EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

Slides:



Advertisements
Similar presentations
Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Advertisements

Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
The University of Adelaide, School of Computer Science
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Introduction to Security in Computing Computer and Network Security Semester 1, 2011 Lecture #01.
Is There a Security Problem in Computing? Network Security / G. Steffen1.
Lecture 1: Overview modified from slides of Lawrie Brown.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Chapter 1 – Introduction
Security+ Guide to Network Security Fundamentals
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Introducing Computer and Network Security
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
EEC 688/788 Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.
Lecture 11 Reliability and Security in IT infrastructure.
Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.
Network Security PHILADELPHIA UNIVERSITY Ahmad Alghoul Module 1 Introduction: To Information & Security  Modified by :Ahmad Al Ghoul  Philadelphia.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
CPSC 6126 Computer Security Information Assurance.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Cryptography and Network Security
Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.
What does “secure” mean? Protecting Valuables
CS CS 5150 Software Engineering Lecture 18 Security.
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
Security in Computer System 491 CS-G(172) By Manesh T
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
10/17/20151 Computer Security Introduction. 10/17/20152 Introduction What is the goal of Computer Security? A first definition: To prevent or detect unauthorized.
Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.
John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Topic 5: Basic Security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Chap1: Is there a Security Problem in Computing?.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Computer Security By Duncan Hall.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Introduction to Computer Security
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
Computer threats, Attacks and Assets upasana pandit T.E comp.
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
1 TMK 264: COMPUTER SECURITY CHAPTER ONE: AN OVERVIEW OF COMPUTER SECURITY.
Is There a Security Problem in Computing?
Chapter One: Introduction to Information Security.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
CS457 Introduction to Information Security Systems
Securing Network Servers
Risk management.
CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.
Issues and Protections
Security
Security in Networking
Faculty of Science IT Department By Raz Dara MA.
Computer Security By: Muhammed Anwar.
Security in Computing, Fifth Edition
Mohammad Alauthman Computer Security Mohammad Alauthman
Presentation transcript:

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

2 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Outline Types of threats Meaning of computer security Vulnerabilities in computer systems Threats in computer networks

3 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao The Meaning of Computer Security The purpose of computer security is to devise ways to prevent the weaknesses from being exploited What we mean when we say that a system is secure: –Confidentiality: computer-related assets are accessed only by authorized parties. Confidentiality is sometimes called secrecy or privacy –Integrity: assets can be modified only by authorized parties or only in authorized ways –Availability: assets are accessible to authorized parties at appropriate times

4 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Relationship of Security Goals A secure system must meet all three requirements The challenge is how to find the right balance among the goals, which often conflict –For example, it is easy to preserve a particular object's confidentiality in a secure system simply by preventing everyone from reading that object –However, this system is not secure, because it does not meet the requirement of availability for proper access => There must be a balance between confidentiality and availability

5 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Relationship of Security Goals

6 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Confidentiality Confidentiality is the security property we understand best because its meaning is narrower than the other two However, it is not trivial to ensure confidentiality. For example, –Who determines which people or systems are authorized to access the current system? –By "accessing" data, do we mean that an authorized party can access a single bit? pieces of data out of context? –Can someone who is authorized disclose those data to other parties?

7 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Integrity It is much harder to ensure integrity. One reason is that integrity means different things in different context For example, if we say that we have preserved the integrity of an item, we may mean that the item is: –precise –accurate –unmodified –modified only in acceptable ways –modified only by authorized people –modified only by authorized processes –consistent –internally consistent –meaningful and usable

8 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Integrity Aspects of integrity: computerized data are the same as those in source documents; they have not been exposed to accidental or malicious alteration or destruction Aspects of integrity: authorized actions, separation and protection of resources, and error detection and correction Integrity can be enforced in much the same way as can confidentiality: by rigorous control of who or what can access which resources in what ways

9 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Availability Availability applies both to data and to services (i.e., to information and to information processing We say a data item, service, or system is available if –There is a timely response to our request –There is a fair allocation of resources, so that some requesters are not favored over others –The service or system involved are fault tolerant - hardware or software faults lead to graceful cessation of service or to workarounds rather than to crashes and abrupt loss of information –The service or system can be used easily and in the way it was intended to be used –….

10 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Availability The security community is just beginning to understand what availability implies and how to ensure it A small, centralized control of access is fundamental to preserving confidentiality and integrity, but it is not clear that a single access control point can enforce availability Much of computer security's past success has focused on confidentiality and integrity; full implementation of availability is security's next great challenge

11 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Vulnerabilities Vulnerabilities: What would prevent us from reaching one or more of our three security goals The three assets (hardware, software and data) and the connections among them are all potential security weak points

12 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Vulnerabilities

13 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Software Vulnerabilities Software is surprisingly easy to delete and to copy Software is vulnerable to modifications that either cause it to fail or cause it to perform an unintended task

14 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Software Vulnerabilities Logic bomb: a program that has been maliciously modified to fail when certain conditions are met or when a certain date or time is reached Trojan horse: a program that overtly does one thing while covertly doing another Virus: a specific type of Trojan horse that can be used to spread its "infection" from one computer to another Trapdoor: a program that has a secret entry point Information leaks in a program: code that makes information accessible to unauthorized people or programs

15 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Data Vulnerabilities Data items have greater public value than hardware and software, because more people know how to use or interpret data By themselves, out of context, pieces of data have essentially no intrinsic value On the other hand, data items in context do relate to cost, perhaps measurable by the cost to reconstruct or redevelop damaged or lost data

16 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Data Vulnerabilities Confidential data leaked to a competitor may narrow a competitive edge Data incorrectly modified can cost human lives Inadequate security may lead to financial liability if certain personal data are made public The value of data over time is far less predictable or consistent –Quite often, data is valuable only for a period of time

17 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Principle of Adequate Protection Principle of Adequate Protection: –Computer items must be protected only until they lose their value –They must be protected to a degree consistent with their value

18 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Security of Data Confidentiality prevents unauthorized disclosure of a data item Integrity prevents unauthorized modification Availability prevents denial of authorized access

19 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Threats in Networks Networks are specialized collections of hardware, software, and data –Each network node is itself a computing system –It experiences all normal security problems A network must also confront communication problems that involve the interaction of system components and outside resources

20 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Threats in Networks The challenges to achieve network security are rooted in –A network's lack of physical proximity –Use of insecure, shared media, and –The inability of a network to identify remote users positively

21 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao What Makes a Network Vulnerable Anonymity. An attacker can mount an attack from thousands of miles away and never come into direct contact with the system, its administrators, or users Many points of attack—both targets and origins. An attack can come from any host to any host, so that a large network offers many points of vulnerability

22 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao What Makes a Network Vulnerable Sharing. Because networks enable resource and workload sharing, more users have the potential to access networked systems than on single computers Complexity of system. A network combines two or more possibly dissimilar operating systems Unknown network boundary. A network's expandability also implies uncertainty about the network boundary

23 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao What Makes a Network Vulnerable Unknown network boundary

24 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao What Makes a Network Vulnerable Unknown path in message routing. There may be many paths from one host to another. Some intermediate node might not be trustworthy

25 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Methods of Defense Harm occurs when a threat is realized against a vulnerability To protect against harm, we can neutralize the threat, close the vulnerability, or both The possibility for harm to occur is called risk

26 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Methods of Defense We can deal with harm in several ways. We can seek to –Prevent it, by blocking the attack or closing the vulnerability –Deter it, by making the attack harder, but not impossible –Deflect it, by making another target more attractive (or this one less so) –Detect it, either as it happens or some time after the fact –Recover from its effects

27 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Methods of Defense – Multiple Controls

28 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Countermeasures / Controls Encryption –Scrambling process Software controls Hardware controls –hardware or smart card implementations of encryption Policies and Procedures –Example: change password periodically Physical Controls –Example: Locks on doors, guards at entry points

29 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Software Controls Internal program controls: parts of the program that enforce security restrictions, such as access limitations Operating system and network system controls: limitations enforced by the operating system or network to protect each user from all other users Independent control programs: application programs, such as password checkers, intrusion detection utilities, or virus scanners, that protect against certain types of vulnerabilities Development controls: quality standards under which a program is designed, coded, tested, and maintained, to prevent software faults from becoming exploitable vulnerabilities

30 Spring 2008EEC693: Secure & Dependable ComputingWenbing Zhao Principle of Effectiveness Principle of Effectiveness: Controls must be used — and used properly — to be effective. They must be efficient, easy to use, and appropriate

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.