Presentation is loading. Please wait.

Presentation is loading. Please wait.

Threats and Survivability Architectures

Published byMaria Shaw Modified over 6 years ago

Similar presentations

Presentation on theme: "Threats and Survivability Architectures"— Presentation transcript:

1 Threats and Survivability Architectures
Introduction to Security Architectures 21 Sept 2000

2 Review Threats to security and survivability
Information Warfare threats Nation states, terrorists, hacktivists, etc Other threats Natural disasters, casual hackers, accidents, insiders, …

3 Review -2 Two important factors in prioritizing threats
Frequency: expected number of incidents per unit time Severity: maximum expected damage based on a successful threat

4 Threats to What (pp25) IT resources Internal data storage
Data transmission Service availability Transaction repudiation Reputation Intellectual property

5 Classes of threats (pp27)
Eavesdropping Masquerade Replay Data Manipulation Misrouting Trojan Horse Viruses/Worms Repudiation Denial of Service

6 Weaknesses Threats exploit weaknesses in:
Technology Policy Configuration All of these can be identified in a security (or survivability) architecture

7 Survivability Architectures
Definition: View of a connected set of system components that exposes security-relevant properties Can be hardware, operating system, network, internetwork, etc

8 Security features include but are not limited to:
Integrity Availability Confidentiality Survivability features add performance, dependability, fitness, responsiveness, etc

9 Flaws and Vulnerabilities
Flaws: system component does not implement specification or maintain required system attributes Security flaw: a flaw that can lead to a violation of the security properties of a system Vulnerability: a security flaw that may be exploited by a threat

10 Security Architecture
Attempts to limit the impact of vulnerabilities through the application of an architectural abstraction Identified elements in a security architecture should support the security attributes All security-relevant elements evident at the specific level of abstraction should be included

11 Example A company’s local area network is connected to the Internet. What are some of the architectural approaches to enhancing the security of the network? What are the impacts to usability, security, and performance to the approaches?

12 Metrics associated with security architectures
Orange book Verification and Validation Red Teams Fault Injection Boundary checking Certification Functionality

13 Discussion and issues What are the differences (related to security) between development of an architecture from scratch versus modifying an existing architecture? How are security requirements tied to security architectures?

Download ppt "Threats and Survivability Architectures"

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
Introducing Computer and Network Security

Introducing Computer and Network Security
Information System Security Engineering and Management Additional slides for INFORMATION SECURITY RISK MANAGEMENT Dr. William Hery

Information System Security Engineering and Management Additional slides for INFORMATION SECURITY RISK MANAGEMENT Dr. William Hery
E-commerce security by Asif Dalwai 886 39 5409. Introduction E-commerce applications Threats in e-commerce applications Measures to handle threats Incorporate.

E-commerce security by Asif Dalwai Introduction E-commerce applications Threats in e-commerce applications Measures to handle threats Incorporate.
Network Security PHILADELPHIA UNIVERSITY Ahmad Alghoul 2010-2011 Module 1 Introduction: To Information & Security  Modified by :Ahmad Al Ghoul  Philadelphia.

Network Security PHILADELPHIA UNIVERSITY Ahmad Alghoul Module 1 Introduction: To Information & Security  Modified by :Ahmad Al Ghoul  Philadelphia.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.

LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.
PART THREE E-commerce in Action Norton University E-commerce in Action.

PART THREE E-commerce in Action Norton University E-commerce in Action.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.
Cryptography and Network Security

Cryptography and Network Security

Similar presentations

Ads by Google