Computer Security Introduction - PowerPoint PPT Presentation

About This Presentation
Title:

Computer Security Introduction

Description:

Availability: Ability to use information/resources. ... Faults may be accidental or malicious (Byzantine) ... Reliability deals with accidental damage, ... – PowerPoint PPT presentation

Number of Views:61
Avg rating:3.0/5.0
Slides: 22
Provided by: mikebur
Learn more at: http://www.cs.fsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Computer Security Introduction


1
Computer SecurityIntroduction
2
Basic Components
  • Confidentiality Concealment of information
  • (prevent unauthorized disclosure of
    information).
  • Integrity Trustworthiness of data/resources
  • (prevent unauthorized modifications).
  • Data integrity
  • Origin integrity (authentication)
  • Availability Ability to use information/resources
    .
  • (prevent unauthorized withholding of
  • information/resources).

3
Basic Components
  • Additionally
  • Authenticity, accountability, reliability,
    safety,
  • dependability, survivability . . .

4
Confidentiality
  • Historically, security is closely linked to
    secrecy.
  • Security involved a few organizations dealing
    mainly
  • with classified data.
  • However, nowadays security extends far beyond
  • confidentiality.
  • Confidentiality involves
  • privacy protection of private data,
  • secrecy protection of organizational data.

5
Integrity
  • Making sure that everything is as it is supposed
    to be.
  • For Computer Security this means
  • Preventing unauthorized writing or modifications.

6
Availability
  • For Computer Systems this means that
  • Services are accessible and useable (without
    undue
  • Delay) whenever needed by an authorized entity.
  • For this we need fault-tolerance.
  • Faults may be accidental or malicious
    (Byzantine).
  • Denial of Service attacks are an example of
    malicious
  • attacks.

7
Relationship between Confidentiality Integrity
and Availability
  • Confidentiality

Integrity
Secure
Availability
8
Other security requirements
  • Reliability deals with accidental damage,
  • Safety deals with the impact of system failure
    caused by the environment,
  • Dependability reliance can be justifiably
    placed on the system
  • Survivability deals with the recovery of the
    system after massive failure.
  • Accountability -- actions affecting security must
    be traceable
  • to the responsible party. For this,
  • Audit information must be kept and protected,
  • Access control is needed.

9
Basic Components
  • Threats potential violations of security
  • Attacks violations
  • Attackers those who execute the violations

10
Threats
  • Disclosure or unauthorized access
  • Deception or acceptance of falsified data
  • Disruption or interruption or prevention
  • Usurpation or unauthorized control

11
More threats
  • Snooping (unauthorized interception)
  • Modification or alteration
  • Active wiretapping
  • Man-in-the-middle attacks
  • Masquerading or spoofing
  • Repudiation of origin
  • Denial of receipt
  • Delay
  • Denial of Service

12
Policy and Mechanisms
  • A security policy is a statement of what is / is
    not allowed.
  • A security mechanism is a method or tool that
    enforces a security policy.

13
Assumptions of trust
  • Let
  • P be the set of all possible states of a system
  • Q be the set of secure states
  • A mechanism is secure if P Q
  • A mechanism is precise if P Q
  • A mechanism is broad if there are states in P
    which
  • are not in Q

14
Assurance
  • Trust cannot be quantified precisely.
  • System specifications design and implementation
    can
  • provide a basis for how much one can trust a
    system.
  • This is called assurance.

15
Goals of Computer Security
  • Security is about protecting assets.
  • This involves
  • Prevention
  • Detection
  • Reaction (recover/restore assets)

16
Computer Security
  • How to achieve Computer Security
  • Security principles/concepts explore general
    principles/concepts that can be used as a guide
    to design secure information processing systems.
  • Security mechanisms explore some of the security
    mechanisms that can be used to secure information
    processing systems.
  • Physical/Organizational security consider
    physical organizational security measures
    (policies)

17
Computer Security
  • Even at this general level there is disagreement
    on
  • the precise definitions of some of the required
    security
  • aspects.
  • References
  • Orange book US Dept of Defense, Trusted
    Computer System Evaluation Criteria.
  • ITSEC European Trusted Computer System Product
    Criteria.
  • CTCPEC Canadian Trusted Computer System Product
    Criteria

18
Fundamental Dilemma Functionality or Assurance
  • Security mechanisms need additional computational
  • Security policies interfere with working
    patterns, and can be very inconvenient.
  • Managing security requires additional effort and
    costs.
  • Ideally there should be a tradeoff.

19
Operational issues
  • Operational issues
  • Cost-benefit analysis
  • Example a database with salary info, which is
    used by a second system to print pay checks
  • Risk analysis
  • Environmental dependence
  • Time dependence
  • Remote risk

20
Laws and Customs
  • Export controls
  • Laws of multiple jurisdiction
  • Human issues
  • Organizational problems (who is responsible for
    what)
  • People problems (outsiders/insiders)

21
Tying it all together how ????
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Computer Security Introduction" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!