CS 465 Terminology Slides by Kent Seamons Last Updated: Sep 7, 2017.

Slides:

Advertisements

Similar presentations

Network Security Chapter 1 - Introduction.

Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

1 Lect. 3 : Basic Terms Lots of new terminologies in every new fields…

Cryptography Introduction Last Updated: Aug 20, 2013.

Copyright © Microsoft Corp 2006 Introduction to Threat Modeling Michael Howard, CISSP Senior Security Program Manager Security Engineering and Communication.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.

1 Presented by July-2013, IIM Indore. 2  RFID = Radio Frequency IDentification.  RFID is ADC (Automated Data Collection) technology that:-  uses radio-frequency.

SEC835 Practical aspects of security implementation Part 1.

Dimensions of E – Commerce Security

Network Security Introduction Light stuff – examples with Alice, Bob and Trudy Serious stuff - Security attacks, mechanisms and services.

Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

Web Services Security Patterns Alex Mackman CM Group Ltd

Jump to first page Internet Security in Perspective Yong Cao December 2000.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

Computers and Security by Calder Jones. What is Computer Security Computer Security is the protection of computing systems and the data that they store.

Chapter 1: Security Governance Through Principles and Policies

Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.

UNIT-4 Computer Security Classification 2 Online Security Issues Overview Computer security – The protection of assets from unauthorized access, use,

@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

Lecture 1 Introduction Dr. nermin hamza 1. Aim of Course Overview Cryptography Symmetric and Asymmetric Key management Researches topics 2.

Network security 1. Security taxonomy Physical security Resource exhaustion - DDoS system/network vulnerabilities Key-based security.

CS457 Introduction to Information Security Systems

Introduction to Information Security Introduction & Overview

Key management issues in PGP

Threat Modeling for Cloud Computing

CS 395: Topics in Computer Security

Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.

Information Security, Theory and Practice.

CYBER SECURITY PANDEMIC

Network Security (the Internet Security)

Security+ All-In-One Edition Chapter 1 – General Security Concepts

Outline Designing secure protocols Key exchange protocols

Information Security.

What is network security?

Chapter 5 Electronic Commerce | Security

Information and Network Security

Introduction to security goals and usage of cryptographic algorithms

CS 465 Secure Last Updated: Nov 30, 2017.

Computer Security Security Concepts September 20, 2018

Computer and Network Security

Security Protection Goals

امنیت شبکه علی فانیان

Chapter 5 Electronic Commerce | Security

Mumtaz Ali Rajput +92 – INFORMATION SECURITY – WEEK 2 Mumtaz Ali Rajput +92 – 301-

development lifecycle & Principles

Cryptography and Network Security

How to Mitigate the Consequences What are the Countermeasures?

Faculty of Science IT Department By Raz Dara MA.

Security Risanuri Hidayat 21 February 2019 security.

CS 425 / ECE 428 Distributed Systems Fall 2018 Indranil Gupta (Indy)

Copyright Gupta Consulting, LLC.

Introduction Security Intro 1.

Basic of Modern Cryptography

Module 4 System and Application Security

Security: Integrity, Authentication, Non-repudiation

Engineering Secure Software

Cryptography and Network Security

Presentation transcript:

CS 465 Terminology Slides by Kent Seamons Last Updated: Sep 7, 2017

Is This System Secure? Common question, but the wrong question to ask Security begins by understanding the attackers and the threats Secure from whom? Secure from what?

Context Who are the players? Good guys trying to communicate securely Alice Bob Bad guys trying to break the system Eve Mallory Trudy

Good Guys – Alice and Bob Traditional names used in the security literature Alice and Bob attempt to share information Exchange secure email or chat messages A customer at a website

Bad Guys Eve Mallory Trudy Eavesdropper – passive attacker Active attacker Trudy Intruder

What Kinds of Attacks? STRIDE Threat Model (Microsoft) Spoofing user identify Tampering Repudiation Information disclosure (privacy breach or data leak) Denial of service (DoS) Elevation of privilege

What Kinds of Defenses? CIA Confidentiality Integrity Availability Prevent unauthorized access to data Integrity Detect unauthorized modification/creation of data Availability Prevent a denial of service attack Data is delivered in a reasonable time frame System is available when a service is requested

Example: Secure Email Who are the attackers? What kind of attacks? Confidential - from eavesdroppers, email server, active attackers End-to-end encryption Integrity - cannot change the message, who is it from? Digital signature Availability - DDoS mail server, START/TLS downgrade attack Attackers: Webmail server, government, criminals, eavesdroppers Attacks:

Threat Model Decide on the threats that are relevant in a given scenario Analyze how well the system thwarts those threats Example Email Attack Eavesdropping Solutions HTTPS End-to-end encryption (PGP)

Access Control Authentication Authorization Determining if this is really Alice or Bob Authorization Does the user have authorization to complete a requested action?

Non-repudiation Prevent the ability to later deny that an action took place Usually involves cryptographic evidence that will stand up in court

Deniability Ability to later deny that an action took place

Three Facets to Security Prevention Detection Reaction

Weakest Link Property A security system is only as strong as its weakest link

Principle of Least Privilege A process should have enough permissions to do just what it needs to do and no more

Security Through Obscurity Reliance on the secrecy of the design or implementation as the main method of providing security for a system or component of a system Examples Key under the door mat Obscure URL Don’t open source the code Related concept: Security Through Minority Use an unpopular tool

Attack Trees An ad-hoc method to reasoning about the threats to a system Hierarchical tree with the root node as the goal of an attacker Child nodes contain all the ways to accomplish the goal of the parent node Probability associated with each node