Lesson Overview Lesson Overview Seed Plants Lesson Overview 22.3 Seed Plants.
Overview
-
Upload
phanleson -
Category
Technology
-
view
273 -
download
0
Transcript of Overview
![Page 1: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/1.jpg)
csci5233 computer security & integrity
1
An Overview ofComputer Security
![Page 2: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/2.jpg)
csci5233 computer security & integrity
2
Outline Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues
![Page 3: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/3.jpg)
csci5233 computer security & integrity
3
Status of security in computing
In terms of security, computing is very close to the wild west days.
Some computing professionals & managers do not even recognize the value of the resources they use or control.
In the event of a computing crime, some companies do not investigate or prosecute.
![Page 4: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/4.jpg)
csci5233 computer security & integrity
4
Characteristics of Computer Intrusion A computing system: a collection of
hardware, software, data, and people that an organization uses to do computing tasks
Any piece of the computing system can become the target of a computing crime.
The weakest point is the most serious vulnerability.
The principles of easiest penetration
![Page 5: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/5.jpg)
csci5233 computer security & integrity
5
Security Breaches- Terminology Exposure
– a form of possible loss or harm Vulnerability
– a weakness in the system Attack Threats
– Human attacks, natural disasters, errors Control – a protective measure Assets – h/w, s/w, data
![Page 6: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/6.jpg)
csci5233 computer security & integrity
6
Types of Security Breaches Disclosure: unauthorized access to info
– Snooping Deception: acceptance of false data
– Modification, spoofing, repudiation of origin, denial of receipt
Disruption: prevention of correct operation
– Modification, man-in-the-middle attack
Usurpation: unauthorized control of some part of
the system (usurp: take by force or without right)– Modification, spoofing, delay, denial of service
![Page 7: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/7.jpg)
csci5233 computer security & integrity
7
Security Components Confidentiality: The assets are accessible only by
authorized parties.– Keeping data and resources hidden
Integrity: The assets are modified only by authorized parties, and only in authorized ways.– Data integrity (integrity)– Origin integrity (authentication)
Availability: Assets are accessible to authorized parties.– Enabling access to data and resources
![Page 8: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/8.jpg)
csci5233 computer security & integrity
8
Computing System Vulnerabilities Hardware vulnerabilities Software vulnerabilities Data vulnerabilities Human vulnerabilities ?
![Page 9: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/9.jpg)
csci5233 computer security & integrity
9
Software Vulnerabilities Destroyed (deleted) software Stolen (pirated) software Altered (but still run) software
– Logic bomb– Trojan horse– Virus– Trapdoor– Information leaks
![Page 10: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/10.jpg)
csci5233 computer security & integrity
10
Data Security
The principle of adequate protection Storage of encryption keys Software versus hardware methods
![Page 11: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/11.jpg)
csci5233 computer security & integrity
11
Other Exposed Assets
Storage media Networks Access Key people
![Page 12: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/12.jpg)
csci5233 computer security & integrity
12
People Involved in Computer Crimes
Amateurs Crackers Career Criminals
![Page 13: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/13.jpg)
csci5233 computer security & integrity
13
Methods of Defense
Encryption Software controls Hardware controls Policies Physical controls
![Page 14: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/14.jpg)
csci5233 computer security & integrity
14
Encryption
at the heart of all security methods Confidentiality of data Some protocols rely on encryption to
ensure availability of resources. Encryption does not solve all computer
security problems.
![Page 15: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/15.jpg)
csci5233 computer security & integrity
15
Software controls
Internal program controls OS controls Development controls Software controls are usually the 1st
aspects of computer security that come to mind.
![Page 16: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/16.jpg)
csci5233 computer security & integrity
16
Policies and Mechanisms Policy says what is, and is not, allowed
– This defines “security” for the site/system/etc.
Mechanisms enforce policies Mechanisms can be simple but effective
– Example: frequent changes of passwords
Composition of policies– If policies conflict, discrepancies may create
security vulnerabilities
Legal and ethical controls– Gradually evolving and maturing
![Page 17: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/17.jpg)
csci5233 computer security & integrity
17
Principle of Effectiveness
Controls must be used to be effective.– Efficient
• Time, memory space, human activity, …
– Easy to use
– appropriate
![Page 18: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/18.jpg)
csci5233 computer security & integrity
18
Overlapping Controls
Several different controls may apply to one potential exposure.
H/w control + S/w control + Data control
![Page 19: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/19.jpg)
csci5233 computer security & integrity
19
Goals of Security Prevention
– Prevent attackers from violating security policy
Detection– Detect attackers’ violation of security policy
Recovery– Stop attack, assess and repair damage– Continue to function correctly even if attack
succeeds
![Page 20: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/20.jpg)
csci5233 computer security & integrity
20
Trust and Assumptions
Underlie all aspects of security Policies
– Unambiguously partition system states– Correctly capture security requirements
Mechanisms– Assumed to enforce policy– Support mechanisms work correctly
![Page 21: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/21.jpg)
csci5233 computer security & integrity
21
Types of Mechanisms
secure precise broad
set of reachable states set of secure states
![Page 22: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/22.jpg)
csci5233 computer security & integrity
22
Assurance
Specification– Requirements analysis– Statement of desired functionality
Design– How system will meet specification
Implementation– Programs/systems that carry out design
![Page 23: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/23.jpg)
csci5233 computer security & integrity
23
Operational Issues
Cost-Benefit Analysis– Is it cheaper to prevent or to recover?
Risk Analysis– Should we protect something?– How much should we protect this thing?
Laws and Customs– Are desired security measures illegal?– Will people do them?
![Page 24: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/24.jpg)
csci5233 computer security & integrity
24
Human Issues
Organizational Problems– Power and responsibility– Financial benefits
People problems– Outsiders and insiders– Social engineering
![Page 25: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/25.jpg)
csci5233 computer security & integrity
25
Tying Together
Threats
Policy
Specification
Design
Implementation
Operation
![Page 26: Overview](https://reader035.fdocuments.us/reader035/viewer/2022081603/558ba531d8b42a1f6d8b4626/html5/thumbnails/26.jpg)
csci5233 computer security & integrity
26
Key Points Policy defines security, and
mechanisms enforce security– Confidentiality– Integrity– Availability
Trust and knowing assumptions Importance of assurance The human factor