Software Security Basics

Vulnerability is a weakness in the security system.

• (i.e., in procedures, design, or implementation), that might be exploited to cause loss or harm.

A threat to a computing system is a set of circumstances that has the potential to cause loss or harm.

• a potential violation of security.

A human (criminal) who exploits a vulnerability perpetrates an attack on the system.

How do we address these problems?

• We use a control as a protective measure.

• That is, a control is an action, device, procedure, or technique that removes or reduces a vulnerability.

Threats

Vulnerabilities

Data vulnerabilities

Software Vulnerabilities

• Software Deletion

• Software Modification

• Software Theft

Logic Bomb

A program works well most of the time but it fails in specific circumstances.

Trojan Horse

A program that overtly does one thing while covertly doing another.

Virus

A piece of code that is used to spread from one computer to another.

Trapdoor

A program that has a secret entry point.

Information Leaks

A piece of code that makes information accessible to unauthorized people or programs.

Security Goals (CIA):

• Confidentiality ensures that computer-related assets are accessed only by authorized parties.

  • i.e. reading, viewing, printing, or even knowing their existence.

  • Secrecy or privacy.

• Integrity means that assets can be modified only by authorized parties or only in authorized ways.

  • i.e. writing, changing, deleting, creating.

• Availability means that assets are accessible to authorized parties at appropriate times.

  • i.e. often, availability is known by its opposite, denial of service.