Section 2-2
Network Security

Chapter 2-2-1
A New Security Model for Networks and the Internet

Dan Thomsen

Type enforcement is a new security mechanism that can be used as the basic security building block for a large number of systems in which security is an important factor. One of the most critical areas requiring protection is the system firewalls. Firewalls are the equivalent of walls around a castle and are under constant attack from external forces. Installing software to protect the network will not be effective if the software runs on a platform that cannot protect itself. It is like building the castle walls on a swamp.

Computer security is a matter of controlling how data are shared for reading and modifying. Only one person using an isolated computer is completely secure. However, people inside and outside of the organization need to share information. Type enforcement allows a computer to be divided into separate compartments, basically having a number of isolated computers inside of a single computer. Because the compartments are in a single computer, the process of sharing information among compartments can be controlled by type enforcement.

Most secure systems are difficult to work with and require extra development time. Type enforcement strikes a balance between security and flexibility. As a result, new security services can be provided more quickly, because they can build on the security of the underlying operating system. Type enforcement permits the incorporation of security more quickly because it allows the applications to be encapsulated. Each application is protected from:

•  Hostile manipulation by outsiders.

•  Interference from other applications.

•  Erroneous behavior by the application itself.

SECURITY BASICS

An examination of the potential problems that can arise on a poorly secured system will help in understanding the need for security. Three basic kinds of malicious behavior are

•  Denial of service.

•  Compromising the integrity of the information.

•  Disclosure of information.

Denial of Service

Denial of service occurs when a hostile entity uses a critical service of the computer system in such a way that no service or severely degraded service is available to others. Denial of service is a difficult attack to detect and protect against, because it is difficult to distinguish when a program is being malicious or is simply greedy.

An example of denial of service is an Internet attack, where a attacker requests a large number of connections to an Internet server. Through the use of an improper protocol, the attacker can leave a number of the connections half open. Most systems can handle only a small number of half-open connections before they are no longer able to communicate with other systems on the net. The attack completely disables the Internet server.

Compromising the Integrity of the Information

Most people take for granted that the information stored on the computer system is accurate, or at least has not been modified with a malicious intent. If the information loses its accuracy, the consequences can be extreme. For example, if competitors hacked into a company’s data base and deleted customer records, a significant loss of revenues could result. Users must be able to trust that data are accurate and complete.

Disclosure of Information

Probably the most serious attack is disclosure of information. If the information taken off a system is important to the success of an organization, it has considerable value to a competitor. Corporate espionage is a real threat, especially from foreign companies, where the legal reprisals are much more difficult to enforce. Insiders also pose a significant threat. Limiting user access to the information needed to perform specific jobs increases data security dramatically.