July 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

Slides:



Advertisements
Similar presentations
Network Security Chapter 1 - Introduction.
Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Lecture 1: Overview modified from slides of Lawrie Brown.
1 cs691 chow C. Edward Chow Overview of Computer Security CS691 – Chapter 1 of Matt Bishop.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 An Overview of Computer Security computer security.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
Introducing Computer and Network Security
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
1 Introduction to Security Dr.Talal Alkharobi. 2 Why is security important? Computers and networks are the nerves of the basic services and critical infrastructures.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
Introduction (Pendahuluan)  Information Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Introduction to Network Defense
Storage Security and Management: Security Framework
IS 2150 / TEL 2810 Introduction to Security
Cryptography and Network Security
Lecture 1: Overview modified from slides of Lawrie Brown.
CS526: Information Security Chris Clifton August 26, 2003 Course Overview Portions of the material courtesy Professor Matt Bishop.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice
Security Architecture
Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.
CS461/ECE422 — Computer Security I — Spring 2012.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Information Security What is Information Security?
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Slide #1-1 Introductory Computer Security CS461/ECE422 Fall 2010 Susan Hinrichs.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Introduction.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Fall 2008CS 334 Computer Security1 CS 334: Computer Security Fall 2008.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Risk Management Process Frame = context, strategies Assess = determine.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Network Security Overview
Computer Security Introduction
CS457 Introduction to Information Security Systems
CS 395: Topics in Computer Security
Overview CSE 465 – Information Assurance Fall 2017 Adam Doupé
CMIT100 Chapter 15 - Information.
Chapter 1: Introduction
Chapter 1: Introduction
Chapter 1: Introduction
An Overview of Computer Security
Advanced System Security
Overview CSE 365 – Information Assurance Fall 2018 Adam Doupé
Computer Security Introduction
Security.
Chapter 1 Key Security Terms.
Chapter 4: Security Policies
Chapter 1: Introduction
Overview CSE 365 – Information Assurance Fall 2019 Adam Doupé
Presentation transcript:

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-2 Basic Components (Goals) Confidentiality –Keeping data and resources hidden Integrity –Data integrity (integrity) –Origin integrity (authentication) Availability –Enabling access to data and resources

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-3 Additional Goals Authentication –Correctly identifying the source Non-repudiation –Being able to prove the source of an utterance to a third party

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-4 Terms Exposure –Possible form of loss Vulnerability –Possible mechanism by which loss can occur Threat –Circumstance or event that could cause loss Attack –Attempt to exploit vulnerability Control –Mechanism to mitigate exposures

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-5 Overall Process Identify and Classify Assets –What are we protecting? How are they important? Identify Exposures and Threats –What would be bad? How could it happen? Identify Vulnerabilities and Threat Sources –Who or what could cause loss, and how? Determine Policies and Controls –What should be allowed and what disallowed? –How will the policies be enforced Implement and Monitor –Deploy controls and use them, gain experience to update p.r.n.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-6 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-7 Classes of Threats Disclosure –Snooping Deception –Modification, spoofing, repudiation of origin, denial of receipt Disruption –Modification Usurpation –Modification, spoofing, delay, denial of service

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-8 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-9 Policies and Mechanisms Policy says what is, and is not, allowed –This defines “security” for the site/system/etc. Mechanisms enforce policies Composition of policies –If policies conflict, discrepancies may create security vulnerabilities

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-10 “Goals” of Security (Control Approaches) Prevention –Prevent attackers from violating security policy Detection –Detect attackers’ violation of security policy Recovery –Stop attack, assess and repair damage –Continue to function correctly even if attack succeeds

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-11 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-12 Trust and Assumptions Underlie all aspects of security Policies –Unambiguously partition system states –Correctly capture security requirements Mechanisms –Assumed to enforce policy –Support mechanisms work correctly

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-13 Types of Mechanisms secure precise broad set of reachable statesset of secure states

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-14 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-15 Assurance Confidence that system will perform in a predictable way Generally, intent is that it will perform correctly!

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-16 Achieving Assurance Specification –Requirements analysis –Statement of desired functionality Design –How system will meet specification Implementation –Programs/systems that carry out design

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-17 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-18 Operational Issues Cost-Benefit Analysis –Is it cheaper to prevent or recover? Risk Analysis –Should we protect something? –How much should we protect this thing? Laws and Customs –Are desired security measures illegal? –Will people do them?

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-19 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-20 Human Issues Organizational Problems –Power and responsibility –Financial benefits People problems –Outsiders and insiders –Social engineering

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-21 Tying Together Threats Policy Specification Design Implementation Operation

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-22 Key Points Policy defines security, and mechanisms enforce security –Confidentiality –Integrity –Availability Trust and knowing assumptions Importance of assurance The human factor

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.