Presentation is loading. Please wait.

Presentation is loading. Please wait.

Csci5233 computer security & integrity 1 An Overview of Computer Security.

Published byClaud Booker Modified over 8 years ago

Similar presentations

Presentation on theme: "Csci5233 computer security & integrity 1 An Overview of Computer Security."— Presentation transcript:

1 csci5233 computer security & integrity 1 An Overview of Computer Security

2 csci5233 computer security & integrity 2 Outline Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues

3 csci5233 computer security & integrity 3 Status of security in computing In terms of security, computing is very close to the wild west days. Some computing professionals & managers do not even recognize the value of the resources they use or control. In the event of a computing crime, some companies do not investigate or prosecute.

4 csci5233 computer security & integrity 4 Characteristics of Computer Intrusion A computing system: a collection of hardware, software, data, and people that an organization uses to do computing tasks Any piece of the computing system can become the target of a computing crime. The weakest point is the most serious vulnerability. The principles of easiest penetration

5 csci5233 computer security & integrity 5 Security Breaches - Terminology Exposure –a form of possible loss or harm Vulnerability –a weakness in the system Attack Threats –Human attacks, natural disasters, errors Control – a protective measure Assets – h/w, s/w, data

6 csci5233 computer security & integrity 6 Types of Security Breaches Disclosure: unauthorized access to info –Snooping Deception: acceptance of false data –Modification, spoofing, repudiation of origin, denial of receipt Disruption: prevention of correct operation –Modification, man-in-the-middle attack Usurpation: unauthorized control of some part of the system ( usurp: take by force or without right ) –Modification, spoofing, delay, denial of service

7 csci5233 computer security & integrity 7 Security Components Confidentiality: The assets are accessible only by authorized parties. –Keeping data and resources hidden Integrity: The assets are modified only by authorized parties, and only in authorized ways. –Data integrity (integrity) –Origin integrity (authentication) Availability: Assets are accessible to authorized parties. –Enabling access to data and resources

8 csci5233 computer security & integrity 8 Computing System Vulnerabilities Hardware vulnerabilities Software vulnerabilities Data vulnerabilities Human vulnerabilities ?

9 csci5233 computer security & integrity 9 Software Vulnerabilities Destroyed (deleted) software Stolen (pirated) software Altered (but still run) software –Logic bomb –Trojan horse –Virus –Trapdoor –Information leaks

10 csci5233 computer security & integrity 10 Data Security The principle of adequate protection Storage of encryption keys Software versus hardware methods

11 csci5233 computer security & integrity 11 Other Exposed Assets Storage media Networks Access Key people

12 csci5233 computer security & integrity 12 People Involved in Computer Crimes Amateurs Crackers Career Criminals

13 csci5233 computer security & integrity 13 Methods of Defense Encryption Software controls Hardware controls Policies Physical controls

14 csci5233 computer security & integrity 14 Encryption at the heart of all security methods Confidentiality of data Some protocols rely on encryption to ensure availability of resources. Encryption does not solve all computer security problems.

15 csci5233 computer security & integrity 15 Software controls Internal program controls OS controls Development controls Software controls are usually the 1 st aspects of computer security that come to mind.

16 csci5233 computer security & integrity 16 Policies and Mechanisms Policy says what is, and is not, allowed –This defines “security” for the site/system/etc. Mechanisms enforce policies Mechanisms can be simple but effective –Example: frequent changes of passwords Composition of policies –If policies conflict, discrepancies may create security vulnerabilities Legal and ethical controls –Gradually evolving and maturing

17 csci5233 computer security & integrity 17 Principle of Effectiveness Controls must be used to be effective. –Efficient Time, memory space, human activity, … –Easy to use –appropriate

18 csci5233 computer security & integrity 18 Overlapping Controls Several different controls may apply to one potential exposure. H/w control + S/w control + Data control

19 csci5233 computer security & integrity 19 Goals of Security Prevention –Prevent attackers from violating security policy Detection –Detect attackers’ violation of security policy Recovery –Stop attack, assess and repair damage –Continue to function correctly even if attack succeeds

20 csci5233 computer security & integrity 20 Trust and Assumptions Underlie all aspects of security Policies –Unambiguously partition system states –Correctly capture security requirements Mechanisms –Assumed to enforce policy –Support mechanisms work correctly

21 csci5233 computer security & integrity 21 Types of Mechanisms secure precise broad set of reachable statesset of secure states

22 csci5233 computer security & integrity 22 Assurance Specification –Requirements analysis –Statement of desired functionality Design –How system will meet specification Implementation –Programs/systems that carry out design

23 csci5233 computer security & integrity 23 Operational Issues Cost-Benefit Analysis –Is it cheaper to prevent or to recover? Risk Analysis –Should we protect something? –How much should we protect this thing? Laws and Customs –Are desired security measures illegal? –Will people do them?

24 csci5233 computer security & integrity 24 Human Issues Organizational Problems –Power and responsibility –Financial benefits People problems –Outsiders and insiders –Social engineering

25 csci5233 computer security & integrity 25 Tying Together Threats Policy Specification Design Implementation Operation

26 csci5233 computer security & integrity 26 Key Points Policy defines security, and mechanisms enforce security –Confidentiality –Integrity –Availability Trust and knowing assumptions Importance of assurance The human factor

Download ppt "Csci5233 computer security & integrity 1 An Overview of Computer Security."

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Introduction to Security in Computing 01204427 Computer and Network Security Semester 1, 2011 Lecture #01.

Introduction to Security in Computing Computer and Network Security Semester 1, 2011 Lecture #01.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering.
1 cs691 chow C. Edward Chow Overview of Computer Security CS691 – Chapter 1 of Matt Bishop.

1 cs691 chow C. Edward Chow Overview of Computer Security CS691 – Chapter 1 of Matt Bishop.
EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.

1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
Chapter 1 – Introduction

Chapter 1 – Introduction
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
Introducing Computer and Network Security

Introducing Computer and Network Security
July 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
1 Introduction to Security Dr.Talal Alkharobi. 2 Why is security important? Computers and networks are the nerves of the basic services and critical infrastructures.

1 Introduction to Security Dr.Talal Alkharobi. 2 Why is security important? Computers and networks are the nerves of the basic services and critical infrastructures.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Similar presentations

Ads by Google