When computers were first developed, computer security was simply a matter of providing the physical protection mechanisms to limit access to all but a few authorized individuals. With today’s worldwide networks, however, computer security involves much more. Despite its expanded nature and increased importance, computer security today has the same basic objectives as forty years ago. The three fundamental objectives of computer security are:

Confidentiality requires that the data in a computer system, as well as the data transmitted between computer systems, be revealed only to authorized individuals. This may not only include protection from unauthorized disclosure of the actual data, but the fact that certain data even exists. The fact that an individual has a criminal record, for example, is often just as important as the details of the crime committed.

Integrity stipulates that the data in a computer system, as well as the data transmitted between computer systems, be free from unauthorized modification or deletion. It also includes the unauthorized creation of data. The unauthorized insertion of false credit records, for example, could jeopardize an individuars ability to obtain credit. It is important that records such as these are only created, modified, or deleted by authorized individuals and that this occurs in a prescribed manner.

The objective of availability requires that the authorized users of the computer systems and communications media not be denied access when access is desired. This objective is also associated with the concept of denial of service which is manifested by a reduction in system performance. This does not include normal degradation of the system performance during peak operating periods but rather specific acts taken by attackers to influence the ability of authorized users to access the system.

Most research in computer security has been in the area of confidentiality. The historical reason for this is that the majority of funding for computer security has been supplied by the federal government whose chief concern has always been maintaining the secrecy of its classified documents. The problems caused by the destruction or modification of data have always taken a back seat to the one of disclosure. Fortunately for proponents of integrity issues, the safeguards and techniques used to implement confidentiality are closely related to that of integrity. If a person can’t see the data, it will generally also be hard to destroy or modify.

In addition to the three fundamental objectives already mentioned, several other secondary objectives are frequently listed including authorized use, message authentication, and nonrepudiation. Authorized use simply means that only authorized individuals may use the computer system or its peripherals and then only in a prescribed manner. Message authentication and nonrepudiation are both associated with the widespread use of computer networks. Often when a message is received we want to be sure that the individual who the system claims sent the message did indeed transmit it. This is message authentication. At other times we want to know that an individual did receive a message that was transmitted. This is nonrepudiation. Taken together, all of these objectives serve to provide the needed foundation for computer and network security.

The objectives of computer security seem simple enough yet a foolproof implementation still eludes us. The reason for this is that, fundamentally, securing a computer system is a complex task. There are several factors which make securing a computer system or network hard. These include:

The first issue is a common one in computer science. Anyone who has ever written software knows how hard it is to create a program that is error-free. The larger the program the more this is true. For a “normal” program, the existence of a few bugs can generally be tolerated as the users simply learn to live with the problem or to somehow work around them. In security, however, the existence of a single error can result in a hole through which intruders can gain access to the system. This is clearly not acceptable. For security then, the existence of a single error is often fatal. In addition, an intruder does not have to find all holes that exist in an operating system in order to break in, only one hole is required. The programmer responsible for the operating system, however, needs to worry about all holes in order to plug them.

The second issue is a financial one. Most projects in the government and industry operate under very tight budgetary constraints. When the purchase or development of a computer system is contemplated, the chief concern will be whether the system will be able to accomplish the task it was intended to perform. Secondary concerns generally are centered around issues such as how much will the system cost and how fast will it accomplish the required task. Seldom is security considered, in fact, security is often not considered until later when the occurrence of a security incident forces the issue. Attempting to retrofit security is an expensive process, both in terms of money and labor.

Another issue in implementing security is that it is often viewed as “getting in the way” of the user. For example, many computer operating systems provide the capability to record the actions of all users on the system. The resulting audit trail may occupy a tremendous amount of disk space and recording the actions, especially if any analysis of the data is performed, takes valuable CPU time away from other processes. This security feature is thus often viewed as an expensive overhead that can be done without. Another example of a security feature that is often viewed by users as bothersome is passwords. Passwords are used to control access to the computer system and its data. They are analogous in many respects to a combination for a safe and just like the combination, they are often hard to remember. Often users are allowed to select their own password to use. This leads to an interesting dilemma. If a user picks a password that is easy to remember, then it is probably also easy for an intruder to guess. This defeats the purpose of the password in the first place. If, on the other hand, a totally random sequence of characters is chosen for the password, then it is hard to guess but also hard for the authorized user to remember. If we make it easy for the authorized users, then we make it easier for the intruders. If we make it hard for the intruders, then we also make it hard for the authorized users. Thus security, in terms of passwords, is often viewed as either worthless or cumbersome.

One final issue that must be considered in any discussion on computer security is that often the problem is not technology, but people. The majority of computer crimes committed by “insiders” (i.e., authorized users) do not involve any violation of the system’s security rules. Instead they involve an abuse of the individual’s authority which has been granted to them in order that they may perform their assigned job. This can be illustrated by examining what occurred in one office of an agency of the Federal Government. An employee discovered that the computer system she worked with would allow an individual who had been receiving benefits to be “resurrected” should the individual inadvertently be listed as deceased (through some clerical error). This individual could then be issued a special check to retroactively provide for the benefits that should have been received while the individual was listed as deceased. The employee decided to take advantage of this system and collected a series of names of people who had been dead for at least five years. She then used the resurrection feature to generate a check for each, which she had sent to her own post office box. After the check was issued, she changed the individual’s records back to show them as deceased [1]. This was not a case of an unauthorized intruder gaining access to a system to perpetrate a crime but rather an authorized individual abusing her authorized permissions. To prevent this sort of crime involves a different approach to computer security than does protecting a computer system or network from an unauthorized individual attempting to gain access.

An issue related to computer security provides an interesting paradox involving the joint concerns of privacy and ethics. One of the reasons we are so concerned with the security of computer systems is to maintain the privacy of the individuals whose records the computers maintain. This is a reasonable desire which few, if any, would argue with. If we lived in a society where everyone acted in an ethical manner we would not have a problem. Unfortunately, we live in a society where the actions of a few require certain precautions. This is really no different than the fact that we must lock our homes because a small percentage in our society would take advantage of a more trusting environment. The paradox in computer security occurs when we try to enforce what individual ethics have failed to do. To illustrate this point, consider a common technique used by administrators. One way suggested to ensure the confidentiality and integrity of individual records is to monitor the actions of those who have access to the system. The extent of this monitoring for security purposes has sometimes extended so far as to include the reading of an individual’s electronic mail to ensure that no unauthorized activity is occurring. The action of looking through an individual’s U.S. Postal Service mail is strictly regulated by law and can only be done under very specific circumstances. Many, however, see no problem with the monitoring of an individual’s electronic mail. We must be sure that we are not enforcing the privacy of the records maintained on the system at the cost of the privacy of the users. It should be noted that this is a drastic simplification of a very complex issue. Nevertheless, as we consider the various techniques discussed in this text, we should also consider our actions and how, in the name of security, these actions affect the rights and privacy of all individuals involved.