july 1, 2004computer security: art and science 2002-2004 matt bishop slide #1-1 chapter 1:...
Post on 19-Jan-2018
218 Views
Preview:
DESCRIPTION
TRANSCRIPT
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-1
Chapter 1: Introduction
• Components of computer security• Threats• Policies and mechanisms• The role of trust• Assurance• Operational Issues• Human Issues
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-2
Basic Components (Goals)
• Confidentiality– Keeping data and resources hidden
• Integrity– Data integrity (integrity)– Origin integrity (authentication)
• Availability– Enabling access to data and resources
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-3
Additional Goals
• Authentication– Correctly identifying the source
• Non-repudiation– Being able to prove the source of an utterance
to a third party
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-4
Terms• Exposure
– Possible form of loss• Vulnerability
– Possible mechanism by which loss can occur• Threat
– Circumstance or event that could cause loss• Attack
– Attempt to exploit vulnerability• Control
– Mechanism to mitigate exposures
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-5
Overall Process• Identify and Classify Assets
– What are we protecting? How are they important?• Identify Exposures and Threats
– What would be bad? How could it happen?• Identify Vulnerabilities and Threat Sources
– Who or what could cause loss, and how?• Determine Policies and Controls
– What should be allowed and what disallowed?– How will the policies be enforced
• Implement and Monitor– Deploy controls and use them, gain experience to update p.r.n.
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-6
Chapter 1: Introduction
• Components of computer security• Threats• Policies and mechanisms• The role of trust• Assurance• Operational Issues• Human Issues
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-7
Classes of Threats
• Disclosure– Snooping
• Deception– Modification, spoofing, repudiation of origin, denial of
receipt• Disruption
– Modification• Usurpation
– Modification, spoofing, delay, denial of service
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-8
Chapter 1: Introduction
• Components of computer security• Threats• Policies and mechanisms• The role of trust• Assurance• Operational Issues• Human Issues
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-9
Policies and Mechanisms
• Policy says what is, and is not, allowed– This defines “security” for the site/system/etc.
• Mechanisms enforce policies• Composition of policies
– If policies conflict, discrepancies may create security vulnerabilities
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-10
“Goals” of Security (Control Approaches)
• Prevention– Prevent attackers from violating security policy
• Detection– Detect attackers’ violation of security policy
• Recovery– Stop attack, assess and repair damage– Continue to function correctly even if attack
succeeds
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-11
Chapter 1: Introduction
• Components of computer security• Threats• Policies and mechanisms• The role of trust• Assurance• Operational Issues• Human Issues
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-12
Trust and Assumptions
• Underlie all aspects of security• Policies
– Unambiguously partition system states– Correctly capture security requirements
• Mechanisms– Assumed to enforce policy– Support mechanisms work correctly
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-13
Types of Mechanisms
secure precise broad
set of reachable states set of secure states
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-14
Chapter 1: Introduction
• Components of computer security• Threats• Policies and mechanisms• The role of trust• Assurance• Operational Issues• Human Issues
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-15
Assurance
• Confidence that system will perform in a predictable way
• Generally, intent is that it will perform correctly!
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-16
Achieving Assurance
• Specification– Requirements analysis– Statement of desired functionality
• Design– How system will meet specification
• Implementation– Programs/systems that carry out design
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-17
Chapter 1: Introduction
• Components of computer security• Threats• Policies and mechanisms• The role of trust• Assurance• Operational Issues• Human Issues
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-18
Operational Issues
• Cost-Benefit Analysis– Is it cheaper to prevent or recover?
• Risk Analysis– Should we protect something?– How much should we protect this thing?
• Laws and Customs– Are desired security measures illegal?– Will people do them?
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-19
Chapter 1: Introduction
• Components of computer security• Threats• Policies and mechanisms• The role of trust• Assurance• Operational Issues• Human Issues
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-20
Human Issues
• Organizational Problems– Power and responsibility– Financial benefits
• People problems– Outsiders and insiders– Social engineering
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-21
Tying Together
Threats
PolicySpecification
Design
Implementation
Operation
July 1, 2004 Computer Security: Art and Science©2002-2004 Matt Bishop
Slide #1-22
Key Points
• Policy defines security, and mechanisms enforce security– Confidentiality– Integrity– Availability
• Trust and knowing assumptions• Importance of assurance• The human factor
top related