Understanding Computer Security Fundamentals - The Sign of the Six

Computer security is the holistic practice of safeguarding computer-related assets, encompassing data, hardware, software, communication networks, and physical devices, from unauthorized access or control¹.

Computer security is guided by six high-level goals, and are detailed below.

Six high-level computer security goals

Let’s use Spotify (cause I love) as an example to understand these goals.

1. Confidentiality: This involves ensuring that sensitive information remains accessible only to authorized individuals, whether it's stored or in transit. For instance, to maintain confidentiality, Spotify ensures that only you can access and view the list of songs in your private playlist.

2. Integrity: Integrity refers to the quality of data, software, hardware remaining unchanged except under the authorization of designated entities. You create a curated playlist, and Spotify ensures that the order and details of songs remain unchanged by anyone that’s not you.

3. Availability: Availability refers to the state of information, services, and computing resources remaining accessible for authorized use. This also safeguards against intentional actions like deletion and disruption, including protection against denial-of-service attacks that seek to overwhelm resources. To listen to your favourite songs at any time, the streaming service should be consistently accessible.

4. Authorization: Authorization, or authorized access, means that only approved individuals or entities can use the resources. This involves granting appropriate permissions and access levels based on verified identities. On Spotify, depending on your subscription tier, you have different permissions, such as the ability to download songs for offline listening or to skip multiple songs.

5. Authentication: This involves verifying the identity of users, devices, or systems attempting to access the resources. Before accessing premium features, such as offline listening, you log in with your username and password and Spotify authenticates you.

6. Non-repudiation: Also called accountability, is the capability to identify those responsible for past actions, preventing denial of actions or transactions by proving their occurrence. If you share a collaborative playlist, Spotify needs to ensure that changes made by contributors are traceable.

Of these, Confidentiality, Integrity and Availability are often heralded as the most important, with literature referring to them collectively as the three pillars of the CIA triad.

CIA Triad

In conclusion, these six goals collectively contribute to creating a secure computing environment. They protect sensitive information, keep data reliable, ensure access to resources, control who gets in based on identity, and hold individuals accountable for their digital actions.

🎲 Pop Quiz

1. A hospital decides to use AES256 encryption scheme to encrypt all healthcare records. Which of the six security goals is the hospital upholding?

2. A popular social media firm invests in load balancers in order to meet which of the six goals?

3. Several parties sign a highly confidential business deal using digital signatures. Which of the six goals do digital signatures enforce here?

P.S If you’re a Sherlock fan who got the reference in the title.. 🥂

1

Paul van Oorschot, Computer Security and the Internet: Tools and Jewels, 2nd edition, Springer, 2021