Chapter 1: Introduction

Slides:



Advertisements
Similar presentations
Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Advertisements

Chapter 1  Introduction 1 Chapter 1: Introduction.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.
Part 4  Software 1 Conclusion Part 4  Software 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Conclusion 1 Conclusion Conclusion 2 Course Summary  Crypto o Basics, symmetric key, public key, hash functions and other topics, cryptanalysis  Access.
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
Network Security by Behzad Akbari Spring 2012 In the Name of the Most High.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Chapter 1  Introduction 1 Chapter 1: Introduction.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.
Topic 5: Basic Security.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
Intro to Computer Security For COP3502, Intro to Computer Science Lecture 1 1.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Computer and Information Security Chapter 1 Introduction 1.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Chapter 6 Introduction to Digital Security
Security Protecting information data confidentiality
Security Issues in Information Technology
Computer and Network Security
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Cryptography: an overview
Operating Systems Services provided on internet
Security+ All-In-One Edition Chapter 1 – General Security Concepts
Crypto in information security
(see also Q1 and Q2 Topics)
Introduction to Information Security
Lecture 5. Security Threats
Chapter 6 Introduction to Digital Security
Operating system Security
Chapter 8 Network Security.
The Security Problem Security must consider external environment of the system, and protect it from: unauthorized access. malicious modification or destruction.
OPERATING SYSTEMS CS 3502 Fall 2017
Information and Network Security
A Trojan is a computer program that contains the malicious code and it misleads users and user's computer. It aims to designed to perform something is.
Computer Security Elaine Munn Introduction to Computer Security.
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Computer and Network Security
E-Commerce Security and Fraud Issues and Protections
Cryptography: an overview
CS 465 Terminology Slides by Kent Seamons Last Updated: Sep 7, 2017.
Faculty of Science IT Department By Raz Dara MA.
Security.
Introduction Security Intro 1.
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S
Computer Security By: Muhammed Anwar.
Operating System Concepts
Chapter Goals Discuss the CIA triad
Chapter 14: Protection.
Chapter 8 roadmap 8.1 What is network security?
AIT 682: Network and Systems Security
Presentation transcript:

Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”  Lewis Carroll, Alice in Wonderland Chapter 1  Introduction 1

The Cast of Characters Alice and Bob are the good guys Trudy is the “bad guy” Trudy is our generic “intruder” Chapter 1  Introduction 2

Alice’s Online Bank Alice opens Alice’s Online Bank (AOB) What are Alice’s security concerns? If Bob is a customer of AOB, what are his security concerns? How are Alice’s and Bob’s concerns similar? How are they different? How does Trudy view the situation? Chapter 1  Introduction 3

CIA CIA == Confidentiality, Integrity, and Availability AOB must prevent Trudy from learning Bob’s account balance Confidentiality: prevent unauthorized reading of information Cryptography used for confidentiality Chapter 1  Introduction 4

CIA Trudy must not be able to change Bob’s account balance Bob must not be able to improperly change his own account balance Integrity: detect unauthorized writing of information Cryptography used for integrity Chapter 1  Introduction 5

CIA AOB’s information must be available whenever it’s needed Alice must be able to make transaction If not, she’ll take her business elsewhere Availability: Data is available in a timely manner when needed Availability a relatively new security issue Denial of service (DoS) attacks Chapter 1  Introduction 6

Beyond CIA: Crypto How does Bob’s computer know that “Bob” is really Bob and not Trudy? Bob’s password must be verified This requires some clever cryptography What are security concerns of pwds? Are there alternatives to passwords? Chapter 1  Introduction 7

Beyond CIA: Protocols When Bob logs into AOB, how does AOB know that “Bob” is really Bob? As before, Bob’s password is verified Unlike the previous case, network security issues arise How do we secure network transactions? Protocols are critically important Crypto plays a major role in security protocols Chapter 1  Introduction 8

Beyond CIA: Access Control Once Bob is authenticated by AOB, then AOB must restrict actions of Bob Bob can’t view Charlie’s account info Bob can’t install new software, and so on… Enforcing such restrictions: authorization Access control includes both: authentication and authorization Chapter 1  Introduction 9

Access Control Directory Privileges: R : (read) W : (write) X : (execution) O : (owner) From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Access Control Matrix From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Access Control List From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.

Beyond CIA: Software Cryptography, protocols, and access control are all implemented in software Software is foundation on which security rests What are security issues of software? Real-world software is complex and buggy Software flaws/bugs lead to security flaws How does Trudy attack software? How to reduce flaws in software development? And what about malware? Malware, or malicious software, is any program or file that is harmful to a computer user.  Malware includes: computer viruses and worms, worm operates independently of other files, whereas a virus depends on a host program to spread itself. Trojan horses (misleads users of its true intent) and spyware. etc.. Chapter 1  Introduction 13

Your Textbook The text consists of four major parts Cryptography Access control Protocols Software We’ll focus on technical issues But, people cause lots of problems… ??? Chapter 1  Introduction 14

The People Problem People often break security Both intentionally and unintentionally Here, we consider an unintentional case For example, suppose you want to buy something online Say, Information Security: Principles and Practice, 3rd edition from amazon.com Chapter 1  Introduction 15

Access Control Authentication Authorization Passwords Biometrics (unique biological characteristics of an individual ) Other methods of authentication Authorization Access Control Lists and Capabilities Multilevel security (MLS), security modeling, covert channel, inference control Firewalls, intrusion detection systems (IDS) Chapter 1  Introduction 16

Cryptography “Secret codes” The book covers Classic cryptography Symmetric ciphers Public key cryptography (asymmetric ciphers) Hash functions++ Advanced cryptanalysis Chapter 1  Introduction 17

Protocols “Simple” authentication protocols Focus on basics of security protocols Lots of applied cryptography in protocols Real-world security protocols SSH: Secure Shell SSL: Secure Sockets Layer IPSec: secure private communications across IP networks Kerberos: a computer network authentication protocol allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Wireless: WEP: Wired Equivalent Privacy GSM: Global System for Mobile communications Chapter 1  Introduction 18

Software Security-critical flaws in software Malware Buffer overflow Race conditions, etc. Malware Examples of viruses and worms Prevention and detection Future of malware? Chapter 1  Introduction 19

Software Software reverse engineering (SRE) How hackers “dissect” software (analyze and study its internal parts). Digital rights management (DRM) Shows difficulty of security in software Also raises OS security issues Software and testing Open source, closed source, other topics Chapter 1  Introduction 20

Software Operating systems Software is a BIG security topic Basic OS security issues “Trusted OS” requirements NGSCB: Next-Generation Secure Computing Base (Trusted Windows) Microsoft’s trusted OS for the PC Software is a BIG security topic Lots of material to cover Lots of security problems to consider But not nearly enough time… Chapter 1  Introduction 21

Think Like Trudy Good guys must think like bad guys! A police detective… …must study and understand criminals In information security We must try to think like Trudy We must study Trudy’s methods We can admire Trudy’s cleverness Often, we can’t help but laugh at Alice’s and/or Bob’s stupidity But, we cannot act like Trudy Except in this class … … and even then, there are limits Chapter 1  Introduction 22

In This Course… Think like the bad guy Always look for weaknesses Find the weak link before Trudy does It’s OK to break the rules What rules? Think like Trudy But don’t do anything illegal! Chapter 1  Introduction 23

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.