Security Properties

• Confidentiality - keeping data, participant identities or systems accessible only to authorized users. This is usually achieved through encryption.


• Integrity - making sure/verifyng that data has not undergone improper or unauthorized change. This also includes verifying the origin of the data. Integrity does not only apply to data but also to identities and system functionality, e.g., making sure that some application has not been compromised and is functioning correctly is an integrity issue. Data integrity is often achieved through use of cryptographic primitives, e.g., signatures.


• Availability - keeping some system running and reachable by its customers, or keeping some data available to authorized users. This is achieved through a myriad of techniques such as firewalls, intrusion detection and prevention systems, DoS defenses, etc. Note that availability also encompasses quality of service. The system must not only be available but it must also provide good service quality to its users.

Orthogonal aspects to these security properties are the policy and the security mechanisms. Policy defines what exactly confidentiality, integrity and availability mean in a given context. Security mechanisms are the tools that should enforce the policy. It is often very difficult to ensure that the behavior of multiple security mechanisms correctly and fully enforces a policy. Sometimes this is difficult because policies are expressed in English and sometimes it is difficult because security mechanism's behavior is complex and they may interact with each other in subtle ways that are not obvious. We will discuss more about Policy for authentication on who can access and authorization who are allowed to access in the later lecture modules.