Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Introduction

Published byDorthy Parrish Modified over 7 years ago

Similar presentations

Presentation on theme: "Computer Security Introduction"— Presentation transcript:

1 Computer Security Introduction
11/28/2017

2 Basic Components Confidentiality: Concealment of information
(prevent unauthorized disclosure of information). Integrity: Trustworthiness of data/resources (prevent unauthorized modifications). Data integrity Origin integrity (authentication) Availability: Ability to use information/resources. (prevent unauthorized withholding of information/resources). 11/28/2017

3 Basic Components Additionally:
Authenticity, accountability, reliability, safety, dependability, survivability . . . 11/28/2017

4 Confidentiality Historically, security is closely linked to secrecy.
Security involved a few organizations dealing mainly with classified data. However, nowadays security extends far beyond confidentiality. Confidentiality involves: privacy: protection of private data, secrecy: protection of organizational data. 11/28/2017

5 Integrity “Making sure that everything is as it is supposed to be.”
For Computer Security this means: Preventing unauthorized writing or modifications. 11/28/2017

6 Availability For Computer Systems this means that:
Services are accessible and useable (without undue Delay) whenever needed by an authorized entity. For this we need fault-tolerance. Faults may be accidental or malicious (Byzantine). Denial of Service attacks are an example of malicious attacks. 11/28/2017

7 Relationship between Confidentiality Integrity and Availability
Secure Availability 11/28/2017

8 Other security requirements
Reliability – deals with accidental damage, Safety – deals with the impact of system failure caused by the environment, Dependability – reliance can be justifiably placed on the system Survivability – deals with the recovery of the system after massive failure. Accountability -- actions affecting security must be traceable to the responsible party. For this, Audit information must be kept and protected, Access control is needed. 11/28/2017

9 Basic Components Threats – potential violations of security
Attacks – violations Attackers – those who execute the violations 11/28/2017

10 Threats Disclosure or unauthorized access
Deception or acceptance of falsified data Disruption or interruption or prevention Usurpation or unauthorized control 11/28/2017

11 More threats Snooping (unauthorized interception)
Modification or alteration Active wiretapping Man-in-the-middle attacks Masquerading or spoofing Repudiation of origin Denial of receipt Delay Denial of Service 11/28/2017

12 Policy and Mechanisms A security policy is a statement of what is / is not allowed. A security mechanism is a method or tool that enforces a security policy. 11/28/2017

13 Goals of Computer Security
Security is about protecting assets. This involves: Prevention Detection Recovery (reaction / restore assets) 11/28/2017

14 Assumptions of trust P be the set of all possible states of a system
Let P be the set of all possible states of a system Q be the set of secure states A mechanism is secure if P ≤ Q A mechanism is precise if P = Q A mechanism is broad if there are states in P which are not in Q 11/28/2017

15 Assurance Trust cannot be quantified precisely.
System specifications design and implementation can provide a basis for how much one can trust a system. This is called assurance. A system is said to satisfy a specification if the specification correctly states how the system will function. 11/28/2017

16 Assurance - Specifications
A specification is a statement of the desired functioning of a system. It can be highly mathematical using any of several languages for that purpose. 11/28/2017

17 Assurance – Design/Implementation
A design of a system translates the specifications into components that will implement them. Given a design the implementation creates a system that satisfies the design. A program is correct if its implementation performs as specified. 11/28/2017

18 Assurance – Testing Proofs of correctness require that each line of source code be checked for mathematical correctness. Because formal proofs of correctness are time consuming, a posteriori verification techniques known as testing have become widespread. Testing techniques are considerably simpler than formal methods, but do not provide the same degree of assurance: their value is in eliminating common sources of error and forcing designers to define precisely what the system is supposed to do. 11/28/2017

19 Operational issues Operational issues Cost-benefit analysis
Example: a database with salary info, which is used by a second system to print pay checks Risk analysis Environmental dependence Time dependence Remote risk Laws and customs 11/28/2017

20 Fundamental Dilemma Functionality or Assurance
Security mechanisms need additional computational Security policies interfere with working patterns, and can be very inconvenient. Managing security requires additional effort and costs. Ideally there should be a tradeoff. 11/28/2017

21 Laws and Customs Export controls Laws of multiple jurisdiction
Human issues 11/28/2017

22 Human issues Organizational problems (who is responsible for what)
People problems (outsiders/insiders) 11/28/2017

23 Tying it all together: how ????
Threats Policy Specification Design Implementation Operation & Maintenance The security life cycle 11/28/2017

24 Computer Security -- Summary
How to achieve Computer Security: Security principles/concepts: explore general principles/concepts that can be used as a guide to design secure information processing systems. Security mechanisms: explore some of the security mechanisms that can be used to secure information processing systems. Physical/Organizational security: consider physical & organizational security measures 11/28/2017

25 Computer Security Even at this general level there is disagreement on the precise definitions of some of the required security aspects. References: Orange book – US Dept of Defense, Trusted Computer System Evaluation Criteria. ITSEC – European Trusted Computer System Product Criteria. CTCPEC – Canadian Trusted Computer System Product Criteria 11/28/2017

Download ppt "Computer Security Introduction"

Similar presentations

Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer.

G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
1 cs691 chow C. Edward Chow Overview of Computer Security CS691 – Chapter 1 of Matt Bishop.

1 cs691 chow C. Edward Chow Overview of Computer Security CS691 – Chapter 1 of Matt Bishop.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.

1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
July 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.

April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.

Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Topics in Information Security Prof. JoAnne Holliday Santa Clara University.

Topics in Information Security Prof. JoAnne Holliday Santa Clara University.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Similar presentations

Ads by Google