@@ -34,53 +34,57 @@ but they generally must look at packet headers, which contain
3434destination information, to determine where to
3535send traffic.
3636
37- The second major requirement is *integrity *, which means having
37+ The second major requirement is *integrity *, which about having
3838confidence that the information we're receiving is trustworthy, and
3939for example, has not been modified by some adversary while in
4040transit. Assuring integrity is multi-faceted, involving far more than
4141"in transit" adversaries.
4242
4343For example, we need to be able to verify that an item of data was
44- sent by the entity that claimed to have sent it. This is called
45- *authentication * , and in the example of e-commerce, this is what
46- allows us to know we are connected to, say, the website of the vendor
47- we wish to patronize and not handing over our credit card to some
48- impostor.
44+ sent by the entity that claimed to have sent it. This means we need to
45+ *authenticate * the sender , and in the example of e-commerce, this is
46+ what allows us to know we are connected to, say, the website of the
47+ vendor we wish to patronize and not handing over our credit card to
48+ some impostor.
4949
50- To authenticate a party we're communicating with, in turn, suggests
50+ To authenticate a party we're communicating with, in turn, implies
5151that we must have a concept of *identity *. That is, we need a system
5252by which the entities involved in communication, often called
53- *principals *, can be securely identified. As we discuss later, this
53+ *principals *, can be securely identified. As we discuss later, this
5454problem is harder to solve than it might first appear. How can we know
55- that a website we are communicating with actually represents the
56- business with whom we wish to communicate? Or how does a banking
57- system know that the person behind a particular request is actually
58- the account holder?
59-
60- Message integrity means not only being concerned that an adversary might
61- modify our data in transit, but we also need to be concerned about
62- *replay attacks *, in which data is captured and then retransmitted at
63- some later time. For example, we would want to protect against an
64- attack in which an item added to a shopping cart was repeatedly added
65- again by an attacker. Thus it is a common requirement to have some
66- form of *replay prevention *.
67-
68- Another related requirement in computer system security is *access
69- control *, the ability to limit who has access to a system and what
70- operations they may perform on it. This applies not only to end
71- systems but to network devices such as routers and infrastructure
72- components such as name servers.
73-
74- The final major requirement is *availability *, which is usually taken
75- to mean that networks and the systems attached to them must be
76- protected against *denial-of-service * (DoS) attacks. The Morris Worm
77- was an early example of an unintentional DoS attack: as the worm
78- spread to more and more computers, and reinfected computers on which
79- it was already present, the resources consumed by the worm rendered
80- those computers unable to function. Networks provide a means by which
81- data can be amplified by replication, allowing large volumes of
82- traffic to be sent to the target of a DoS attack; thus it has become
83- necessary to develop means to mitigate such attacks.
55+ that a website with a particular URL actually represents the business
56+ with whom we wish to communicate? Or how does a banking system know
57+ that the person behind a particular HTTP request is actually the
58+ account holder?
59+
60+ Integrity also requires messages be *original * and *timely *, which is
61+ threatened by the possibility data is captured and then retransmitted
62+ at some later time. This is known as a *replay attack *, where for
63+ example, we want to protect against an item being repeatedly added to
64+ a shopping cart by an attacker. Thus, it is a common requirement to
65+ have some form of *replay prevention *.
66+
67+ The final major requirement is *availability *, which is primarily
68+ concerned with protecting networks and the systems attached to them
69+ against *denial-of-service * (DoS) attacks. The Morris Worm was an
70+ early example of an unintentional DoS attack: as the worm spread to
71+ more and more computers, and reinfected computers on which it was
72+ already present, the resources consumed by the worm rendered those
73+ computers unable to function. Networks provide a means by which data
74+ can be amplified by replication, allowing large volumes of traffic to
75+ be sent to the target of a DoS attack; thus it has become necessary to
76+ develop means to mitigate such attacks.
77+
78+ As a consequence of these three main requirements—confidentiality,
79+ integrity, and availability—additional requirements are placed on our
80+ underlying systems. For example, computer systems must provide *access
81+ control *, which is the ability to limit who has access to a system and
82+ what operations they may perform on it. Once we can securely identify
83+ principals, we must also limit which ones can, for example, read or
84+ write messages. This clearly applies to end systems (our laptops and
85+ the web servers we communicate with), but also to network devices such
86+ as routers and infrastructure components such as name servers.
87+
8488
85892.2 Broader System Requirements
8690-------------------------------------
@@ -423,10 +427,3 @@ entire paper.
423427 in Computer Systems
424428 <http://web.mit.edu/Saltzer/www/publications/protection/index.html> `__. In
425429 Proceedings of the IEEE, 1975.
426-
427-
428-
429-
430-
431-
432-
0 commit comments