Computer Security Introduction

Slides:



Advertisements
Similar presentations
Module 1 Evaluation Overview © Crown Copyright (2000)
Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Lecture 1: Overview modified from slides of Lawrie Brown.
1 cs691 chow C. Edward Chow Overview of Computer Security CS691 – Chapter 1 of Matt Bishop.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 An Overview of Computer Security computer security.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
Introduction (Pendahuluan)  Information Security.
Information Systems Controls for System Reliability -Information Security-
Topics in Information Security Prof. JoAnne Holliday Santa Clara University.
An Introduction to Information Assurance COEN 150 Spring 2007.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice
10/17/20151 Computer Security Introduction. 10/17/20152 Introduction What is the goal of Computer Security? A first definition: To prevent or detect unauthorized.
Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan.
John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure.
T.A 2013/2014. Wake Up Call! Malware hijacks your , sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost.
Fall 2008CS 334 Computer Security1 CS 334: Computer Security Fall 2008.
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
UNIT-4 Computer Security Classification 2 Online Security Issues Overview Computer security – The protection of assets from unauthorized access, use,
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Introduction to Information Security Module 1. Objectives Definitions of information technology and information security Fundamental Security Concepts.
Computer Security Introduction
CS457 Introduction to Information Security Systems
CS 395: Topics in Computer Security
Introduction to Information Assurance
Overview CSE 465 – Information Assurance Fall 2017 Adam Doupé
Chapter 1: Introduction
COMPUTER SECURITY CONCEPTS
CS 450/650 Fundamentals of Integrated Computer Security
Chapter Three Objectives
Computer and Network Security
Chapter 1: Introduction
Hannes Tschofenig Henning Schulzrinne M. Shanmugam
Chapter 1: Introduction
INFORMATION SYSTEMS SECURITY and CONTROL
An Overview of Computer Security
Advanced System Security
Overview CSE 365 – Information Assurance Fall 2018 Adam Doupé
Information Security: Terminology
Computer Security CIS326 Dr Rachel Shipsey.
Security.
Chapter 4: Security Policies
Computer Security CIS326 Dr Rachel Shipsey.
Chapter 5 Computer Security
Chapter 1: Introduction
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Overview CSE 365 – Information Assurance Fall 2019 Adam Doupé
Presentation transcript:

Computer Security Introduction 2/24/2019

Basic Components Confidentiality: Concealment of information (prevent unauthorized disclosure of information). Integrity: Trustworthiness of data/resources (prevent unauthorized modifications). Data integrity Origin integrity (authentication) Availability: Ability to use information/resources. (prevent unauthorized withholding of information/resources). 2/24/2019

Basic Components Additionally: Authenticity, accountability, reliability, safety, dependability, survivability . . . 2/24/2019

Confidentiality Historically, security is closely linked to secrecy. Security involved a few organizations dealing mainly with classified data. However, nowadays security extends far beyond confidentiality. Confidentiality involves: privacy: protection of private data, secrecy: protection of organizational data. 2/24/2019

Integrity “Making sure that everything is as it is supposed to be.” For Computer Security this means: Preventing unauthorized writing or modifications. 2/24/2019

Availability For Computer Systems this means that: Services are accessible and useable (without undue Delay) whenever needed by an authorized entity. For this we need fault-tolerance. Faults may be accidental or malicious (Byzantine). Denial of Service attacks are an example of malicious attacks. 2/24/2019

Relationship between Confidentiality Integrity and Availability Secure Availability 2/24/2019

Other security requirements Reliability – deals with accidental damage, Safety – deals with the impact of system failure on the environment, Dependability – reliance can be justifiably placed on the system Survivability – deals with the recovery of the system after massive failure. Accountability -- actions affecting security must be traceable to the responsible party. For this, Audit information must be kept and protected, Access control is needed. 2/24/2019

Basic Components Threats – potential violations of security Attacks – violations Attackers – those who execute the violations 2/24/2019

Threats Disclosure or unauthorized access Deception or acceptance of falsified data Disruption or interruption or prevention Usurpation or unauthorized control 2/24/2019

More threats Snooping (unauthorized interception) Modification or alteration Active wiretapping Man-in-the-middle attacks Masquerading or spoofing Repudiation of origin Denial of receipt Delay Denial of Service 2/24/2019

Policy and Mechanisms A security policy is a statement of what is / is not allowed. A security mechanism is a method or tool that enforces a security policy. 2/24/2019

Assumptions of trust P be the set of all possible states of a system Let P be the set of all possible states of a system Q be the set of secure states A mechanism is secure if P ≤ Q A mechanism is precise if P = Q A mechanism is broad if there are states in P which are not in Q 2/24/2019

Assurance Trust cannot be quantified precisely. System specifications design and implementation can provide a basis for how much one can trust a system. This is called assurance. 2/24/2019

Goals of Computer Security Security is about protecting assets. This involves: Prevention Detection Reaction (recover/restore assets) 2/24/2019

Computer Security How to achieve Computer Security: Security principles/concepts: explore general principles/concepts that can be used as a guide to design secure information processing systems. Security mechanisms: explore some of the security mechanisms that can be used to secure information processing systems. Physical/Organizational security: consider physical & organizational security measures (policies) 2/24/2019

Computer Security Even at this general level there is disagreement on the precise definitions of some of the required security aspects. References: Orange book – US Dept of Defense, Trusted Computer System Evaluation Criteria. ITSEC – European Trusted Computer System Product Criteria. CTCPEC – Canadian Trusted Computer System Product Criteria 2/24/2019

Fundamental Dilemma: Functionality or Assurance Security mechanisms need additional computational Security policies interfere with working patterns, and can be very inconvenient. Managing security requires additional effort and costs. Ideally there should be a tradeoff. 2/24/2019

Operational issues Operational issues Cost-benefit analysis Example: a database with salary info, which is used by a second system to print pay checks Risk analysis Environmental dependence Time dependence Remote risk 2/24/2019

Laws and Customs Export controls Laws of multiple jurisdiction Human issues Organizational problems (who is responsible for what) People problems (outsiders/insiders) 2/24/2019

Tying it all together: how ???? 2/24/2019

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.