Presentation is loading. Please wait.

Presentation is loading. Please wait.

10/17/20151 Computer Security Introduction. 10/17/20152 Introduction What is the goal of Computer Security? A first definition: To prevent or detect unauthorized.

Published byRodney Warren Modified over 9 years ago

Similar presentations

Presentation on theme: "10/17/20151 Computer Security Introduction. 10/17/20152 Introduction What is the goal of Computer Security? A first definition: To prevent or detect unauthorized."— Presentation transcript:

1 10/17/20151 Computer Security Introduction

2 10/17/20152 Introduction What is the goal of Computer Security? A first definition: To prevent or detect unauthorized actions by users of the system.

3 10/17/20153 Introduction How do we achieve Computer Security: 1.Security principles/concepts: explore general principles/concepts that can be used as a guide to design secure information processing systems. 2.Security mechanisms: explore some of the security mechanisms that can be used to secure information processing systems. 3.Physical/Organizational security: consider physical & organizational security measures (policies)

4 10/17/20154 Security Security is about protecting assets. This involves: Prevention Detection Reaction (recover/restore assets)

5 10/17/20155 Computer Security 1.Confidentiality: prevent unauthorized disclosure of information. 2.Integrity: prevent unauthorized modification of information. 3.Availability: prevent unauthorized withholding of information. Additionally: Authenticity, accountability, reliability, safety, dependability, survivability...

6 10/17/20156 Computer Security Even at this general level there is disagreement on the precise definitions of some of the required security aspects. References: TCSEC or Orange book – US Dept of Defense, Trusted Computer System Evaluation Criteria. ITSEC – European Trusted Computer System Product Criteria. CTCPEC – Canadian Trusted Computer System Product Criteria

7 10/17/20157 Confidentiality Historically, security is closely linked to secrecy. Security involved a few organizations dealing mainly with classified data. However, nowadays security extends far beyond confidentiality. Confidentiality involves: privacy: protection of private data, secrecy: protection of organizational data.

8 10/17/20158 Integrity “Making sure that everything is as it is supposed to be.” For Computer Security this means: Preventing unauthorized writing or modifications.

9 10/17/20159 Availability For Computer Systems this means that: Services are accessible and useable (without undue Delay) whenever needed by an authorized entity. For this we need fault-tolerance. Faults may be accidental or malicious ( Byzantine ). Denial of Service attacks are an example of malicious attacks.

10 10/17/201510 Relationship between Confidentiality Integrity and Availability Integrity Confidentiality Secure Availability

11 10/17/201511 Accountability Actions affecting security must be traceable to the responsible party. For this, Audit information must be kept and protected, Access control is needed.

12 10/17/201512 Other security requirements Reliability – deals with accidental damage, Safety – deals with the impact of the environment on system failure Dependability – reliance can be justifiably placed on the system Survivability – deals with the recovery of the system after massive failure.

13 10/17/201513 Computer Security If I must give a definition…. (again) Computer Security deals with the prevention and detection of unauthorized actions by users of the System.

14 10/17/201514 Fundamental dilemma of Computer Security Functionality or Assurance: which one? Security mechanisms need additional computational resources. Security policies interfere with working patterns, and can be very inconvenient. Managing security requires additional effort and costs. Ideally there should be a tradeoff.

15 10/17/201515 Principles of Computer Security-- fundamental design parameters Application Software | User ---------------------------|-------------------- Resource (subject) | (object) | Hardware The dimensions of Computer Security

16 10/17/201516 Principles of Computer Security Integrity = compliance with a given set of rules. Rules: Internal consistency of data items Authorized operations on data items Access control

17 10/17/201517 1 st Design decision Should protection focus on data, operations or users?

18 10/17/201518 Layers of an IT system Application – users run application programs tailored to meet specific requirements Services – application programs make use of services provided by a software packages like a Database Management System (DBMS) or an Object Reference Broker (ORB). OS – The software packages run on top of the OS which controls access to resources OS kernel – the OS may have a kernel that mediates every access to the processor or memory Hardware – (processor & memory) physically stores and manipulates data.

19 10/17/201519 2 nd Design decision In which layer should security be placed?

20 10/17/201520 The onion model of protection mechanisms Hardware OS Kernel OS Services Application

21 10/17/201521 Complexity vs Assurance 3rd Design decision Should security focus on simplicity or security?

22 10/17/201522 Centralized vs Decentralized 4 th Design decision Should security control tasks be given to a central entity of left to individual components?

23 10/17/201523 The layer below Physical and organizational security mechanisms define a security perimeter or boundary. Attackers may try to bypass this boundary. Computer Security Physical and organizational security measures protection boundary

24 10/17/201524 The layer below Access to the layer below is controlled through physical and organizational security measures. Parts of the system that can malfunction without compromising the protection mechanisms lie beyond the perimeter. Parts that can be used to disable the protection mechanisms lie within the perimeter.

25 10/17/201525 5th Design decision How to prevent the attacker from accessing the layer below the protection boundary?

26 10/17/201526 Vulnerabilities Hardware: Interruption (DOS), Modification, Interception (Theft), Fabrication (Substitution) Software: Interruption (Deletion), Modification, Interception, Fabrication Data: Interruption (Loss), Modification, Interception, Fabrication

27 10/17/201527 Hardware Hardware is more visible, so it is more easy to add/remove/change devices, intercept traffic, flood with traffic and generally control their functionality. Attacks: physical damage

28 10/17/201528 Software Interruption (Deletion): surprisingly easy! Modification: –Logic bombs –failure when certain conditions are met) –Trojan horses –a program that overtly does one thing while covertly does another –Viruses –a specific Trojan horse that can be used to spread its “infection”. –Trapdoors –a program that has a specific entry point –Information leaks in programs –code that makes information accessible to unauthorized users Interception (Theft): unauthorized copying

29 10/17/201529 Data Hardware security is usually the concern of a relatively small number of staff. Software extends to programmers and analysts who create an modify programs. However data can be readily interpreted by the general public. Because of its visibility data attacks are much more widespread.

30 10/17/201530 Data Data Confidentiality: wiretapping, planting bugs, sifting though trash receptacles, monitoring electromagnetic radiation, bribing, inferring, requesting … Data Integrity: a higher level of sophistication is needed. –Salami attacks –shave off a little from many accounts to form a valuable result –Replay attacks

31 10/17/201531 Computer Criminals Amateurs –Normal people who observe a weakness in a security system –Disgruntled over some negative work situation –Have committed most of computer crimes to date Crackers –Often high school or university students: cracking is seen as the ultimate victimless crime –Attack for curiosity, self-satisfaction and personal gain –No common profile or motivation

32 10/17/201532 Computer Criminals Career criminals –Understand the targets of computer crime –Usually begin as computer professionals who later engage in computer crime finding the prospects and payoff good. –Electronic spies and information brokers who recognize –That trading in companies secrets can be lucrative.

Download ppt "10/17/20151 Computer Security Introduction. 10/17/20152 Introduction What is the goal of Computer Security? A first definition: To prevent or detect unauthorized."

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Computer Security CIS326 Dr Rachel Shipsey.

Computer Security CIS326 Dr Rachel Shipsey.
CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 34 Fall 2002.
30/04/2015Tim S Roberts 20081 COIT13152 Operating Systems T1, 2008 Tim S Roberts.

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
Dieter Gollmann Microsoft Research

Dieter Gollmann Microsoft Research
Introduction to Security in Computing 01204427 Computer and Network Security Semester 1, 2011 Lecture #01.

Introduction to Security in Computing Computer and Network Security Semester 1, 2011 Lecture #01.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer.

G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.
Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.

Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.

Similar presentations

Ads by Google