Text 3b.

PHYSICAL ACCESS CONTROLS.

Physical access controls in general have been well implemented in most information systems installations, with major focus on the central processing facility.

A network environment introduces the need to refocus attention on the following areas:

remote facilities, whether they be located in the same building with the central processing facility or in some other site; communication link components; common carrier provided access controls to the equipment, links and facilities through which organizational data must be transmitted; network control center facilities which house specialized network equipment for patching, monitoring, and testing network components; information center facilities which serve as focal points for assisting end – users in designing and implementing special departmental applications; user required materials such as operations manuals, floppy disks, copies of licensed vendor supplied software, etc.; shared remote printer output areas.

Logical Access Controls.

Logical access controls play an important role in any information systems environment. In addition to providing a method for identifying and verifying authorized users, logical access controls can also limit authorized user access to only those resources required to perform their assigned job.

In a network environment, logical access control is one of the most effective measures for protecting information. Logical access controls can be implemented via software and in conjunction with specific hardware devices if additional security is warranted.

Organizational Controls.

Traditional organizational controls include such things as separating DP from users, separating duties within DP, maintaining functional separations ( e.g., vendor file maintenance from credit issuance ), assigning individual security responsibility, using appropriate spans of management control and utilizing good audit procedures.

Personnel Controls.

Traditional personnel controls include appropriate hiring procedures, enforcing vacations and job rotation, restricting employee accounts and following complete termination procedures.

Due to the nature of network environments, management may want to place more emphasis on and exercise additional controls over job rotation and employee account restrictions. Special consideration should be given to ensuring that there is a procedure in place which inputs to the logical access control mechanism and to the physical access control process when an employee has changed work assignments or leaves the organization. This procedure should cause an immediate removal of the employee’s id and password from the system or even a denial of physical access to the prior work location.

Text 3c.

OPERATIONAL CONTROLS.

Traditional operational controls include such things as controlling errors, supervising, error recovery, forms control and input/output media control.

A key element of controlling errors is the proper selection of network components including all hardware devices, software, communications equipment, and media, and protocols. Hardware and software of the network should be evaluated on the basis of reliability, controllability and error handling capabilities, in addition to the normal evaluation of performance characteristics.

In addition to selecting reliable network components, management should also implement a good problem management process. Every error which occurs should be identified as to the source and every corrective action should result in a positive resolution of the cause with assurance that the problem will not reoccur. Detailed problem management reports should be generated which provide information on instances of problems, date and time of occurrence, problem reoccurrences, source of the problem, problem impact, person responsible for problem resolution, corrective action taken.

Application Development Controls.

Traditional application development controls consist of such things as project phase reviews under a project control system, establishing standards, controlling changes, quality control, library content control, improved programming technology techniques, such as inspections and structured programming, and auditing of applications to a set of expectations.

Workstation Controls.

Traditional workstation controls consist of physical protection of the workstation itself, plus physical and logical access controls to prevent unauthorized use.

UNIT 4

TEXT 4A.

DATABASE SECURITY

Computer security is defined as protection of information processed by a computer against unauthorized observation, unauthorized or improper modification, and denial of service. Assuring computer security is not a trivial task; suitable methods and tools are required for developing secure systems. The task of providing effective protection in database management systems is particularly difficult, since they process large amounts of information in complex ways and require a fine granularity of control over data.

Database (DB) security comprises a set of measures, policies and mechanisms to provide secrecy, integrity and availability of data and to combat possible attacks on the system (threats) from insiders and outsiders, both malicious and accidental. Ensuring secrecy means preventing/detecting/deterring the improper disclosure of information. In general, secrecy properly refers to protection of data involved in highly protected environments, such as military environments or departments of commercial environments. Privacy refers to information about individuals, and is sometimes defined as "the right of the individual, group or institution to determine when, how and for what purpose information concerning himself/itself can be collected, stored and released to other people or entities". Therefore, privacy refers to environments where data about people or legal individuals is maintained; privacy is ensured by laws and rules in many countries. Secrecy is a most relevant aspect of security-critical environments. For example, the target coordinates of a missile should not be improperly disclosed. Ensuring integrity of information means preventing/detecting/deterring the improper modification of information. For example, in a military environment, the target coordinates of a missile should not be improperly modified. Ensuring system availability (that is, avoiding denial of service) means preventing/detecting/deterring improper denial of access to services provided by the system. For example, when the proper command is issued, the missile should fire.

DB security encompasses physical, logical and organizational issues. Physical DB security focuses on tools, devices, and hardware/software techniques able to prevent or detect unauthorized physical access to data storage facilities, and to provide DB backup/recovery. Logical DB security consists of control measures, models and techniques to prevent, detect or deter unauthorized logical (that is, via software) accesses to data. Organizational DB security concentrates on management constraints, operational procedures, and supplementary controls established to provide DB protection.

Words to be learnt:

accidental-случайный,несистематический; backup-резервирование,дублирование; to combat-бороться; constraint-ограничение; denial of service-отказ в обслуживании; to deter-останавливать,удерживать; entity-объект; granularity-степень структурированности,степень детализации; integrity-целостность,сохранность; malicious-злонамеренный; recovery-восстановление.

I. Answer the following questions:

1.What is security? 2.Why is the task of providing effective protection in database management systems particularly difficult? 3.What does DB security comprise? 4.What does ensuring secrecy, integrity and availability of data mean? 5.What issues does DB security encompass?

II. Translate the following sentences paying attention to the gerund:

1.Protecting a database from possible threats means protecting resources from accidental or intentional unauthorized reading and/or updates.2.Inference denotes the possibility of obtaining confidential information from non-confidential data.3.The message filter is a model for providing mandatory protection in object-oriented database systems.4.Lock and unlock techniques consist, respectively in blocking data items for the time needed to execute an operation and in releasing the items once the operation has been completed.5.A specialist, the security administrator, is responsible for defining the authorization rules derived from the security requirements of the organization.6.Security cannot be assured by relying solely on physical protection.7.Drawbacks of this type have been overcome in some systems by enciphering passwords through cryptographic algorithms.

III. Translate the sentences paying attention to the infinitive:

1.The recovery system reads the log file to determine the transactions to be undone and the transactions to be redone.2.To undo a transaction means to copy the old value of each operation in the involved record.3.To redo a transaction means to copy the new value of each operation in the record.4.Some work has been done to extend the access matrix model to make the safety problem decidable.5.Security policies can be combined in order to better meet the security requirements.6.Intrusion detection systems are applied in conjunction with access controls to detect possible violations or violation attempts.7.The security officer takes part in the determination of the profile models in order to state the behaviour aspects to be controlled.

TEXT 4B.

SECURITY POLICIES

Achieving security in a database environment means identifying the threats and choosing the proper policies ("what" the security system is expected to do) and mechanisms ("how" the security system should achieve the security goals). It also involves the provision of security system assurance ("how well" the security system meets the protection requirements and executes the expected functions).

The security policies of a system are high-level guidelines concerning design and management of authorization systems. Generally, they express the basic choices taken by an organization for its own data security. The definition of security policies leads to the explicit formulation of security strategies.

Security policies define the principles on which access is granted or denied. Sometimes besides "if", they state "how" an access should be granted, or that the queries can return partial results, filtering out unauthorized data.

Authorization rules (access rules) are the expression of security policies; they determine the system behaviour at run time. The security policies should also state how the set of authorization rules (insertion, modification) is administered.

Two basic policies exist:

(1) Minimum privilege policy, also called "need-to-know" policy.

According to this policy, system subjects should use the minimum quantity of information needed for their activity. A drawback of this policy is that overlimiting may lead to strong and useless restrictions for innocuous subjects.

(2) Maximum privilege policy, based on the principle of the "maximum availability" of data in a database, so that sharing is maximized. This policy is adequate for environments such as universities or research centres, where strict protection is not particularly needed, because of both the reliability of users and the data-exchange requirements.

In a closed system only explicitly authorized accesses are allowed. In an open system accesses that are not explicitly forbidden are allowed. Open and closed systems are mutually exclusive. When deciding upon security strategies, the choice depends on the features and requirements of the database environment, users, applications, organizational aspects, and so on. A closed system enforces the minimum privilege policy, whereas an open system enforces maximized sharing. Protection is higher in closed systems: errors such as missing rule can deny authorized access but cause no damage, whereas in open systems the same event can grant unauthorized access.

Answer the following questions:

1.What does achieving security in a database environment involve? 2. What are security policies? 3.What are the basic policies? 4.What does the choice of security policy depend on?

TEXT 4C.

SECURITY MECHANISMS

Security mechanisms concern the prevention of improper access (access control mechanisms), and the detection of improper access (auditing and intrusion detection mechanisms). Good prevention and detection require good authentication mechanisms. Access control mechanisms are more fundamental because prevention is preferred. Security mechanisms can be implemented via hardware, software or through administrative procedures.

External mechanisms.

These consist of administrative and physical control measures able to prevent undesired access to the physical resources (rooms, terminals, devices), so that only authorized accesses are allowed. Devices providing protection against accidental threats like short circuits, fire, earthquakes or environment conditions can also be included among external protection mechanisms. However full protection cannot be assured, particularly in those environments where accidental attacks or violations can hardly be foreseen. The target is then to minimize possible damages. This means to minimize possible violations, consequent damages and provide recovery procedures.

Internal mechanisms.

Internal protection consists of three principal mechanisms:

(1) Authentication. This mechanism prevents unauthorized users from using a system by checking their identity.

(2) Access controls. Upon successful authentication, queries entered by users can be answered only according to existing authorizations for these users.

(3) Auditing mechanisms. These monitor the utilization of the system resources from its users. Auditing mechanisms consist of two phases:

• a logging phase, where all the access queries and related answers (both authorized and denied) are recorded;

• a reporting phase, where reports from the previous phase are checked to detect possible violations or attacks.

Answer the following questions:

1.What do security mechamisms concern? 2.What do external/internal mechanisms consist of?

UNIT 5

TEXT 5A.

SECURITY MODELS

The objective of security modelling is to produce a high-level, software-independent, conceptual model, starting from requirements specifications that describe the protection needs of the system. Security models can be broadly classified in two categories: discretionary and non-discretionary (or mandatory) models.

Discretionary security models govern the access of users to the information on the basis of the users's identity and of rules that specify, for each user and object in the system, the types of access the user is allowed for the object. The request of a user to access an object is checked against the specified authorizations; if there exists an authorization stating that the user can access the object in the specific mode, the access is granted, otherwise it is denied.

Mandatory security models govern the access to the information by the individuals on the basis of the classifications of subjects and objects in the system. Objects are the passive entities storing information, such as data files, records, fields in records, etc. Subjects are active entities that access the objects. Generally, a subject is considered to be an active process operating on behalf of a user. Access classes are associated with every subject and object in the system, and the access of a subject to an object is granted if some relationship, depending on the access mode, is satisfied between the classifications of the subject and the object.

Discretionary models have the advantage of being flexible and therefore suitable for various types of system and application. For these reasons, they have been widely used in a variety of implementations especially in the commercial and industrial environments.

However, discretionary access control policies have a drawback. The main problem is that discretionary policies do not impose any restriction on the usage of information: that is, dissemination of information is not controlled.

The advantages of mandatory models derive basically from their suitability to certain kinds of environment where the users and objects can be classified. Mandatory control models allow one to track the flow of information. However, the mandatory access control policies have the drawback of being too rigid and therefore unapplicable to some environments.

The choice of a security model in the development of a security system depends on the target environment, on the security aspects involved and on the intended controls. Sometimes, one model is insufficient to represent complex protection needs, whereas a combination of models can be used more satisfactorily. Ad hoc models can be defined as specializations or extensions of existing models, when no models, or combinations thereof, are capable of describing exhaustively the protection requirements for a specific problem.

Words to be learnt:

ad hoc-специальный,подходящий или созданный для данного случая; authorization-санкционирование,разрешение; dissemination-распространение; drawback-недостаток; flow-поток; to govern-регулировать, управлять; to grant-предоставлять; mode-режим; request-запрос,требование; restriction-ограничение; rigid-жесткий,строгий.

I. Answer the following questions:

1.What is the objective of security modelling? 2.Into how many categories can security models be classified? 3.What are the main features of discretionary/mandatory models? 4.What are the advantages and drawbacks of discretionary/mandatory models?

II. Translate the following sentences paying attention to the infinitive constructions:

1.We believe this book to be a valid support in approaching most of the problems.2.The considered level of granularity for objects and subjects can cause the table to be very heavy in terms of memory. 3.Dynamic relocation allows K to vary during program execution. 4.The application of the message-filter model requires all objects to be single-level.5.Security features are recognized to constitute additional costs and cause downgrading of performance.6.Practically, databases appear to be extremely vulnerable to simple attacks. 7.Choosing a hard-to-detect password proves to be a serious issue.

III. Translate the sentences paying attention to the meaning of "that":

1.It has been recognized that security is a feature that should be taken into account in the early phases of DB design, so that data protection can be incorporated efficiently into the system.2.Events that bring violations to databases are called threats.3.The attraction is that a biometric identifier can neither be given away nor stolen.4.Databases containing mixed data, that is, both sensitive and ordinary data, exibit more complex protection problems.5.Progress has been made on that point, but there's still a lot of room for improvement.6.It is generally agreed that the eight-character limit that UNIX systems impose is inadequate.7.In most situations the network is not the resource at risk; rather, it is the end-points of the network that are threatened.

TEXT 5B.