COMP 4108 (Computer Systems Security) Course Notes /

COMP 4108 Notes, Chapter 1: Definitions

• February 9, 2025
• notes  
• cybersecurity  
• security  
• course notes  

As always, these notes are adapted from Computer Security and the Internet: Tools and Jewels from Malware to Bitcoin by Paul C. Van Oorschot. You can find the main page with the rest of my notes here.

computer and Internet security: the combined art, science, and engineering practice of protecting software, computers, networks, the data stored on them, the information transmitted on/between them, and the physical devices/machines they control from intentional misuse by an unauthorized party.

principal: in the context of security, this is an agent representing a user, communicating entity, or system process

repudiation: the ability to credibly deny previous commitments or actions

confidentiality: information protection to prevent unauthorized disclosure

privacy: protecting personally sensitive or personally identifiable information (PII) and controlling how it is shared

anonymity: making sure one’s actions or involvements aren’t linkable to a public identity.

assets: aka resources. These include information, software, hardware, computers, and communications services/devices, as well as physical world resources such as money, property, and infrastructure

security policy: a specification that details rules and practices of a system, including what is and isn’t allowed in the system. It could specify assets that need special protection, security services that should be provided, details about who is authorized to access certain assets, and/or controls that should be in place. A policy violation occurs whenever the system is in a state that is not allowed by the security policy.

attack: a series of steps deliberately executed with the intent of causing a security policy violation

adversary: the source or threat agent behind a potential attack

attacker: an adversary that has executed an attack

vulnerability: a design flaw, implementation flaw, deployment/configuration issue, or sequence thereof that could be exploited by an adversary to cause an attack

threat: any combination of circumstances or entities that could cause damage to assets or cause security violations

attack vector: a specific method or sequence of steps by which a specific full attack is carried out.

risk: the expected loss due to harmful future events, relative to a specific set of assets and a fixed time period.

quantitative risk assessment: the practice of computing numerical estimates of risk

qualitative risk assessment: the practice of comparing risks against each other and ranking them to help make informed decisions

risk equation: risk depends on a combination of threat sources, vulnerabilities, and assets. A popular risk equation is $R = T \cdot V \cdot C$, where $T$ is the probability of a threat being instantiated, $V$ is the existence of a vulnerability, and $C$ is the value of the impacted asset.

ALE estimate: annual loss expectancy estimate. Used in quantitative risk assessment to estimate the loss in assets due to threats every year.

risk management: the combination of the activities of estimating or identifying risk (mainly a technical activity) and making informed responses to risks (a business activity)

outsider attack: an attack launched without any prior access to the target or target network

insider attack: an attack origination from a party having some starting advantage (such as legitimate credentials or existing access)

black-box testing: testing that proceeds without the use of sources of prior knowledge about the system, including design documents or source code

white-box testing: testing that is enhanced by the use of sources of prior knowledge about the system, including design documents or source code

security analysis: identifying design-related vulnerabilities and overlooked threats, and suggesting ways to improve weak (or non-existent) defenses

vulnerability assessment: identifying weaknesses in deployed systems

threat modelling: the practice of indentifying known or anticipated threats, threat agents, and attack vectors considered in-scope for the target system to defend against.

attack tree: a threat modelling tool meant to identity attack vectors. It has a root node at the top, labelled with an overall attack goal, and lower nodes break out alternative ways to reach the parent goal. A full leaf to root node path then constitutes an attack vector for the parent goal.

spoofing: an attempt to impersonate an interface or thing (such as a website) or an entity (such as a user)

tampering: unauthorized altering (for example of code or data)

denial of service: malicious actions that impact the availability or quality of systems and/or services by consuming resources or inducing system errors

privilege escalation: exploiting vulnerabilities to extend a base level of privileges to higher levels of privileges in order to access resources

verification (software engineering): testing specific features for correct outcomes given particular inputs

allowlist: a list of entities authorized to access a system or service. (When an allowlist is used, everything else is unauthorized by default.) In security, these are generally preferred to denylists.

denylist: a list of entities unauthorized to access a system or service. (When a denylist is used, everything else is authorized by default.)