Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Published byGavin Richards Modified over 9 years ago

Similar presentations

Presentation on theme: "Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive."— Presentation transcript:

1 Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive fields (military, industry) –Examples: encryption (protect the key), access control, existence of the data, resource hiding (configuration, google 1.7 – 2.4 M servers.) Integrity: prevent unauthorized or improper changes, is directly related to trustworthiness of data and sources –Include data integrity and origin integrity (has impact on trust), therefore, related to credibility –Prevention: prevent unauthorized changes changes in unauthorized ways –Detection Report integrity violation (confine dirty data??)

2 Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability (continued) Availability: ability to use the data or resources –Example of highway –DoS or DDoS attacks (SMS for cell phone) –Very difficult to detect Is it attack or we are unlucky today Attacker will mess with the security methods as well (packet tracing)

3 Threats: –A potential violation of security (not necessarily occur at this moment). The actions that cause such violations are called attacks. 4 classes of threats: –Disclosure: unauthorized access to data –Deception: acceptance of false data –Disruption: interruption or prevention of correct operation –Usurpation: unauthorized control of the system

4 Examples of threats: –Snooping: unauthorized interception, is a kind of disclosure (eavesdrop on wireless). Countered by confidentiality or other information hiding methods. –Modification: unauthorized change of data, may lead to deception, disruption, and usurpation. Countered by integrity. –Spoofing: impersonation, may lead to deception and usurpation. Countered by integrity. Difference b/w impersonation and delegation –Denial of receipt or origin: is a kind of deception Interesting questions: simultaneous contract signing

5 Policy and mechanism –Policy is a statement of what is and what is not allowed. Can be presented formally (in mathematical way) Can be described in plain English When two communicating parties have different policies, they may need to compromise (example b/w univ. and industry) –Mechanism is a method to enforce a policy. May impact the system performance Prevention: to fail an attack Detection Recovery: fix not only data, but also vulnerabilities Tolerance

6 Assumptions: –Security rests on assumptions of the required security and application environments –Assumptions of a security policy A policy can correctly and unambiguously partitions system states into secure and insecure A security mechanism will prevent a system from entering a insecure state Define a security mechanism as secure, precise, or broad (the example of highway) In real life, security mechanisms are usually broad (Why?)

7 Assurance: –The level of trust that we put on a system is based on its specification, design, and implementation Specification: desired function of the system Design: translate specifications into components that will implement them. Need to determine whether the specifications are satisfied Implementation: create a system that should satisfy the specification and design –Verification: complexity, input, assumptions –Testing: what to test, how to test

8

9 Operational issues: –An isolated PC will not be attacked through network, but it cannot access network either –We must balance the benefit of protection against the cost of designing, implementation, and usage of a system –Cost-benefit analysis: Protect data or regenerated data? Which is cheaper? There are after-impacts as well. (view of company?)

10 Operational issues (continued): –Risk analysis: We must understand the kinds and levels of threats, and their likelihood to happen to determine the levels of protection Risk is a function of environment Risk changes with time Low probability attacks still exist You must act on the analysis results

11 Operational issues (continued): –Laws and customs The selection of policy and mechanisms must consider legal issues: Example of encryption export and email monitor A legal security mechanism is not necessarily acceptable: submit your DNA so we have bio- based authentication A good technology is not necessarily being widely adopted: security is beyond technology

12 Human issues: –Get the security tools from right hands, and put them into right hands –Organizational issues: Security does not directly generate profit, but reduce potential losses It often reduces performance Power and responsibility must be properly linked Shortage in people and resources

13 Human issues (continued): –People issues: People is heart of any security system Attacks from outsider and insiders Under trained workers and administrators Social engineering based break-ins (in a bar at SV you can learn a lot) The problem of misconfiguration (Example of SigComm)

14 Putting them together: –Feedback and maintenance is important –Pay close attention to figure 1-1 on page 20

Download ppt "Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive."

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
1 cs691 chow C. Edward Chow Overview of Computer Security CS691 – Chapter 1 of Matt Bishop.

1 cs691 chow C. Edward Chow Overview of Computer Security CS691 – Chapter 1 of Matt Bishop.
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.

1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
July 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Applied Cryptography for Network Security

Applied Cryptography for Network Security
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.

April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Topics in Information Security Prof. JoAnne Holliday Santa Clara University.

Topics in Information Security Prof. JoAnne Holliday Santa Clara University.
An Introduction to Information Assurance COEN 150 Spring 2007.

An Introduction to Information Assurance COEN 150 Spring 2007.

Similar presentations

Ads by Google