Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 465 Terminology Slides by Kent Seamons Last Updated: Sep 7, 2017.

Published byThorvald Holm Modified over 5 years ago

Similar presentations

Presentation on theme: "CS 465 Terminology Slides by Kent Seamons Last Updated: Sep 7, 2017."— Presentation transcript:

1 CS 465 Terminology Slides by Kent Seamons Last Updated: Sep 7, 2017

2 Is This System Secure? Common question, but the wrong question to ask
Security begins by understanding the attackers and the threats Secure from whom? Secure from what?

3 Context Who are the players? Good guys trying to communicate securely
Alice Bob Bad guys trying to break the system Eve Mallory Trudy

4 Good Guys – Alice and Bob
Traditional names used in the security literature Alice and Bob attempt to share information Exchange secure or chat messages A customer at a website

5 Bad Guys Eve Mallory Trudy Eavesdropper – passive attacker
Active attacker Trudy Intruder

6 What Kinds of Attacks? STRIDE Threat Model (Microsoft)
Spoofing user identify Tampering Repudiation Information disclosure (privacy breach or data leak) Denial of service (DoS) Elevation of privilege

7 What Kinds of Defenses? CIA Confidentiality Integrity Availability
Prevent unauthorized access to data Integrity Detect unauthorized modification/creation of data Availability Prevent a denial of service attack Data is delivered in a reasonable time frame System is available when a service is requested

8 Example: Secure Email Who are the attackers? What kind of attacks?
Confidential - from eavesdroppers, server, active attackers End-to-end encryption Integrity - cannot change the message, who is it from? Digital signature Availability - DDoS mail server, START/TLS downgrade attack Attackers: Webmail server, government, criminals, eavesdroppers Attacks:

9 Threat Model Decide on the threats that are relevant in a given scenario Analyze how well the system thwarts those threats Example Attack Eavesdropping Solutions HTTPS End-to-end encryption (PGP)

10 Access Control Authentication Authorization
Determining if this is really Alice or Bob Authorization Does the user have authorization to complete a requested action?

11 Non-repudiation Prevent the ability to later deny that an action took place Usually involves cryptographic evidence that will stand up in court

12 Deniability Ability to later deny that an action took place

13 Three Facets to Security
Prevention Detection Reaction

14 Weakest Link Property A security system is only as strong as its weakest link

15 Principle of Least Privilege
A process should have enough permissions to do just what it needs to do and no more

16 Security Through Obscurity
Reliance on the secrecy of the design or implementation as the main method of providing security for a system or component of a system Examples Key under the door mat Obscure URL Don’t open source the code Related concept: Security Through Minority Use an unpopular tool

17 Attack Trees An ad-hoc method to reasoning about the threats to a system Hierarchical tree with the root node as the goal of an attacker Child nodes contain all the ways to accomplish the goal of the parent node Probability associated with each node

Download ppt "CS 465 Terminology Slides by Kent Seamons Last Updated: Sep 7, 2017."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.
1 Lect. 3 : Basic Terms Lots of new terminologies in every new fields…

1 Lect. 3 : Basic Terms Lots of new terminologies in every new fields…
Cryptography Introduction Last Updated: Aug 20, 2013.

Cryptography Introduction Last Updated: Aug 20, 2013.
Copyright © Microsoft Corp 2006 Introduction to Threat Modeling Michael Howard, CISSP Senior Security Program Manager Security Engineering and Communication.

Copyright © Microsoft Corp 2006 Introduction to Threat Modeling Michael Howard, CISSP Senior Security Program Manager Security Engineering and Communication.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.

Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
1 Presented by July-2013, IIM Indore. 2  RFID = Radio Frequency IDentification.  RFID is ADC (Automated Data Collection) technology that:-  uses radio-frequency.

1 Presented by July-2013, IIM Indore. 2  RFID = Radio Frequency IDentification.  RFID is ADC (Automated Data Collection) technology that:-  uses radio-frequency.
SEC835 Practical aspects of security implementation Part 1.

SEC835 Practical aspects of security implementation Part 1.
Dimensions of E – Commerce Security

Dimensions of E – Commerce Security
Network Security Introduction Light stuff – examples with Alice, Bob and Trudy Serious stuff - Security attacks, mechanisms and services.

Network Security Introduction Light stuff – examples with Alice, Bob and Trudy Serious stuff - Security attacks, mechanisms and services.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.

Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.

Similar presentations

Ads by Google