Presentation is loading. Please wait.

Presentation is loading. Please wait.

Csci5233 Computer Security & Integrity 1 Overview of Security & Java (based on GS: Ch. 1)

Published byDouglas Farmer Modified over 8 years ago

Similar presentations

Presentation on theme: "Csci5233 Computer Security & Integrity 1 Overview of Security & Java (based on GS: Ch. 1)"— Presentation transcript:

1 csci5233 Computer Security & Integrity 1 Overview of Security & Java (based on GS: Ch. 1)

2 csci5233 Computer Security & Integrity 2 Security Goals for Application Development 1. Protect sensitive data 2. Control access to resources 3. Log activity  c.f., Five security goals: authenticity, confidentiality, integrity, availability, and non-repudiatibility  Q: Compare the three goals in this chapter with the five goals above.

3 csci5233 Computer Security & Integrity 3 Security Policy  An explicit statement of what actions are and are not allowed within an organization.  Acceptable use of corporate resources  Remote access policy  User privileges, …  It helps to define the limits of what your application needs to protect against.  It helps to identify the important resources.  It is guided by the business needs, rules, and related laws (example: HIPAA - Health Insurance Portability and Accountability Act of 1996 )HIPAA

4 csci5233 Computer Security & Integrity 4 Analysis of Security Requirements  Security requirements of an application is affected by the organization’s security policy. It is usually a compromise.  Two areas need to be carefully examined: A. Risk Assessment  Cost of data loss or exposure  “Worthiness” of data  Value of the application  Cost of unauthorized use of the application  Where is the weakest link?  … B. Data Exposure

5 csci5233 Computer Security & Integrity 5 Analysis of Security Requirements B. Data Exposure  Identify the types of vulnerability: When, where, how and by whom would the data be most likely be exposed?  Which of the vulnerability are most in need of strengthening (per the security policy)?  Two major types of vulnerability: 1. People  External  Internal  Roles 2. Vulnerability points  Potential points of vulnerability in the system, where data are access, transmitted, stored, etc.

6 csci5233 Computer Security & Integrity 6 Analysis of Security Requirements  An example of security requirements analysis  Design of a Network Security Testing Environment (a draft) http://sce.cl.uh.edu/yang/research/NetworkSecurityTestingEnviro nment.pdf

7 csci5233 Computer Security & Integrity 7 Analysis of Security Requirements  Usability of the system should be integrated into the security requirements.  Ideally, the enforcement of the security requirements should be “transparent” to the end users.  Achieving a successful balance between usability and security of a system is one of the hardest parts of creating a secure system.

8 csci5233 Computer Security & Integrity 8 Analysis of Security Requirements  Contingency plans  How would the organization respond to security breaches?  How about violation of privacy?  Violation of copyright?

9 csci5233 Computer Security & Integrity 9 Implementation of Security  Security technologies & tools  The OS  IP security  VPN (virtual private networks)  Firewalls  ID (intrusion detection) tools & systems  Java security features and tools o Java language features (Ch. 2) o Byte code verifier o Class loader o Java cryptography (JCA, JCE: Ch. 3)

Download ppt "Csci5233 Computer Security & Integrity 1 Overview of Security & Java (based on GS: Ch. 1)"

Similar presentations

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)
VM: Chapter 5 Guiding Principles for Software Security.

VM: Chapter 5 Guiding Principles for Software Security.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.

SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.
Privacy, Confidentiality, and Security M8120 Fall 2001.

Privacy, Confidentiality, and Security M8120 Fall 2001.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Chapter Extension 22 Managing Computer Security Risk © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 22 Managing Computer Security Risk © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Similar presentations

Ads by Google