@@ -47,15 +47,14 @@ what allows us to know we are connected to, say, the website of the
4747vendor we wish to patronize and not handing over our credit card to
4848some impostor.
4949
50- To authenticate a party we're communicating with, in turn, implies
51- that we must have a concept of *identity *. That is, we need a system
52- by which the entities involved in communication, often called
53- *principals *, can be securely identified. As we discuss later, this
54- problem is harder to solve than it might first appear. How can we know
55- that a website with a particular URL actually represents the business
56- with whom we wish to communicate? Or how does a banking system know
57- that the person behind a particular HTTP request is actually the
58- account holder?
50+ Authentication implies that we must have a concept of *identity *. That
51+ is, we need a system by which communicating entities, often called
52+ *principals *, can securely identify each other. This problem is
53+ harder to solve than it might first appear. How can we know that a
54+ website with a particular URL actually represents the business with
55+ whom we wish to communicate? Or how does a banking system know that
56+ the person behind a particular HTTP request is actually the account
57+ holder?
5958
6059Integrity also requires messages be *original * and *timely *, which is
6160threatened by the possibility data is captured and then retransmitted
@@ -64,26 +63,28 @@ example, we want to protect against an attacker repeatedly adding an
6463item to a shopping cart. Thus, it is a common requirement to have some
6564form of *replay prevention *.
6665
67- The final major requirement is *availability *, which is primarily
68- concerned with protecting networks and the systems attached to them
69- against *denial-of-service * (DoS) attacks. The Morris Worm was an
70- early example of an unintentional DoS attack: as the worm spread to
71- more and more computers, and reinfected computers on which it was
72- already present, the resources consumed by the worm rendered those
73- computers unable to function. Networks provide a means by which data
74- can be amplified by replication, allowing large volumes of traffic to
75- be sent to the target of a DoS attack; thus it has become necessary to
76- develop means to mitigate such attacks.
66+ The final major requirement is *availability *, which is simply the
67+ ability to access all the data we have the right to access. System
68+ failures, either benign or caused by malicious actors, restrict
69+ availability. Another common common threat to availability is
70+ *denial-of-service * (DoS) attacks. The Morris Worm was an early
71+ example of an unintentional DoS attack: as the worm spread to more and
72+ more computers, and reinfected computers on which it was already
73+ present, the resources consumed by the worm rendered those computers
74+ unable. Networks provide a means by which data can be amplified by
75+ replication, allowing large volumes of traffic to be sent to the
76+ target of a DoS attack; thus it has become necessary to develop means
77+ to mitigate such attacks.
7778
7879As a consequence of these three main requirements—confidentiality,
79- integrity, and availability—additional requirements are placed on our
80- underlying systems. For example, computer systems must provide * access
81- control *, which is the ability to limit who has access to a system and
82- what operations they may perform on it. Once we can securely identify
83- principals, we must also limit which ones can, for example, read or
84- write messages. This clearly applies to end systems (our laptops and
85- the web servers we communicate with) , but also to network devices such
86- as routers and infrastructure components such as name servers.
80+ integrity, and availability—additional requirements are placed on the
81+ underlying systems. Foremost among these the need for a mechanism to
82+ enforce * access controla system component that limits who has
83+ access to data and what operations they may perform on it. Once we can
84+ securely identify principals, we must then control what objects they
85+ can read or write. Access control is clearly a mechanism included in
86+ end systems, such as laptops and web servers , but it also applies to
87+ network infrastructure, such as routers and name servers.
8788
8889
89902.2 Broader System Requirements
0 commit comments