Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.

Slides:



Advertisements
Similar presentations
Network Security Chapter 1 - Introduction.
Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Lecture 1: Overview modified from slides of Lawrie Brown.
1 cs691 chow C. Edward Chow Overview of Computer Security CS691 – Chapter 1 of Matt Bishop.
1 Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004.
Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
1 An Overview of Computer Security computer security.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
1 Introduction to Security Dr.Talal Alkharobi. 2 Why is security important? Computers and networks are the nerves of the basic services and critical infrastructures.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Introduction (Pendahuluan)  Information Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Topics in Information Security Prof. JoAnne Holliday Santa Clara University.
An Introduction to Information Assurance COEN 150 Spring 2007.
Introduction to Network Defense
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
IS 2150 / TEL 2810 Introduction to Security
Cryptography and Network Security
Lecture 1: Overview modified from slides of Lawrie Brown.
CS526: Information Security Chris Clifton August 26, 2003 Course Overview Portions of the material courtesy Professor Matt Bishop.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice
CYBERSIM Dec Client: Information Assurance Center Advisor: Dr. Doug Jacobson Group Members: Ryan ApplegateCprE Saddam KhattakCprE Dan NguyenCprE/JLMC.
CS461/ECE422 — Computer Security I — Spring 2012.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #4-1 Chapter 1: Introduction Components of computer security Threats Policies.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Slide #1-1 Introductory Computer Security CS461/ECE422 Fall 2010 Susan Hinrichs.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Introduction.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure.
T.A 2013/2014. Wake Up Call! Malware hijacks your , sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Fall 2008CS 334 Computer Security1 CS 334: Computer Security Fall 2008.
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Computer Security Introduction
Cryptography and Network Security
CS457 Introduction to Information Security Systems
CS 395: Topics in Computer Security
Overview CSE 465 – Information Assurance Fall 2017 Adam Doupé
Chapter 1: Introduction
Chapter 1: Introduction
Chapter 1: Introduction
An Overview of Computer Security
Advanced System Security
Overview CSE 365 – Information Assurance Fall 2018 Adam Doupé
Information Security: Terminology
Computer Security Introduction
Security.
Chapter 4: Security Policies
Cryptography and Network Security
Chapter 1: Introduction
Overview CSE 365 – Information Assurance Fall 2019 Adam Doupé
Presentation transcript:

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer Security: Art and Science © Matt Bishop

Basic Components Confidentiality Keeping data and resources hidden Integrity Data integrity (integrity) Origin integrity (authentication) Mechanisms: Prevention and Detection Availability Enabling access to data and resources Computer Security: Art and Science © Matt Bishop

Classes of Threats Threat Potential violation of security through attacks Disclosure Unauthorized access to information Snooping (passive wiretapping) Deception Acceptance of false data Modification, spoofing, repudiation of origin, denial of receipt Computer Security: Art and Science © Matt Bishop

Classes of Threats Disruption Interruption or prevention of correct operation Modification Usurpation Unauthorized control of some part of a system Modification, spoofing, delay, denial of service Computer Security: Art and Science © Matt Bishop

Policies and Mechanisms Policy says what is, and is not, allowed This defines “security” for the site/system/etc. Mechanisms enforce policies Composition of policies If policies conflict, discrepancies may create security vulnerabilities Computer Security: Art and Science © Matt Bishop

Goals of Security A policy defines “secure” and “non-secure” actions and mechanisms aim for the following: Prevention Prevent attackers from violating security policy Cumbersome, reduce flexibility Detection Detect attackers’ violation of security policy Recovery Stop attack, assess and repair damage Continue to function correctly even if attack succeeds Computer Security: Art and Science © Matt Bishop

Trust and Assumptions Underlie all aspects of security Policies Unambiguously partition system states (secure, not secure) Correctly capture security requirements Mechanisms Assumed to enforce policy Support mechanisms work correctly Computer Security: Art and Science © Matt Bishop

Types of Mechanisms Computer Security: Art and Science © Matt Bishop secure precise broad set of reachable statesset of secure states

Assurance Measure of how well the system meets its requirements; i.e. how much you can trust the system to do what it is supposed to do. NIST Computer Security Handbook definition “degree of confidence one has that the security measures, both technical and operational, work as intended to protect the system and the information it processes” “Does the security system design meet its requirements?” “Does the security system implementation meet its specifications” Computer Security: Art and Science © Matt Bishop

Assurance Specification Requirements analysis Statement of desired functionality Design How system will meet specification Implementation Programs/systems that carry out design Proof of correctness vs. testing Computer Security: Art and Science © Matt Bishop

Operational Issues Cost-Benefit Analysis Is it cheaper to prevent or recover? Overlap of mechanism’s effects Will it be possible to enforce Ease of use Risk Analysis Should we protect something? How much should we protect this thing? What would happen if the data/resource is compromised? What is the likelihood that the threats will materialize? The level of protection is a function of the likelihood and the effect of the attack. Computer Security: Art and Science © Matt Bishop

Operational Issues Risk Analysis The amount of risk is a function of the environment Risks change with time Many risks are remote but exist Problem of “analysis paralysis” Laws and Customs Are desired security measures illegal? Will people do them? Computer Security: Art and Science © Matt Bishop

Human Issues Organizational Problems No direct financial benefit Requires financial support, resources, manpower Power and responsibility Trained dedicated personnel People problems Outsiders and insiders Social engineering Computer Security: Art and Science © Matt Bishop

Tying Together Computer Security: Art and Science © Matt Bishop Threats Policy Specification Design Implementation Operation

Key Points Policy defines security, and mechanisms enforce security Confidentiality Integrity Availability Trust and knowing assumptions Importance of assurance The human factor Computer Security: Art and Science © Matt Bishop

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.