errors occur.
6. Don't implicitly trust external services and validate all data from third parties.
7. Separate duties so that no single user can compromise the system.
8. Avoid relying
Complete coverage of CISSP 7th Chapter - Security Operations. I have made sure to cover all topics from three books in this presentation. For corrections, clarifications, please feel free to reach me.
The document discusses strategies for securing operating systems and virtualized systems. It recommends planning security from the start, hardening the base OS by removing unnecessary software and configuring users/groups properly. Key steps include patching, additional security tools like antivirus, and testing security. For virtual systems, the hypervisor and virtual infrastructure need protection, and network traffic between VMs requires firewalls. Overall secure configuration of all system elements is important for maintaining security.
Security refers to providing a protection system to computer system resources such as CPU, memory, disk, software programs and most importantly data/information stored in the computer system. If a computer program is run by an unauthorized user, then he/she may cause severe damage to computer or data stored in it.
Information and network security 3 security challengesVaibhav Khanna
Misconfiguration. Misconfigurations of cloud security settings are a leading cause of cloud data breaches.
Unauthorized Access.
Insecure Interfaces/APIs.
Hijacking of Accounts.
Lack of Visibility.
External Sharing of Data.
Malicious Insiders.
Cyberattacks
This document discusses security elements and goals in IT systems, including integrity, confidentiality, availability, non-repudiation, and authentication. It also covers threats to IT systems and technical controls like vulnerability management. Operating system security is then discussed, including changing threats, why OS's are hard to secure, trust models, threat models, and key security features like access control and network protection. Application security topics like malware protection, application verification, sandboxing, and execution are also summarized.
The document outlines 10 security design principles for developers to follow when building applications:
1. Minimize the attack surface area by restricting unnecessary features and access.
2. Establish secure defaults so that applications are secure out of the box.
3. Use the principle of least privilege so that users only have necessary access privileges.
4. Employ the principle of defense in depth with multiple layers of security controls.
5. Ensure applications fail securely and don't expose sensitive information when errors occur.
6. Don't implicitly trust external services and validate all data from third parties.
7. Separate duties so that no single user can compromise the system.
8. Avoid relying
Complete coverage of CISSP 7th Chapter - Security Operations. I have made sure to cover all topics from three books in this presentation. For corrections, clarifications, please feel free to reach me.
The document discusses strategies for securing operating systems and virtualized systems. It recommends planning security from the start, hardening the base OS by removing unnecessary software and configuring users/groups properly. Key steps include patching, additional security tools like antivirus, and testing security. For virtual systems, the hypervisor and virtual infrastructure need protection, and network traffic between VMs requires firewalls. Overall secure configuration of all system elements is important for maintaining security.
Security refers to providing a protection system to computer system resources such as CPU, memory, disk, software programs and most importantly data/information stored in the computer system. If a computer program is run by an unauthorized user, then he/she may cause severe damage to computer or data stored in it.
Training and Tips that are very helpful to gain knowledge in the field of information Security and passing your CISSP Certification Exam.
To be CISSP Certified Please Check out the link below:
http://asmed.com/cissp-isc2/
This document provides an overview of key concepts in computer and information security. It discusses cyber security, data security, network security, and authentication, authorization and accounting (AAA). It also covers the NIST FIPS 199 standard for categorizing information systems based on potential impact, and different methodologies for modeling assets and threats such as STRIDE, PASTA, Trike and VAST. The key topics are introduced at a high level with definitions and examples to provide the essential information about common computer security concepts and frameworks.
1. Security operations aim to increase collaboration across teams to integrate security practices throughout the development lifecycle. This helps ensure stronger security.
2. Key goals of security operations include earlier detection of threats, increased transparency, continuous security improvements, and raising threat awareness across teams.
3. Security operation centers are responsible for continuous network monitoring, incident response, forensic analysis, and maintaining threat intelligence to help prevent and respond to security events.
Security Principles and Protection MechanismMona Rajput
This document discusses several key principles of information security:
- The principle of least privilege states that a subject should only be given access privileges necessary to complete its task and no more.
- The principle of economy of mechanism states that security mechanisms should be as simple as possible to minimize errors.
- The principle of complete mediation requires that all access to objects be checked to ensure they are allowed.
- Several other principles like open design, separation of privilege, least common mechanism, psychological acceptability, and fail-safe defaults are also discussed.
security introduction and overview lecture1 .pptxnagwaAboElenein
This document provides an introduction to computer security concepts. It discusses how computer security aims to protect hardware, software, data, users and information from unauthorized access and use. The key concepts of confidentiality, integrity and availability (CIA) are explained. Principles of secure design are outlined, including least privilege, fail-safe defaults, defense in depth, and separation of privilege. Computer security challenges like ensuring systems are not simple to attack and require regular monitoring are also covered.
This document discusses cloud security responsibilities. It outlines that the Cloud Security Alliance (CSA) promotes best practices for securing cloud computing. The CSA provides guidance to help companies implement secure clouds. The document then discusses responsibilities for both cloud providers and customers. For providers, this includes physical security of data centers, operating system security, hypervisor security, and network security. For customers, responsibilities involve firewalls, software updates, password policies, virtual machine security, access device security, and staff security practices. The document provides details on how to implement security controls for each area.
The document outlines security design principles from Microsoft's Security Development Lifecycle (SDL). It discusses principles like attack surface reduction, basic privacy, threat modeling, defense in depth, least privilege, and secure defaults. It provides examples for each principle and tips for implementing them, like minimizing exposed points of attack, considering both security and privacy, using threat modeling to understand threats, employing multiple layers of defense, giving applications only the necessary privileges, and using secure configurations by default. The goal is to help deliver more secure software through these foundational design practices.
- The document discusses information systems security and identifies its key components of confidentiality, integrity and availability (CIA).
- It describes various tools used for information security like authentication, access control, encryption, passwords, backups, firewalls and security policies.
- Basic concepts around threats to information security are also covered like types of attackers, levels of vulnerabilities and ways data confidentiality, integrity and availability can be attacked.
This document discusses considerations for designing a secure network. It emphasizes that network design should incorporate security from the beginning. Key aspects of design include separating assets by trust levels, using firewalls and other tools to monitor and secure multiple systems, and avoiding single points of failure to ensure availability. The Cisco hierarchical model is commonly used, with core, distribution, and access layers to efficiently move and aggregate traffic while controlling access. Performance, availability, and security should all be priorities in network planning.
This chapter discusses network security and introduces key concepts such as developing a network security policy, securing physical access to network equipment, and securing network data. It covers determining elements of a security policy, developing password requirements, restricting user access, implementing authentication and authorization, and using tools like encryption, firewalls, and virtual private networks to enhance security. The goal is to help readers understand how to secure a network from both physical and digital threats.
The document discusses various tactics, techniques and common knowledge for detecting cyber attacks. It outlines general security problems like authenticity, authorization, confidentiality, integrity and availability. It then discusses specific techniques used in cyber attacks like escalation of privilege, credential dumping, modifying file system permissions and disabling security tools. It provides details on how each technique works and potential ways to detect them, such as monitoring specific Windows registry keys or processes. The overall document serves as a guide on common cyber attack vectors and approaches for detection.
Enumerating software security design flaws throughout the SSDLCJohn M. Willis
A tool and methodology to enumerate security functional requirements arising in the solution space is described. A proof of concept tool for use by security architects and security engineers is described. The tool facilitates use of community-developed security requirements packages, security functional requirements, threat model taxonomy including mitigations. A risk-based decision making process is facilitated. Tool outputs used for change checklist, new test requirements, system security plan, risk decision documentation, deferred controls, and inherited controls.
Enumerating software security design flaws throughout the ssdlc cosac - 201...John M. Willis
A tool and methodology to enumerate security functional requirements arising in the solution space is described. A proof of concept tool for use by security architects and security engineers is described. The tool facilitates use of community-developed security requirements packages, security functional requirements, threat model taxonomy including mitigations. A risk-based decision making process is facilitated. Tool outputs used for change checklist, new test requirements, system security plan, risk decision documentation, deferred controls, and inherited controls.
This document discusses software security engineering. It covers security concepts like assets, vulnerabilities and threats. It discusses why security engineering is important to protect systems from malicious attackers. The document outlines security risk management processes like preliminary risk assessment. It also discusses designing systems for security through architectural choices that provide protection and distributing assets. The document concludes by covering system survivability through building resistance, recognition and recovery capabilities into systems.
This document discusses embedded systems security and how it can be improved. It is difficult to design secure embedded systems because economic incentives often reward producing insecure products, and adding security after development is challenging. However, security can be improved by designing it in from the start using principles like minimal implementation, component architecture, and independent validation. The document provides an overview of embedded systems, operating systems, networked devices, and motivates the importance of security.
The document introduces the secure boot pattern, which addresses ensuring the integrity of the software stack loaded on a platform. The pattern uses a chain of trust where each boot stage verifies the integrity of the next stage using cryptographic methods. The root of trust is a first module protected by hardware that verifies the initial integrity. The pattern provides security benefits while introducing complexity and overhead. Variants include authenticated boot, which detects instead of preventing integrity violations.
Computer Security Primer - Eric Vanderburg - JURINNOVEric Vanderburg
This document discusses computer security and information security. It identifies those responsible for information security as including the chief information security officer and all employees. It describes security principles like layering defenses, limiting access, using diversity, obscurity, and simplicity. It also discusses effective authentication methods such as usernames/passwords, tokens, biometrics, certificates, and multifactor authentication. It covers controlling access through access control lists and auditing security systems through logging and system scanning.
This document provides an overview of key concepts for application security design. It discusses the importance of incorporating security throughout the application development lifecycle. It outlines several security design aspects that should be considered, including authentication, authorization using roles, session management, and implementing a secure access layer. It also emphasizes the importance of security testing, code reviews, and conducting risk assessments and assurance testing prior to deployment. Finally, it discusses how to establish security guidelines and build a centralized security infrastructure with interoperable components to provide identity, authentication, authorization and other security services across applications in a standardized way.
Cloud computing allows users to access files, applications, and services over the internet rather than locally on their own devices. It involves storing and accessing data and programs over the internet through services like SaaS, PaaS, and IaaS. Cloud computing provides advantages like unlimited storage, accessibility from any device, collaboration, low maintenance costs, and data security.
This document outlines the course Information Security: INFO433 taught by Felex Madzikanda at Midlands State University. It includes details about administration of the course, assignments, and an overview of information security topics. The assignments involve demonstrating a man-in-the-middle attack and encrypting/decrypting data. The document also discusses challenges to information security such as the complexity of security mechanisms and considering all potential security attacks.
More Related Content
Similar to Fundamental_Security_Design_Principles.pptx
Training and Tips that are very helpful to gain knowledge in the field of information Security and passing your CISSP Certification Exam.
To be CISSP Certified Please Check out the link below:
http://asmed.com/cissp-isc2/
This document provides an overview of key concepts in computer and information security. It discusses cyber security, data security, network security, and authentication, authorization and accounting (AAA). It also covers the NIST FIPS 199 standard for categorizing information systems based on potential impact, and different methodologies for modeling assets and threats such as STRIDE, PASTA, Trike and VAST. The key topics are introduced at a high level with definitions and examples to provide the essential information about common computer security concepts and frameworks.
1. Security operations aim to increase collaboration across teams to integrate security practices throughout the development lifecycle. This helps ensure stronger security.
2. Key goals of security operations include earlier detection of threats, increased transparency, continuous security improvements, and raising threat awareness across teams.
3. Security operation centers are responsible for continuous network monitoring, incident response, forensic analysis, and maintaining threat intelligence to help prevent and respond to security events.
Security Principles and Protection MechanismMona Rajput
This document discusses several key principles of information security:
- The principle of least privilege states that a subject should only be given access privileges necessary to complete its task and no more.
- The principle of economy of mechanism states that security mechanisms should be as simple as possible to minimize errors.
- The principle of complete mediation requires that all access to objects be checked to ensure they are allowed.
- Several other principles like open design, separation of privilege, least common mechanism, psychological acceptability, and fail-safe defaults are also discussed.
security introduction and overview lecture1 .pptxnagwaAboElenein
This document provides an introduction to computer security concepts. It discusses how computer security aims to protect hardware, software, data, users and information from unauthorized access and use. The key concepts of confidentiality, integrity and availability (CIA) are explained. Principles of secure design are outlined, including least privilege, fail-safe defaults, defense in depth, and separation of privilege. Computer security challenges like ensuring systems are not simple to attack and require regular monitoring are also covered.
This document discusses cloud security responsibilities. It outlines that the Cloud Security Alliance (CSA) promotes best practices for securing cloud computing. The CSA provides guidance to help companies implement secure clouds. The document then discusses responsibilities for both cloud providers and customers. For providers, this includes physical security of data centers, operating system security, hypervisor security, and network security. For customers, responsibilities involve firewalls, software updates, password policies, virtual machine security, access device security, and staff security practices. The document provides details on how to implement security controls for each area.
The document outlines security design principles from Microsoft's Security Development Lifecycle (SDL). It discusses principles like attack surface reduction, basic privacy, threat modeling, defense in depth, least privilege, and secure defaults. It provides examples for each principle and tips for implementing them, like minimizing exposed points of attack, considering both security and privacy, using threat modeling to understand threats, employing multiple layers of defense, giving applications only the necessary privileges, and using secure configurations by default. The goal is to help deliver more secure software through these foundational design practices.
- The document discusses information systems security and identifies its key components of confidentiality, integrity and availability (CIA).
- It describes various tools used for information security like authentication, access control, encryption, passwords, backups, firewalls and security policies.
- Basic concepts around threats to information security are also covered like types of attackers, levels of vulnerabilities and ways data confidentiality, integrity and availability can be attacked.
This document discusses considerations for designing a secure network. It emphasizes that network design should incorporate security from the beginning. Key aspects of design include separating assets by trust levels, using firewalls and other tools to monitor and secure multiple systems, and avoiding single points of failure to ensure availability. The Cisco hierarchical model is commonly used, with core, distribution, and access layers to efficiently move and aggregate traffic while controlling access. Performance, availability, and security should all be priorities in network planning.
This chapter discusses network security and introduces key concepts such as developing a network security policy, securing physical access to network equipment, and securing network data. It covers determining elements of a security policy, developing password requirements, restricting user access, implementing authentication and authorization, and using tools like encryption, firewalls, and virtual private networks to enhance security. The goal is to help readers understand how to secure a network from both physical and digital threats.
The document discusses various tactics, techniques and common knowledge for detecting cyber attacks. It outlines general security problems like authenticity, authorization, confidentiality, integrity and availability. It then discusses specific techniques used in cyber attacks like escalation of privilege, credential dumping, modifying file system permissions and disabling security tools. It provides details on how each technique works and potential ways to detect them, such as monitoring specific Windows registry keys or processes. The overall document serves as a guide on common cyber attack vectors and approaches for detection.
Enumerating software security design flaws throughout the SSDLCJohn M. Willis
A tool and methodology to enumerate security functional requirements arising in the solution space is described. A proof of concept tool for use by security architects and security engineers is described. The tool facilitates use of community-developed security requirements packages, security functional requirements, threat model taxonomy including mitigations. A risk-based decision making process is facilitated. Tool outputs used for change checklist, new test requirements, system security plan, risk decision documentation, deferred controls, and inherited controls.
Enumerating software security design flaws throughout the ssdlc cosac - 201...John M. Willis
A tool and methodology to enumerate security functional requirements arising in the solution space is described. A proof of concept tool for use by security architects and security engineers is described. The tool facilitates use of community-developed security requirements packages, security functional requirements, threat model taxonomy including mitigations. A risk-based decision making process is facilitated. Tool outputs used for change checklist, new test requirements, system security plan, risk decision documentation, deferred controls, and inherited controls.
This document discusses software security engineering. It covers security concepts like assets, vulnerabilities and threats. It discusses why security engineering is important to protect systems from malicious attackers. The document outlines security risk management processes like preliminary risk assessment. It also discusses designing systems for security through architectural choices that provide protection and distributing assets. The document concludes by covering system survivability through building resistance, recognition and recovery capabilities into systems.
This document discusses embedded systems security and how it can be improved. It is difficult to design secure embedded systems because economic incentives often reward producing insecure products, and adding security after development is challenging. However, security can be improved by designing it in from the start using principles like minimal implementation, component architecture, and independent validation. The document provides an overview of embedded systems, operating systems, networked devices, and motivates the importance of security.
The document introduces the secure boot pattern, which addresses ensuring the integrity of the software stack loaded on a platform. The pattern uses a chain of trust where each boot stage verifies the integrity of the next stage using cryptographic methods. The root of trust is a first module protected by hardware that verifies the initial integrity. The pattern provides security benefits while introducing complexity and overhead. Variants include authenticated boot, which detects instead of preventing integrity violations.
Computer Security Primer - Eric Vanderburg - JURINNOVEric Vanderburg
This document discusses computer security and information security. It identifies those responsible for information security as including the chief information security officer and all employees. It describes security principles like layering defenses, limiting access, using diversity, obscurity, and simplicity. It also discusses effective authentication methods such as usernames/passwords, tokens, biometrics, certificates, and multifactor authentication. It covers controlling access through access control lists and auditing security systems through logging and system scanning.
This document provides an overview of key concepts for application security design. It discusses the importance of incorporating security throughout the application development lifecycle. It outlines several security design aspects that should be considered, including authentication, authorization using roles, session management, and implementing a secure access layer. It also emphasizes the importance of security testing, code reviews, and conducting risk assessments and assurance testing prior to deployment. Finally, it discusses how to establish security guidelines and build a centralized security infrastructure with interoperable components to provide identity, authentication, authorization and other security services across applications in a standardized way.
Similar to Fundamental_Security_Design_Principles.pptx (20)
Cloud computing allows users to access files, applications, and services over the internet rather than locally on their own devices. It involves storing and accessing data and programs over the internet through services like SaaS, PaaS, and IaaS. Cloud computing provides advantages like unlimited storage, accessibility from any device, collaboration, low maintenance costs, and data security.
This document outlines the course Information Security: INFO433 taught by Felex Madzikanda at Midlands State University. It includes details about administration of the course, assignments, and an overview of information security topics. The assignments involve demonstrating a man-in-the-middle attack and encrypting/decrypting data. The document also discusses challenges to information security such as the complexity of security mechanisms and considering all potential security attacks.
The document discusses boundary controls and access control mechanisms. It describes how boundary controls establish the interface between users and computer systems by authenticating users' identities. It then examines different types of access controls, including identification, authentication, authorization of users and resources. It discusses implementing access control mechanisms and challenges around open vs closed environments, authorization approaches, and dynamics of authorization. It also covers cryptographic controls like encryption techniques, choosing cipher systems, key distribution, and digital signatures.
The document discusses 3G network architecture, security, and handover between GSM and UMTS networks. It describes the key components of 3G network architecture including the user equipment and UTRAN consisting of layers like physical, MAC, RLC, and RRC layers. It explains the functions of the RRC layer including establishment of connections and allocation of resources. It also summarizes the functions of lower layers like RLC and MAC. Furthermore, it outlines the core network components including MSC, SGSN, GGSN and shared elements like HLR, EIR, and AuC. Finally, it briefly discusses the security mechanisms in 3G networks including network access, domain, and application layer security.
The Cohen-Sutherland line clipping algorithm clips lines to a rectangular viewport by assigning region codes to line endpoints using 4 bits to represent above, below, left of, and right of the viewport. It tests the region codes of endpoints to determine if lines are fully inside, fully outside, or partially inside the viewport. If partially inside, it calculates intersection points with the viewport edges and replaces endpoints to clip the line. This efficient algorithm is commonly used in computer graphics, CAD, and image processing to optimize rendering by only displaying visible line segments.
The Cohen-Sutherland line clipping algorithm clips lines to a rectangular viewport by assigning region codes to line endpoints using 4 bits to represent above, below, left of, and right of the viewport. It then clips lines by calculating the intersection of the line with viewport edges if one endpoint is inside and one outside, replacing endpoints until the line is fully inside or outside. This allows only visible portions of lines to be rendered, improving graphics performance. The algorithm handles arbitrary clipping windows efficiently and is easy to implement, though it only works for line clipping, not polygons or curves.
The Cohen-Sutherland line clipping algorithm clips lines to a rectangular viewport by assigning region codes to line endpoints using 4 bits to represent above, below, left of, and right of the viewport. It tests the region codes of endpoints to determine if lines are fully inside, fully outside, or partially inside the viewport. If partially inside, it calculates intersection points with the viewport edges and replaces endpoints to clip the line. This efficient algorithm is commonly used in computer graphics and CAD for line clipping and cropping images.
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
How To Cultivate Community Affinity Throughout The Generosity JourneyAggregage
This session will dive into how to create rich generosity experiences that foster long-lasting relationships. You’ll walk away with actionable insights to redefine how you engage with your supporters — emphasizing trust, engagement, and community!
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
Presentation by Julie Topoleski, CBO’s Director of Labor, Income Security, and Long-Term Analysis, at the 16th Annual Meeting of the OECD Working Party of Parliamentary Budget Officials and Independent Fiscal Institutions.
karnataka housing board schemes . all schemesnarinav14
The Karnataka government, along with the central government’s Pradhan Mantri Awas Yojana (PMAY), offers various housing schemes to cater to the diverse needs of citizens across the state. This article provides a comprehensive overview of the major housing schemes available in the Karnataka housing board for both urban and rural areas in 2024.
This report explores the significance of border towns and spaces for strengthening responses to young people on the move. In particular it explores the linkages of young people to local service centres with the aim of further developing service, protection, and support strategies for migrant children in border areas across the region. The report is based on a small-scale fieldwork study in the border towns of Chipata and Katete in Zambia conducted in July 2023. Border towns and spaces provide a rich source of information about issues related to the informal or irregular movement of young people across borders, including smuggling and trafficking. They can help build a picture of the nature and scope of the type of movement young migrants undertake and also the forms of protection available to them. Border towns and spaces also provide a lens through which we can better understand the vulnerabilities of young people on the move and, critically, the strategies they use to navigate challenges and access support.
The findings in this report highlight some of the key factors shaping the experiences and vulnerabilities of young people on the move – particularly their proximity to border spaces and how this affects the risks that they face. The report describes strategies that young people on the move employ to remain below the radar of visibility to state and non-state actors due to fear of arrest, detention, and deportation while also trying to keep themselves safe and access support in border towns. These strategies of (in)visibility provide a way to protect themselves yet at the same time also heighten some of the risks young people face as their vulnerabilities are not always recognised by those who could offer support.
In this report we show that the realities and challenges of life and migration in this region and in Zambia need to be better understood for support to be strengthened and tuned to meet the specific needs of young people on the move. This includes understanding the role of state and non-state stakeholders, the impact of laws and policies and, critically, the experiences of the young people themselves. We provide recommendations for immediate action, recommendations for programming to support young people on the move in the two towns that would reduce risk for young people in this area, and recommendations for longer term policy advocacy.
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
Indira awas yojana housing scheme renamed as PMAYnarinav14
Indira Awas Yojana (IAY) played a significant role in addressing rural housing needs in India. It emerged as a comprehensive program for affordable housing solutions in rural areas, predating the government’s broader focus on mass housing initiatives.
The Antyodaya Saral Haryana Portal is a pioneering initiative by the Government of Haryana aimed at providing citizens with seamless access to a wide range of government services
2. Outline
• Introduction
• NCAE13 Fundamental Security Design Principles
• Attack Surfaces
• Attack Trees
• Case: Attack Tree for Internet Banking Authentication
3. Introduction
• No security design and implementation techniques capable of systematically
excluding security flaws and preventing all unauthorized actions have been
developed to date.
• The absence of foolproof techniques has necessitated the need for widely agreed
design principles to guide the development of protection mechanisms.
• NCAE13 is a list of fundamental security design principles developed by the National
Centers of Academic Excellence in Information Assurance/Cyber Defense.
4. NCAE13 Fundamental Security Design Principles
Economy of Mechanism:
• Design of security measures embodied in both hardware and software should be as
simple and small as possible.
• Relatively simple, small designs are easier to test and verify.
• Complex design designs provide more opportunities for adversaries to discover subtle
weaknesses to exploit which may be difficult to spot ahead of time.
• The more complex the mechanism, the more likely it is to possess exploitable flaws.
• Simple mechanisms tend to have fewer exploitable flaws and require less maintenance.
• Updating or replacing a simple mechanism becomes a less intensive process since
configuration management issues are simplified.
• Probably the most difficult principle to honour in practice:
• Constant demand for new features in both hardware and software further complicates the
security design task.
• Best to keep the principle in mind during system design to try to eliminate unnecessary
complexity.
5. NCAE13 Fundamental Security Design Principles (cont’d
….)
Fail-safe Defaults:
• Access decisions should be based on permission rather than exclusion, i.e., default situation
is lack of access, and the protection scheme identifies conditions under which access is
permitted.
• Approach exhibits a better failure mode than the alternative approach, where the default is
to permit access.
• Design or implementation mistake in a mechanism which gives explicit permission tends to
fail by refusing permission, a safe situation which can quickly detected.
• Design or implementation mistake in a mechanism which explicitly excludes access tends to
fail by allowing access, a failure which may go unnoticed for long in normal use.
• Most file access systems and virtually all protected services on client/server systems use
fail-safe defaults.
6. NCAE13 Fundamental Security Design Principles (cont’d
….)
Complete Mediation:
• Every access must be checked against the access control mechanism.
• Systems should not rely on access decisions retrieved from a cache.
• For systems designed to operate continuously, this principle requires that careful
consideration be given to how changes in authority are propagated into such local
memories, if access decisions are remembered for future use (e.g., in file access
systems).
• Typically, once a user has opened a file, no check is made to see if permissions change.
• To fully implement complete mediation, the system must exercise access control every
time a user reads a field or record in a file, or a data item in a database.
• This resource-intensive approach is, however, rarely used.
7. NCAE13 Fundamental Security Design Principles (cont’d
….)
Open Design:
• Design of a security mechanism should be open rather than secret:
• Though encryption keys must be secret, encryption algorithms should be open to public
scrutiny.
• Encryption algorithms can be reviewed by many experts so that users can have high
confidence in them.
• This is the philosophy behind the NIST program of standardizing encryption and hash
algorithms which has led to the widespread adoption of NIST-approved algorithms.
8. NCAE13 Fundamental Security Design Principles (cont’d
….)
Separation of Privilege:
• Practice in which multiple privilege attributes are required to gain access to a
restricted resource:
• e.g., multifactor user authentication requiring use of multiple techniques (such as
password and smart card) to authorize a user.
• Term also applies to any technique in which a program is divided into parts that are
limited to the specific privileges they require to perform a specific task, so as to
mitigate the potential damage of a computer security attack.
• e.g., removing high privilege operations to another process and running that process with
the higher privileges required to perform its tasks.
• Day-to-day interfaces are executed in lower privileged process.
9. NCAE13 Fundamental Security Design Principles (cont’d
….)
Least Privilege:
• Every process and every user of the system should operate using the least set of privileges
necessary to perform the task:
• e.g., in role-based control where the system security policy can identify and define the various roles of
users or processes with each role assigned only those permissions needed to perform its functions.
• Each permission specifies a permitted access to a particular resource:
• e.g., read and write access to a specified file or directory, connect access to a given host and port.
• The user or process should not be able to access the protected resource unless a permission is
granted explicitly.
• Any access control system should allow each user only the privileges that are authorized for
that user.
• A temporal aspect also exists to the least privilege principle:
• e.g., system programs or administrators who have special privileges should have those privileges only
when necessary;
• when they are doing ordinary activities the privileges should be withdrawn as leaving them in place just
opens the door to accidents.
10. NCAE13 Fundamental Security Design Principles (cont’d
….)
Least Common Mechanism:
• Design should minimize functions shared by different users, providing mutual
security.
• The principle helps reduce number of unintended communication paths.
• This reduces the amount of hardware and software on which all users depend.
• Also makes it easier to verify if there are any undesirable security implications.
11. NCAE13 Fundamental Security Design Principles (cont’d
….)
Psychological Acceptability:
• Security mechanisms should not interfere unduly with the work of users, while meeting
the needs of those who authorize access at the same time.
• Users may opt to turn off security mechanisms if they hinder the usability or
accessibility of resources.
• Security mechanisms should, therefore, be transparent to users of the system, or at
most introduce minimal obstruction wherever possible.
• Security procedures must also reflect the user’s mental model of protection in addition
to not being intrusive or burdensome.
• User is likely to make errors if protection procedures do not make sense to the user or
if user must translate his image of protection into a substantially different protocol.
12. NCAE13 Fundamental Security Design Principles (cont’d
….)
Isolation:
• Principle that applies in three contexts:
• Public access systems should be isolated from critical resources (data, processes, etc.) to prevent disclosure or
tampering.
• Where sensitivity or criticality of information is high, organizations may want to limit the number of systems on which
the data is stored and isolate them, physically or logically.
• Physical isolation may include ensuring that no physical connection exists between an organization’s public access
information resources and critical information,
• Logical isolation solutions should ensure layers of security services and mechanisms are established between public
systems and secure systems responsible for protecting critical resources.
• Processes and files of individual users should be isolated from one another except where it is explicitly desired.
• All modern operating systems provide facilities for such isolation, so that individual users have separate, isolated process
space, memory space, and file space, with protections for preventing unauthorized access.
• Security mechanisms should be isolated in the sense of preventing access to those mechanisms,
• e.g., logical access control may provide a means of isolating cryptographic software from other parts of the host system
and for protecting cryptographic software from tampering and the keys from replacement or disclosure.
13. NCAE13 Fundamental Security Design Principles (cont’d
….)
Encapsulation:
• Specific form of isolation based on object-oriented functionality.
• Protection is provided by encapsulating a collection of procedures and data objects
in a domain of its own.
• The internal structure of a data object is accessible only to the procedures of the
protected subsystem, and
• the procedures may be called only at designated domain entry points.
14. NCAE13 Fundamental Security Design Principles (cont’d
….)
Modularity:
• In security context It refers both to the development of security functions as separate, protected modules
and to use of a modular architecture for mechanism design and implementation.
• For use of separate security modules, design goal is to provide common security functions and services
(e.g., cryptographic functions) as common modules.
• Numerous protocols and applications make use of cryptographic functions.
• A more secure design is provided by developing a common cryptographic module that can be invoked by
numerous protocols and applications, instead of implementing such functions in each protocol or application.
• The design and implementation effort can then focus on secure design and implementation of a single
cryptographic module and including mechanisms to protect the module from tampering.
• For use of a modular architecture, each security mechanism should be able to support migration to new
technology or upgrade of new features without requiring an entire system redesign.
• Security design should be modular for individual parts of the security design to be upgraded without the
requirement to modify the entire system.
15. NCAE13 Fundamental Security Design Principles (cont’d
….)
Layering:
• Refers to the use of multiple, overlapping protection approaches addressing the
people, technology, and operational aspects of information systems.
• Using multiple, overlapping protection approaches, means the failure or
circumvention of any individual protection approach will not leave the system
unprotected.
• A layering approach is often used to provide multiple barriers between an adversary
and protected information or services.
• The technique is often referred to as defense in depth.
16. NCAE13 Fundamental Security Design Principles (cont’d
….)
Least Astonishment:
• Program or user interface should always respond in the way that is least likely to
astonish the user,
• e.g., mechanism for authorization should be transparent enough to a user that the user has
a good intuitive understanding of how the security goals map to the provided security
mechanism.
17. Attack Surfaces
• One of two concepts useful in evaluating and classifying threats.
• Consist of reachable and exploitable vulnerabilities in a system, e.g.:
• Open ports on outward facing Web and other servers, and code listening on those ports.
• Services available on the inside of a firewall.
• Code that processes incoming data, email, XML, office documents, and industry-
specific custom data exchange formats.
• Interfaces, SQL, and Web forms.
• An employee with access to sensitive information vulnerable to a social
engineering attack.
18. Attack Surfaces (cont’d ….)
Three categories of attack surfaces can be identified:
• Network Attack Surface: refers to vulnerabilities over an enterprise network, WAN, or
internet, which include network protocol vulnerabilities,
• e.g., those used for a denial of service attack, disruption of communications links, and various
forms of intruder attacks.
• Software Attack Surface: refers to vulnerabilities in application, utility, or operating
system code,
• e.g., Web server software.
• Human Attack Surface: refers to vulnerabilities created by personnel or outsiders,
• e.g., social engineering, human error, and trusted insiders.
19. Attack Surfaces (cont’d ….)
• Attack surface analysis is a useful technique for assessing the scale and severity of
threats to a system.
• A systematic analysis of vulnerability points makes developers and security analysts
aware of where security mechanisms are required.
• Once an attack surface is defined, designers may be able to find ways to make the
surface smaller, which makes the task of the adversary more difficult.
• Attack surface also provides guidance on setting priorities for testing, strengthening
security measures, and modifying the service or application.
• The use of layering, or defense in depth, and attack surface reduction complement
each other in mitigating security risk.
20. Attack Surfaces (cont’d ….)
The use of layering, or defense in depth, and attack surface reduction complement
each other in mitigating security risk.
Fig. 1: Defense in Depth and Attack Surface
21. Attack Trees
Second of two concepts useful in evaluating and classifying threats.
• Branching, hierarchical data structure representing a set of potential techniques for
exploiting security vulnerabilities.
• The security incident that is the goal of the attack is represented as the root node of
the tree.
• The ways an attacker could reach that goal are iteratively and incrementally
represented as branches and subnodes of the tree.
• Each subnode defines a subgoal, and each subgoal may have its own set of further
subgoals, etc.
• The final nodes on the paths outward from the root (leaf nodes) represent different
ways to initiate an attack.
22. Attack Trees (cont’d ….)
• Each node other than a leaf node is either an AND-node or an OR-node.
• To achieve the goal represented by an AND-node, the subgoals represented by all of that
node’s subnodes must be achieved; and
• for an OR-node, at least one of the subgoals must be achieved.
• Branches can be labeled with values representing difficulty, cost, or other attack
attributes, so that alternative attacks can be compared.
• Attack trees are used to effectively exploit the available information on attack patterns.
• Organizations such as CERT publish security advisories that have enabled the
development of a body of knowledge about both general attack strategies and specific
attack patterns.
• Security analysts can use the attack tree to document security attacks in a structured
form that reveals key vulnerabilities.
• The attack tree can guide both the design of systems and applications, and the choice
and strength of countermeasures.
23. Case: Attack Tree for Internet Banking Authentication
• Illustration of an attack tree analysis for an Internet banking authentication application.
• Root node represents the attacker’s objective: To compromise a user’s account.
• The shaded boxes on the tree are the leaf nodes, representing events that comprise
the attacks.
• NB: all nodes in the tree other than leaf nodes are OR-nodes.
• The analysis to generate the tree considered the three components involved in
authentication:
• User Terminal and User (UT/U): these attacks target the user equipment, including the tokens that may
be involved, such as smartcards or other password generators, as well as the actions of the user.
• Communications Channel (CC): this type of attack focuses on communication links.
• Internet Banking Server (IBS): these types of attacks are offline attacks against servers that host the
Internet banking application.
24. Case: Attack Tree for Internet Banking Authentication
(cont’d ….)
Five overall attack strategies can be identified, each of which exploits one or more of the
three components.
• User Credential Compromise: can be used against many elements of the attack
surface.
• There are procedural attacks, such as monitoring a user’s action to observe a PIN or other
credential, or theft of the user’s token or handwritten notes.
• An adversary may also compromise token information using a variety of token attack tools,
e.g., hacking the smart-card, or using a brute force approach to guess the PIN.
• Another possible strategy is to embed malicious software to compromise the user’s login
and password.
• An adversary may also attempt to obtain credential information via the communication
channel (sniffing).
• An adversary may also use various means to engage in communication with the target user.
25. Case: Attack Tree for Internet Banking Authentication
(cont’d ….)
• Injection of Commands: the attacker is able to intercept communication between the
UT and the IBS.
• Various schemes can be used to be able to impersonate the valid user thereby gaining access to
the banking system.
• User Credential Guessing: brute force attacks against some banking authentication
schemes are reported to be feasible by sending random usernames and passwords.
• The attack mechanism is based on distributed zombie personal computers, hosting automated
programs for username- or password-based calculation.
• Security Policy Violation: e.g., violating the bank’s security policy in combination with
weak access control and logging mechanisms.
• An employee may cause an internal security incident and expose a customer’s account.
26. Case: Attack Tree for Internet Banking Authentication
(cont’d ….)
• Use of Known Authenticated Session: this type of attack persuades or forces the
user to connect to the IBS with a preset session ID.
• Once the user authenticates to the server, the attacker may utilize the known session ID
to send packets to the IBS, spoofing the user’s identity.
• Fig. 2 provides a thorough view of the different types of attacks on an Internet
banking authentication application.
• Using this attack tree as a starting point, security analysts can assess the risk of each
attack and, using the design principles presented earlier, design a comprehensive
security facility.
27. Case: Attack Tree for Internet Banking Authentication
(cont’d ….)
f
Fig. 2: Attack Tree for Internet Banking Authentication
28. References
1. V.S. Bagad and I.A. Dhotre, Information and Network Security, 2nd Edition, Technical
Publications, 2017
2. William Stallings, Cryptography and Network Security: Principles and Practice, 7th Edition,
Pearson, 2017