Presentation is loading. Please wait.

Presentation is loading. Please wait.

G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer.

Published byAshlie Stewart Modified over 9 years ago

Similar presentations

Presentation on theme: "G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer."— Presentation transcript:

1 G53SEC 1 Foundations of Computer Security

2 G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer Security The Layer Below Summary 2

3 G53SEC Definitions: Security Computer Security Confidentiality Integrity Availability Accountability Nonrepudiation Reliability 3

4 G53SEC Security: Security is about the protection of assets Knowledge of assets and their value is vital Protection measures: - Prevention – sometimes the only feasible measure - Detection - Reaction 4

5 G53SEC Computer Security: Traditional definition using the following: Confidentiality Integrity Availability - Debatable ! - Priority ? - Incomplete list ? 5

6 G53SEC Confidentiality (Privacy, Secrecy): The prevention of unauthorised users reading sensitive information Privacy – protection of personal data Secrecy – protection of data of an organization Hide document’s content ? Hide document’s existence ? (Unlinkability and Anonymity) 6

7 G53SEC Integrity Informally -Making sure everything is as it is supposed to be. Formally - Integrity deals with the prevention of unauthorised writing. Data Integrity “The state that exists when computerised data is the same as that in the source documents and has not been exposed to accidental or malicious alteration or destruction.” 7

8 G53SEC Availability “The property of being accessible and useable upon demand by an authorised entity.” -We want to prevent denial of service Denial of service “The prevention of authorised access to resources or the delaying of time-critical operations.” 8

9 G53SEC Accountability Users should be held responsible for their actions Thus system has to identify and authenticate users Audit trail has to be kept “Audit information must be selectively kept and protected so that actions affecting security can be traced to the responsible party” 9

10 G53SEC 10 Nonrepudiation Nonrepudiation provide un-forgeable evidence Evidence verifiable by a third party Nonrepudiation of origin – sender identification delivery – delivery confirmation The concept of irrefutable evidence is alien to most legal systems !

11 G53SEC 11 Reliability Reliability - (accidental) failures Safety - impact of system failures on their environment Security is an aspect of reliability and vice versa! Dependability “The property of a computer system such that reliance can justifiably be placed in the service it delivers”

12 G53SEC 12 Our Definition Computer Security – What? “Deals with the prevention and detection of unauthorised actions by users of a computer system” Computer Security – Why? “Concerned with the measures we can take to deal with intentional actions by parties behaving in some unwelcome fashion”

13 G53SEC 13 To Remember No single definition of security exists When dealing with security material, do not confuse your notion of security with that used in the material

14 G53SEC 14 The Fundamental Dilemma “Security-unaware users have specific security requirements but usually no security expertise.” Security evaluation - evaluates the function of a security service and its assurance of functionality The Orange Book – guideline for evaluating security products (1985) ITSEC- separates functionality and assurance - introduces Targets of Evaluation

15 G53SEC 15 The Fundamental Dilemma cont. In contrast conflict between security and ease of use: Engineering trade-off: - Security mechanisms need increased computational resources - Security interferes with working patterns of users - Managing security is work – thus better GUI wins

16 G53SEC 16 Data vs. Information Security is about controlling access to information and resources This can be difficult, thus controlling access to data is more viable Data – represents information Information – (subjective) interpretation of data - Problem of inference

17 G53SEC 17 Principles of Computer Security Computer security is NOT rocket science if: - approached in a systematic, disciplined & well planned manner, from the birth of a developed / designed system However: - if added as an afterthought to an existing complex system -> TROUBLE!

18 G53SEC 18 Linux with Apache – serving a website

19 G53SEC 19 Windows with IIS – serving a website

20 G53SEC 20 Principles of Computer Security Fundamental Design parameters: Focus of Control The Man-Machine Scale Complexity vs. Assurance Centralised or Decentralised Controls The Layer Below

21 G53SEC 21 Focus of Control 1 st Design Decision In a given application, should the protection mechanisms in a computer system focus on: Data Operations Or users?

22 G53SEC 22 The Man-Machine Scale 2 nd Design Decision In which layer of the computer system should a security mechanism be placed? applications services operating system OS kernel hardware applications services operating system OS kernel hardware

23 G53SEC 23 The Man-Machine Scale Combining previous two design decisions: specific complex focus on users generic simple focus on data Man OrientedMachine Oriented Related to the distinction between data (machine oriented) and information (man oriented)

24 G53SEC 24 Complexity vs. Assurance 3 rd Design Decision Do you prefer simplicity- and higher assurance- to a feature-rich security environment? This decision is linked to the fundamental dilemma! Feature-rich security systems and high assurance do not match easily

25 G53SEC 25 Centralised or Decentralised Controls 4 th Design Decision Should the tasks of defining and enforcing security be given to a central entity or should they be left to individual components in a system? Central entity – could mean a bottleneck Distributed solution – more efficient but harder to manage

26 G53SEC 26 The Layer Below Every protection mechanism defines a security perimeter Security perimeter – parts of a system that can be used to disable the protection mechanism 5 th Design Decision How can you prevent an attacker getting access to a layer below the protection mechanism?

27 G53SEC 27 The Layer Below To watch out for - Recovery Tools Unix Devices Object Reuse (Release of Memory) Buffer Overruns Backup Core Dumps

28 G53SEC 28 Summary Definitions Fundamental Dilemma Data vs. Information Principles of Computer Security The Layer Below Next Lecture Identification and Authentication

29 G53SEC End 29

Download ppt "G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer."

Similar presentations

Computer Security CIS326 Dr Rachel Shipsey.

Computer Security CIS326 Dr Rachel Shipsey.
Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.

Advanced Networks and Computer Security Curt Carver & Jeff Humphries © 1999 Texas A&M University.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Dieter Gollmann Microsoft Research

Dieter Gollmann Microsoft Research
Access Control Methodologies

Access Control Methodologies
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Chapter 1 – Introduction

Chapter 1 – Introduction
G53SEC 1 Revision & Exam Tips G53SEC. 2 Today’s Lecture: Revision Summary + Tips Exam Tips Preliminary Coursework Feedback.

G53SEC 1 Revision & Exam Tips G53SEC. 2 Today’s Lecture: Revision Summary + Tips Exam Tips Preliminary Coursework Feedback.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Quality is about testing early and testing often Joe Apuzzo, Ngozi Nwana, Sweety Varghese Student/Faculty Research Day CSIS Pace University May 6th, 2005.

Quality is about testing early and testing often Joe Apuzzo, Ngozi Nwana, Sweety Varghese Student/Faculty Research Day CSIS Pace University May 6th, 2005.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Essential Software Architecture Chapter Three - Software Quality Attributes Ian Gorton CS590 – Winter 2008.

Essential Software Architecture Chapter Three - Software Quality Attributes Ian Gorton CS590 – Winter 2008.
Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.

Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Similar presentations

Ads by Google