[CrashCourse CS] #31 Cybersecurity

Cybersecurity is a set of techniques to protect secrecy, integrity, and availability of computer systems and data against threats.

• Secrecy, or confidentiality, means that only authorized people should be able to access or read specific computer systems and data.
• Integrity means that only authroized people should have the ability to use or modify systems and data.
• Availibility means that authorized people should always have access to their systems and data.

To achieve these three general golas, security experts start with a specification of who your 'enemy' is, at an abstract level, called a threat model.

This profiles attackers: their capabilities, goals, and probable means of attack, is called an attack vector.

Two main security questions:
1. Who are you?
2. What should you have access to?

Authentication

Differentiate between right and wrong people.
3 types of authentication:

1. What you know

• ex) username, password
• Brute force attack - Guessing things from the scratch (ex: starting from 0001)

2. What you have

• ex) key, token

3. What you are

• ex) Biometric authenticatior - fingerprint, iris
• Probablilistic (vs deterministic) - chance that the computer might not recognize

Two-fractor, Multi-factor authentication - Each method has its pros and cons and can be compromised in one way or other, so two or more forms of authentication should be used for security.

Access Control

Once a system knows who you are, it needs to know that you should be able to access.
This is done through Permissions or Access Control Lists (ACL), which describe what access each user has for every file, folder and program on a computer.

• read, write, execute

For organizations with users at different levels of access priviliege, it's especially important for Access Control Lists to be configuered corretly.

General Rule - Bell-LaPadula model
1. No "Read Up"
2. No "Write Down"

• Other models - Chinese Wall Model, Biba Model

---

One of the holy grails of system level security is a security kernel or a trusted computing base: a minimal set of operating system software that's close to provably secure.

Formally verifying the security of code is an active area of research.
Independent verification & Validation - The process of having code audited by a crowd of security-minded developers.

• Security code is almost always open-sourced - external developers with fresh eyes and different expertise can spot problems.
• DEF CON - security conference in Las Vegas

Isolation - a principle, when program is compromised, the damage should be limited and contained, and not let it compromise other things running on the computer.
To achieve isolation, we can "sandbox" application.

• Operating Systems attempt to sandbox applicatios by giving each their own block of memory that other programs can't touch.
• It's also possible for a single computer to run multiple Virtual Machines that each live in their own sandbox.

Vocabulary

• masquerade - 가장, 가장하다
• hamper - 방해하다
• mischievous - 짓궂은, 말썽꾸러기의
• compromise - damage/put in danger
• mitigate - 완화시키다
• holy grail - 성배
• provably - (prove) - 입증할 수 있게
• bloat - 부풀다, 부푼 것.
• awry - 엉망인, 빗나간
• unsolicited - 청하지 않은