HostedDB - Dedicated UNIX Servers

-->
Handbook of Information Security Management:Computer Architecture and System Security

Previous Table of Contents Next


Domain 5
Computer Architecture and System Security


This domain addresses computer organization and configuration, and the controls that are imposed at each layer of the system architecture. Chapter 5-1-1 describes the broad spectrum of security vulnerabilities and threats to information security. The author discusses the individual components of the computer architecture, how they influence systems security, and what mechanisms can be applied to safeguard the system.

In today’s distributed computing environment, where business users are empowered with information on their individual desktops, each user, by default, becomes accountable for the security of computing resources and resident information. It is incumbent on the Information Security Program, therefore, to establish and enforce policies and procedures that extend to the local area network and personal computer.

Chapter 5-2-1 encompasses an extensive litany of subjects that must be addressed at the desktop, including physical security, viruses, access controls and encryption, along with operational issues such as backup and recovery. The author makes a valid point that, essentially, the risks and threats are the same at the desktop as those on the mainframe, albeit on a different scale. Thus, it is necessary to apply the fundamental controls to this distributed environment as well.

Chapter 5-3-1 introduces a unique thesis on information security, that is, security should be integrated into a systems integrity engineering discipline, which is realized at each level of the organization. From this perspective, the author provides a granular look at the construction of internal controls within decentralized systems, dispersed systems, and cooperative systems. The chapter offers an in-depth narration on organizational change, illustrating how various protection strategies are implemented based on technological infrastructure. Ultimately, the author asserts that adequate security safeguards and mechanisms must be built in, not added on — a time-worn but valid assertion which technology vendors still do not heed.

Section 5-1
Computer Organization and Configuration

Chapter 5-1-1
Secure Systems Architecture

William H. Murray

Many security problems and the information system security procedures for solving those problems are rooted in the way that computer systems are organized and used. This chapter addresses several security vulnerabilities and the types of attacks that they expose systems to. It then discusses the basic elements of system architecture and explains how they may affect system security.

Information systems security attempts to account for problems presented by certain aspects inherent in the use of computers. For example, the sharing of hardware across computing processes presents a particular set of problems. The difficulties of information systems security began to be identified during the 1960s, when concurrent sharing of computers began. Computers had been shared among applications and users almost from the beginning. However, most of this sharing was serial rather than concurrent — that is, one job used all of the computer for a period of time, and upon completion, another would begin. This always presented a compromise to the confidentiality of data; if a job left any data in memory, that data could be captured by the subsequent job. Because few jobs used all of the resources of the computer and because of the very high cost of those resources, users immediately began to look for ways to better exploit their use by sharing the computer concurrently across multiple jobs or users.

Even if there were no economic reason to share hardware (and this motive diminishes as the cost and size of hardware decreases), it would still be necessary to share data. Data sharing permits information to be transferred from one individual to another. Although this sharing of data represents an increase in the value and utility of the data, there is a corresponding reduction in its confidentiality.

In addition, the power, generality, flexibility, scope, and complexity of the modern computer make it error prone and increase the difficulty of determining how it was intended to be used. Most of the behavior of a modern computer is controlled by its stored program. Because computer programming is very complex, the program may not always be a true implementation of the programmer’s intention — even when the programmer has the best of motives and the highest of skills. For example, if the programmer fails to anticipate and provide for every possible input, the program may cause the computer to behave in an unanticipated way.

Because the behavior of the computer is so complex, it is often difficult to determine whether the computer is performing as intended. Sometimes the output is used so quickly that there is little time for checking it. In other cases, the output is such a complex transformation of the input that it is difficult to reconcile. Therefore, it is not always possible for users to know whether the information or programs they are using are accurate.

Hardware sharing, data sharing, and the complexity of computers are common aspects of computing. They present certain vulnerabilities to the information on the system, however, that the information security program must address. The following section discusses several of the vulnerabilities commonly encountered in computing environments.

Contamination and Interference

Most computers are unable to distinguish between programs and other data. In many, a program is unable to recognize itself. Therefore, it is possible for a programmed procedure to overwrite itself, its data, other programs, or their data. This happens frequently by error; it may also be done deliberately.

It is possible for one process operating in the computer to interfere with the intended operation of another. Again, most of this happens by error but may be done deliberately. Most of it is obvious (i.e., job failure); a small amount may be subtle and difficult to detect.

Changes Between Time of Check and Time of Use

Conditions that are checked and relied on but not otherwise bound can be maliciously changed between the time of check and the time of use. This vulnerability can be reduced by increasing the number of checks, making them closer to the time of use, or by binding the condition so that it cannot be altered. (Binding is accomplished by resolving and fixing a meaning, property, or function so that subsequent changes are not supported and will be resisted.)


Previous Table of Contents Next