Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIT 380: Securing Computer Systems Security Solutions Part 2.

Published byAngelica Poole Modified over 9 years ago

Similar presentations

Presentation on theme: "CIT 380: Securing Computer Systems Security Solutions Part 2."— Presentation transcript:

1 CIT 380: Securing Computer Systems Security Solutions Part 2

2 CIT 380: Securing Computer Systems Slide #2 Assumptions Security rests on assumptions specific to type of security required and environment.

3 Assumptions Example: – TCP/IP designed for pre-commercial Internet. Assumed only legitimate administrators had root access. Trusted IP addresses, since only root can set IP address. What happens to network when Windows 95 systems added to network, where desktop user has all privileges? CIT 380: Securing Computer Systems Slide #3

4 CIT 380: Securing Computer Systems Slide #4 Assurance How much can you trust a system? Example: – Purchasing aspirin from a drugstore. – Bases for trust: Certification of drug by FDA. Reputation of manufacturer. Safety seal on bottle.

5 CIT 380: Securing Computer Systems Slide #5 How much do you trust? Ken Thompson’s compiler hack from “Reflections on Trusting Trust.” – Modified C compiler does two things: If compiling a compiler, inserts the self-replicating code into the executable of the new compiler. If compiling login, inserts code to allow a backdoor password.

6 How much do you trust? – After recompiling and installing old C compiler: Source code for Trojan horse does not appear anywhere in login or C compiler. Only method of finding Trojan is analyzing binary. CIT 380: Securing Computer Systems Slide #6

7 CIT 380: Securing Computer Systems Slide #7 Key Points Components of security – Confidentiality – Integrity – Availability States of information – Storage, Processing, Transmission Evaluating risk and security solutions. – Security is a matter of trade-offs. Security is a human problem.

8 Discussion: Gas Drive Away Without Paying What measures can be imposed? What are the costs for the merchant and the customer? Do the benefits outweigh the costs?

9 CIT 380: Securing Computer Systems Slide #9 References 1.Ross Anderson, Security Engineering, Wiley, 2001. 2.Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2005. 3.Peter Neumann, (moderator), Risks Digest, http://catless.ncl.ac.uk/Risks/ 4.Bruce Schneier, Beyond Fear, Copernicus Books, 2003. 5.Ken Thompson, “Reflections on Trusting Trust”, Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763 ( http://www.acm.org/classics/sep95/)

Download ppt "CIT 380: Securing Computer Systems Security Solutions Part 2."

Similar presentations

An Overview of Computer and Network Security Nick Feamster CS 6262 Spring 2009.

An Overview of Computer and Network Security Nick Feamster CS 6262 Spring 2009.
Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.

Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Countering Trusting Trust with Diverse Double-Compiling (by David A Wheeler) Dan Frohlich.

Countering Trusting Trust with Diverse Double-Compiling (by David A Wheeler) Dan Frohlich.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Reflections on Trusting Trust Ken Thompson. Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763. Copyright 1984, Association for Computing.

Reflections on Trusting Trust Ken Thompson. Communication of the ACM, Vol. 27, No. 8, August 1984, pp Copyright 1984, Association for Computing.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Trusting the Trust Budi Rahardjo Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009.

Trusting the Trust Budi Rahardjo Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.

Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
BACKDOORS in Software Seminar on Software University of Turku January 2008 Eino Malinen.

BACKDOORS in Software Seminar on Software University of Turku January 2008 Eino Malinen.
July 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
1 Lecture 24 Hiding Exploit in Compilers bootstrapping, self-generating code, tombstone diagrams Ras Bodik Mangpo and Ali Hack Your Language! CS164: Introduction.

1 Lecture 24 Hiding Exploit in Compilers bootstrapping, self-generating code, tombstone diagrams Ras Bodik Mangpo and Ali Hack Your Language! CS164: Introduction.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

Similar presentations

Ads by Google