Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.

Similar presentations


Presentation on theme: "1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004."— Presentation transcript:

1 1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004

2 2 Acknowledgements Many of these slides came from Matt Bishop, author of Computer Security: Art and Science

3 3 Web 1: Getting Started (1/3) Due Friday, March 12 Subscribe to rhit.csse.security Publishing Reply to the article entitled "My Home Town" Include a website describing your home town.

4 4 Web 1: Getting Started (2/3) Reviewing Read some of the postings by your fellow students and follow the links to the websites. Review at least 3 of those websites Assign a score for each of the key attributes Give your justification for those scores Reply to the original posting about that site with your review

5 5 Web 1: Getting Started (3/3) Review Scores (0-5 for each, where 0 is worst and 5 is best) Accuracy Completeness Up-to-date Ease of Use Links

6 6 Overview of Course Website http://www.rose-hulman.edu/class/csse/csse490/csse490-security/index.html

7 7 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues

8 8 Basic Components Confidentiality Keeping data and resources hidden Integrity Data integrity (integrity) Origin integrity (authentication) Availability Enabling access to data and resources

9 9 Classes of Threats Disclosure - unauthorized access Snooping Deception - acceptance of false data Modification, spoofing, repudiation of origin, denial of receipt Disruption - interruption of correct operation Modification Usurpation - unauthorized control Modification, spoofing, delay, denial of service

10 10 Policies and Mechanisms Policy says what is, and is not, allowed This defines “security” for the site/system/etc. Mechanisms enforce policies Composition of policies If policies conflict, discrepancies may create security vulnerabilities

11 11 Goals of Security Prevention Prevent attackers from violating security policy Detection Detect attackers’ violation of security policy Recovery Stop attack, assess and repair damage Continue to function correctly even if attack succeeds

12 12 Trust and Assumptions Underlie all aspects of security Policies Unambiguously partition system states Correctly capture security requirements Mechanisms Assumed to enforce policy Support mechanisms work correctly

13 13 Types of Mechanisms secure precise broad set of reachable statesset of secure states

14 14 Assurance Specification Requirements analysis Statement of desired functionality Design How system will meet specification Implementation Programs/systems that carry out design

15 15 Operational Issues Cost-Benefit Analysis Is it cheaper to prevent or recover? Risk Analysis Should we protect something? How much should we protect this thing? Laws and Customs Are desired security measures illegal? Will people do them?

16 16 Human Issues Organizational Problems Power and responsibility Financial benefits People problems Outsiders and insiders Social engineering

17 17 Tying Together Threats Policy Specification Design Implementation Operation

18 18 Key Points Policy defines security, and mechanisms enforce security Confidentiality Integrity Availability Trust and knowing assumptions Importance of assurance The human factor


Download ppt "1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004."

Similar presentations


Ads by Google