Lecture 3
Contents
Security is an on-going process of strengthening defenses. As the defenses goes up, so do the attacks
- Security by Design - Security as a forethought, rather than as a response to an incident
- Single point of failure - one goes down, there goes your system.
- Defense in depth - design of multiple measures of defense.
Firewalls… they only protect the system from outside. Once you’ve inside, firewalls serve no purpose
Primary Colours of being a Professional
- Trust
- Secrets
- Humans
- Engineering
- Risk
- Complexity
Trust
- Who can you trust? –> No-one
- What can you trust? –> Nothing.
There are two, say ‘models’ for trust systems:
- Bell LaPadua Model - Hierarchical classification of authority and data confidentiality
- ‘Ape’ Model - Autonomy & free will
From the few minutes we watched in class of the movie WarGames, the launch of the missile was ultimately controlled by the hands of two people - humans. And ultimately, the success of the system’s function boils down to whether or not both men turned the key.
This is a good thing, a dual control
system. Two separate individuals would have to willingly perform an action - there could be no accidental mistake.
Data destruction
How do you actually get rid of data?
Destroying a printed document could be easy. You’d just cut it up… *cough*, but what about deleting digital data?
On a storage medium, deleting a file from a disk only removes the file entry the directory table, not the physical platten (or flash). You’d need to write to the platten in a lowlevel fashion…
But what about online data? Once something goes online, you don’t know what’s been done with it. Deleting a post, doesn’t truly remove it. It exists… just somewhere.
Side Channel Attacks
Side Channel Attacks exploit a system through its external implementation and characteristic, rather than through attacks to the weaknesses of code or an algorithm.
For example, listening to the EM waves fluctuate as different CPU operations are performed; or monitoring the voltage differential, execution time, etcetera