Vulnerability Threat Control Paradigm
Vulnerability Threat Control Paradigm is a framework to protect your computer so that you can protect the system from threats. The purpose of this paradigm is to achieve ultimate goal of protecting your valuable assets so that your computer can be safe. You know that a threat is a condition which has potential to produce harm so that vulnerable part can be exploited. Vulnerability is exploitable weakness of the system.
A real world example:
For example, the government build dams so that electricity can be produced. Look at the picture below. Water flows through the wall so that turbines can generate electricity. There is a limit of pressure that the wall can tolerate. If the wall has crack, it will be its vulnerability. More pressure of water can blew away the wall, so this is threat.
Denial of Service example:
Similarly an attacker can exploit a system by overwhelming the traffic to a system so that it can stop working. The attacker uses such attack in Denial of service. To survive these attacks and resist against them, counter measures and controls are taken.
Things to be observed about threats:
What can be:
- the possible threats?
- potential of each threat?
- the sources of threats?
- survivable threats?
CIA Triads – Basic properties of computer security
As there are three basic properties of computer security, so the threats to these properties are threats to computer security.
Confidentiality: The ability of a computer system to ensure that the authorized user has viewed the file. Only the authorized user or system can access data.
Integrity: The ability of a computer system to ensure that the authorized user has modified the file. Only the authorized system or user can manipulate or update data.
Availability: The ability of a computer system to ensure that the authorized user has used the file. Only the authorized system or user can use the information in files.
ISO 7498-2 adds two more properties of computer security that are authentication and accountability or non-repudiation.
Authentication: The ability of a computer system to confirm sender’s identity.
Non-repudiation or accountability: The ability of a computer system to confirm that the sender can not deny about something sent.
The above definition can vary because of the scenarios of harm. If you can not access your computer, then availability is lost. If someone else can view your files then confidentiality is lost. Similarly computer loses integrity if someone else manipulates your data.
Different perspectives of CIA triad:
You can see CIA triad from different perspectives so that your point of view can get clear about these properties. A scenario may involve interruption, fabrication, interception and modification. An attacker may interrupt your access to files so that he can show you what he wants. He can intercept your messages and emails so that he can know what you are doing. He can modify the information in your emails before sending to receiver. The attacker may fabricate information.
By controlling access to a file, you limit the system to follow rules so that no unauthorized user can access file. The highest level of security can be disconnecting your computer from internet, turning off it and storing it in a locker where no one can access it. But this level of security is not acceptable because there will be no use of computer anymore.
Another option is to let everything accessible all the time which is completely an unsecured way. You will have zero security and anyone can harm you easily. The best security option lies between high level security and zero level security. You should be able to use it within optimized performance range. But there should be restrictions so that the system can maintain its safety level. These restrictions are policies of access control. We make policies about who will access a file and what he can do with it.
Mapping modes of access to CIA Triads
Prevention of data from modification (integrity) or viewing (confidentiality) and keeping it accessible (availability).
Computer Network Vulnerabilities
According to WAR70, computer security does not relay on software security completely because other areas of the computer can also have vulnerabilities. The cause of vulnerabilities in computer network can be unauthorized access to files, copy or theft of files, operator himself who reveals protective measures or replaces the supervisor. It can be a system programmer who reveals protective measures or disables protective features.
A vulnerability can be an improper hardware connection or cross coupling. It can an issue in user identification, authentication, modification or subtle software. It can be attachment of recorders so that bugs or any other information can be recorded. A vulnerability can be something done by maintenance man like he disables the hardware devices or use stand-alone utility programs. It can be failure of protection circuits or software. Vulnerabilities involve bound control and access control issues. We can not consider that the security relays only on software security or hardware security because the men can also involve in leaking or disabling the various modules so that unauthorized access can be gained.