Chapter 1 Introduction Components of computer security Threats
- Slides: 15
Chapter 1: Introduction • • Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues April 1, 2004 ECS 235 1
Basic Components • Confidentiality – Keeping data and resources hidden • Integrity – Data integrity (integrity) – Origin integrity (authentication) • Availability – Enabling access to data and resources April 1, 2004 ECS 235 2
Classes of Threats • Disclosure – Snooping • Deception – Modification, spoofing, repudiation of origin, denial of receipt • Disruption – Modification • Usurpation – Modification, spoofing, delay, denial of service April 1, 2004 ECS 235 3
Policies and Mechanisms • Policy says what is, and is not, allowed – This defines “security” for the site/system/etc. • Mechanisms enforce policies • Composition of policies – If policies conflict, discrepancies may create security vulnerabilities April 1, 2004 ECS 235 4
Goals of Security • Prevention – Prevent attackers from violating security policy • Detection – Detect attackers’ violation of security policy • Recovery – Stop attack, assess and repair damage – Continue to function correctly even if attack succeeds April 1, 2004 ECS 235 5
Trust and Assumptions • Underlie all aspects of security • Policies – Unambiguously partition system states – Correctly capture security requirements • Mechanisms – Assumed to enforce policy – Support mechanisms work correctly April 1, 2004 ECS 235 6
Types of Mechanisms secure precise set of reachable states April 1, 2004 broad set of secure states ECS 235 7
Assurance • Specification – Requirements analysis – Statement of desired functionality • Design – How system will meet specification • Implementation – Programs/systems that carry out design April 1, 2004 ECS 235 8
Operational Issues • Cost-Benefit Analysis – Is it cheaper to prevent or recover? • Risk Analysis – Should we protect something? – How much should we protect this thing? • Laws and Customs – Are desired security measures illegal? – Will people do them? April 1, 2004 ECS 235 9
Human Issues • Organizational Problems – Power and responsibility – Financial benefits • People problems – Outsiders and insiders – Social engineering April 1, 2004 ECS 235 10
Tying Together Threats Policy Specification Design Implementation Operation April 1, 2004 ECS 235 11
Chapter 13: Design Principles • Overview • Principles – – – – Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least Common Mechanism Psychological Acceptability April 1, 2004 ECS 235 12
Overview • Simplicity – Less to go wrong – Fewer possible inconsistencies – Easy to understand • Restriction – Minimize access – Inhibit communication April 1, 2004 ECS 235 13
Least Privilege • A subject should be given only those privileges necessary to complete its task – Function, not identity, controls – Rights added as needed, discarded after use – Minimal protection domain April 1, 2004 ECS 235 14
Fail-Safe Defaults • Default action is to deny access • If action fails, system as secure as when action began April 1, 2004 ECS 235 15
Common computer threats
Wireless security threats and vulnerabilities
Cyber security threats and countermeasures
Modern network security
Ecommerce security threats
Wireless security threats
Privat security
Components of computer security
Hru
Https://www.naturalnews.com wikipedia
Components of computer security
Basic components of computer security
Components of computer security
Components of computer security
Components of computer security
Components of computer security
