Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction and Basic Concepts

Published byLoreen Barton Modified over 6 years ago

Similar presentations

Presentation on theme: "Introduction and Basic Concepts"— Presentation transcript:

1 Introduction and Basic Concepts
CS 5323 Introduction and Basic Concepts Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 1 © Ravi Sandhu World-Leading Research with Real-World Impact!

2 Prognosis Cyberspace will become orders of magnitude more complex and confused very quickly Cyber and physical distinction will blur Threats will go beyond money to physical harm and danger to life and body Overall this is a very positive development and will enrich human society It will be messy but need not be chaotic! Cyber security research and practice are loosing ground © Ravi Sandhu World-Leading Research with Real-World Impact! 2

3 Security Objectives INTEGRITY modification AVAILABILITY access
CONFIDENTIALITY disclosure © Ravi Sandhu World-Leading Research with Real-World Impact! 3

4 Control of read and write is fundamental to all three
Security Objectives Control of read and write is fundamental to all three INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure © Ravi Sandhu World-Leading Research with Real-World Impact! 4

5 Security Objectives INTEGRITY modification AVAILABILITY access
Cannot have it all Need to compromise INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure © Ravi Sandhu World-Leading Research with Real-World Impact! 5

6 with non-Security Objectives
Security is Secondary Cost Convenience Growth Safety Cannot have it all Need to reconcile with non-Security Objectives CIA © Ravi Sandhu World-Leading Research with Real-World Impact! 6

7 Security Objectives USAGE purpose INTEGRITY modification AVAILABILITY
access CONFIDENTIALITY disclosure © Ravi Sandhu World-Leading Research with Real-World Impact! 7

8 Covers privacy and intellectual property protection
Security Objectives USAGE purpose Covers privacy and intellectual property protection INTEGRITY modification AVAILABILITY access CONFIDENTIALITY disclosure © Ravi Sandhu World-Leading Research with Real-World Impact! 8

9 Security Objectives USAGE purpose USAGE INTEGRITY modification
AVAILABILITY access CONFIDENTIALITY disclosure © Ravi Sandhu World-Leading Research with Real-World Impact! 9

10 Security Objectives Single Enterprise owns all the information
employs all the users Multiple Interacting Parties no one owns all the information no one can unilaterally impose policy on all the users © Ravi Sandhu World-Leading Research with Real-World Impact! 10

11 Cyber Security Scope Computer security Information security =
Computer security + Communications security Information assurance Mission assurance Includes cyber physical © Ravi Sandhu World-Leading Research with Real-World Impact! 11

12 Cyber Security Goal Enable system designers and operators to say:
This system is secure © Ravi Sandhu World-Leading Research with Real-World Impact! 12

13 Cyber Security Goal Enable system designers and operators to say:
This system is secure © Ravi Sandhu World-Leading Research with Real-World Impact! 13

14 Cyber Security Goal Enable system designers and operators to say:
This system is secure Conflicting objectives need political and social compromise There is an infinite and escalating supply of attacks Not attainable © Ravi Sandhu World-Leading Research with Real-World Impact! 14

15 Cyber Security Goal Enable system designers and operators to say:
This system is secure enough Many successful examples © Ravi Sandhu World-Leading Research with Real-World Impact! 15

16 The ATM (Automatic Teller Machine) system is
The ATM Paradox The ATM (Automatic Teller Machine) system is secure enough global in scope Not attainable via current cyber security science, engineering, doctrine not studied as a success story Similar paradoxes apply to on-line banking e-commerce payments © Ravi Sandhu World-Leading Research with Real-World Impact! 16

17 High Assurance Cyber Security
US President’s nuclear football Secret formula for Coca-Cola © Ravi Sandhu World-Leading Research with Real-World Impact! 17

18 Security is Dynamic “My dear, here we must run as fast as we can, just to stay in place. And if you wish to go anywhere you must run twice as fast as that.” ― Lewis Carroll, Alice in Wonderland © Ravi Sandhu World-Leading Research with Real-World Impact! 18

19 Security Techniques Protect Detect (and Respond) Accept
© Ravi Sandhu World-Leading Research with Real-World Impact!

20 Acquire privileged account
Attack Process Attack 1 account Acquire privileged account Privilege escalation © Ravi Sandhu World-Leading Research with Real-World Impact!

21 Detection is impossible Protection is impossible …..
Limits on Security Analog hole Inference Side channels Insider threat Detection is impossible Protection is impossible ….. © Ravi Sandhu World-Leading Research with Real-World Impact! 21

Download ppt "Introduction and Basic Concepts"

Similar presentations

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
1 The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Ravi Sandhu Executive Director and Endowed Professor February 21,

1 The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Ravi Sandhu Executive Director and Endowed Professor February 21,
INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.

INSTITUTE FOR CYBER SECURITY 1 The PEI Framework for Application-Centric Security Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for.
© Ravi Sandhu www.list.gmu.edu Introduction to Information Security Ravi Sandhu.

© Ravi Sandhu Introduction to Information Security Ravi Sandhu.
1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013

1 Cyber Security Research: A Personal Perspective Prof. Ravi Sandhu Executive Director and Endowed Chair January 18, 2013
Operating System Security

Operating System Security
1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, 2013 © Ravi Sandhu World-Leading Research.

1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.
1 The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Ravi Sandhu Executive Director and Endowed Professor February 21,

1 The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to It? Ravi Sandhu Executive Director and Endowed Professor February 21,
1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11

1 The Data and Application Security and Privacy (DASPY) Challenge Prof. Ravi Sandhu Executive Director and Endowed Chair 11/11/11
1 Grand Challenges in Data Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair

1 Grand Challenges in Data Usage Control Prof. Ravi Sandhu Executive Director and Endowed Chair
1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.

1 The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair S&P Symposium IIT Kanpur March.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
Future of Access Control: Attributes, Automation, Adaptation

Future of Access Control: Attributes, Automation, Adaptation
Attribute-Based Access Control Models and Beyond

Attribute-Based Access Control Models and Beyond
1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.

1 Plenary Panel on Cloud Security and Privacy: What is new and What needs to be done? Ravi Sandhu Executive Director and Endowed Professor December 2010.
1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.

1 Attribute-Based Access Control Models and Beyond Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber.
1 The Challenge of Data and Application Security and Privacy (DASPY) Ravi Sandhu Executive Director and Endowed Professor March 23, 2011

1 The Challenge of Data and Application Security and Privacy (DASPY) Ravi Sandhu Executive Director and Endowed Professor March 23, 2011
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.

1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
1 Challenges of Cyber Security Education at the Graduate Level Ravi Sandhu Executive Director and Endowed Professor Nov. 9, 2012

1 Challenges of Cyber Security Education at the Graduate Level Ravi Sandhu Executive Director and Endowed Professor Nov. 9, 2012

Similar presentations

Ads by Google