What Makes a System Secure?
In the most basic sense, computer system security
ensures that your computer does what it's supposed to doeven if its users don't do what they're supposed to do. It protects the information stored in it from being lost, changed either maliciously or accidentally, or read or modified by those not authorized to access it.
How does computer system security provide protection? There are four primary methods:
System access controls
These methods ensure that unauthorized users don't get into the system and encourage (sometimes force) authorized users to be security-consciousfor example, by changing their passwords on a regular basis. The system also protects password data and keeps track of who's doing what in the system, especially if what they're doing is security-related (e.g., logging in, trying to open a file, using special privileges). System access controls are the soul of authentication.
The next section introduces the basics of system access controls.
Appendix C describes the Orange Book accountability requirements, which specify the system access controls definedfor different levels of secure systems. The Orange Book is still an important reference for computer security, although technically it has been replaced by the Common Criteria.
Data access controls
These methods monitor who can access what data,
and for what purpose. Another word for this is authorization, that is, what you can do once you are authenticated. Your system might support discretionary access controls; with these, you determine whether other people can read or change your data. Your system might support mandatory access controls; with these, the system determines access rules based on the security levels of the people, the files, and the other objects in your system. Role-based access controls are a hybrid system; these methods extend individual authorization to group memberships.
System and Security Administration
These methods perform the offline procedures that make or break a secure systemby clearly delineating system administrator responsibilities, by training users appropriately, and by monitoring users to make sure that security policies are observed. This category also involves more global security management; for example, figuring out what security threats face your system and what it will cost to protect against them.
Chapter 5 introduces the basics of system security planning and administration. Appendix C shows the Orange Book system administration
requirements defined for different levels of secure systems.
These methods take advantage of basic hardware and software security characteristics; for example, using a system architecture that's able to segment memory, thus isolating privileged processes from nonprivileged processes.
Although a detailed discussion of secure system design
is outside the province of this book, the major Orange Book design requirements for different levels of secure systems are available in Appendix C.