lect16 - 1.264 Lecture 16 Security basics Case study 1:...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
1.264 Lecture 16 Security basics
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Case study 1: Public transport fare collection What is core of transit system fare collection system? What are internal risks at station, bus, bus depot? What is the public face of the transit system? What systems get funds to the bank? What physical controls are needed? What controls are needed with credit cards? What are the risks of the Web site?
Background image of page 2
Case study 2: High tech manufacturing facility What electronic espionage risks are there? What are the Internet traffic risks? Does plant need to keep information at different levels of security? How does facility control access? Biometrics?
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Definitions of system System: 1. Product or component: protocol, smartcard, computer 2. Collection of products, plus operating system and its communications 3. Collection of above, plus application software 4. Any of above, plus IT staff 5. Any of above, plus users and management 6. Any of above, plus customers and external users 7. Any of above, plus environment: competitors, regulators Vendors, evaluators focus on 1, 2 Businesses focus on 5, 6, as does Anderson, and so do we
Background image of page 4
Definitions of actors Subject: physical person: operator, principal, victim Person: physical person, company or government Principal: entity that participates in security system Can be subject, person, role, communications channel or component Group: set of principals Role: function assumed by different persons in succession Identity: names of two principals that are the same person or component
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Definitions of trust and secrecy Trusted system: one whose failure will break security policy Trustworthy system: one that will not fail Secrecy: mechanisms to limit principals who can access information Confidentiality: obligation to protect other person’s secrets if you know them Secrecy for the benefit of the organization Privacy: ability or right to protect your personal secrets Secrecy for the benefit of the individual Anonymity: Message content confidentiality Message source or destination confidentiality Authenticity: integrity plus freshness Participation of genuine principal, not a replay or fake
Background image of page 6
Protocol notation
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 21

lect16 - 1.264 Lecture 16 Security basics Case study 1:...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online