Presentation is loading. Please wait.

Presentation is loading. Please wait.

Aspects of Security Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects.

Published bySherman Gaines Modified over 8 years ago

Similar presentations

Presentation on theme: "Aspects of Security Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects."— Presentation transcript:

1 Aspects of Security Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Security

2 Aspects of Security Often, computer security is defined to encompass: Confidentiality: (also called secrecy/privacy) who can read information? Integrity: who can write, modify or generate information? Availability: are resources available when needed? Some experts (e.g., NSA) add to this list: Authentication: how do we establish identity? Non-repudiation: can I deny my actions? Coming up: What About...?

3 What About...? Many other topics relate to computer security: cryptography, digital signatures, access control, firewalls, passwords, certificates, many others. These are mechanisms for protecting one or more of the major aspects such as confidentiality or integrity Coming up: Which Is Most Important

4 Which Is Most Important Question: Of confidentiality, integrity, and availability, which is the most important? Answer: It all depends on the context. For a DoD system protecting the national war plan, confidentiality may be paramount. For a bank protecting financial data, integrity may count most. For an online retailer, availability may be a matter of survival. Coming up: What is Confidentiality About?

5 What is Confidentiality About? How do I protect my information from unauthorized disclosure? Historically, this was the first computer security concern, and remains extremely important in military and commercial settings. Is all of my data equally sensitive? If not, how do I group and categorize data? How do I characterize who is authorized to see what? How are the permissions administered and checked? According to what rules? Can authorizations change over time? Coming up: What is Integrity About?

6 What is Integrity About? How do I protect my information from unauthorized modification? Integrity is a fuzzier notion than confidentiality and more context dependent. But for many commercial applications it is more important than confidentiality. Who is authorized to modify my data? How do I separate and protect assets? Can I detect and/or correct erroneous or unauthorized changes to data? Can authorizations change over time? Coming up: What is Availability About? Examples? When?

7 What is Availability About? How do I ensure that my information/system resources are available when I need them? Threats to availability are often called denial of service (DoS) attacks. Are resources provided in a timely fashion? Are resources allocated fairly by the system? Is the system so difficult/tedious to use as to be useless? If faults occur, can the system compensate/recover? How is concurrency controlled by the system? Many virus and worm attacks are DoS attacks. The MyDoom worm cost businesses an estimated $38.5 billion, according to some estimates. Coming up: Lessons

8 Lessons Much of computer security is about protecting confidentiality, integrity and availability. Authentication and non-repudiation may also be important in many contexts. Which of these is most important is highly dependent on the context. Many other topics in security involve mechanisms for protecting one of the “big three” (or five). End of presentation

Download ppt "Aspects of Security Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects."

Similar presentations

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.

Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.
Digital Signatures Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Digital.

Digital Signatures Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Digital.
Mr C Johnston ICT Teacher

Mr C Johnston ICT Teacher
Lesson 6 Templates. 2 3 TEMPLATE: Also referred to as a “boiler plate” and thought of as a pattern for a series of similar documents. FILE - NEW - Choose.

Lesson 6 Templates. 2 3 TEMPLATE: Also referred to as a “boiler plate” and thought of as a pattern for a series of similar documents. FILE - NEW - Choose.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.

IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.

Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.

Summary of Lecture 1 Security attack types: either by function or by the property being compromised Security mechanism – prevention, detection and reaction.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.

Information Security. Information Security Requirements Confidentiality: Protection from disclosure to unauthorised persons Access control: Unauthorised.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Similar presentations

Ads by Google