Basic Principles of Information Protection.

Considerations Surrounding the Study of Protection

Many examples of systems requiring protection of information are encountered every day: airline seat reservation systems, credit bureau data banks; law enforcement information systems; time-sharing service bureaus; on-line medical information systems; and government social service data processing systems. These examples span a wide range of needs for organizational and personal privacy. All have in common controlled sharing of information among multiple users. All, therefore, require some plan to ensure that the computer system helps implement the correct authority structure. Of course, in some applications no special provisions in the computer system are necessary. It may be, for instance, that an externally administered code of ethics or a lack of knowledge about computers adequately protects the stored information. Although there are situations in which the computer need provide no aids to ensure protection of information, often it is appropriate to have the computer enforce a desired authority structure.

The words "privacy," "security," and "protection" are frequently used in connection with information-storing systems. Not all authors use these terms in the same way. Here are the definitions commonly encountered in computer science literature. The term "privacy" denotes a socially defined ability of an individual (or organization) to determine whether, when, and to whom personal (or organizational) information is to be released.

The term "security" describes techniques that control who may use or modify the computer or the information contained in it.

Security specialists have found it useful to place potential security violations in three categories.

1. Unauthorized information release: an unauthorized person is able to read and take advantage of information stored in the computer. This category of concern sometimes extends to "traffic analysis," in which the intruder observes only the patterns of information use and from those patterns can infer some information content. It also includes unauthorized use of a proprietary program.

2. Unauthorized information modification: an unauthorized person is able to make changes in stored information--a form of sabotage. Note that this kind of violation does not require that the intruder see the information he has changed.

3. Unauthorized denial of use: an intruder can prevent an authorized user from referring to or modifying information, even though the intruder may not be able to refer to or modify the information. Causing a system "crash," disrupting a scheduling algorithm, or firing a bullet into a computer are examples of denial of use. This is another form of sabotage.

The term "unauthorized" in the three categories listed above means that release, modification, or denial of use occurs contrary to the desire of the person who controls the information, possibly even contrary to the constraints supposedly enforced by the system. The biggest complication in a general-purpose remote-accessed computer system is that the "intruder" in these definitions may be an otherwise legitimate user of the computer system.

Examples of security techniques sometimes applied to computer systems are the following:

1) labeling files with lists of authorized users;

2) verifying the identity of a prospective user by demanding a password;

3) shielding the computer to prevent interception and subsequent interpretation of electromagnetic radiation;

4) enciphering information sent over telephone lines;

5) locking the room containing the computer;

6) controlling who is allowed to make changes to the computer system (both its hardware and software);

7) using redundant circuits or programmed cross-checks that maintain security in the face of hardware or software failures;

8) certifying that the hardware and software are actually implemented as intended.

It is apparent that a wide range of considerations are pertinent to the engineering of security of information. Historically, the literature of computer systems has more narrowly defined the term protection to be just those security techniques that control the access of executing programs to stored information. An example of a protection technique is labeling of computer-stored files with lists of authorized users. Similarly, the term authentication is used for those security techniques that verify the identity of a person (or other external agent) making a request of a computer system. An example of an authentication technique is demanding a password. This paper concentrates on protection and authentication mechanisms, with only occasional reference to the other equally necessary security mechanisms. One should recognize that concentration on protection and authentication mechanisms provides a narrow view of information security, and that a narrow view is dangerous. The objective of a secure system is to prevent all unauthorized use of information, a negative kind of requirement. It is hard to prove that this negative requirement has been achieved, for one must demonstrate that every possible threat has been anticipated.

COMPREHENSION CHECK

1. Give the Russian equivalents to the following words and word combinations: to encounter; to span a wide range of needs for; multiple users; special provisions;

to ensure protection; to enforce smth; techniques; potential security violations;

to take advantage of; to disrupt a scheduling algorithm; the intruder; legitimate user; shielding; to encipher information; redundant circuits; to certify; possible threat; to anticipate

 

 

2. Provide definitions in the context of protecting information in computers:

Access

Authenticate

Authorize

Certify

Encipherment

Password

Privacy

Protection

Security