Security Concepts

So far we have talked about security without really getting into what we mean by a secure system or what security attributes are relevant in a given context. Intuitively, one feels that a system is secure when it allows authorized users to perform legitimate operations. However a number of concepts and processes must be understood to define the notion of legitimate uses by authorized users.

Anne, an associate professor with the local college, created an account with an online bookstore, giving her university e-mail address as the account identifier. The account stored her VISA credit card number, name on the card, expiration date, billing address and the address of her apartment as the ship address. A temporary password was e-mailed to her with the instruction to change it immediately, which she promptly did. Now any time she needed to purchase books, she only had to login by entering the e-mail address and the password and place the order. While logged-in, she could do a number of things: modify the credit card or ship address information, view a listing of all her past purchases, write a review of a book or modify an earlier review. However, she could not modify or view the information held in other accounts. She could view the reviews written by others but could not modify them.

The e-mail address identified Anne to the online bookstore as owner of a particular account and the password authenticated her or proved that it was indeed Anne, the person who opened the account. Once logged-in, she could make a number of changes to her account or place an order to purchase books as per the access rules but was not authorized to look at details of other accounts.

The concept of identification, authentication, authorization and access control are quite central to computer security. Identification is about stating who you are and authentication is about proving the identification claim. Once authenticated, access control rules decide what you can do and what you cannot. A good part of application security design is about deciding what technologies to use for identification and authentication, how to specify access control, and how to manage authorizations.

At the request of one of her students seeking admission to a doctoral program, Anne prepared an electronic letter of recommendation, signed it with her university-issued personal digital certificate, encrypted it with the digital certificate of the school offering the doctoral program, and then e-mailed the encrypted letter.

After decrypting the letter and verifying the digital signature, the receiving school can be reasonably sure that the contents of the letter of recommendation have been confidential (i.e., no one has read the contents of the e-mail as the e-mail was transmitted over the Internet and was stored in intermediate mail servers); the integrity is intact (i.e., the letter has not been altered after being signed); and Anne cannot repudiate the fact that she is the one who signed and sent the letter.

This gives us another three important security concepts in a networked environment: confidentiality (or privacy), integrity and non-repudiation. When security-sensitive messages are exchanged over the network, it is important to provide reasonable assurance regarding (a) their confidentiality so that no middle-person is able to read the message; (b) their integrity so that no middle-person is able to change its content; (c) their non-repudiation so that neither the sender can deny sending it nor the receiver can deny receiving it.

Note that these concepts are applicable, although at a lower level, even in the earlier scenario of Anne maintaining an account with the online bookstore. It is important that the password and credit card information be maintained confidential while in transit from her computer to the computer running the bookstore website software. Also, the integrity of the messages needs to be preserved so that an attacker is not able to change the order and the shipping address, thus getting free delivery of goods at the expense of Anne.