Download presentation
Presentation is loading. Please wait.
1
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004
2
2 Acknowledgements Many of these slides came from Matt Bishop, author of Computer Security: Art and Science
3
3 Web 1: Getting Started (1/3) Due Friday, March 12 Subscribe to rhit.csse.security Publishing Reply to the article entitled "My Home Town" Include a website describing your home town.
4
4 Web 1: Getting Started (2/3) Reviewing Read some of the postings by your fellow students and follow the links to the websites. Review at least 3 of those websites Assign a score for each of the key attributes Give your justification for those scores Reply to the original posting about that site with your review
5
5 Web 1: Getting Started (3/3) Review Scores (0-5 for each, where 0 is worst and 5 is best) Accuracy Completeness Up-to-date Ease of Use Links
6
6 Overview of Course Website http://www.rose-hulman.edu/class/csse/csse490/csse490-security/index.html
7
7 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues
8
8 Basic Components Confidentiality Keeping data and resources hidden Integrity Data integrity (integrity) Origin integrity (authentication) Availability Enabling access to data and resources
9
9 Classes of Threats Disclosure - unauthorized access Snooping Deception - acceptance of false data Modification, spoofing, repudiation of origin, denial of receipt Disruption - interruption of correct operation Modification Usurpation - unauthorized control Modification, spoofing, delay, denial of service
10
10 Policies and Mechanisms Policy says what is, and is not, allowed This defines “security” for the site/system/etc. Mechanisms enforce policies Composition of policies If policies conflict, discrepancies may create security vulnerabilities
11
11 Goals of Security Prevention Prevent attackers from violating security policy Detection Detect attackers’ violation of security policy Recovery Stop attack, assess and repair damage Continue to function correctly even if attack succeeds
12
12 Trust and Assumptions Underlie all aspects of security Policies Unambiguously partition system states Correctly capture security requirements Mechanisms Assumed to enforce policy Support mechanisms work correctly
13
13 Types of Mechanisms secure precise broad set of reachable statesset of secure states
14
14 Assurance Specification Requirements analysis Statement of desired functionality Design How system will meet specification Implementation Programs/systems that carry out design
15
15 Operational Issues Cost-Benefit Analysis Is it cheaper to prevent or recover? Risk Analysis Should we protect something? How much should we protect this thing? Laws and Customs Are desired security measures illegal? Will people do them?
16
16 Human Issues Organizational Problems Power and responsibility Financial benefits People problems Outsiders and insiders Social engineering
17
17 Tying Together Threats Policy Specification Design Implementation Operation
18
18 Key Points Policy defines security, and mechanisms enforce security Confidentiality Integrity Availability Trust and knowing assumptions Importance of assurance The human factor
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.