Introduction to Security in Computing 01204427 Computer and

  • Slides: 17
Download presentation
Introduction to Security in Computing 01204427 Computer and Network Security Semester 1, 2011 Lecture

Introduction to Security in Computing 01204427 Computer and Network Security Semester 1, 2011 Lecture #01

What’s about Security � Why to secure something? � Valuable � How assets to

What’s about Security � Why to secure something? � Valuable � How assets to protect to secure? � Place in a safe place � Guarding � How strong of protection? � May implement several layers � May be complex locks system � May need multiple parties to grant access

Principle of Adequate Protection Computer items must be protected to a degree consistent with

Principle of Adequate Protection Computer items must be protected to a degree consistent with their value

Security in Computing System � Computing � Collection � HW � Storage � Data

Security in Computing System � Computing � Collection � HW � Storage � Data � People System of

Threats, Controls, and Vulnerabilities �A threat is blocked by control of a vulnerability

Threats, Controls, and Vulnerabilities �A threat is blocked by control of a vulnerability

System Security Threats

System Security Threats

Security Goals

Security Goals

Security Goal: Confidentiality � Only authorized people or system can access protected data �

Security Goal: Confidentiality � Only authorized people or system can access protected data � Ensuring � More the confidentiality can be difficult! to concern � Access : a single bit or the whole collection? � Disclose to other parties prohibit?

Security Goal: Integrity � Several meanings � Precise � Accurate � Unmodified � Modified

Security Goal: Integrity � Several meanings � Precise � Accurate � Unmodified � Modified in acceptable way � Consistent � May cover two or more of above properties

Security Goal: Availability � Several properties Present in a usable form � Enough capacity

Security Goal: Availability � Several properties Present in a usable form � Enough capacity to meet the service’s needs � Bounded waiting time � Completed services in an acceptable period of time � � System is well available if : - Timely response to a request � Generalized fairly allocate resources � Fault tolerance (graceful cessation instead of crash or abrupt) � Easily to be used � Concurrency is controlled (simultaneous, deadlock management, exclusive access) �

Vulnerabilities of Computing System

Vulnerabilities of Computing System

Some of software modifications � Logic Bomb � Trojan � Virus � Trapdoor �

Some of software modifications � Logic Bomb � Trojan � Virus � Trapdoor � Information Leaks

Security of Data

Security of Data

Computer Criminal � Armatures � Crackers � Career Criminals � Terrorists

Computer Criminal � Armatures � Crackers � Career Criminals � Terrorists

Method of Defense � Prevent � Blocking the attack � Closing the vulnerability �

Method of Defense � Prevent � Blocking the attack � Closing the vulnerability � Deter � Making the attack harder � Deflect � Making another target more attractive � Detect � Discover real-time or off-line � Recover � From its effects

Multiple Controls

Multiple Controls

Q&A

Q&A

Cryptographic Hash Functions 01204427 June 2012 Topics OverviewCryptographic Hash Functions 01204427 June 2012 Topics Overview
The Birthday Paradox 01204427 June 2012 1 DefinitionThe Birthday Paradox 01204427 June 2012 1 Definition
Message Authentication Code 01204427 June 2012 Message AuthenticationMessage Authentication Code 01204427 June 2012 Message Authentication
Computer Security Network Security 1 Computer Security NetworkComputer Security Network Security 1 Computer Security Network
Computer Security Database Security 1 Computer Security DatabaseComputer Security Database Security 1 Computer Security Database
Computer Security Operating System Security 1 Computer SecurityComputer Security Operating System Security 1 Computer Security
Computer Security Principles of Computer Security Topics ComputerComputer Security Principles of Computer Security Topics Computer
Computer Security Damian Gordon Computer Security A computerComputer Security Damian Gordon Computer Security A computer
Computer security Computer security means protecting our computerComputer security Computer security means protecting our computer
Computer Security Principles of Computer Security Topics ComputerComputer Security Principles of Computer Security Topics Computer
Web Security and Email Security Computer Security andWeb Security and Email Security Computer Security and
Computer Security Introduction Need Mechanisms Computer security EnsuringComputer Security Introduction Need Mechanisms Computer security Ensuring
Computer Security Elaine Munn Introduction to Computer SecurityComputer Security Elaine Munn Introduction to Computer Security
CSC 682 Advanced Computer Security Introduction Computer SecurityCSC 682 Advanced Computer Security Introduction Computer Security
Information Security Cloud Computing Security What is SecurityInformation Security Cloud Computing Security What is Security
1 Introduction to Computer Security Introduction to Security1 Introduction to Computer Security Introduction to Security