Security Principles:

When evaluating the security of a system, we use the CIA triad: confidentiality, integrity, and availability.

1. Confidentiality: Only authorized people can access the data.
2. Integrity: Data cannot be changed without detection.
3. Availability: The system is accessible when needed.

Examples:

Online Shopping:

• Confidentiality: Credit card info is kept secret.
• Integrity: Shipping address cannot be altered.
• Availability: The website/app is up and running.

Patient Records:

• Confidentiality: Medical records are kept private by law.
• Integrity: Records are accurate to ensure correct treatment.
• Availability: Records are accessible during medical visits.

Sometimes, one aspect is more important than the others, like the integrity of a university announcement being critical.
Beyond CIA, two additional aspects are:

1. Authenticity: Data is genuine and from the claimed source.
2. Non repudiation: The source cannot deny their actions.

Examples:

• Online Shopping: Confirm the order is real and the customer cannot deny placing it.
• Large Orders: Ensure the order is authentic and the sender cannot deny it.

Parkerian Hexad adds two more elements to CIA:

1. Utility: Data must be useful (e.g., encrypted data is useless without the key).
2. Possession: Prevent unauthorized control of data (e.g., backups or ransomware).

In simple terms, security is about keeping data private, accurate, accessible, genuine, and ensuring it cannot be denied or taken without permission.
System security can be attacked by revealing, changing, or destroying data. These are the opposites of the CIA triad: confidentiality, integrity, and availability.

• Disclosure (opposite of confidentiality): Revealing secret data.
• Alteration (opposite of integrity): Changing data.
• Destruction/Denial (opposite of availability): Making data or systems unavailable.

Examples with patient records:

• Disclosure: If medical records are stolen and made public, it’s a confidentiality attack.
• Alteration: If medical records are changed, wrong treatments might be given.
• Destruction/Denial: If systems are made unavailable, a medical facility can’t access patient records, stalling operations.

Balancing protection against disclosure, alteration, and destruction is crucial. Focusing too much on one can harm the others. Good security practices require a balance between confidentiality, integrity, and availability. To ensure the security of a system, we can use different security models that focus on confidentiality, integrity, or both.

Bell-LaPadula Model (Confidentiality):

• Simple Security Property: "No read up" – can't read data at a higher security level.
• Star Security Property: "No write down" – can't write data to a lower security level.
• Discretionary-Security Property: Uses an access matrix to control read/write operations.

Biba Model (Integrity):

• Simple Integrity Property: "No read down" – can't read data from a lower integrity level.
• Star Integrity Property: "No write up" – can't write data to a higher integrity level.

Clark-Wilson Model (Integrity):

• Constrained Data Item (CDI): Important data whose integrity must be protected.
• Unconstrained Data Item (UDI): All other data.
• Transformation Procedures (TPs): Operations to maintain CDI integrity.
• Integrity Verification Procedures (IVPs): Checks to ensure CDI integrity. These models help protect data through rules about reading and writing based on security and integrity levels

Extras

The ISO/IEC 19249:2017 standard by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) outlines architectural and design principles for secure products, systems, and applications. The five architectural principles are:

• Domain Separation: Grouping related components as single entities with common security attributes.
• Layering: Structuring systems into layers to impose and validate security policies at different levels.
• Encapsulation: Hiding low-level implementations and preventing direct data manipulation, using methods or APIs.
• Redundancy: Ensuring availability and integrity through backup systems, like dual power supplies or RAID configurations.
• Virtualization: Sharing hardware among multiple OSes, providing sandboxing for security.

The five design principles are:

• Least Privilege: Granting the minimal necessary permissions for tasks.
• Attack Surface Minimization: Reducing vulnerabilities by disabling unnecessary services.
• Centralized Parameter Validation: Ensuring input validation is centralized to prevent exploitation.
• Centralized General Security Services: Centralizing security services, like authentication, to enhance security.
• Error and Exception Handling: Designing systems to handle errors safely, preventing information leakage and ensuring secure failure states.

These principles guide the development of secure systems by emphasizing structured, validated, and minimalistic approaches to security.

To avoid confusion, note these three terms:

• Vulnerability: A weakness susceptible to attack or damage.
• Threat: A potential danger associated with a vulnerability.
• Risk: The likelihood of a threat exploiting a vulnerability and the resulting impact on the business.