ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

Slides:



Advertisements
Similar presentations
Information Flow and Covert Channels November, 2006.
Advertisements

Operating System Security
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Access Control Intro, DAC and MAC System Security.
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
Chapter 1 Introduction. Chapter Overview Overview of Operating Systems Secure Operating Systems Basic Concepts in Information Security Design of a Secure.
MJ10/07041 Session 10 Accounting, Security Management Adapted from Network Management: Principles and Practice © Mani Subramanian 2000 and solely used.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Lecture 5 September 27, 2007 Security Policies Confidentiality Policies.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Security Policy What is a security policy? –Defines what it means for a system to be secure Formally: Partition system into –Secure (authorized) states.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
1 IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 6 Oct 2-9, 2013 Security Policies Confidentiality Policies.
Introduction to Computer Security1 Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st semester University of.
Introduction to Computers Lesson 12A. home Information System A mechanism that helps people collect, store, organize and use information.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Slide #4-1 Chapter 4: Security Policies Overview The nature of policies –What they cover –Policy languages The nature of mechanisms –Types Underlying both.
Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch.
Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 18: Protection Goals of Protection Objects and Domains Access Matrix Implementation.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
© G. Dhillon Principles of IS Security Security of Technical Systems in Organizations – an introduction.
12/13/20151 Computer Security Security Policies...
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 5 September 29, 2009 Security Policies Confidentiality Policies.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Access Control: Policies and Mechanisms Vinod Ganapathy.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Database Management Systems, 2 nd Edition, R. Ramakrishnan and J. Gehrke1 Security Lecture 17.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang1 A Comparison of Commercial and Military Computer Security Policies Authors:
IS 2150/TEL 2810: Introduction of Computer Security1 September 27, 2003 Introduction to Computer Security Lecture 4 Security Policies, Confidentiality.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Lecture 3 September 13, 2007 Mathematical Review Security Policies.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.
INTRO TO COMPUTER SECURITY LECTURE 2 Security Policies M M Waseem Iqbal
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
Chap 4. Security Policies
CS 395: Topics in Computer Security
FUNDAMENTAL CONCEPTS IN COMPUTER SECURITY
Chapter 1: Introduction
CS 450/650 Fundamentals of Integrated Computer Security
Methods for Preventing Unauthorized Software Distribution
LM 8 Data Administration & Database Administration
NET 311 Information Security
Advanced System Security
Chapter 17: Confinement Problem
IS 2150 / TEL 2810 Introduction to Security
Chapter 4: Security Policies
Chapter 4: Security Policies
Access Control.
PKI (Public Key Infrastructure)
IS 2150 / TEL 2810 Information Security & Privacy
Computer Security Security Policies
Chapter 4: Security Policies
Chapter 5: Confidentiality Policies
Presentation transcript:

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang

2 Chap 4: Security policies A computer system: –A finite state automaton –A set of transition functions that change states A security policy: –A statement that partitions system states into secure (authorized) and non-secure (unauthorized) states A secure system –A system that starts in a secure state and cannot enter a non-secure state

3 Types of security policies –Policy for confidentiality –Policy for integrity Role of assumptions –You must understand the security assumptions to know how effective the security policies, mechanisms, and procedures are

4 Example: when you install a software patch, you will assume: –It comes from the software company, –It has been tested, –Your system setup is supported, –It has been correctly installed, etc –At the low level, you will also assume The algorithm is correctly designed The compilation and linking is correct The hardware will do what it is supposed to do

5 Types of access control –Identity based access control (discretionary AC, the owner controls it): the access right is based on the identity of the subjects and objects –Mandatory access control (or rule based access control): a system controls access to an object and an individual user cannot override it –Originator controlled access control: the generator of the information controls access (not the owner. e.g. non-disclosure) –These methods can be used jointly

6 Finite state machine examples

7

8

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.