12/18/20151 computer security introduction. 12/18/20152 basic components 1.confidentiality:...
TRANSCRIPT
![Page 1: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/1.jpg)
04/21/23 1
Computer Security
Introduction
![Page 2: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/2.jpg)
04/21/23 2
Basic Components
1. Confidentiality: Concealment of information (prevent unauthorized disclosure of information).2. Integrity: Trustworthiness of data/resources (prevent unauthorized modifications).
• Data integrity• Origin integrity (authentication)
3. Availability: Ability to use information/resources. (prevent unauthorized withholding of information/resources).
![Page 3: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/3.jpg)
04/21/23 3
Basic Components
Additionally:Authenticity, accountability, reliability, safety, dependability, survivability . . .
![Page 4: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/4.jpg)
04/21/23 4
Confidentiality
Historically, security is closely linked to secrecy. Security involved a few organizations dealing mainlywith classified data.However, nowadays security extends far beyond confidentiality.Confidentiality involves:• privacy: protection of private data,• secrecy: protection of organizational data.
![Page 5: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/5.jpg)
04/21/23 5
Integrity
“Making sure that everything is as it is supposed to be.”For Computer Security this means: Preventing unauthorized writing or modifications.
![Page 6: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/6.jpg)
04/21/23 6
Availability
For Computer Systems this means that:Services are accessible and useable (without undue Delay) whenever needed by an authorized entity.
For this we need fault-tolerance.Faults may be accidental or malicious (Byzantine).Denial of Service attacks are an example of malicious attacks.
![Page 7: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/7.jpg)
04/21/23 7
Relationship between Confidentiality Integrity and Availability
Integrity
Confidentiality
Secure
Availability
![Page 8: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/8.jpg)
04/21/23 8
Other security requirements• Reliability – deals with accidental damage,• Safety – deals with the impact of system failure caused by the
environment,• Dependability – reliance can be justifiably placed on the system• Survivability – deals with the recovery of the system after
massive failure.• Accountability -- actions affecting security must be traceable to the responsible party. For this,
– Audit information must be kept and protected,– Access control is needed.
![Page 9: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/9.jpg)
04/21/23 9
Basic Components
Threats – potential violations of securityAttacks – violationsAttackers – those who execute the violations
![Page 10: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/10.jpg)
04/21/23 10
Threats
• Disclosure or unauthorized access• Deception or acceptance of falsified data• Disruption or interruption or prevention• Usurpation or unauthorized control
![Page 11: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/11.jpg)
04/21/23 11
More threats• Snooping (unauthorized interception)• Modification or alteration
– Active wiretapping– Man-in-the-middle attacks
• Masquerading or spoofing• Repudiation of origin• Denial of receipt• Delay• Denial of Service
![Page 12: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/12.jpg)
04/21/23 12
Policy and Mechanisms
1. A security policy is a statement of what is / is not allowed.
2. A security mechanism is a method or tool that enforces a security policy.
![Page 13: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/13.jpg)
04/21/23 13
Assumptions of trustLet • P be the set of all possible states of a system
• Q be the set of secure states
A mechanism is secure if P ≤ Q A mechanism is precise if P = Q A mechanism is broad if there are states in P which
are not in Q
![Page 14: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/14.jpg)
04/21/23 14
AssuranceTrust cannot be quantified precisely. System specifications design and implementation can provide a basis for how much one can trust a system. This is called assurance.
![Page 15: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/15.jpg)
04/21/23 15
Goals of Computer Security
Security is about protecting assets.This involves:• Prevention• Detection • Reaction (recover/restore assets)
![Page 16: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/16.jpg)
04/21/23 16
Computer Security
How to achieve Computer Security: 1. Security principles/concepts: explore general
principles/concepts that can be used as a guide to design secure information processing systems.
2. Security mechanisms: explore some of the security mechanisms that can be used to secure information processing systems.
3. Physical/Organizational security: consider physical & organizational security measures (policies)
![Page 17: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/17.jpg)
04/21/23 17
Computer Security
Even at this general level there is disagreement on the precise definitions of some of the required security aspects.References:• Orange book – US Dept of Defense, Trusted Computer System
Evaluation Criteria.• ITSEC – European Trusted Computer System Product Criteria.• CTCPEC – Canadian Trusted Computer System Product
Criteria
![Page 18: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/18.jpg)
04/21/23 18
Fundamental Dilemma: Functionality or Assurance
• Security mechanisms need additional computational
• Security policies interfere with working patterns, and can be very inconvenient.
• Managing security requires additional effort and costs.
• Ideally there should be a tradeoff.
![Page 19: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/19.jpg)
04/21/23 19
Operational issues
Operational issues– Cost-benefit analysis
• Example: a database with salary info, which is used by a second system to print pay checks
– Risk analysis• Environmental dependence• Time dependence• Remote risk
![Page 20: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/20.jpg)
04/21/23 20
Laws and Customs
• Export controls• Laws of multiple jurisdiction• Human issues
– Organizational problems (who is responsible for what)– People problems (outsiders/insiders)
![Page 21: 12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure](https://reader036.vdocuments.us/reader036/viewer/2022081421/5697bfc51a28abf838ca67b2/html5/thumbnails/21.jpg)
04/21/23 21
Tying it all together: how ????