Information Management/Assurance/Security

Information Management/Assurance/Security

{A work in progress}

CIS341 – Spring 2004

The Goal: Design a system to manage safely and securely information during its entire

life cycle.

Definition: Information management system – the personnel, hardware and software which comprise a recognizable unit of a business or other human institution and whose task it is to provide information services for that entity.

Conceptual Basis: Any discussion of a system of human endeavor as complex as an information management system requires a grasp of the overview as its basis and starting point. When we burrow into such a system and limit all of our discussions from such an embedded viewpoint, our purview is limited and, by necessity, all discussion is affected by those limits. Therefore, it is important to gain an overview which is coherent and which reveals the structure of the system and the interrelationship of its parts. Below is an attempt to gain such an overview.

An important aspect of this overview is the recognition that information is a dynamic entity. It is generated, it goes through a period of existence, and is subject to demise. That all aspects of this life cycle must be well managed and it must be actively protected during each phase is an important starting point to any discussion of information security.

One way to gain appreciation for the importance of this life cycle view of information is to study the model of information management during an extremely adversarial time period, such as – for example – World War II. There we see intense protective measures designed for each phase of that life cycle as well intense and protracted efforts of attack, corruption and disinformation. There we also see the overwhelming importance of well managed information – a setting in which good information management was literally a life and death matter.

[Note: The word data is used in its broadest sense to denote information of any kind, including simple information, structured information, knowledge in the A.I. sense, programs, including system information and programs.]

Information Life Cycle

w Genesis

v Passive Reception

X Data Lines

X Sensors

v Active Reception

X Interpretation of sensors

v Creation

X From existing information via computation

Y Simple reconfiguration

Y Complex reconfiguration

X Ex nihilo

w Existence

v Maintenance

v Ownership

v Storage

v Access

w Dissolution

v Transfer

v Destruction

v Disposal

Assurance

Comment: Ultimately, information assurance is at the heart of the management/assurance/security triad. The goal of information management is to assure that the information is reliable and available. In addition to prudent management, this requires vigilance with respect to security. So, in the broadest sense, assurance is the goal, management is the means of implementing this goal, and security is a critical subtask.

w Genesis

v Passive Reception

X Data Lines – assure integrity of data lines and signal propagation

X Sensors – assure accuracy of sensor operation & receipt of sensor signal

v Active Reception

X Interpretation of sensors – assure validity of interpretation algorithms

v Creation

X From existing information via computation

– verify reliability of original information

Y Simple reconfiguration – assure algorithm validity

Y Complex reconfiguration – assure algorithm validity

X Ex nihilo – assure integrity of information creation process

w Existence

v Ownership – assure proper registry of ownership

v Storage – assure data integrity during storage

v Maintenance – assure data is properly updated

v Access – assure access by owner and designees only

w Dissolution

v Transfer – assure validity of transfer process, including removal at local site

v Disassembly– assure proper dismantling of data structures

v Destruction – remove from active storage

v Disposal – assure complete removal

Security/Protection

w Genesis

v Passive Reception

X Data Lines – protect against:

Y Disruption of transfer process

Y Corruption of data during reception

Y Alteration of data during reception

Y Loss of data during transfer

Y Theft of data during transfer

X Sensors – protect against:

Y Faulty sensor operation

Y Malicious attacks against sensors

v Active Reception

X Interpretation of sensors – assure validity of interpretation algorithms

X Interpretation of sensors– protect against:

Y Flawed interpretation software

Y Attacks on interpretation software

v Creation

X From existing information via computation

Y Simple reconfiguration – protect against:

T Incorrect algorithm

T Corruption of software

T Attack against software

Y Complex reconfiguration – protect against:

T Incorrect algorithm

T Corruption of software

T Attack against software

X Ex nihilo – protect against:

Y Creation of data by unauthorized entities

Y Errors in data placement process

T Systemic errors

T Human errors due to poor system design

T Other human errors

w Existence

v Ownership – protect against:

X Spurious additions to the set of recognized owners

X Erroneous deletion of owner set

X Incorrect attributions of ownership

v Storage – protect against:

X Spurious addition of data

X Erroneous deletion of data

X Corruption of data

Y Due to poor system design

Y Due to human error

Y Stemming from attack

v Maintenance – protect against:

X Flawed updating procedures and algorithms

X Systemic/design flaws leading to updating errors

X Human errors during updating

X Attacks aimed at updating process

v Access – protect against:

X Unauthorized access

Y By entities outside the system (these may or may not be

masquerading as entities within the system

Y By entities within the system

w Dissolution

v Transfer – protect against:

X Transfer to improper locations

X Incomplete transfer

v Disassembly – protect against:

X Dangling data structures (partially dismantled structures)

v Destruction – protect against:

X Partial or incomplete erasure

Y Due to lazy software

Y Due to improperly catalogued multiple storage locations

X Lingering traces in hardware

v Disposal – assure complete removal

v Disposal – protect against:

X Partial or incomplete removal

X Unknown or undocumented storage niches

X Inadvertent transfer

Y Due to poorly designed disposal methods

Y Due to poor understanding of hardware/software storage mechanisms

Types of Attack

w Attacks on Data Integrity

v Destruction of Data

X During data transfer

X During storage

v Corruption of Data

X During data transfer

X During storage

v Alteration of Data

X During data transfer

X During storage

v Infusion of disinformation

X During data genesis

X During data transfer

w Attacks on Information Operations

v Information generation

v Maintenance of information

v Information disposal

w Attacks on Information Services

v Service Delivery Software

v Service Delivery Hardware

v Denial of Service Attacks

v Attacks on Data Availability

Methods of Attack

w Not yet developed

Protection Tasks

w Protect Against Intrusion

v Intrusion Prevention

v Intrusion Detection

v Intrusion Elimination

w Protect Against Data Corruption

v Prevention of Data Corruption

v Corruption Detection

v Data Restoration

w Protect Against Data Theft

v Theft Prevention

v Theft Detection

v Information Recovery

w Protect Against Data Alteration

v Prevention of Data Alteration

v Detection of Data Alteration

v Data Restoration

w Protect Against Denial of Service

v Prevention of Denial of Service

v Detection of Denial of Service

v Elimination of Denial of Service

Protection Methods

w Cryptography

w Not yet developed