Classess, These tell the system how to make objects, the process of creating an object using directions in a class is called "instantiation"
Objects, Objects contatin procedures, Called methods, Data called attributes, Often called black box functions, happen, but cannot see
Messages, Objects perform work by sending messages to other objects
Encapsulation, Data hiding
Polymorphism, Different objects can react to identical messages in different ways
Polyinstantiation, Allows an object to be copied and populated with different data
Inheritance, Subclassess inherit settings
All predefined types are objects
All user defined types are objects
All operations are performed by sending messages to objects
CORBA, Common Object Request Broker Architecture
DCOM, Distributed Component Object Model
Object Request Brokers
Made available to users over a network
Establishes a client-server relationship between objects
Security and controls of the systems development process, application controls, change controls, data warehousing, data mining, knowledgebased systems, program interfaces, and concepts used to ensure dataand application integrity, confidentiality, and availability
The security and controls that should be included within systems and application software
The steps and security controls in the software life cycle and change control process
Concepts used to ensure data and software integrity, confidentiality, and availability
Computer viruses and other forms of malicious code, including ActiveX and Java
How malicious code can be introduced into the computing environment
Mechanisms that can be used to prevent, detect, and correct malicious code and their attacks
Distributed Environment, Agents, Applets, ActiveX, Java, Objects
Local/Non-distributed Environment Attacks, Viruses, Trojan Horses, Logic Bombs, Worms
Databases and Data Warehousing, Aggregation, Data Mining, Inference, Polyinstantiation, Multi-Level Security
Knowledge-based Systems, Expert Systems, Neural Networks
Systems Development Controls
System Development Life Cycle, Requirements Determination, Protection Specifications Development, Design Review, System Test Review, Certification and Accreditation, Maintenance, Service Level Agreement
Malicious code, Definitions, Jargon, Myths/Hoaxes
Attackers, hackers, crackers, phreaks, virus writers
Anti-viral protection, Anti-viral software
Various types of computer viruses
Methods of attack, Trapdoors, Brute-Force, Denial-of-Service, Dictionary attacks, Spoofing, Pseudo Flaw, Alteration of authorized code, Flooding, Cramming
Define the A-I-C triad as it relates to application security.
Define programming-related aggregation.
Define security-related aggregation.
Define and describe applet as it refers to IT/IS.
Define architectural neural distribution format (ANDF).
Describe artificial neural network (ANN).
Define “backdoor” as related to IT/IS.
Define Common Object Request Broker Architecture (CORBA).
Compare and contrast input controls, output controls, and transaction controls.
Define covert channel, covert storage channel, and covert timing channel.
Define data contamination.
Define data integrity.
Define data mining.
Define distributed systems environment.
Define encapsulation as related to IT/IS.
Define file protection.
Define garbage collection.
Define granularity as related to IT/IS.
Describe potential types of malicious code threats.
Define logic bomb.
Define neural network.
Define Object Linkage and Embedding (OLE).
Define object-oriented design (OOD).
Define object-oriented programming (OOP).
Define scalability as it refers to IT/IS.
Compare and contrast trapdoors, Trojan horses, and worms as related to IT/IS.
Distinguish between various IT/IS-related threats and attacks.
Identify system lifecycle phases.
Describe functional design analysis and planning.
Compare and contrast project design activities and parallel security activities.
Describe system design specifications.
Compare and contrast project test activities and parallel security activities.
Identify maintenance support/operations in relation to IT/IS.
Define development methodology controls.
Define object-oriented technology.
Describe object request brokers (ORBs).
Define object-oriented techniques.
Describe the benefits of object-oriented programming (OOP).
Describe methods of object-oriented programming (OOP).
Define the distinguishing features of object-oriented programming (OOP).
procedures to compare or reconcile what was processed against what was supposed to be processed
check if the right operation was performed on the right data
Examples, totals, check sequence numbers
examples, character ckecks, input characters against expected type of characters, range checks, input data against predetermined uppoer and lower limits, relationship checks, input data against data on a master record file, reasonableness check, input data against expected standard, transaction limits check, input data against administratively set ceilings on specified transactions
what types of unauthorized activities have taken place and who or what processes took the action
System Feasibility, Information Security Policy, Standards, Legal Issues, Early Validation of concepts
Software Plans & Requirements, Threats, Vulnerabilities, Security Requirements, Reasonable Care, Due Diligence, Legal Liabilities, Cost/Benefits Analysis, Level of protection desired, Develop test plans, Validation
Product Design, Incorporate Security Specifications, Adjust Test Plans and Data, Determine Access Controls, Design Documentation, Evaluate Encryption Options, Verification
Detailed Design, Design Security Controls Commensaturate with legal requirements, Design Access Controls, Employ Encryption, Adapt Security Test Plans, Detailed Documentation Design, Consider Business Continuity Issues, Finalize User GUI, Verification
Coding, Develop information security-related code, Implement Unit Testing, Incorporate other modules or units, Support business continuity plan, Develop documentation
Integration Product, Integrate Security Components, Test integrated modules, Refine Documentation, Conduct Security Related product verification
Implementation, Install Security Software, Run systems, Conduct Acceptance Testing, Test Security Software, Complete Documentation, certification and accreditation
Operations & Maintenance, Revalidate Security Controls, Conduct Penetration testing and vulnerability analysis, Manage Request for Changes, Implement change control, Deliver changes, Evaluate conformance to SLA and validations, Update documentation, recertification
Project initiation and planning, Identify User Needs, Identify Security Needs, Classification and criticality of information / application, Basic security objectives (goals), Security controls workload, Evaluate Alternatives, Initial Risk Analysis, Threats / Vulnerabilities / Risks, Analyse technical, operational, and economical feasibility of security alternatives, Estimate security-related cost / benefits, Select / Approve Approach, Identify Security Framework, Essential security issues and risks, Determination of SLAs
Functional Requirement Definition, Prepare project plan, Security areas in project plan, Configuration and access controls, Audit trials, Develop functional requirements, Define security requirements, Tied to risk analysis and contingency plan, Threats, vulnerabilities, risks, Security control points, Preliminary contingency planning, Preliminary test plan, Preliminary security test plan, Test methods and resources, Identify evaluation criteria and controls to be tested, Select acquisition strategy, Include security requirements in RFP and contracts, Ensure SLA and maintenance contracts meet security, Hardware and software backups and escrow, Establish formal functional baseline, Functional baseline has security requirements
System Design Specification, Develop detailed design, Define security specifications, System, Subsystem, Interface, Program, Database, Hardware, Firmware, Network, Update testing goals and plans, Update security test plan, Develop security test procedure, Test security under abnormal and illegal circumstances, Establish formal baseline / quality controls and requirements, Include security area in formal baseline documentation and quality assurance
Build / Development and Documentation, Construct source code from detailed design specification, Write or procure and install security-related code, Control access to code, Identify / document code, Perform and evaluate unit tests, Perform unit test and evaluate security-related code, Implement detailed design into final system, Ensure approved security components in formal baseline are included
Documentation and Common program controls, Program / application, Operating instructions / procedures, Utilities, Privileged functions, Job and system docs, Compontents, hardware, software, files, databases, reports, users, Restart and recovery procedures, Common program controls, Edits, syntax, reasonableness, range checks, ckeck digits, Logs, Who, what, when, Timestamps, Before and after images, Counts, for process integrity checks, total transactions, batch totals, hash totals, balances, Internal checks, checks for data integrity, from when the program gets the data to when it is done with the data, Parameter ranges and data types, Valid and legal address references, Completion codes, Code Peer review, Program or data library when developing software applications, Automated control system, Current versions, programs, documentation, Record of changes made, Test data verifting changes, User signoffs indicating correct testing, By whom, when authorized, what changed, A librarian, Ensures program or data library is controlled in accordance wirh policy and procedures, Controls all copies of data dictionaries, programs, load modules and documentation and can provide version controls, Ensures no programs are added unless properly tested and authorized, Erroneous / invalid transactions, when detected are writeen to a report and reviewed by developes and management
Acceptance, Test system components, Test security components, Validate system performance, Test security in integrated system, Assess functional operations and performance, Identify test failures, Analyze test results against security requirements, Install system, Install security code with necessary modifications, Prepare project manuals, Document security controls, User guides with access control requirements and protection requirements for sensitive data, Operations / Maintenance manuals, Perform acceptance test, Conduct acceptance test, Last chance to detect security weakness or vulnerabilities, Accept system, Accept / verify project security
Testing and Evaluation Controls, Guidelines for environment, type of data, data at the ends of the acceptable data ranges, various points in between, data beyond the explected and allowable data points, test with known good data, data validation before and after each test, bounds checking, field size, date, time, prevents buffer overflows, sanitize test data, Legal requirements, Directive 95/46/EC of the European Parliament, Data Protection Act 1998, Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), Other names, Data Masking, Data Obfuscation, Data Cleansing, Data Hiding, Disguise Data, Available techniques, NULL'ing Out, deleting a column of data by replacing it with NULL values, Masking data, with XXXX, if data in a specific, invariable format, if numerous special cases must be dealt, Substitiution, prepared list of random data, quite powerful, reasonably fast, preserves the look and feel of the data, if very large amount of data, if small - average tables, Shuffling records, substitution data derived from the column itself, data in a column is randomly moved between rows, leave look and feel of the data intact, fast, relatively simple to implement, required sophisticated algorithm to randomise the shuffling of the rows, if small amounts of data, if large tables, Number Variance, need to be used in conjunction with other options though, algoritm modifies each number value in a column by some random percentage of its real value, if numeric data, Gibberish Generation, substitution of fields in non specific data such as letters and notes with a random quantity of equivalently sized gibberish or random words, occasionally is useful, not very widely applicable technique, Encryption / Decryption, depends on the strength of the encryption used, destroys the look and feel of the sanitized data, selective access for those with key, if high security requirements, if the encryption key cannot be secured, Remark, Test and development teams need to work with databases which are structurally correct functional copies of the live environments. However, they do not necessarily need to be able to view security sensitive information. For test and development purposes, as long as the data looks real, the actual record content is usually irrelevant., Test data should not be production data until preparing for final UAT, Testing controls, test all changes, management acknowledges the results of the test, Program librarian retains implementation test data, Parallel run requires a separate copy of production data, http://www.kb.cert.org/vuls
Certification and Acreditation, process of evaluating, the security stance of the software, system against a predetermined set of security standards, how well the system performs its intended functional requirements, should be documented, analysis of the technical and nontechnical security features and countermeasures, that the extent that the system meets the security requirements for its mission and operational environment, Certifying officer, verifies that the software has been tested, verifies that the system meets all applicable policies, regulations, standards for securing information systems, Accreditation officer, reviews the certification, authorizes the system to be implemented in a production, Accreditation, provisional, for a specific time period, outlines required changes to the application or documentation, full, implies that no changes are required
Transition to Production (Implementation), System is transitioned from the acceptance phase to the live production environment, activities, obtaining security accreditation, training the new users according to schedules, implementing the system, installation, data conversions, security activites, verifiy that the data conversion and data entry are controlled and only privileged users have access, acceptable level of risk is determined, the identifies risks, operational needs to meet the organization's mission, security accreditation is obtained, controls in place to reconcile and validate the accuracy do information after it is entered into the system
Operations and Maintenance Support (Post-Installation), operations activities, monitoring the performance of the system, ensuring continuity of operations, detecting defects or weaknesses, managing and preventing system problems, recovering from system problems, implementing system changes, operations security activities, testing backup, testing recovery procedures, ensuring proper controls for data, report handling, effectiveness of security processes, maintenance security activities, significant changes, periodic risk analysis, recertification of sensitive applications, include, change in data sensitivity or criticality, relocation or major change to the physical environment, new equipment, new external interfaces, new operating system software, new application software, common activities, verify that any changes to procedures of functionality do not disable or circumvent the security features, verify compliance with applicable SLAs according to the initial operational and security baselines
Revisions and System Replacement, hardware and software baselines should be subject to periodic evaluations and audits, any changes must follow the same SDM and be recorded in a change management system, reviews should include security planning and procedures to aviod future problems, documenting security incidents when problems occur
Lock Controls, Page locking, Table locking, Row locking, Field locking, ACID test, Atomicity, is when all the parts of a transaction’s execution are either all committed or all rolled back - do it all or not at all., Essentially, all changes take effect, or none do. Atomicity ensures that there is no erroneous data in the system or data that does not correspond to other data as it should., Consistency, occurs when the database is transformed from one valid state to another valid state. A transaction is allowed only if it follows user-defined integrity constraints., Illegal transactions are not allowed and, if an integrity constraint cannot be satisfied, the transaction is rolled back to its previously valid state and the user is informed that the transaction has failed., Isolation, is the process that guarantees that the results of a transaction are invisible to other transactions until the transaction is complete., Durability, ensures that the results of a completed transaction are permanent and can survive future system and media failures; that is, once they are done, they cannot be undone.
Access Controls, Discretionary Access Controls (DACs), Mandatory Access Controls (MACs), Access Matrix, View-Based Access Controls, MAC, appropriate use and manipulation of views, DB logically devided into pieces, controls must be in place to restrict user from bypassing the front end and directly access data, View allows the restriction, of both rows and columns, read-write, Grant and Revoke Access Controls, if a user is granted access without the grant option, the user should not be able to pass grant authority to other users, User may copy the relation and subvert the system, then grant access to the copy despite he wasn't owner of the relation, cascading efect in revoke statement - all users who may have been granted access by the newly revoked user will be revoked too
Security for OO DBs, Problem, Most of models have been designed for relational DBs, Security models for OO DBs are complex, Models differ in their capabilities and protections, ORION, Explicit Authorizations, The authorization model that provides DACs, Positive authorization, allows access to data on the basis of explicit authorizations provided to each group of users, Negative authorization, deny a user access to an object, Implicit authorizations, group membership used to allow access, SORION MACs, Developed to extend the ORION model by adding MAC, Assignment of the sensitivity labels to subjects, objects and access mode, SODA, Secure Object-Oriented Database model, Dr. Thomas Keefe, standard example of secure OO models, MAC properties and can be executed in systems operating at a multi-level, classification levels, assigns classification levels to the data through the use of inheritance, multiple inheritance not supported, assigns security levels to subjects, assignes sensitivity levels to objects, Multi-party update conflict, use of polyinstantiation as a solution, problem of ensuring the integrity of the data in the DB, when users with different security levels attempt to use the same information., the system becomes a collection of several distinct database systems, each with its own data., Metadata Controls, Goal, facilitating the effective retrieving of information, manage restricted access to information, gatekeeper function to filter access, Security controls, Apply change control process to the procedures of developing and maintaining metadata, Ensure that metadata information is as well protected as the underlaying databases, All measures for control and destruction of data must meet the classification level of the data, Data Contamination Controls, Goal, Ensure integrity, Security controls, Input control, transaction counts, dollar counts, hash totals, error detection, error correction, resubmission, selfchecking digits, control totals, label processing, Output control, validity of transactions through reconciliation, physical handling procedures, authorization controls, verification with expected results, audit trials, OLTP, Online Transaction Processing, Detect when individual processes abort, Automatically restart an aborted process, Back out of a transaction if necessary, Allow distribution of multiple copies of application servers across machines, Perform dynamic load balancing, Knowledge Management, Approaches, Probabilistic approach, Statistical approach, Classification approach, Deviation and trend analysis, Neural networks, Expert system approach, Hybrid approach, Security controls, Protecting the knowledge base as you would any database, Routinely verifying the decisions based on what outcomes are expected from specific inputs, If using a rule-based approach, changes to the rules must go through a change control process, If the data output seems suspicious or out of the ordinary, performing additional and different queries to verify the information, Making risk management decisions because decisions that are based on data warehouse analysis techniques may be incorrect, Developing a baseline of expected performance from the analytical tool
Threats to the Software Environment, Buffer Overflow, Citizen Programmers, Covert Channel, Malicious Code /Malware, Virus, File infector virus, Boot sector infector, System infector, Multipartie virus, E-mail virus, Macro virus, Script virus, Worms, Trojan horses, Remote Access Trojan, Bomb, Logic bomb, Time bomb, Data diddler, Hoax, Pranks, Memory/Object Reuse, Executable Content / Modile Code, Social Engineering, Time of Check / Time of Use, Trapdoor / Backdoor
duplicated data of the same entity in the past, often inconsistent as not updated concurrently
information replicated in several files on a system has been replaced by databases which inporporated the information from multiple sources
to integrate and manage the data required for several applications into a common storage area
Process of building DWH, Feed all data into a large, high-availability, and high-integrity database that resides at the confidentiality level of the most sensitive data, Normalize the data. Regardless of how the data is characterized in each system, it must be structured the same when moved into the data warehouse., For example, one database could categorize birthdate as “month/date/year,” another as “date/month/year,” and still another as “year/month/date.” The data warehouse must “normalize” the various data categories into only one category., Normalization will also remove redundancies in the data., Mine the data for correlations to produce metadata., Sanitize and export the metadata to its intended users., Feed all new incoming data and the metadata into the data warehouse.
Metadata, Information about the data, Provides a systemativ method for describing resources and improving the retrieval of information, provides valuable information about the unseen relationships between data and the ability to correlate data previously considered unrelated., Dublin Core Metadata Initiative (DCMI) standard, Data are accessed through Online Analytical Processing (OLAP) or Knowledge-Discovery in Databases (KDD) methods
OLAP, provides ability to formulate queries and, based on the outcome of the queries, to define further queries
Data Mining, another tool in addition to OLAP, process of discovering information in DWH by running queries on the data, Used to reveal hidden relationships, patterns and trends, Decision making technics based on a series of analytical techniques taken from mathematics, statistics, cybernetics and genetics, Advantages, ability to provide better info to managers, tools to review audit logs for intrusion attempts, helps to discover abnormal events, Disadvantages, detailed data about individuals might risk a violation of privacy, integrity may be at risk, as human data entry may not be accurate (relationships or patterns), data contamination
Aggregation, combined unclassified data from separate resources result in sensitive information
Bypass attacks, bypass controls at the front end, bypass the query engine
Compromising DB views used for Access Control, access to restricted views or modification of an existing view
Concurrency, running process that use old data, running process that updates that are inconsistent, running process having a deadlock occur
Data contamination, data integrity corruption by input dara errors or erroneous processing, file, report, DB
Deadlocking, when 2 users attempts the same information and both are denied
DoS, poorly designed application, query that locks up the table and requires intensive processing
Improper modification of information, unauthorized users intentionaly, authorized users accidentally
Inference, ability to deduce (infer) information from observing available information, list of patients and their medicines -> what ilness they have
Interception of data, in dial-up and remote access, interception of the sesstion
Polyinstantiation, information stored in more than one location in the DB, multiple levels-of-view and authorization, must be effective method for simultaneously updating all occurrences of the same data element
Query attacs, query tools to access data normally not alloweb by the trusted front end
Server access, protection from unauthorized logical access, control from unauthorized physical access
TOC/TOU, malicious code could change data between the time that the user's quesry was approved and the time the data is displayed to the user