Assure, operating systems, hardware, security, web servers, produce

1. The term “high assurance” usually suggests the system has the right … functions.

2. The design methodology to … such secure systems is precise, deterministic and logical.

3. The strategy is based on a coupling of special microprocessor … features.

4. Secure … … designed this way are used primarily to protect national security information, military secrets, and the data of international financial institutions.

5. These systems are found in use on … … , guards, database servers, and management hosts.

6. Ordinary operating systems, on the other hand, lack the features that … this maximal level of security.

5. Read the text and find out the words to prove the title of the text.

6. Read the following text. Choose the sentences covering the main idea of the text.

Computer Security

One use of the term computer security refers to technology to implement a secure operating system. Much of this technology is based on science developed in the 1980s and used to produce what may be some of the most impenetrable operating systems ever. Though still valid, the technology is in limited use today, primarily because it imposes some changes to system management and also because it is not widely understood. Such ultra-strong secure operating systems are based on operating system kernel technology that can guarantee that certain security policies are absolutely enforced in an operating environment. An example of such a Computer security policy is the Bella-La Padula model. The strategy is based on a coupling of special microprocessor hardware features, often involving the memory management unit, to a special correctly implemented operating system kernel. This forms the foundation for a secure operating system which, if certain critical parts are designed and implemented correctly, can ensure the absolute impossibility of penetration by hostile elements. This capability is enabled because the configuration not only imposes a security policy, but in theory completely protects itself from corruption.

Ordinary operating systems, on the other hand, lack the features that assure this maximal level of security. The design methodology to produce such secure systems is precise, deterministic and logical. Systems designed with such methodology represent the state of the art of computer security although products using such security are not widely known. In sharp contrast to most kinds of software, they meet specifications with verifiable certainty comparable to specifications for size, weight and power. Secure operating systems designed this way are used primarily to protect national security information, military secrets, and the data of international financial institutions. These are very powerful security tools and very few secure operating systems have been certified at the highest level “unclassified”. The assurance of security depends not only on the soundness of the design strategy, but also on the assurance of correctness of the implementation.

The term “high assurance” usually suggests the system has the right security functions that are implemented robustly enough to protect DOD1 and DOE2 classified information. Medium assurance suggests it can protect less valuable information, such as income tax information. Secure operating systems designed to meet medium robustness levels of security functionality and assurance have seen wider use within both government and commercial markets. Medium robust systems may provide the same security functions as high assurance secure operating systems but do so at a lower assurance level. Lower levels mean we can be less certain that the security functions are implemented flawlessly, and therefore less dependable. These systems are found in use on web servers, guards, database servers, and management hosts and are used not only to protect the data stored on these systems but also to provide a high level of protection for network connections and routing services.

Notes:

1DOD – Direct Outward Dialing – автоматическое установление исходящего соединения;

2DOE – Distributed Objects Environment - среда распределенных объектов (технология фирмы SunSoft).

7. Match parts A and B to complete the sentences.

A B
1. The configuration a) that the security functions are implemented flawlessly.
2. These are very powerful security tools b) are based on operating system kernel technology.
3. The strategy is based on a coupling of c) less valuable information.
4. Lower levels mean we can be less certain d) completely protects itself from corruption.
5. Such ultra-strong secure operating security systems e) and very few secure operating systems have been certified at the highest level “unclassified”.
6. Medium assurance suggests it can protect f) special microprocessor hardware units.

8. Read paragraph 2 and describe the essence of “high assurance of computer security”.

9. Express your attitude to the importance of “computer security”.

10. Make an outline of the text.

11. Make a short summary of the text in written form using your outline.

Part B

12. Look at the title. Make your own predictions about the contents of the text.

13. Read the text and write out key words and phrases revealing the contents of the text.

Secure Coding

If the operating environment is not based on a secure operating system capable of maintaining a domain for its own execution, and capable of protecting application code from malicious subversion, and capable of protecting the system from subverted code, then high degrees of security are understandably not possible. While such secure operating systems are possible and have been implemented, most commercial systems fall in a “low security” category because they rely on features not supported by secure operating systems (like portability, et al.). In low security operating environments, applications must be relied on to participate in their own protection. There are “best effort” secure coding practices that can be followed to make an application more resistant to malicious subversion.

In commercial environments, the majority of software subversion vulnerabilities result from a few known kinds of coding defects. Common software defects include buffer overflows1, format string2 vulnerabilities, integer3 overflow, and code/command injection. Some common languages such as C and C++ are vulnerable to all of these defects. Other languages, such as Java, are more resistant to some of these defects, but are still prone to code/command injection and other software defects which facilitate subversion. Recently another bad coding practice has come under scrutiny; dangling pointers4. The first known exploit for this particular problem was presented in July 2007. Before this publication the problem was known but considered to be academic and not practically exploitable. In summary, “secure coding” can provide significant payback in low security operating environments, and therefore worth the effort. Still there is no known way to provide a reliable degree of subversion resistance with any degree or combination of “secure coding.”

Note:

1buffer overflow – переполнение буфера (программная ошибка, приводящая, в частности, к появлению уязвимостей защиты. Возникает при отсутствии или недостаточном автоматическом контроле выхода операций записи данных за пределы массива в памяти.);

2format string – форматирующая строка (строка, используемая в операторах вывода, которая может содержать спецификации форматов, а также литералы);

3integer – целое число, встроенный простой тип данных;

4dangling pointer – указатель, указывающий на несуществующий (удаленный) объект; висячий (зависший) указатель.

14. Name the main problem of the text.

15. Make questions to the text to interview your partner abour secure coding.

16. Express your attitude to the facts given in the text. You may use the following phrases:

- it is full of interesting information …

- I find the text rather / very cognitive …

- I’ve learnt a lot …

- I don’t agree with …

17. Give your point of view on possibility of using presented in the text information in your future profession.

Part C

18. Read the title of the text and say what information is presented in it.

19. Read the title of the text and express your point of view on its main idea.

Hardware Mechanisms that Protect Computers and Data

Hardware based or assisted computer security offers an alternative to software-only computer security. Devices such as dongles may be considered more secure due to the physical access required in order to be compromised.

While many software based security solutions encrypt the data to prevent data from being stolen, a malicious program or a hacker may corrupt the data in order to make it unrecoverable or unusable. Similarly, encrypted operating systems can be corrupted by a malicious program or a hacker, making the system unusable. Hardware-based security solutions can prevent read and write access to data and hence offers very strong protection against tampering and unauthorized access.

Working of hardware based security: A hardware device allows a user to login, logout and to set different privilege levels by doing manual actions. The device uses biometric technology to prevent malicious users from logging in, logging out, and changing privilege levels. The current state of a user of the device is read both by a computer and controllers in peripheral devices such as hard disks. Illegal access by a malicious user or a malicious program is interrupted based on the current state of a user by hard disk and DVD controllers making illegal access to data impossible. Hardware based access control is more secure than logging in and logging out using operating systems as operating systems are vulnerable to malicious attacks. Since software cannot manipulate the user privilege levels, it is impossible for a hacker or a malicious program to gain access to secure data protected by hardware or perform unauthorized privileged operations. The hardware protects the operating system image and file system privileges from being tampered. Therefore, a completely secure system can be created using a combination of hardware based security and secure system administration policies.

20. Find the following information in the text:

a) how hardware based security works;

b) when a hacker can’t gain access to secure data.

21. Prove the following point of view:

hardware mechanisms can protect computers and data.

22. Speak on one of the following points to your partner:

a) what do you usually do to protect your computer system from malicious users;

b) what advice can you give to your friend to make his computer system secure.

Unit VI

Cryptography

Word List

application / "xplI'keISqn // применение, использование
arbitrarily / "RbI'tre(q)r(q)lI / произвольно
authentication / O:"TentI'keISqn // удостоверение, засвидетельствование подлинности, установление соответствия оригиналу
block cipher / blPk 'saIfq / блочный шифр
cheating / 'tSJtIN / нарушение, обман, мошенничество
cipher / 'saIfq // код, шифр, тайнопись
confidentiality / "kOnfIden(t)SI'xlqti / конфиденциальность, секретность (информации)
cryptography / krIp'tPgrqfi / криптография
deprecation / "deprI'keISqn // неодобрение, возражение, протест
designate / 'dezIgneIt // объявлять, называть (что-либо чем-либо)
develop / dI'velqp // развивать, совершенствовать; разрабатывать, проектировать
embodiment / Im'bPdImqnt / воплощение, осуществление
encryption / In'krIpS(q)n / шифрование, зашифровывание, кодировка
hash / hxS / беспорядок, мешанина, путаница
hash function / hxS 'fAnkS(q)n // хэш-функция, функция расстановки
integrity / In'tegrIti / целостность, сохранность, непротиворечивость и правильность данных
internal / In'tq:n(q)l / внутренний
knit / nIt / соединять, объединять
malicious / mq'lISqs / злобный, злой, злоумышленный, злонамеренный
onetime / 'wAntaIm / бывший, прошедший, прошлый
operate / 'PpqreIt / работать, действовать
pad / pxd / блокнот, клавиатура, прокладка
privacy / 'praIvqsI / личное дело, тайна, секретность, конфиденциальность; право на частную жизнь; защита персональной информации
relate / rI'leIt / относиться, иметь отношение, затрагивать; быть связанным
repudiation / rI"pju:dI'eISqn / отказ от факта получения или отправления сообщения
require / rI'kwaIq / требовать, нуждаться
share / SFq // делиться, разделять, совместно использовать
signature / 'sIgnItSq // подпись
stream cipher / strJm 'saIfq / поточный шифр, потоковый шифр
successive / sqk'sesIv / следующий один за другим, последовательный, последующий
symmetric-key cryptography / sI'metrIk 'ki: / шифрование с использованием симметричного криптографического ключа

Part A

1. Define the following words as parts of speech and give the initial words of the following derivatives.

Encryption, easily, sender, application, embodiment, longer, successive, developed, security, carefully, deprecation, hidden, initially, signature, attacker, broken, receiver, different, arbitrarily.

2. Give Russian words with similar roots.

Cryptography, symmetric, method, publicly, polyalphabetic, aspect, standard, design, finally, variant, popular, block, variation, type, combine, text, secret, material, function.

3. Translate the following words paying attention to the suffixes and prefixes.

Commonly, operation, designation, especial, variant, privacy, widely, signature, knitting, longer, computable, receiver.

4. Fill in the gaps with the words derived from the words in brackets.

1. Symmetric-key cryptography was the only kind of encryption publicly (know) until June 1976.

2. The modern study of symmetric-key ciphers (relation) mainly to their application.

3. Messages are almost always (long) than a single block.

4. A method of (knit) together successive blocks is required.

5. Several methods have been developed, some with better (secure) in one aspect or another one.

6. The modes of operation must be (careful) considered when using a block cipher in a cryptosystem.

5. Fill in the gaps with one of the following words:

Наши рекомендации