ee4215_c2 - Threats To Computer Systems Content Threats,...

Info iconThis preview shows pages 1–14. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Threats To Computer Systems Content Threats, Vulnerabilities, attacks Type of Threats System Security Engineering Threat Tree Categorization of attack Trojan Horses and Viruses Common Attack Methods 2.1 Threats, Vulnerabilities and Attacks Threats: defines as any potential occurrence, malicious and otherwise, that can have undesirable effect on the assets and resources associated with a computer system Vulnerability: is some unfortunate characteristic that makes it possible for a threat to potentially occur Attack: is some action taken by malicious intruder that involves the exploitation of certain vulnerabilities in order to cause an existing threats to occur 2.2 Types of Threats Categorization is needed to allow establishment of simple framework for understanding and solving security problems Three main types of threats disclosure threat integrity threat denial of service threat 2.2.1 Disclosure threat This threat involves the dissemination of information to an individual for whom that information should not be seen This information may be in computer storage or in transit between computer systems disclosure of information is called leak important for confidential organization such as military, government etc. 2.2.2 Integrity threat This threat involves any unauthorized change to information stored on a computer system or in transit between computer systems non-critical information has less consequence critical information can be disastrous important for battle plans and commercial activities 2.2.3 Denial of service threat This threat arises whenever access to some computer system resource is intentionally blocked as a result of malicious action taken by another user critical for delaying weapon deployment or stock dealing because the services are temporal characterized, this threat is more difficult to address than others 2.3 System Security Engineering To deal with problems of threats, vulnerabilities and attacks, a new discipline has recently emerged in the security community known as system security engineering security engineering process (Fig. 2.1) will involve understanding of the security problems and derives protections against these problems Specify System Architecture Estimate Component Risk Identify Threats, Vulnerabilities, Attacks Prioritize Vulnerabilities Identify and Install Safeguards Risk is Acceptably Low Figure 2.1 System Security Engineering Process Specify System Architecture Inspect the system examine the network, host, interface and other associate architecture use a structural specification include current security methods used include a description of functional properties create a security priority list Identify Threats, Vulnerabilities, Attacks Identify potential threats from internal and external sources estimate possible damage arises from attack establish methodologies for minimize possibilities of attack Estimate Component Risk Develop risk formula Identify risk components Prioritize risk factor Prioritize Vulnerabilities...
View Full Document

This note was uploaded on 01/11/2012 for the course EE EE4215 taught by Professor Drcheng during the Winter '11 term at City University of Hong Kong.

Page1 / 76

ee4215_c2 - Threats To Computer Systems Content Threats,...

This preview shows document pages 1 - 14. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online