Security Goals

Notes

McCumber Cube

  • McCumber Cube: Design aspects for securing data in every level of abstraction.

  • Security Goals (we will focus on the CIA principles in this lesson)

  • Information States

  • Countermeasures (security controls)

Warm Up: Confidentiality, Integrity Availability

  • Are the principles like the CIA (Central Intelligence Agency)?

  • Rumor has it that a sales team from IBM in the 1960s trying to persuade the DoD to buy their computers, scrambled to find a β€œcatchy” phrase that will highlight the need for secrecy.

  • They picked the CIA as a synonym for secrecy and worked backwards to match confidentiality, integrity, and availability [credit to prof. Eugene Spafford for this story]

Data Hacks- Compromise of Confidentiality

  • PlayStation had a breach in its video game online network that led to theft of user data like names, addresses, and credit cards.

  • 77 Million user accounts were breached.

  • This would be considered a breach of confidentiality because Sony was entrusted to protect the data of their users.

Data Hacks Compromise of Integrity

  • Stuxnet infected pc used for automation and monitoring electromechanical equipment. Stuxnet was sending instructions to the electromechanical equipment. It used false feedback to the main controller so anyone monitoring would not be alerted of a problem.

  • False feedback is a compromise of integrity. It was reporting normal instruction to deceive the monitoring personnel while damaging equipment.

Data Hacks - Compromise of Availability

  • WannaCry is a ransomware crypto worm that targets computers running Microsoft Windows by encrypting data and demanding ransom payment for the decryption key.

  • Encrypting data is a compromise of availability because the owners of the data don't have access to it once it is encrypted.

PreviousOsint FindingsNextWeek 7

Last updated