Ключ к разгадке биографического метода нельзя искать в смерти или самоубийстве писателя. 1 страница

UNIT 6

UNIT 5

UNIT 4

TEXT 3C.

OPERATIONAL CONTROLS.

Traditional operational controls include such things as controlling errors, supervising, error recovery, forms control and input/output media control.

A key element of controlling errors is the proper selection of network components including all hardware devices, software, communications equipment, and media, and protocols. Hardware and software of the network should be evaluated on the basis of reliability, controllability and error handling capabilities, in addition to the normal evaluation of performance characteristics.

In addition to selecting reliable network components, management should also implement a good problem management process. Every error which occurs should be identified as to the source and every corrective action should result in a positive resolution of the cause with assurance that the problem will not reoccur. Detailed problem management reports should be generated which provide information on instances of problems, date and time of occurrence, problem reoccurrences, source of the problem, problem impact, person responsible for problem resolution, corrective action taken.

Application Development Controls.

Traditional application development controls consist of such things as project phase reviews under a project control system, establishing standards, controlling changes, quality control, library content control, improved programming technology techniques, such as inspections and structured programming, and auditing of applications to a set of expectations.

Workstation Controls.

Traditional workstation controls consist of physical protection of the workstation itself, plus physical and logical access controls to prevent unauthorized use.

TEXT 4A.

DATABASE SECURITY

Computer security is defined as protection of information processed by a computer against unauthorized observation, unauthorized or improper modification, and denial of service. Assuring computer security is not a trivial task; suitable methods and tools are required for developing secure systems. The task of providing effective protection in database management systems is particularly difficult, since they process large amounts of information in complex ways and require a fine granularity of control over data.

Database (DB) security comprises a set of measures, policies and mechanisms to provide secrecy, integrity and availability of data and to combat possible attacks on the system (threats) from insiders and outsiders, both malicious and accidental. Ensuring secrecy means preventing/detecting/deterring the improper disclosure of information. In general, secrecy properly refers to protection of data involved in highly protected environments, such as military environments or departments of commercial environments. Privacy refers to information about individuals, and is sometimes defined as "the right of the individual, group or institution to determine when, how and for what purpose information concerning himself/itself can be collected, stored and released to other people or entities". Therefore, privacy refers to environments where data about people or legal individuals is maintained; privacy is ensured by laws and rules in many countries. Secrecy is a most relevant aspect of security-critical environments. For example, the target coordinates of a missile should not be improperly disclosed. Ensuring integrity of information means preventing/detecting/deterring the improper modification of information. For example, in a military environment, the target coordinates of a missile should not be improperly modified. Ensuring system availability (that is, avoiding denial of service) means preventing/detecting/deterring improper denial of access to services provided by the system. For example, when the proper command is issued, the missile should fire.

DB security encompasses physical, logical and organizational issues. Physical DB security focuses on tools, devices, and hardware/software techniques able to prevent or detect unauthorized physical access to data storage facilities, and to provide DB backup/recovery. Logical DB security consists of control measures, models and techniques to prevent, detect or deter unauthorized logical (that is, via software) accesses to data. Organizational DB security concentrates on management constraints, operational procedures, and supplementary controls established to provide DB protection.

Words to be learnt:

accidental-случайный,несистематический; backup-резервирование,дублирование; to combat-бороться; constraint-ограничение; denial of service-отказ в обслуживании; to deter-останавливать,удерживать; entity-объект; granularity-степень структурированности,степень детализации; integrity-целостность,сохранность; malicious-злонамеренный; recovery-восстановление.

I. Answer the following questions:

1.What is security? 2.Why is the task of providing effective protection in database management systems particularly difficult? 3.What does DB security comprise? 4.What does ensuring secrecy, integrity and availability of data mean? 5.What issues does DB security encompass?

II. Translate the following sentences paying attention to the gerund:

1.Protecting a database from possible threats means protecting resources from accidental or intentional unauthorized reading and/or updates.2.Inference denotes the possibility of obtaining confidential information from non-confidential data.3.The message filter is a model for providing mandatory protection in object-oriented database systems.4.Lock and unlock techniques consist, respectively in blocking data items for the time needed to execute an operation and in releasing the items once the operation has been completed.5.A specialist, the security administrator, is responsible for defining the authorization rules derived from the security requirements of the organization.6.Security cannot be assured by relying solely on physical protection.7.Drawbacks of this type have been overcome in some systems by enciphering passwords through cryptographic algorithms.

III. Translate the sentences paying attention to the infinitive:

1.The recovery system reads the log file to determine the transactions to be undone and the transactions to be redone.2.To undo a transaction means to copy the old value of each operation in the involved record.3.To redo a transaction means to copy the new value of each operation in the record.4.Some work has been done to extend the access matrix model to make the safety problem decidable.5.Security policies can be combined in order to better meet the security requirements.6.Intrusion detection systems are applied in conjunction with access controls to detect possible violations or violation attempts.7.The security officer takes part in the determination of the profile models in order to state the behaviour aspects to be controlled.

TEXT 4B.

SECURITY POLICIES

Achieving security in a database environment means identifying the threats and choosing the proper policies ("what" the security system is expected to do) and mechanisms ("how" the security system should achieve the security goals). It also involves the provision of security system assurance ("how well" the security system meets the protection requirements and executes the expected functions).

The security policies of a system are high-level guidelines concerning design and management of authorization systems. Generally, they express the basic choices taken by an organization for its own data security. The definition of security policies leads to the explicit formulation of security strategies.

Security policies define the principles on which access is granted or denied. Sometimes besides "if", they state "how" an access should be granted, or that the queries can return partial results, filtering out unauthorized data.

Authorization rules (access rules) are the expression of security policies; they determine the system behaviour at run time. The security policies should also state how the set of authorization rules (insertion, modification) is administered.

Two basic policies exist:

(1) Minimum privilege policy, also called "need-to-know" policy.

According to this policy, system subjects should use the minimum quantity of information needed for their activity. A drawback of this policy is that overlimiting may lead to strong and useless restrictions for innocuous subjects.

(2) Maximum privilege policy, based on the principle of the "maximum availability" of data in a database, so that sharing is maximized. This policy is adequate for environments such as universities or research centres, where strict protection is not particularly needed, because of both the reliability of users and the data-exchange requirements.

In a closed system only explicitly authorized accesses are allowed. In an open system accesses that are not explicitly forbidden are allowed. Open and closed systems are mutually exclusive. When deciding upon security strategies, the choice depends on the features and requirements of the database environment, users, applications, organizational aspects, and so on. A closed system enforces the minimum privilege policy, whereas an open system enforces maximized sharing. Protection is higher in closed systems: errors such as missing rule can deny authorized access but cause no damage, whereas in open systems the same event can grant unauthorized access.

Answer the following questions:

1.What does achieving security in a database environment involve? 2. What are security policies? 3.What are the basic policies? 4.What does the choice of security policy depend on?

TEXT 4C.

SECURITY MECHANISMS

Security mechanisms concern the prevention of improper access (access control mechanisms), and the detection of improper access (auditing and intrusion detection mechanisms). Good prevention and detection require good authentication mechanisms. Access control mechanisms are more fundamental because prevention is preferred. Security mechanisms can be implemented via hardware, software or through administrative procedures.

External mechanisms.

These consist of administrative and physical control measures able to prevent undesired access to the physical resources (rooms, terminals, devices), so that only authorized accesses are allowed. Devices providing protection against accidental threats like short circuits, fire, earthquakes or environment conditions can also be included among external protection mechanisms. However full protection cannot be assured, particularly in those environments where accidental attacks or violations can hardly be foreseen. The target is then to minimize possible damages. This means to minimize possible violations, consequent damages and provide recovery procedures.

Internal mechanisms.

Internal protection consists of three principal mechanisms:

(1) Authentication. This mechanism prevents unauthorized users from using a system by checking their identity.

(2) Access controls. Upon successful authentication, queries entered by users can be answered only according to existing authorizations for these users.

(3) Auditing mechanisms. These monitor the utilization of the system resources from its users. Auditing mechanisms consist of two phases:

v a logging phase, where all the access queries and related answers (both authorized and denied) are recorded;

v a reporting phase, where reports from the previous phase are checked to detect possible violations or attacks.

Answer the following questions:

1.What do security mechamisms concern? 2.What do external/internal mechanisms consist of?

TEXT 5A.

SECURITY MODELS

The objective of security modelling is to produce a high-level, software-independent, conceptual model, starting from requirements specifications that describe the protection needs of the system. Security models can be broadly classified in two categories: discretionary and non-discretionary (or mandatory) models.

Discretionary security models govern the access of users to the information on the basis of the users's identity and of rules that specify, for each user and object in the system, the types of access the user is allowed for the object. The request of a user to access an object is checked against the specified authorizations; if there exists an authorization stating that the user can access the object in the specific mode, the access is granted, otherwise it is denied.

Mandatory security models govern the access to the information by the individuals on the basis of the classifications of subjects and objects in the system. Objects are the passive entities storing information, such as data files, records, fields in records, etc. Subjects are active entities that access the objects. Generally, a subject is considered to be an active process operating on behalf of a user. Access classes are associated with every subject and object in the system, and the access of a subject to an object is granted if some relationship, depending on the access mode, is satisfied between the classifications of the subject and the object.

Discretionary models have the advantage of being flexible and therefore suitable for various types of system and application. For these reasons, they have been widely used in a variety of implementations especially in the commercial and industrial environments.

However, discretionary access control policies have a drawback. The main problem is that discretionary policies do not impose any restriction on the usage of information: that is, dissemination of information is not controlled.

The advantages of mandatory models derive basically from their suitability to certain kinds of environment where the users and objects can be classified. Mandatory control models allow one to track the flow of information. However, the mandatory access control policies have the drawback of being too rigid and therefore unapplicable to some environments.

The choice of a security model in the development of a security system depends on the target environment, on the security aspects involved and on the intended controls. Sometimes, one model is insufficient to represent complex protection needs, whereas a combination of models can be used more satisfactorily. Ad hoc models can be defined as specializations or extensions of existing models, when no models, or combinations thereof, are capable of describing exhaustively the protection requirements for a specific problem.

Words to be learnt:

ad hoc-специальный,подходящий или созданный для данного случая; authorization-санкционирование,разрешение; dissemination-распространение; drawback-недостаток; flow-поток; to govern-регулировать, управлять; to grant-предоставлять; mode-режим; request-запрос,требование; restriction-ограничение; rigid-жесткий,строгий.

I. Answer the following questions:

1.What is the objective of security modelling? 2.Into how many categories can security models be classified? 3.What are the main features of discretionary/mandatory models? 4.What are the advantages and drawbacks of discretionary/mandatory models?

II. Translate the following sentences paying attention to the infinitive constructions:

1.We believe this book to be a valid support in approaching most of the problems.2.The considered level of granularity for objects and subjects can cause the table to be very heavy in terms of memory. 3.Dynamic relocation allows K to vary during program execution. 4.The application of the message-filter model requires all objects to be single-level.5.Security features are recognized to constitute additional costs and cause downgrading of performance.6.Practically, databases appear to be extremely vulnerable to simple attacks. 7.Choosing a hard-to-detect password proves to be a serious issue.

III. Translate the sentences paying attention to the meaning of "that":

1.It has been recognized that security is a feature that should be taken into account in the early phases of DB design, so that data protection can be incorporated efficiently into the system.2.Events that bring violations to databases are called threats.3.The attraction is that a biometric identifier can neither be given away nor stolen.4.Databases containing mixed data, that is, both sensitive and ordinary data, exibit more complex protection problems.5.Progress has been made on that point, but there's still a lot of room for improvement.6.It is generally agreed that the eight-character limit that UNIX systems impose is inadequate.7.In most situations the network is not the resource at risk; rather, it is the end-points of the network that are threatened.

TEXT 5B.

INTRUSION DETECTION

Intrusion detection is defined as the issue of identifying intrusions by individuals who are using a system without authorization ("crackers") and those who are authorized but abuse their privileges ("insider threat"). Currently, two types of model are generally employed by Intrusion Detection Systems (IDSs):

v Anomaly detection models. These enable the profile of a user's normal behaviour to be statistically compared with the parameters of the current user's session; "significant" deviations from the normal behaviour are reported to the security officer, where "significant" is defined as a threshold set by the specific model or by the security officer.

v Misuse detection models. This second type of model supports comparison between parameters of the user's session and known techniques used by attackers to penetrate a system.

In general, controls on user behaviour in the system are tackled by tracking the requests performed by users and recording them in a suitable trail (audit). The analysis has the purpose of detecting whether a set of requests, performed by a given user or user group, may be considered as suspicious.

Audit controls in traditional audit systems have the drawback of being very complex, and of being executed a posteriori. The manual review of the large amount of audit data to be assessed limits the workability of the approach. All possible attacks on the system are not always detected, or can be detected long after they occured. Therefore, the necessity arises of providing tools and systems which automatically or semi-automatically check the audit data and try to detect intrusions, possibly on-line, in real time.

A number of IDSs are based on the analysis of the audit trails offered by the host operating system (OS). These systems employ techniques such as the evaluation of a weighted multinomial function to detect deviations from normal behaviour, a covariance matrix for profiling normal behaviour, and rule-based expert systems to detect security violations.

Particular problems of intrusion detection are the need for real-time response, the large amount of data to be processed, the lack of available attack data to be analysed, and the large number of parameters that can be associated with audit data. Therefore, intrusion detection can borrow solutions from other fields such as artificial intelligence, statistics, information theory, or machine learning. These solutions need to be adapted to IDS design and operation, and the impact of these techniques on intrusion detection is yet to be fully understood.

Answer the following questions:

1.What is intrusion detection? 2.What are the main types of models generally employed by IDSs? 3.What are the main problems of intrusion detection?

TEXT 5C.

TRENDS IN INTRUSION DETECTION: MACHINE LEARNING (ML)

ML techniques can be used in IDSs to observe a given system and "learn" to characterize "normal" activities and thus detect abnormal conditions. In particular, four areas of ML seem to have the greatest potential for IDSs:

v Concept learning. This is the task of training a system to classify elements into categories, which are fixed by the teacher, by considering the element attributes. A classification task in the field of misuse detection is to state whether a certain work session is intrusive or normal.

v Clustering. This consists of partitioning a collection of elements into groups of related elements using some "similarity" criteria. Clustering also includes the task of constructing the categories and the classification rules but in a different way from concept learning.

v Predictive learning. A temporal model of data is constructed giving the ability to learn about intrusion events from temporal data and sequences of discrete events. This model usually incorporates additional knowledge about the specific application. The fewer bits (compression ratio) are required to represent a sequence of events, the more powerful the predictive model is. In misuse detection, a predictive model can be learned and characterized numerically by its compression ratio or mean rate of predictability.

v Extraction of features. The feature extraction problem (distinguishing the relevant from the irrelevant features, and combining the relevant features into a function that identifies an event, for example, an intrusion) is a problem of ML that limits the usefulness of standard techniques for concept learning and clustering. Some promising new approaches provide algorithms that ameliorate the effectiveness of feature extraction techniques.

Answer the following question:

1.What areas of ML seem to be the most promising for IDSs?

TEXT 6A.

USER AUTHENTICATION

Authentication mechanisms validate the user identity through some object, or information, known to the user, through something owned by the user, or through a combination of these modes. Authentication systems based on information known to the user are:

v Password-based systems. A user is identified through a secret string of characters (numerical and alphanumerical) known exclusively by this user and by the system.

v Query-answer-based systems. A user is identified on the basis of his or her answering a set of questions posed by the system. Questions are specific for each user and, generally, based on mathematical functions to be computed by the system after receiving entry values from the user.

v Double authentication systems (hand-shaking), where the system introduces itself to the user, and the user authenticates himself back to the system. Authentication by the system occurs through information known only to the user (for example, date, time, and code of the last work session). User authentication is password based.

Authentication systems based on information owned by the user are basically card-based systems: a magnetic card contains a bar or magnetic strip code, or a microprocessor. Authentication occurs upon acceptance of the card inserted in a proper reader, sometimes coupled with a secret code.

Authentication systems based on "something a user is" are:

v Computerized facsimile systems. The user image is stored; identification occurs by matching the person with his or her stored image shown on the screen;

v Fingerprint-based systems. Identification is the result of a match between the user's fingerprints with the stored ones;

v Hand-pressure systems. Identification is made based on the user pressure in writing his or her signature on a suitable device;

v Voice-recognition-based systems. The user's voice is matched against its stored version;

v Retinal features-based systems. Identification is made by examining the features of the user's retina.

The last set of authentication systems has a higher degree of complexity than the previous ones because of the intricacies of the matching operations between the stored features of an individual and the actual ones. They incur a higher probability of denial to authorized users. Costs are also a relevant consideration, and the technologies involved (voice/image recognition) make these systems expensive. Therefore, their use is only appropriate in highly security-critical environments.

Words to be learnt:

authentication-проверка подлинности,подтверждение права на доступ; character-знак,символ; identification-отождествление,опознавание, распознавание; intricacy-сложность; match-n.совпадение,v.сопоставлять,сравнивать; password-пароль; query-запрос; recognition-распознавание; retina-сетчатка глаза; to validate-проверять достоверность,подтверждать правильность.

I. Answer the following questions:

1.What is the purpose of authentication mechanisms? 2.What are authentication systems based on?

II. Define the function of the participles and translate the sentences:

1.Users are subjects accessing protected resources.2.A database is a collection of data organized and managed by specific software, the DBMS.3.The degree of security provided by current commercial DBMS technology is rather low.4.The recovery system uses a log journal, namely, a file containing a sequence of records stored into stable storage.5.We define a firewall as a collection of components placed between two networks.6.A firewall, if properly deployed against the expected threats, will provide an organization with greatly increased security.7.Even authorized users should pass through a security gateway when crossing the firewall.

III. Translate the sentences paying attention to the meaning of "one":

1.Entered passwords are matched against stored ones for verification.2.Not all the mechanisms mentioned are implemented at the OS level: password-based mechanisms are the most common ones.3.On the one hand, skilful users make security systems more reliable.4.In the message filter model messages are not allowed to flow directly from one object to another.5.One should be aware of the danger of computer viruses.6.One can achieve a significant increase in security by using one-time passwords.7.A password of 16 bytes is not as strong as one might guess.

TEXT 6B.

MEMORY PROTECTION

In multiprogrammed environments, the primary memory of a system is partitioned and assigned to the data and programs of different users. This requires protection from mutual interference (among application programs, or among application and system programs). Moreover, the same resources need to be shared among different users.

Various sharing levels exist, ranging from no sharing (complete isolation) to uncontrolled sharing. The implementation of a controlled sharing mechanism needs sophisticated protection at the Operating System (OS) level. There exist the following types of hardware mechanisms for protection and controlled memory sharing: fence address, bound registers, paging, segmentation.

A fence address marks the bound between the memory area reserved to the OS (generally the lower memory region) and the memory area available for a user. Assuming the OS is assigned the lower memory, a fence-address-based mechanism verifies that each address generated by a program refers to the higher region of the memory. Addresses generated by user programs are matched against the fence value: an address value higher than the fence value is a correct reference to the user area, whereas a lower value is incorrect: the program is terminated, and an error message is reported to the user. A fence address can be specified as a constant, inserted directly in the hardware, or can be loaded into the fence register.

By the register-based protection technique, a user's memory area is delimited by a pair of values, stored in proper registers, that mark the area bounds. Each user has an associated pair of registers. Bound values can be expressed in two different ways: bound registers and base/limit registers.

The paging technique is based on partitioning the physical and logical memory into fixed-size portions. For physical memory, these are called frames; for logical memory, they are called pages. Operations allowed on the contents of a page are expressed through a set of protection bits stored, for each page, in the page table.

Protection bits may specify "read-only" pages, "read/write" pages, "execute only" pages. Segmentation consists in partitioning a program into parts, named segments, corresponding to the logical entities of a program.

So far as protection is concerned, rights on the segment contents are expressed through protection bits. Segments can be read only, read/write, or execute only. Protection bits for segments are stored in the segment table; access requests are matched against the rights.

Answer the question:

1.What are the main types of hardware mechanisms for memory protection? Describe each of them.

Дата добавления: 2015-03-29; Просмотров: 297; Нарушение авторских прав?; Мы поможем в написании вашей работы!