Unit One Assignment
6/26/2011
Problem 1.1 Consider an automated tell machine (ATM) in which users provide a personal identification number (PIN) and a card for account access. Give examples of confidentiality, integrity and availability requirements associated with the system and, in each case, indicate the degree of importance of the requirements.
Confidentiality is provided by two factors: a unique access card and a PIN that functions as a password. A user must have both of these to access the system. Confidentiality is compromised by the fact that most ATM systems connect to various banks, and the source of information cannot be guaranteed to be from a proper ATM. Also, ATMs are public, and can be accessed by the entire population, allowing things like card swipe readers to be used to attack them.
The importance of confidentiality is medium to high. If it is the loss of confidence in a limited number of accounts, it is medium, because it does not stop the main functions of the organization and can be corrected. It would be high if a large number of accounts were compromised.
Integrity of information at the ATM is provided by the very limited interface that the machine provides to the data stored on the back end. There is no comprehensive GUI or CLI to provide a point of attack. However, the previously mentioned public access and data exchange are threats to integrity.
The importance of integrity is medium to high. The alteration of a small number of accounts does not stop the main functions of the organization and can be corrected. The alteration of many could be catastrophic.
Availability of the system (and the currency or information it dispenses) is provided by having relatively reliable machines. If one should fail, another is usually not particularly far away. ATM providers have integrated their usage so that different providers may interact