Page 321 -
P. 321

304   Chapter 11   Dependability and security



                     Term          Example
                     Asset         The records of each patient that is receiving or has received treatment.

                     Exposure      Potential financial loss from future patients who do not seek treatment because they do not
                                   trust the clinic to maintain their data. Financial loss from legal action by the sports star. Loss
                                   of reputation.

                     Vulnerability  A weak password system which makes it easy for users to set guessable passwords. User ids
                                   that are the same as names.

                     Attack        An impersonation of an authorized user.
                     Threat        An unauthorized user will gain access to the system by guessing the credentials (login name
                                   and password) of an authorized user.
                     Control       A password checking system that disallows user passwords that are proper names or words
                                   that are normally included in a dictionary.




                                       By posing as a concerned relative and talking with the nurses in the mental
                   Figure 11.8
                   Examples of security  health clinic, he discovers how to access the system and personal information
                   terminology         about the nurses. By checking name badges, he discovers the names of some of
                                       the people allowed access. He then attempts to log on to the system by using
                                       these names and systematically guessing possible passwords (such as chil-
                                       dren’s names).

                                       In any networked system, there are three main types of security threats:

                                    1.  Threats to the confidentiality of the system and its data These can disclose infor-
                                        mation to people or programs that are not authorized to have access to that
                                        information.
                                    2.  Threats to the integrity of the system and its data These threats can damage or
                                        corrupt the software or its data.
                                    3.  Threats to the availability of the system and its data These threats can restrict
                                        access to the software or its data for authorized users.


                                       These threats are, of course, interdependent. If an attack makes the system
                                    unavailable, then you will not be able to update information that changes with
                                    time. This means that the integrity of the system may be compromised. If an
                                    attack succeeds and the integrity of the system is compromised, then it may have
                                    to be taken down to repair the problem. Therefore, the availability of the system
                                    is reduced.
                                       In practice, most vulnerabilities in sociotechnical systems result from human fail-
                                    ings rather than technical problems. People choose easy-to-guess passwords or write
   316   317   318   319   320   321   322   323   324   325   326