Security attributes

The security of a computer system can be described in terms of primary and secondary attributes. The difference between these two categories is that the former refers to the key attributes a system must have to be secure, while the secondary security attributes are the instantiation of these primary attributes to a given area and are generally associated with human users (or with components that act as users such as proxy agents, or web services).

The primary are confidentiality, integrity, and availability. According to (Avizienis et al. 2001), security is the concurrent existence of these primary attributes. A system is not secure if attackers are able to obtain restricted content, or to modify it, or make it unavailable. The partial loss of at least one of these

attributes is enough for the system enter an unsecure state. The primary security attributes are described as follows:

 Confidentiality refers to the protection of functionality and data against unauthorized access (Bishop 2003). Confidential data access or confidential data transmission requires that unauthorized disclosure of one or more specific items will not occur (Walton, Longstaff, and Linger 2009). Access control mechanisms support confidentiality. One access control mechanism for preserving confidentiality is cryptography, which scrambles data to make it incomprehensible to unintended viewers (Bishop 2003).

 Integrity refers to the trustworthiness of data or resources, assuring that the actions and data are correct (Bishop 2003). Integrity requires that authorized changes are allowed, all changes must be detected and tracked, and changes must be limited to specific scopes (Walton, Longstaff, and Linger 2009). Integrity is defined as a property of the object, not of the mission. Integrity includes data integrity (the content of the information) and origin integrity (the source of data, often called authentication). Integrity mechanisms fall into two classes: prevention and detection. Prevention is aimed at maintaining the integrity of the data by blocking any attempts to change data in unauthorized ways. Detection is aimed at information that data integrity is no longer trustworthy (Bishop 2003).

 Availability refers to the readiness of the system to provide the expected service, i.e., to the ability to use the information or resource desired (Avizienis et al. 2001). Availability requires that a resource is usable despite attacks. In terms of security, a malicious user may arrange to deny access to data or to a service by making it not available. One avenue that availability mechanisms can use is to seek atypical events that might lead the system to become unavailable or unresponsive (Bishop 2003).

The secondary security attributes are described as follows:

 Accountability refers to the record of any security-related action that should also be available even if the user is no longer connected (Goertzel et al. 2006). In other words, this refers to the availability and integrity of the identity of the person who performed an operation (Avizienis et al. 2001).

 Authenticity refers to the integrity of a message contents and origin, possibly of some other information as well, such as time of emission

(Avizienis et al. 2001).

 Authentication is the process of establishing the user´s identities before they can access an application. As an example of action of authentication mechanisms, the system should allow a requested program to be executed only if the user has previously been identified as a trusted user (Stoneburner, Hayden, and Feringa 2004).

 Authorization refers to the access control to specific contents or components based on user privileges. Although several users may have access to a given system (i.e., they have personal credentials to access the system), authorization ensures that only the right users will get the information for the requested process (Walton, Longstaff, and Linger 2009).

 Privacy refers to the ability to define control over how his/her information will be disclosed (visualized or accessed by others) (Walton, Longstaff, and Linger 2009). One example is the social network sites that allow users to define who will access their personal content.

 Non-repudiation refers to data transmission that cannot be refuted by either part after an agreement has been established. (Avizienis et al. 2001) considers non-repudiability as the availability and integrity of the identity of the message sender (non-repudiation of the origin), or of the receiver (non-repudiation of reception). For example, an e-mail system with non-repudiation is the one that ensures that the recipient of a message cannot deny receiving it and that the sender cannot deny sending it.

Computer security has also been defined or specified in other terms. One possible definition is based on guidelines and checklists instead of attributes. These guidelines can later be checked in a similar way as quality procedures control. Security can also be equated in terms of techniques in place to help system administrators to observe and protect the target system against security incidents (e.g., firewalls, intrusion detection systems, and similar).

An example of computer security specified in the form of guidelines was written by Matt Bishop. (Bishop 2004) argues that computer security relies on three fundamental components:

- Requirements. These describe the needs of the user or institution in terms of security. Each organization may have its security goals and this should be clarified through the collection of security requirements. An

example of security goals is data protection against unauthorized access. - Policy. This specifies the measures and steps to be taken to achieve the

intended security goals. The policy consists then on a set of statements that specifies what is allowed and what is not. If the system is always in allowed states, and users can only perform actions that are allowed, then the system is secure. On the contrary, if the system can enter a disallowed state, or if user can execute a disallowed action, then the system is nonsecure.

- Mechanisms. These identify the tools, procedures, and other ways used to ensure that the policy is enforced. Security mechanisms can be technical (e.g., vulnerability scanners that identify known vulnerabilities) or operational (e.g., procedures aimed at protecting classified information).