Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURITY Prepared By: Dr. Vipul Vekariya.. 2 S ECURITY Secure system will control, through use of specific futures, access to information that only properly.

Published byRosaline Banks Modified over 8 years ago

Similar presentations

Presentation on theme: "SECURITY Prepared By: Dr. Vipul Vekariya.. 2 S ECURITY Secure system will control, through use of specific futures, access to information that only properly."— Presentation transcript:

1 SECURITY Prepared By: Dr. Vipul Vekariya.

2 2 S ECURITY Secure system will control, through use of specific futures, access to information that only properly authorized individuals or processes operating on their behalf will have access to read, write, create or delete.

3 C OMPUTER S ECURITY T RIAD Three key objectives are at the heart of computer security Confidentiality Integrity Availability

4 S ECURITY THREATS The major threats to security in any computing environment. 1) Unauthorized use of service(tapping) 2) Unauthorized disclosure of information(disclosure) 3) Unauthorized alteration or deletion of information (amendment) 4) Unauthorized fabrication of information(Fabrication) 5) Denial of service to authorized user(Denial) 4

5 A TTACKS ON S ECURITY Authentication Trap doors Line tapping Improper access control Trojan horse Ordinary software bomb Timed software bomb Logical software bomb Worm virus 5

6 P RINCIPLE OF S ECURITY D ESIGN Public design: the design of security system should not be secret. Assume that penetrator will know about it. Least privilege: every process should be given the least privileges that are necessary for execution. Explicit demand: No access right should be granted to a process as a default. Each subject should have demand the access rights explicitly. Continuous verification: the access rights should be verified at every request from subject. Simple design: the design of the security should be simple and uniform. User acceptance: user should not have to spend most of time to protect their files. Multiple condition: system should design in such a fashion that access depends on fulfilling more than one condition.

7 A UTHENTICATION Authentication is a process of verifying whether person is valid user or not. There are two types of authentication that are possible. Verification of user logging in to centralized system. Authentication of computer that are required to cooperate in a network or distributed environment.

8 A UTHENTICATION Basis for most type of access control and accountability Two steps Identification Verification

9 M EANS OF A UTHENTICATION Traditionally listed as three factors Something you know Password, PIN Something you have Card, RFID badge Something you are Biometrics

10 P ASSWORD -B ASED A UTHENTICATION Determines if user is authorized to access the system Determines privileges for the user Choice of password Password length Salting technique is used for password Additional password Continuous challenge Force password change One time password Disable user

11 H ASHED P ASSWORDS Widely used technique for storing passwords Secure against a variety of cryptanalytic attacks

12 UNIX P ASSWORD S CHEME

13 T OKEN -B ASED A UTHENTICATION ( A RTIFACT BASE ) Objects that a user possesses for the purpose of user authentication are called tokens. Examples include Memory cards Smart cards

14 S TATIC B IOMETRIC A UTHENTICATION Includes Facial characteristics Fingerprints Hand geometry Retinal pattern Based on pattern recognition, technically complex and expensive.

15 D YNAMIC B IOMETRIC A UTHENTICATION Patterns may change Includes Iris Signature Voice Typing rhythm

16 A CCESS C ONTROL Dictates what types of access are permitted, under what circumstances, and by whom. Discretionary access control: control access based on the identity of requestor and on access rule. Mandatory access control: control access based on comparing security labels with security clearance. Role-based access control: control access based on the role that user have.

17 E XTENDED A CCESS C ONTROL M ATRIX

18 R OLE B ASED A CCESS C ONTROL Effective implementation of the principle of least privilege Each role should contain the minimum set of access rights needed for that role. A user is assigned to a role that enables him or her to perform what is required for that role. But only while they are performing that role

19 R OLES

20 A CCESS C ONTROL M ATRIX R EPRESENTATION OF RBAC

21

Download ppt "SECURITY Prepared By: Dr. Vipul Vekariya.. 2 S ECURITY Secure system will control, through use of specific futures, access to information that only properly."

Similar presentations

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,

Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,
Chapter 15 Computer Security Techniques

Chapter 15 Computer Security Techniques
Operating System Security

Operating System Security
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Fundamentals of Information Systems Security.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 3 “User Authentication”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 3 “User Authentication”.
Access Control Methodologies

Access Control Methodologies
Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.

Chapter 2.  CIA Model  Host Security VS Network Security  Least Privileges  Layered Security  Access Controls Prepared by Mohammed Saher2.
Chapter 15 Computer Security Techniques Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design.

Chapter 15 Computer Security Techniques Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Protection and Security CSCI 444/544 Operating Systems Fall 2008.

Protection and Security CSCI 444/544 Operating Systems Fall 2008.
2  A system can protect itself in two ways: It can limit who can access the system. This requires the system to implement a two-step process of identification.

2  A system can protect itself in two ways: It can limit who can access the system. This requires the system to implement a two-step process of identification.
Lecture 7 Access Control

Lecture 7 Access Control
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Marjie Rodrigues 411154.

Marjie Rodrigues
Security-Authentication

Security-Authentication
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Li Xiong CS573 Data Privacy and Security Access Control.

Li Xiong CS573 Data Privacy and Security Access Control.
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

Similar presentations

Ads by Google