Information Security - 1: Inferredness

First talk

Today's society is a highly developed information society in science and technology. All all activities of human beings are inseparable from information. The information has become a huge resource that promotes the advancement of society. Computers and computer networks are the main tools for collecting, storage, analyzing, processing and transmission of information. Therefore, computer and computer networks have become an indispensable part of modern society, which has penetrated into various aspects of social life. In particular, the Internet (Internet) has promoted the transformation of human beings from industrial society to the information society. At present, users in the world have exceed 100 million, nearly 200 countries and regions, and they are also expanded to global high-speed. The huge impact of computer networks to global technology, economic and social life is through the Internet. No matter which corner you are on the earth, no matter when, as long as you look at the computer mouse, the wonderful world It will appear in front of you, computer networks have changed huge changes in human life, learning and work. The computer network provides people with resource sharing, the openness and expansibility of users, is due to these characteristics, which increases the vulnerability and complexity of network security. Many of the information on computer processing, involving important intelligence and sensitive information such as national military, political, economic, financial, industrial industries, once it is illegally stealing or tampered, will have difficulty estimated losses. In fact, with the wide application of computer networks, computer criminal cases have increased rapidly, and strong measures must be taken to enhance computer system security, and the safety issues of computer systems have become a common concern of society.

First, the security threats faced by the computer information system

The information system consists of a computer system and a communication system.

The computer information system is a collection of hardware, software, storage media, data, and personnel of the computing task. That is, the computer information system is composed of a computer and its associated and supporting equipment, facilities (including networks), and collects, processing, storage, transmission, and searching, processing, storage, and retrieving information on certain applications and rules.

The information system may suffer a variety of threats, only to know the threat of the system will be effectively presed. In order to effectively prevent these threats, various safety technologies must be used to design and implement security information systems.

In general, the security threats facing system have the following types:

1. Interrupt:

Soft and hardware resources of the system are destroyed due to various reasons, so that the normal operation of the program is interrupted or transmitted on the communication line.

2. Steal:

Unauthorized users illegally got the access to the system resource, and steal the data used to him, or defrauded the computer to provide some service.

For example, illegal users steal the password of legitimate users can achieve this attack. In addition, the electromagnetic eavesters that eavesdropped on the transmission link of the network or the electromagnetic waves generated by the communication device can be used for illegal interception and listening to the transmitted information.

3. Tampering:

After obtaining access to a certain information, illegal users can do tampering, such as modifying programs to complete illegal operator-specific functions, or change data, making themselves profit. The information transmitted on the network may also be tampered with, add, which makes it beneficial to the attacker, and legal users cannot obtain accurate and useful information.

4. Forge:

At the case of unlicensed, the attacker produces false data or false services in the system. For example, in e-commerce, attackers may wish to add some fake transactions on the network communication system, or increase in the database. As soon as this forged record, the previous time-out information is played back in network communication, so that the network user falls into the attacker's trap.

In addition, in the network communication process, it may also appear:.

5. Pretending: Bike user identity is a common network attack method, such as when communicating between two parties, Both B, may be A. Avin's communication, at this time, the armor has been deceived, thereby causing economic or even politics. Loss of losses. 6. Rest:

Some users deny their information that they have issued (if the transfer information he issued) or denying himself received information.

Legal users cannot deny the behavior they have had, and they cannot deny that they have issued or received the other party, which is very important in the trading system.

The main reason why the network security confidentiality issues is:

1. The shared resource sharing of the network is one of the basic purposes of the computer network, but this also provides opportunities for system security to use shared resources to provide opportunities, and also use resource sharing access path to non-shared resources. Attack, providing opportunities.

2. The system's complexity computer network is a complex system, and the complexity of the system makes it difficult for network security management.

3. The uncertainty network scalability of the boundary makes the boundaries of the network have uncertainty, which also leads to a serious threat to network security.

4. The uncertainty of the path A node may have multiple paths, and a message may have passed several intermediate nodes between the sending node reaches the target node. The security confidentiality of the start node and the target node does not guarantee the reliability of the intermediate node.

The above threats can be divided into two categories from the threat source. One type is caused by a legal user's operating error or a hardware and software failure in the system, and the other is an attack on the information system that hosts the hostile or criminals intentionally manufactured to achieve some purpose of individuals. The latter class is usually said "computer crime".

Second, computer crime

As early as the 1970s computer crime has become a growing social crime in the West, the hair is rapidly increased. According to 1995, in 1986, the first computer crime was found in my country. By 1990, it has been increased to 130 cases, and only the financial system has cracked dozens of cases that use computer to steal money. The crimists believe that "the form of future information social crimes will be mainly computer crimes".

"Computer Crime" refers to the relevant crime associated with the computer, and can be summarized as two forms according to the means of crime:

1. Crime forms that destroy computer systems are:

1 "Hard" attack means: bomb, combustion or other tools directly destroy the computer's other components, components, and even the entire system, which causes the computer to work properly with a power-off, theft of components in theft.

2 "Soft" attack measures: Compute some programs, the procedures stored in the computer, the data is tampered with, delete, etc., sometimes even make the entire system could not work properly. This kind of soft attack is much larger than the hard attack, and it is very hidden, it is difficult to find that it is the main means of attacking and destroying computer systems in the future. For example, a computer virus is cast in a computer is an example of such an attack. In November 1988, the University of Cornell graduate Morris made computer virus caused 6,000 computers connected to the Internet network system, including the State Aerospace Bureau, the military base and the main computer cessation, direct economic loss reached 96 million. Dollar.

3 Use a strong electromagnetic field to interfere with the computer's work, destroy the information stored on the computer magnetic storage medium, such as when the high-voltage transmission line, the radio wave transmitting or microwave line is like the computer is likely to generate an electromagnetic field interference.

2. Using computer systems as criminal tools

1 Stealing confidential data in your computer or sells groups or individuals that are interested in it, then get economic benefits. For example, the front West has a five-person gang, through the European computer network, passed the Atlantic satellite, invaded the US Department of Defense Information System to steal the confidentiality, sell to the former Soviet KG Brongs once again reached 25 times.

2 Corruption and fraudulent money. In the financial system, the money is transferred by modifying the transfer program in the computer or the password to steal the system. For example, in 1978, computer technology advocated in the US Los Angeles Pacific Safety Bank. Lipprint After mastering the password word of the bank's day, Top 10.2 million dollars to the Swiss bank in his account through the bank's automatic transfer system, and lived in the soil life. Later, since he showed off his own lead to a lawyer, he was reported by the other party. When the Federal Bureau of Investigation, the latter was not known to the deputy general manager. Another example, a computer staff of a company in the United States, in the company's salary program, designed a program that has no self-owned name (ie, when he was fired), once the program is started, it will destroy All data in the computer system, so that the company has suffered huge losses to force the company to continue to hire him with high salary. 3 destroy information in your computer. The computer virus can latency in the computer, once the virus episodes (activated) it may destroy the data in the system, delete the file, so that the data in the hard disk can not read, and even make the entire system, this kind of crime is both destroying the computer The system is the target of crime, but also using the computer system as a tool. Another example, computer hackers invade the other party through computer networks on their own computer. According to recent information reports, in February 1998, the Pentagon of the US Department of Defense was hooked by a hacker, 4 naval systems and 7 air force system computer webpages were invaded, and it was surprising that in the case where the US Department of Defense has discovered. Hackers continue to carry out the "harassment" of the whole week. Although the system data of the invaded is just a list of people and the payroll, it is not a top secret document, but the damage of relevant data is likely to cause the chaos and misleading of military commands. By the US police investigation, this is the United States. The six-year-old teenagers and two Israel's seventeen, eight-year-old youth, they have not seen each other, and even the true identity of the other side does not know, they are chatting on the Internet online, the certificate It is just that you are curious, you want to test your knowledge and skills.

Third, the characteristics of computer crime

Computer crime has the following features compared to traditional crime:

1. Computer crimes are a highly skilled, high intelligence and professional crime. Use a computer as a criminal tool

Invading the computer system, it is not an easy thing, nor is it possible to do. Only by professional training, proficient in computer expertise and techniques, the business handled by the system, is likely to be. Because of this, according to information statistics, computer crimes in the world have been in the world, and 70-80% is the computer hostel. The higher the computer expertise and skills, the higher the means of committing crimes, the smartly conceal, the bigger the loss, the more difficult to discover and detect.

2. Most of the criminal crime of computer crime is the white-collar disparity within the system. All kinds of professional technicians, managers, accountants, and gathering in the computer system, they have both professional knowledge of the system, and understand the system's processing, and know the weakness of the system, so some people have committed crimes. objective factor. According to statistics, in computer suspects, the white-collar disparity accounted for 70-80%, the loss caused by the loss, proportional to the criminal position. The US statistics show that the loss caused by managers is twice as to get 4 times the warehouse custodians.

3. The loss caused by computer crimes, is harmful and has a wide range of affected crimes. after

Calculation, the loss caused by a computer crime is as high as 1.6 million US dollars. The biggest computer criminal fraud is as high as 20 million US dollars. In November 1988, the University of Cornell graduate student Morris's computer virus is full, causing nearly 100 million US dollars that direct economic losses. 4. Computer crimes are difficult to discover and detect. Any computer information system is from extremely complex hardware and

Software consists, it involves computer science, communication science, management science and system engineering and application department expertise. To make computer information systems run normal and outstanding, it is necessary to work together by all kinds of professionals and management personnel. Similarly, there is no problem that one or two experts can solve.

Computer criminal cases are difficult to discover more than usual criminal cases is also difficult to collect evidence and difficult to solve the case, this is mainly because:

(1) The data and programs in the computer system are stored in various storage media in various storage media, such as memory, ROM, exotic disks, tapes, and discs, which are very easy to modify and delete. Also encrypted and compressed processing, making the content more concealed, it is difficult to see it.

(2) The input and output of the computer system and network data or information come from all directions, and some are province. Vietnam. Vietaki and even Yuezhou, geographic and time limit can no longer prevent this crime. Some criminals can manipulate a computer system other than thousands of miles away from the office at home or in the office, and turn the fraud's money to the exotic hometown. Sometimes, criminals conduct criminal activities in the company's office, and colleagues or managers think he is working hard. For example, the German five criminal gangs mentioned earlier are criminal activities in Germany to manipulate computers to the United States, which is obvious, and this Vietnamese. Vietnami, ovary. Criminal activity, relying on traditional detection methods and thinking patterns that cannot be solved at all.

(3) Computer crime has the characteristics of transient and randomness, and the computer can perform millions per second. Tens of millions of or even hundreds of millions of instructions are extremely fast. A criminal program may contain hundreds or even thousands of instructions, which can be completed in millisecond or microoseconds, which can be said to be turned away in milliseconds or micro-seconds. Therefore, it is quite difficult to capture the crime of computer crime. In particular, computer systems and networks have become increasingly large, and the distribution is expanded to global, and it is difficult to discover such a crime and get the real estate.

(4) The data and information in the computer are small, the volume is small, easy to carry, and is not easy to discover, and data and information on medium medium such as magnetic or semiconductor are copied, which is not damaged by the carrier. It will not leave any traces. At present, most of the computer crimes have occurred in finance. These sectors have discovered computer crimes from commercial reputation considerations. They often conceal the law enforcement departments, so of course, they will not be able to solve the case.

5. Computer Crime Practice and Normalization of Criminals. Computer systems and networks are a favorite man-machine composite system. To make ghosts, they are often managers. Technicians and business people collude up and down, and they can get things. For example, Japan's large banks have 13 branches throughout the country, coupled to computer networks. The bank is responsible for the manager of Kansai region, together with the manager of 7 branches, forgery 1000 accounts, total amount of 1 billion yen, the partnership is 200 million yen. The age of computer's criminals has become more and more young trends. According to statistics from the United States, approximately 80% of computer crimes are just two years of young employees who have just been in 5 years, with an average age of 22-25 years. 6. Computer crimes are largely a cross-country international crime, which is detected. Leading and sanctions bring great inconvenience and difficult.

7. The punishment of computer crime is generally lighter, such as November 1988, computer graduate student Morris, US Corporation, causing more than 6,000 computers in the United States, and the direct economic loss reached $ 100 million. When he tried this case, the samples, especially the computer world and the defense lawyer, did not think he was guilty, but thought he had work. Hero who owns him to discover the deficiencies of the US defense computer system. Moreover, he does not benefit from it, so it should be released. According to the 1986 issued by the United States, "Computer Fraud and Abuse" and the "Computer Safety Law promulgated in 1987" should be sentenced to Morris's 5-year supervision and a fine of $ 250,000. But in the end, the United States, the United States, the United States, the United States, only sentenced Morris for 3 years in prison, suspended for 3 years, a fine of $ 10,000 and 400 hours of community unpaid public welfare labor. In the United States, there are even many companies, and companies hire computer criminals to serve as the security consultants of the company's computer system to use their knowledge and technology to assist in preventing and stopping computer crime. This is really a thief.

Fourth, information war

Due to increasing social informationization, important strategic status of information and information technology has become increasingly understood and understood by the world. Some people predict that as the human society enters the information age, the information war will become a major form of war. The US military community has long been widely studied in this emerging war in the information war. Another information report, at least 30 countries are studying development information warfare technology. The "Information Warfare and Information Security Strategy" jointly prepared by the National Secrecy Bureau and the State Council Development Research Center International Technology and Economics, the "Information Safety Strategy" is a comprehensive introduction and incisive analysis. The book pointed out that the so-called "information war" is based on computer as the main weapon to cover the global computing network (such as the Internet) as the main battlefield, to attack the enemy's information system as the main goal, and use high-efficient computer technology (such as Computer virus), destroying all the information systems of the enemy, not only destroying military command and weapons control systems, but also widely destroying the enemy's bank, transportation, business, medical, communication, electricity and other civil systems, which not only causes the chaos of military action And fail, but also cause panic and uneasiness of the whole society, and even make the entire national economy is in a state of paralysis, thereby achieving minimal cost, even a shot, and seize the victory of war.

As early as the 1991 Gulf War, the US military has begun to use the "Information Warfare" to use the "Information Warfare" in actual combat.

According to the US newspaper report, the Bay War broke out, the United States learned that Iraq would purchase a batch of new computer printers for air defense systems from France, and informed that the batch of equipment will be Amanda from Jordan. So the United States dispatched lasted in Amman secretly secretly put a piece of chip with computer virus to this batch of printers. In this way, when the Iraqi military installed uses this batch of printers, computer viruses have successfully invaded the main computer in Iraqi Air Defense Command Center. When the Bay War broke out, when the US Air Force began to air strike Iraq, the US military wireless remote control will hide the virus activation in the computer, causing the Iraqi air defense system to fall into a paralyzed, so that the US military has a 40-day air strike action a great success. Shortly after the end of the Gulf War, officials of the US Department of Defense were in the victory of the information war, can't help but think of the safety of the US own computer network system. They asked, if the enemy launched a similar information war for the US military, can the US military have to live? It turns out that the US Department of Defense officials are not a worry.

According to a survey report in 1996, the US Department of Defense has received a total of 250,000 attacks in 1995, of which 60% of the attack is succeeded, January 1994 to June 1995, USA The Military Automation System Safety Accident Support Group received 28,000 consecutive calls from the US military computer network operators around the world in this 18 months, and they also intercepted thousands of "hackers" procedures.

For example, in December 1994, the US Navy School's computer system "invaders" were "invasive" in the US Navy College, intruders came from the UK, Finland, Canada, the University of Kansas and the University of Alabama, in the attack action.

There are 24 servers to be illegally accessed, and the intercepting program is installed on 8 servers.

A major network router was destroyed.

The name and address of a system are changed, enabling legal users to access the system.

Some systematic files are deleted, and six systems are in a state of paralysis.

Two encrypted password files were destroyed, and more than 2,000 passwords were changed.

The US Navy's investigators cannot claim those who are these attackers, which make the Naval College's computer processing capabilities and sensitive information stored by the stored sensitive information.

From 1995 to 1996, an attacker from Argentina visited a US university's computer system using the Internet network and broke into the Navy Research Laboratory, NASA, National Laboratory, etc. Sensitive research information in the system, such as aircraft design, radar technology, satellite engineering, etc. This information will eventually be used for weapons and command control systems. The navy is still unable to determine which information has been damaged, and the loss caused by the event cannot be estimated.

With the development of modern science, my country has been widely established in various departments and industries, and the internet network has been implemented, and the internet network has been implemented. my country's scientific and technological personnel, business enterprise staff and information users can pass their own office or Computers in the home communicate and share information with users in more than 100 countries around the world. The huge information network has greatly accelerated the pace of modernization in my country. However, modern computer information networks have also put forward new challenges to my country's information security work. Our security confidentiality cannot stay in the original traditional thinking mode and traditional working methods. In front of emerging information, we have to study the new characteristics of the information age, learn some new Safety Private Technology, especially how to protect information security in computer and its network systems.

V. Computer information security

Computer security refers to the hardware, software and data (ie information) of the computer system, and the system can run continuously. It is not destroyed, changed and leaks due to accidental or malicious reasons. Computer security can be divided into physical security and logical security. Physical security refers to the safety of computer and corresponding and supporting equipment and facilities (such as communication lines in the network). They should be installed in a safe and reliable place, with fire prevention, waterproof, shockproof, explosion, and prevent bad people from physical damage and theft. The external electromagnetic field should be prevented from interfering with the computer. It destroys the normal operation of the computer system, resulting in a lot of information error or even lost. When the computer system is working, it is possible to radiate an electromagnetic wave, and anyone can receive it within a certain range of devices, resulting in information leakage. Low radiation computers should be used when dealing with special confidential information.

Logic security refers to the security of information stored, transmits, and processed in a computer and network system, and prevents these information from being stolen, destroyed (tampering, loss) and abuse.

In order to ensure the safety of computer systems, we should take:

1 Physical security measures: properly select the external environment where the computer is installed.

2 Safety measures in personnel management: Pay attention to the faithfulness of staff, strong work responsibility, and to formulate some systems to standardize staff behavior, prevent non-staff from allowing access to computer rooms, such as send special guards.

3 Legal safety measures: For computer crimes, legislation of computer crime is legislative to punish computer crime.

4 technical safety countermeasures.

In general, computer system security can be summarized as the following aspects:

(1) Confidentiality: means that the information must be kept in accordance with the requirements of the system or information owner, and only the license of the owner of the system or information can access the relevant information, that is, it is necessary to prevent information disclosure. Give unauthorized individuals and entities.

(2) Integrity: means that the information remains not modified during storage and transmission, not damaged, no loss, is the accuracy and authenticity of the information.

(3) Availability: means that the system must be able to serve the user whenever the legal user needs.

(4) Reliability: means that the system can resist interference (including artificial and machinery and network failures) and ensure normal operation during operation. That is, the continuity and correctness of the operation. (5) Controlability: Implementing safety monitoring for information and information systems to prevent illegal people.

(6) Anti-recruitment: Guarantee information behavior cannot deny your own behavior.

International Standardization Organization ISO Inline Design Standards (ISO 07498-2), proposed a layered security architecture, and defines five safe service functions: identity authentication services, access control services, data confidentiality services, data complete Sex service, undeniable service.

Relatively speaking, it is easy to implement external security of computer systems to achieve internal security of computer systems. In order to maintain the security within the computer system, in addition to physical, personnel management and legislation take corresponding countermeasures, it is necessary to take corresponding measures, and how to control the internal inside of the computer from computer system security, Safety make some introductions.

6. Technical countermeasures for computer system information security

1. Identification

Before the user enters (ie, use) the computer system, the system is to authenticate the user's identity to discriminate whether the user is a legitimate user of the system. Its purpose is to prevent illegal users from entering the system.

A table is stored in a computer system called "User Information Table", which records all information about the user (known as the system of this system), such as user name and password of the user. User names are often open, different users have different usernames, but the password is secret, only you know. When a user wants to enter the system, he must type its username, and the role is to tell the computer system visitors who, the computer system is called whether the user has this user in the system by checking the user information table, which is called identification. In addition, the system also needs to verify the user's identity, that is, after the visitor claims that it is its own identity, the system also verifies whether he is a person who is claimed to prevent counterfeiting, the basis for verifying user identity is a password, when the user enters After the password, the system is checked in the user information table. If the input password is the same as the user's password in the user information table, the user is a legal user of the system. User information tables General users cannot access, only system administrators can access, but the system administrator can also see the user's password, otherwise it can also be pretended. The password stored in the user information table is stored in a ciphertext. The verification process is to encrypt the password input by the user, and then compare the secret form of the user's password in the information table. The purpose is also for safety. Because the user password stored in the user's information table is a plaintext form, in case it is seen by a user, this user may take the user's identity into the system.

Verify that the user's identity has the following methods:

1. Verify what users know (password); easy to leak

2. Verify what the user has (magnetic card); loss, forgery

3. Verify the biometric characteristics of the user (fingerprint, retina);

4. Verify the action of the user's consciousness (static: writing content. Dynamic: rhythm, tilt angle, light, weight, etc.).

Two entities communicating on the network must identify identification before performing the actual communication. By identifying, the user can confirm the identity of the other party, ensuring that it is not communicating with a counterfeit object. This identification is two-way, that is, each party must judge the authenticity of the other party through the other party's identity. These information for identifying identity should meet the following requirements during transmission, that is, if they are intercepted by a third party, the third party cannot take advantage of it to pretend that the identity of any party, using password technology to achieve the above requirements.

2. Access control

Prevent legitimate users from illegal access to system resources (or unauthorized access).

A user (legitimate user) after computer system (legitimate users) after entering the system, does not mean that he has access to all resources of the system. The task of access control is to control the access rights of legitimate users based on certain principles to determine which resources can access and access these resources in what way. For example, in a relational database system, a number of sheets may have been established. Many data are stored in each table. In general, the data in the table can generally perform the following operations, queries, insert (add), modify , Delete, but in an actual application, not every user has permission to each of each of the tables. The user's permissions to data access must be controlled, and there are several control mechanisms.

(1) Autonomous Access Control (Protect Private Information)

The data in the database can be deposited by different users, which can be representative of individuals.

On behalf of a group or one organization, the user who stores a certain data, we call him the owner of the data. Autonomous Access Control refers to the owner of the data that has the right to decide which users in the system have access to his data.

And what kind of access is available. That is, when the user in the system is accessible to a certain manner, it must be authorized by the owner of the data.

For example, suppose a university uses a computer system to manage daily work. Personnel are established in the system

Table, deposit the information about each teacher, such as name, age, currently, is the time, salary, which is the time, salary, which has passed. Personnel Nobody does not allow everyone to see all of this information, he may be controlled in such a principle, each teacher can see your own information, but not allowed to see others, each department's party secretary can You can check the information about our department, but you can't see the information of other teachers. And the personnel must limit all users other than the personnel to modify this information, and cannot insert and delete the information in the table. The owners of this information are the personnel. Personnel Department can authorize users (all employees of the university) in the system according to the above principles. So other users can only access this table according to the authorization of the personnel.

How to implement it in your computer? According to the authorization rules of the personnel, there is a table in the computer, and personnel

The authorization situation is recorded, and we call it a license list. When any user is accessible to the data of the personnel, the system will first check this table, check whether the personnel are authorized, if there is, the computer will execute Its operation; if not, the execution is refused.

Autonomous Access Control is an effective means that protecting computer system resources is not illegally accessed. This autonomy is user

It provides great flexibility, but also brings an unsafe issue. From the overall benefit of the system, you must also take stronger access control means, which is strong access control.

(2) Forced access control (the benefit of the organization)

The so-called mandatory access control refers to the computer system for mandatory control of the user's access rights based on the security policy defined in advance using the system. The multi-level security strategy proposed by the US Department of Defense is a mathematical description of military security strategies, defined in the form of computer-enabled, which is a forced access control. This briefly introduces this forced access control method.

The computer system assigns a security level to each body (user or representative user process) (or

Attributes), objects (also known as objects) accessed, such as data, memory segments, directories, network nodes, etc., also assigned a security level. When the body is accessible to an object, the system should compare the security level of this body and the object to determine whether the user can access the object.

The security level of the main, the security level is composed of two parts: the level and departmental properties. Its access rules can be simply described as "down"

Read, write up. That is

1) When only the security level of the body ≥ the object's security level, the main body can read the object;

2) When only the security level of the main body ≤ object, the main body can write access to the object.

The security principle of this policy is that the information can only flow from low security level to high security level, but cannot flow from high security level to low security.

Full level. This security strategy is particularly suitable for military departments and government office departments.

An example will be specifically described. For example, some university administrative agencies are as follows:

Suppose the levels of data in the computer system are divided into: general, secret, confidentiality, and top-level level, artificially stipulate:

General

For the user's secret, the principal can see all the data, the Director can only look at the data below confidential and the following data can only read the secrets and the following data, and the general staff can only watch the general data. Now defined the principal's security level: the level is top secret, departmental properties are all departments:

That is, C principal, {Personnel, Academic Affairs Office, Finance Department, Equipment Office})

Personnel Director's Safety C 人 = (Confidential, {Personnel Office})

Financial Director's Safety C Wealth = (Confidential, {Finance})

Financial Second Scientific Class C 2 Finance = (Secret, {Finance})

Safety class C worker in the financial department of the financial department = (General, {Finance})

Assuming that the Financial Second Conference has produced a work file a, the security level of the file A is defined as the same as the security level of the second semester, that is, CA = (Secret, {Finance})

Then, for document A, only principal and finance dresses can see. For example, the Personnel Director can't see, although the Department of Personnel Director is the secret level, you can watch secret level documents, but the Department's department's departmental property is only {Personnel}, he has no right to watch the information of the Finance Department. Compare the detailed process of the security level, involving some mathematical concepts, and will not repeat it here.

In a computer system with both independent access control, and forced access control, when a subject is to access a certain object, he must pass the inspection of the autonomous access control, but also through the inspection of the control, only these two The Tao inspection passed, he could access this object.

(3) Access control based on role

There is no strict hierarchy concept, according to the duties or work of the user in the system, allocate permissions.

In actual work, different users may have the same permissions, such as the staff of the Personnel Archives can read 'to process the permissions of the files, but other people do not get special approval, is not allowed to access these files In order to reflect this need in actual work, a number of roles can be set according to the user's job responsibilities, and different users can have the same role, with the same power in the system, and the same user can have multiple different simultaneously. The role is exercising the power of multiple roles in the system.

For example, a hospital has many surgical and internal medicine doctors, and the procedures for surgeons and internal medicine doctors are somewhat different, but all medical doctors or all surgeons are the same, so we can set in medical systems. Physician role and surgeon role. When the job responsibilities change, you can re-authorize according to the new role.

Role control can be used in autonomous access control, or it can be used in enforcing access control.

The advantage of role control is that it is not necessary to authorize the user, and the authorization of a group of users can be implemented by authorization to a role, simplifying the system authorization mechanism. In addition, multi-level security access control strictly controls the access rights of the subject according to the safety level. You cannot fully reflect the model in reality, and information is sometimes required to flow from high direction or lateral flow. It is more flexible to enable mandatory access control to enable mandatory access control.

Access control is the second defense line of system security control, which prevents legal users from accessing illegal access to information outside of their privileges. A very important security principle that should follow in the access control is "Minimum Principle" or called "knowing necessary", that is to say, he should only have the job responsibility to complete his job. Minimal power.

3. Information flow control

Only access control in your computer system is not enough, and you must also have control of information flow. For example, the Financial Director can read the file a. The Personnel Director does not have the right to read the file A, but if not control, the Finance Director may pass the document A to the Practice Director, so that the Personnel Director exceeds his permissions. Data is illegally obtained. Therefore, the control information must be controlled in the system can only flow along the direction of the security (that is, the direction allowed by the system).

4. Password control

Encrypt files or data stored or transmitted in the system, making it a ciphertext, accessing it (querying, modifying, etc.), is added / detached in real time, according to it needs to be real-time. This is the third barrier for system security control. In terms of identification and access control of the system, the two defense lines are destroyed or the user is bypass identification and access control. When entering the system through other channels, encryption can protect the confidentiality of the data, and can be found to be modified by data. It is popular that the role of the system identification and access control is "can't take it", the effect of encryption is that even if I take it, I don't understand. What kind of cryptographic system is used to encrypt data is a critical issue in password control. The cryptographic algorithm selected should have a certain intensity, otherwise the enemy is easily deciphering and decrypting clear text, which involves the security of the system. On the other hand, if the password algorithm is too complicated, there is too much time, and it is bound to affect the efficiency of the system operation. Therefore, our goal is to design a strong password intensity, and the operating efficiency of the system (mainly time efficiency) is not much impact on the password algorithm.

The modern cryptographic system is the secret of the password algorithm (or add / dark), but only maintains the secret of the key (a parameter in the cryptographic algorithm), that is, all secrets are in the key. For example, in 1977, the National Standards Bureau officially announced that the US commercial data encryption standard DES (Data Encryption Standard) has been used as a data encryption algorithm that has been used in the US business, and many countries in the world have also used this algorithm for data. Encryption, its algorithm is open, and anyone can use this algorithm to encrypt data, just maintain a 8-byte long key in the encryption algorithm.

In this way, the security of the data is added / detached is the key to the entire password control technology, so the generation, management, replacement, and protection of the key are also very complex in the system using password control technology. Important issues.

In the field of computer information security and confidentiality, password technology is a very important technique, and in many cases, password technology is used in order to implement information.

For example: 1 When identifying the two-way authentication of identity and peer entity, you need to encrypt the user's authentication information to prevent others to steal.

2 Although the data stored in the database has access control protection, the user who should not access is illegally accessed, but only this layer of prevention measures are not enough, the sensitive information in the database needs to be encrypted, and the attacker will access Data he can see is just a bunch of garbled.

3 When the data is transmitted on the channel, it must be a ciphertext form and cannot be a plaintext. This can prevent the attacker from being intercepted on the information track (received by ciphertext), but also find that the data is tampered with timely because Being tampering, then when the clutch is detached, it cannot get the correct plaintext, which is probably a large stack of seven-year-old symbols. So far, people believe that encryption is the most important way to protect data security in network communications.

4 digital signature

5. Reasoning Control: Prevent users from deriving the data that he does not have to obtain based on the logical reasoning of the accessible data.

6. Analysis and restriction of hidden channels: there is no channel controlled by the security policy.

7. audit

The audit is a mechanism for simulating social monitoring agencies in computer systems to monitor, record, and control user activities, which makes access to system security access and access attempts to leave clues in order to analyze and track after things. Modern security computer system, in addition to safety measures such as identification, access control, and encryption, the system requires effective monitoring and recording of the user's behavior, ie the audit function is required.

How to record and monitor user behavior in your computer system?

(1) Setting the audit switch When you maintain its security for some data, you can open the audit switch on these data. At this time, the system collects all the operations and operational results of these data, and the operation results are collected. If you have some or some users, you can also open the audit switch on these users, and the system will collect all of these users.

(2) Event filtering

The user's operation is very frequent, and not all the operations are dangerous, so filtering events,

The event records that may be harmful to system security, and the event recorded is called audit events. For example, the user has failed multiple logins, which may be the user in guessing. As another example, the user did not modify the permissions for a certain amount of data, but he many times an attempt to modify, and many failed, this shows that the user attempts to operate, these incidents are related to security, should be recorded.

(3) audit log

For the convenience of the report, the content of the audit event is recorded in a certain format, saved for a long time, and provides a query at any time. The content of the audit daily electricity has more and more, so every time, the audit log is poured into the floppy disk or tape, and save it offline.

(4) Query of the audit log

The audit log should provide a variety of ways.

1 Inquiries by time period: For the specified time period, query the audit content of the event happening.

2 Press User Query: For the specified user, query the audit content of the event caused by his operation.

3 Press the Data Object Query: For the specified data object, query the audit content of the event caused by the operation.

The system should also provide the combined query function above the above query mode.

(5) Alarm and punishment

When the hazard system security of the user has reached a certain number of hazards, the audit subsystem will alert system auditors and user alarms to warn.

When the user reaches a number of times in a certain amount of time, the audit subsystem will punish the user and take it out of the system.

8. System security management

In order to manage the security of resources and resources of computer systems, a secure computer system should have three special users in addition to the general users:

(1) System Administrator: This user manages and assigns the resources of the system, with power to create users, delete users. It is an autonomous administrator.

(2) System Security: This user allocates and maintains security levels of the main body of the system, or performs role assignments for the user, and maintains the role of the system. The security level of the data object can be modified if necessary. It is a manager for enforcing access control.

(3) System Auditor: This user determines the opening and closing of the system audit function, modify the audit switch, and query the audit log. Is the manager of the audit function.

The above three types of privileged users have certain privileges. However, they constrain and supervise, this referring to the principle of the three rights of the legislature, law enforcement agencies and supervisory agencies in real life, and the management of computer systems can enhance system security.

9. Formulate credit computer system evaluation