750Chapter_01_Slides

750Chapter_01_Slides - Ch Chapter 1 Introduction Slide #1-1...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
Chapter 1 Introduction Slide #1-1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Outline • Components of computer security • Threats • Policies and mechanisms • The role of trust • Assurance perational Issues Operational Issues • Human Issues Slide #1-2
Background image of page 2
Basic Components • Confidentiality – Keeping data and resources hidden •I n t e g r i t y – Data integrity (integrity) – Origin integrity (authentication) • Availability – Enabling access to data and resources Slide #1-3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Basic Components Confidentiality: a good example is cryptography, which traditionally is used to protect secret messages. But cryptography is traditionally used to protect data, not resources. Resources are protected by limiting information, for example by using firewalls or address translation mechanisms. Integrity: a good example here is that of an interrupted database transaction, leaving the database in an inconsistent state (this foreshadows the Clark-Wilson odel) Trustworthiness of both data and origin affects integrity as noted in the model). Trustworthiness of both data and origin affects integrity, as noted in the book’s example. That integrity is tied to trustworthiness makes it much harder to quantify than confidentiality. Cryptography provides mechanisms for detecting violations of integrity, but not preventing them (e.g., a digital signature can be used to determine if data has changed). Availability: this is usually defined in terms of “quality of service,” in which authorized users are expected to receive a specific level of service (stated in terms f a metric) Denial of ser ice attacks are attempts to block a ailabilit of a metric). Denial of service attacks are attempts to block availability. Slide #1-4
Background image of page 4
Classes of Threats •D i s c l o s u r e – Snooping • Deception – Modification, spoofing, repudiation of origin, denial of ceipt receipt • Disruption – Modification •U s u r p a t i o n – Modification, spoofing, delay, denial of service Slide #1-5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Classes of Threats Snooping: an example is passive wiretapping, where the attacker monitors communications. Modification: an example is active wiretapping, where the attacker injects something into a communication or modifies parts of the communication. Modification is sometimes called alteration. Spoofing: delegation is basically authorized spoofing. The difference is that the ones to which authority is delegated does not impersonate the delegator; she simply asserts authority to act as an agent for the delegator. Denial of service: this may not be due to an attack, but due to limits of resources. owever the effect here is critical If you define security in terms of what users However, the effect here is critical. If you define security in terms of what users need to access, the inability to access is a security problem regardless of whether the reason is intentional (an attack) or unintentional (not an attack).
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 24

750Chapter_01_Slides - Ch Chapter 1 Introduction Slide #1-1...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online