G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer.

Slides:



Advertisements
Similar presentations
Computer Security CIS326 Dr Rachel Shipsey.
Advertisements

Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Dieter Gollmann Microsoft Research
Access Control Methodologies
Lecture 1: Overview modified from slides of Lawrie Brown.
Chapter 1 – Introduction
G53SEC 1 Revision & Exam Tips G53SEC. 2 Today’s Lecture: Revision Summary + Tips Exam Tips Preliminary Coursework Feedback.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Quality is about testing early and testing often Joe Apuzzo, Ngozi Nwana, Sweety Varghese Student/Faculty Research Day CSIS Pace University May 6th, 2005.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Essential Software Architecture Chapter Three - Software Quality Attributes Ian Gorton CS590 – Winter 2008.
Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
5205 – IT Service Delivery and Support
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]
SEC835 Database and Web application security Information Security Architecture.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
G53SEC Computer Security Introduction to G53SEC 1.
By Hafez Barghouthi. Agenda Today Terminology(What) Security strategies Prevention – detection – reaction Security objectives Fundamental dilemma of Computer.
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
Network Security Essentials Chapter 1
Network Security Essentials Chapter 1 Fourth Edition by William Stallings (Based on Lecture slides by Lawrie Brown)
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
SOFTWARE SYSTEMS DEVELOPMENT 4: System Design. Simplified view on software product development process 2 Product Planning System Design Project Planning.
10/17/20151 Computer Security Introduction. 10/17/20152 Introduction What is the goal of Computer Security? A first definition: To prevent or detect unauthorized.
Network security Network security. Look at the surroundings before you leap.
John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
CE Operating Systems Lecture 3 Overview of OS functions and structure.
G53SEC 1 Access Control principals, objects and their operations.
G53SEC 1 Reference Monitors Enforcement of Access Control.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure.
CSC 386 – Computer Security Scott Heggen. Agenda The Foundations of Computer Security.
Legal and Ethical Issues in Computer Security Csilla Farkas
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
UNIT-4 Computer Security Classification 2 Online Security Issues Overview Computer security – The protection of assets from unauthorized access, use,
Threats, Attacks And Assets… By: Rachael L. Fernandes Roll no:
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Security Architecture and Design Chapter 4 Part 4 Pages 377 to 416.
Computer Security Introduction
CS457 Introduction to Information Security Systems
Information Security, Theory and Practice.
Chapter 1: Introduction
Information System and Network Security
COMPUTER SECURITY CONCEPTS
Foundation Of Computer Security
Computer and Network Security
Chapter 19: Building Systems with Assurance
CP3397 Design of Networks and Security
Chapter 6 – Architectural Design
Computer Security Introduction
Computer Security CIS326 Dr Rachel Shipsey.
Computer Security CIS326 Dr Rachel Shipsey.
Chapter 5 Computer Security
Presentation transcript:

G53SEC 1 Foundations of Computer Security

G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer Security The Layer Below Summary 2

G53SEC Definitions: Security Computer Security Confidentiality Integrity Availability Accountability Nonrepudiation Reliability 3

G53SEC Security: Security is about the protection of assets Knowledge of assets and their value is vital Protection measures: - Prevention – sometimes the only feasible measure - Detection - Reaction 4

G53SEC Computer Security: Traditional definition using the following: Confidentiality Integrity Availability - Debatable ! - Priority ? - Incomplete list ? 5

G53SEC Confidentiality (Privacy, Secrecy): The prevention of unauthorised users reading sensitive information Privacy – protection of personal data Secrecy – protection of data of an organization Hide document’s content ? Hide document’s existence ? (Unlinkability and Anonymity) 6

G53SEC Integrity Informally -Making sure everything is as it is supposed to be. Formally - Integrity deals with the prevention of unauthorised writing. Data Integrity “The state that exists when computerised data is the same as that in the source documents and has not been exposed to accidental or malicious alteration or destruction.” 7

G53SEC Availability “The property of being accessible and useable upon demand by an authorised entity.” -We want to prevent denial of service Denial of service “The prevention of authorised access to resources or the delaying of time-critical operations.” 8

G53SEC Accountability Users should be held responsible for their actions Thus system has to identify and authenticate users Audit trail has to be kept “Audit information must be selectively kept and protected so that actions affecting security can be traced to the responsible party” 9

G53SEC 10 Nonrepudiation Nonrepudiation provide un-forgeable evidence Evidence verifiable by a third party Nonrepudiation of origin – sender identification delivery – delivery confirmation The concept of irrefutable evidence is alien to most legal systems !

G53SEC 11 Reliability Reliability - (accidental) failures Safety - impact of system failures on their environment Security is an aspect of reliability and vice versa! Dependability “The property of a computer system such that reliance can justifiably be placed in the service it delivers”

G53SEC 12 Our Definition Computer Security – What? “Deals with the prevention and detection of unauthorised actions by users of a computer system” Computer Security – Why? “Concerned with the measures we can take to deal with intentional actions by parties behaving in some unwelcome fashion”

G53SEC 13 To Remember No single definition of security exists When dealing with security material, do not confuse your notion of security with that used in the material

G53SEC 14 The Fundamental Dilemma “Security-unaware users have specific security requirements but usually no security expertise.” Security evaluation - evaluates the function of a security service and its assurance of functionality The Orange Book – guideline for evaluating security products (1985) ITSEC- separates functionality and assurance - introduces Targets of Evaluation

G53SEC 15 The Fundamental Dilemma cont. In contrast conflict between security and ease of use: Engineering trade-off: - Security mechanisms need increased computational resources - Security interferes with working patterns of users - Managing security is work – thus better GUI wins

G53SEC 16 Data vs. Information Security is about controlling access to information and resources This can be difficult, thus controlling access to data is more viable Data – represents information Information – (subjective) interpretation of data - Problem of inference

G53SEC 17 Principles of Computer Security Computer security is NOT rocket science if: - approached in a systematic, disciplined & well planned manner, from the birth of a developed / designed system However: - if added as an afterthought to an existing complex system -> TROUBLE!

G53SEC 18 Linux with Apache – serving a website

G53SEC 19 Windows with IIS – serving a website

G53SEC 20 Principles of Computer Security Fundamental Design parameters: Focus of Control The Man-Machine Scale Complexity vs. Assurance Centralised or Decentralised Controls The Layer Below

G53SEC 21 Focus of Control 1 st Design Decision In a given application, should the protection mechanisms in a computer system focus on: Data Operations Or users?

G53SEC 22 The Man-Machine Scale 2 nd Design Decision In which layer of the computer system should a security mechanism be placed? applications services operating system OS kernel hardware applications services operating system OS kernel hardware

G53SEC 23 The Man-Machine Scale Combining previous two design decisions: specific complex focus on users generic simple focus on data Man OrientedMachine Oriented Related to the distinction between data (machine oriented) and information (man oriented)

G53SEC 24 Complexity vs. Assurance 3 rd Design Decision Do you prefer simplicity- and higher assurance- to a feature-rich security environment? This decision is linked to the fundamental dilemma! Feature-rich security systems and high assurance do not match easily

G53SEC 25 Centralised or Decentralised Controls 4 th Design Decision Should the tasks of defining and enforcing security be given to a central entity or should they be left to individual components in a system? Central entity – could mean a bottleneck Distributed solution – more efficient but harder to manage

G53SEC 26 The Layer Below Every protection mechanism defines a security perimeter Security perimeter – parts of a system that can be used to disable the protection mechanism 5 th Design Decision How can you prevent an attacker getting access to a layer below the protection mechanism?

G53SEC 27 The Layer Below To watch out for - Recovery Tools Unix Devices Object Reuse (Release of Memory) Buffer Overruns Backup Core Dumps

G53SEC 28 Summary Definitions Fundamental Dilemma Data vs. Information Principles of Computer Security The Layer Below Next Lecture Identification and Authentication

G53SEC End 29

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.