You are the development team leader and recently found your nightly build failed from time to time. Eve was a disgruntled developer in your team and quit last month. She is responsible for part of the solution and not authorized to integrate the solution. She installed a program running under the local system privilege to delete, on Monday midnights, some source code in the local code repository pushed to the central code repository to be integrated.
1. What is the program installed by Eve called?
A. Encapsulation
B. Maintenance hook
C. Multipartite
D. Logic bomb
2. You decide to conclude that Eve is accountable for the failures of the nightly builds. Which of the following is the least important?
A. Authentication
B. Authorization
C. Auditing
D. Non-repudiation
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answers are as follows:
- D. Logic bomb
- B. Authorization
Question #1
A logic bomb is a resident computer program that triggers the perpetration of an unauthorized act when particular states of the system are realized.
Eve installed a program to run on Monday midnights to delete source code. The program is a logic bomb.
Maintenance Hook
Special instructions in software to allow easy maintenance and additional feature development. These are not clearly defined during access for design specification. Hooks frequently allow entry into the code at unusual points or without the usual checks, so they are a serious security risk if they are not removed prior to live implementation. Maintenance hooks are special types of trap doors. (NIST CSRC 1985)
Trap Door
- A hidden software or hardware mechanism that can be triggered to permit system protection mechanisms to be circumvented. It is activated in some innocent-appearing manner; e.g., a special “random” key sequence at a terminal. Software developers often introduce trap doors in their code to enable them to reenter the system and perform certain functions. Synonymous with back door. (NIST CSRC 1985)
- A means of reading cryptographically protected information by the use of private knowledge of weaknesses in the cryptographic algorithm used to protect the data. See backdoor. (NIST CSRC)
Backdoor
An undocumented way of gaining access to computer system. A backdoor is a potential security risk. (NIST CSRC)
Logic Bomb
- A resident computer program that triggers the perpetration of an unauthorized act when particular states of the system are realized. (NIST CSRC 1985)
- A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. (NIST CSRC)
Loophole
An error of omission or oversight in software or hardware that permits circumventing the system security policy. (NIST CSRC 1985)
Question #2
Accountability is a property that ensures that the actions (what) of an entity (who) may be traced uniquely to that entity (accounting & auditing). To conclude accountability, we have to clarify who does what by writing logs (accounting) and reviewing them (auditing).
Users can attempt to do anything even if the action is not authorized. If a user conducts an unauthorized action, the system just writes a log to record the fact or event. By reviewing the logs, we can trace the unauthorized action to the user. That’s why authorization is the least important when we are concluding accountability.
Accountability
A property that ensures that the actions of an entity may be traced uniquely to that entity.
Authentication
Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.
Authorization
- The right or a permission that is granted to a system entity to access a system resource.
- The process of verifying that a requested action or service is approved for a specific entity.
Accounting vs Auditing
When the accounting process ends, auditing begins. Accounting is an activity of record-keeping and preparation & presentation of the financial statement. Accounting is used by the firms for keeping a track of their monetary transactions. Auditing is an activity of verification and evaluation of financial statement. It aims at checking and confirming the authenticity of financial books prepared by the accounting staff of the enterprise. (Source)
When we are talking about AAA (Authentication, Authorization, Accounting), the third A should refer to Accounting; however, people tend to use accounting and auditing interchangeably. If we borrow the concept from the business world, the third A should be accounting (record keeping); that is, writing logs, while auditing is about reviewing logs or audit trails specifically.
Audit Trail
A chronological record that reconstructs and examines the sequence of activities surrounding or leading to a specific operation, procedure, or event in a security-relevant transaction from inception to final result.
Non-repudiation
- The inability to deny responsibility for performing a specific act.
- Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information.