What Does Security Mean?

Human beings understand well what security means in real world. First an foremost it means one's physical security from any harm. It further means security of one's property, so it does not get stolen or damaged.

In a broader sense, we can enumerate security requirements in real world in the following manner:

Notice that some of these requirements relate to one's safety and others relate to convenience, i.e. we both want to be safe and to go about our business with minimal distraction from others.

In computing and networking one can find the similar cobmination of security requirements that blend the need for safety with the need for uninterupted operation. Making a parallel with physical security requirements, in the Internet I may want (this is not a comprehensive list):

Many of you have heard about computer security (e.g., security from intrusion, viruses, worms, etc.) How does it relate to network security? Computer security aims to protect a single machine and data residing on it. Networking goal is to enable communication between any pair of machines, in any scenario. Thus the goal of network security is to protect this communication and all participants. The focus of network security is thus on threats that require network access to be perpetrated.

Another issue that often arises is whether security means robustness (e.g., no one can break into my computer), or fault-tolerance (e.g., fast detection of intrusions and patching). In real world security is achieved by combining techniques that achieve robustness and fault-tolerance. Known and distinct threats should be prevented, while new and stealthy threats should be quickly detected and handled.

Security Properties

As we discussed before "security" means a lot of things in a lot of different contexts. At the high level, one can say that security has the goal to protect three main properties of data and systems: Not every security problem will violate all three security properties, and often there will be variations to the problem that violate different sets of properties.

Orthogonal aspects to these security properties are the policy and the security mechanisms. Policy defines what exactly confidentiality, integrity and availability mean in a given context. Security mechanisms are the tools that should enforce the policy. It is often very difficult to ensure that the behavior of multiple security mechanisms correctly and fully enforces a policy. Sometimes this is difficult because policies are expressed in English and sometimes it is difficult because security mechanism's behavior is complex and they may interact with each other in subtle ways that are not obvious.

Security Goals

A security mechanism may aim to prevent an attack, detect an attack, respond to it or recover from it. Prevention means that it is impossible to perpetrate a given attack in the presence of a given security mechanism. Detection aims to quickly and accurately detect the attack, i.e. to reduce the number of false positives, false negatives and to reduce the detection delay. A false positive is a case when detection occurs but there is no attack. A false negative is a case when there is an attack but detection does not occur. A response to an attack can be to tighten security mechanisms at the target, lodge a complaint with someone, start logging the attack. etc. Recovery aims to remedy attack effects, usually after the fact. One form of recovery is to sustain the attack, enabling the system to function correctly in its presence.

Threats

Let us now examine some security threats, just so we get an idea of the complexity of security problems. As we go let us also try to "slot" these problems as threats to confidentiality, integrity or availability.

Security Mechanisms

We now list some security mechanisms that are used to enforce confidentiality, integrity and availability properties. Again, this is not an exhaustive list. These mechanisms are selected just to illustrate the diversity of security solutions.

Challenges

We now discuss what are the challenges for people working in and doing research in security.

Practical Considerations

Any practical security solution must balance the cost of using it with the benefits expected by the users. These benefits depend on risk analysis in each particular case. The risk analysis determines how much would be lost if an asset is attacked and the probability of an attack. Such probability depends very closely on the environment where the asset resides, which may change. Legislation may also play a role in risk analysis and management, i.e., it may not be greatly beneficial to a company to implement some security policy but they may be required to do so by law. Any security solution further makes some assumptions about the attack and use model. For example, a solution may assume that confidentiality is achieved through cryptography under assumption that the key length is such that it would take years to discover it through brute-force (trying out all possible keys). But this may not be true 10 years from now when computers become much faster. Effectiveness of security solutions depends not only on their design and implementation but also on how well they align with human needs and abilities. For example, forcing users to change their password each day would be very secure, but it would be impossible for human users to follow this policy. Humans are often the weakest link in a security system, bypassing policies and making it easy for social engineering attacks to succeed.

Who are the Attackers

Who are the people that attack computers and networks? A long time ago these were teenage hackers who attacked for bragging rights. While attacks were disruptive, there was no real malice and many times no large financial loss. Today, most attacks are perpetrated by organized criminal. There is a very active underground economy where people trade in stolen data, compromised machines and malicious code. Attacks occur mostly for financial reasons - stolen data can be used for financial gain, denial of service can be used for extortion, spam can drive people to buy a shady product, ... Some attacks happen for personal or political reasons. This shift in attacker mix from hackers to organized criminal is significant because it means that attackers are much more motivated than before and capable of more sophisticated attacks. It is worth noting that the risk to the attacker from many attacks is very small. Attackers often use compromised machines that may be in some remote part of the world compared to the target. Most attacks do not last long or do not generate strong enough signal to be detected for most of their lifetime (e.g. intrusions). Even if one detects the attack and the end-machine involved there may be no traces there left of the attacker, or the machine may be in a foreign country that does not cooperate with investigation.