a brief introduction to information security
play

A brief introduction to information security Part I Tyler Moore - PDF document

Dec 14, 2023 •472 likes •582 views

Notes A brief introduction to information security Part I Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX August 23, 2012 Some definitions Computer systems and networks Notes Outline Some definitions 1 What is

  1. Notes A brief introduction to information security Part I Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX August 23, 2012 Some definitions Computer systems and networks Notes Outline Some definitions 1 What is security? What is digital information? What is information security? Computer systems and networks 2 Computer architecture Network architecture 2 / 41 What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes Safety vs. Security Safety Security Protects against Protects against intentional accidents malice Defends against nature Defends against intelligent beings Can be modeled using probability theory with Must model the strategy of historical data adversaries 4 / 41 What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes Safety vs. Security Safety Security Question: If you were in charge of a building’s security, how would preparations differ for a tornado versus a terrorist attack? Hint: When preparing for a tornado, should you consider whether neighboring buildings have been protected? 5 / 41

  2. What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes What is digital information? Definition Digital information: information encoded in discrete numbers “Hi!” → 0x486921 6 / 41 What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes What are the implications of digital representation of information? 1 Costless to create perfect copies 2 Information can be transmitted anywhere immediately 3 Information can be remembered indefinitely ⇒ Easy to keep detailed record of transactions 4 Digitally encoded information lacks provenance ⇒ Modifications can’t be identified by just looking at the data 7 / 41 What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes What is information security? Information security is the endeavor to achieve protection goals specific to information. What are those goals? 1 Confidentiality : information is accessible only to authorized parties 2 Integrity : modification of information can be detected 3 Availability : authorized parties can access information (and use resources) when and where it is needed 8 / 41 What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes Confidentiality Exchange Broker � BUY,200,GOOG,$600.25 � Eve 9 / 41

  3. � What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes Confidentiality caveats Confidentiality does not cover prior knowledge Breaches of confidentiality cannot be undone Breaches of confidentiality can be difficult to detect Question: what characteristics of digital information make protecting confidentiality difficult? 10 / 41 What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes Integrity Exchange Broker � BUY,200,GOOG,$600.25 � $550.25 Mallory 11 / 41 What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes Integrity caveats Protecting integrity = ⇒ correcting modifications Integrity simply ensures that information hasn’t been altered Integrity makes no claim of absolute correctness Question: what characteristics of digital information make protecting integrity difficult? 12 / 41 What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes Availability Exchange Broker � BUY,200,GOOG,$600.25 � � BUY,200,GOOG,$600.25 � Mallory 13 / 41

  4. What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes Availability caveats Integrity is widely seen to be “harder” to guarantee than confidentiality or integrity Why? guarantees must often be made for more than the information Guarantees of the functionality of other parties may be required 14 / 41 What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes Who are these authorized parties the definitions speak of? Who is an authorized party? How are they authorized? By whom? Parties : human beings controlling computer system, or programs acting on their behalf Authorization : decision a principal must take on whether a party is allowed to undertake a task Authorization decision is the fundamental challenge of security engineering 15 / 41 What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes Identification vs. Authentication vs. Authorization Identification, authentication and authorization answer different questions Identification: Who are you? Authentication: Is it really you? Authorization: Knowing who you are, are you allowed to do something? Common mistake: conflating these concepts Deploying an authentication system does not solve the authorization problem 16 / 41 What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes How computers identify people In order to authorize a user to access computer resources, systems must figure out who they’re interacting with Computer systems store (ID, attribute) pairs Upon encountering a user, the system prompts for the ID and attribute. IDs should be unique If the attribute is only known to the user (e.g., a password), it can be used to authenticate the user to the system 17 / 41

  5. What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes Case study: authentication and authorization at ATMs ATM Bank Authentication steps 1. Insert card 2. Request matching PIN 3. Enter PIN Authorization steps 4. How much to withdraw? 5. Request $100 6. Balance ≥ $100? 7. Approve withdrawal 8. Dispense $100 18 / 41 What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes Authentication failure: ATM fails to authenticate user ATM Bank Authentication steps 1. Insert card 2. Request matching PIN Guess PIN 3. Enter PIN Authorization steps Mallory 4. How much to withdraw? 5. Request $100 6. Balance ≥ $100? 7. Approve withdrawal 8. Dispense $100 19 / 41 What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes Card skimmers: ATM incorrectly authenticates user Source: http://krebsonsecurity.com/all-about-skimmers/ 20 / 41 What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes Authentication failure: User fails to authenticate ATM ATM ATM Bank Authentication steps Fake ATM 1. Insert card 2. Request matching PIN 3. Enter PIN Authorization steps Mallory 4. How much to withdraw? 5. Request $100 6. Balance ≥ $100? 7. Approve withdrawal 8. Dispense $100 21 / 41

  6. What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes Fake ATMs: User fails to authenticate ATM Source: http://www.wired.com/threatlevel/2009/08/malicious-atm-catches-hackers/ 22 / 41 What is security? Some definitions What is digital information? Computer systems and networks What is information security? Notes Question: how does authentication fail on phishing websites? 23 / 41 Some definitions Computer architecture Computer systems and networks Network architecture Notes Four fundamental ideas of computer architecture 1 Code is data 2 Layers of abstraction 3 Moore’s law 4 Halting problem 25 / 41 Some definitions Computer architecture Computer systems and networks Network architecture Notes The von Neumann computer architecture The pervasive von Neumann computer architecture does not distinguish between instructions for computer programs and data Consequently, Code is Data ⇒ Enables great flexibility in reprogramming computers ⇒ Programs can be costlessly reproduced, not just data There are unfortunate security implications John von Neumann 26 / 41

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to information security Lecture #1 Security in Organizations 2011 Eric Verheul 1

Introduction to information security Lecture #1 Security in Organizations 2011 Eric Verheul 1

Introduction to information security Lecture #1 Security in Organizations 2011 Eric Verheul 1 Outline The lectures I will give Information Security events in the media What is Information Security? Recap Study for next

749 views • 45 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn

System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn

System Security I: Introduction TDDD17 Information Security, Second Course Ulf Kargn Department of Computer and Information Science Linkping University System Security 2 Security in computer systems Hardware (System)

838 views • 56 slides
Introduction to Information Security CODATA School Hannah Short (CERN), Sebastian Lopienski

Introduction to Information Security CODATA School Hannah Short (CERN), Sebastian Lopienski

Introduction to Information Security CODATA School Hannah Short (CERN), Sebastian Lopienski (CERN) August 12, 2018 Introduction to Information Security 2 Lecturers These slides have been compiled by members of the CERN Computer Security Team

948 views • 66 slides
Information Technology Security Presentation to Joint Legislative Committee on Information

Information Technology Security Presentation to Joint Legislative Committee on Information

Information Technology Security Presentation to Joint Legislative Committee on Information Technology Oversight Chip Moore State Chief Information Security Officer Office of Information Technology Services December 13, 2012 Introduction

353 views • 12 slides
HOW TO WRITE AN INFORMATION SECURITY POLICY INTRODUCTION This section is intended to help you

HOW TO WRITE AN INFORMATION SECURITY POLICY INTRODUCTION This section is intended to help you

HOW TO WRITE AN INFORMATION SECURITY POLICY INTRODUCTION This section is intended to help you produce an information security policy. Some of the information contained here is of a particularly detailed and complex nature and may not, therefore,

469 views • 8 slides
Introduction to the course Information Security Daniel Bosk Department of Information Systems

Introduction to the course Information Security Daniel Bosk Department of Information Systems

Scope and aims Course structure and content overview Course content Assessment Introduction to the course Information Security Daniel Bosk Department of Information Systems and Technology Mid Sweden University, Sundsvall School of

801 views • 29 slides
A brief introduction to information security Part II Tyler Moore Computer Science &

A brief introduction to information security Part II Tyler Moore Computer Science &

Notes A brief introduction to information security Part II Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX August 28 & 30, 2012 Engineered defenses to achieve protection goals Security threats Countering

369 views • 14 slides
Introduction to Security Prof. Tom Austin San Jos State University Why should we learn about

Introduction to Security Prof. Tom Austin San Jos State University Why should we learn about

CS 166: Information Security Introduction to Security Prof. Tom Austin San Jos State University Why should we learn about information security? Computer Security in the News Computer Crime for Fun & Profit Attackers have gone from

942 views • 48 slides
So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security

So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security

So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security Officer Background Personal Starion Bank Arts Goals Highlight the typical responsibilities of an Information Security Officer from

778 views • 22 slides
17Nov19 Information Security Essentials Recognizing Threats in Your Daily Routine This

17Nov19 Information Security Essentials Recognizing Threats in Your Daily Routine This

17Nov19 Information Security Essentials Recognizing Threats in Your Daily Routine This module will teach you what is information security, how to identify and avoid potential security risks in the workplace and beyond. 1 Introduction

406 views • 7 slides
DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security Information Assessment Brand Operation Consultancy & Security Protection Penetration Awareness Centre Testing External Networks

474 views • 44 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Ministry of Electronics & Information

510 views • 11 slides
11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information Security Webinar Storage of Classified Information Host: Treva Alexander, SAPPC Information Security Course Manager, DSS - CDSE Gained experience in

329 views • 14 slides
Information System Security Chapter 1:Introduction Dr. Loai Tawalbeh Faculty of Information

Information System Security Chapter 1:Introduction Dr. Loai Tawalbeh Faculty of Information

Information System Security Chapter 1:Introduction Dr. Loai Tawalbeh Faculty of Information system and Technology, The Arab Academy for Banking and Financial Sciences. Jordan Dr. Loai Tawalbeh summer 2006 Chapter 1 Introduction

253 views • 10 slides
Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security

Introduction to Web Application Security Professor Larry Heimann Web Application Security Information Systems Course Business Course site: http://67327.cmuis.net Schedule Reading Assignments in-class labs -- laptops w/ 272

981 views • 10 slides
The Dark Side of Digital Financial Transformation: Cybersecurity and Technological Risk Douglas

The Dark Side of Digital Financial Transformation: Cybersecurity and Technological Risk Douglas

The Dark Side of Digital Financial Transformation: Cybersecurity and Technological Risk Douglas W. Arner Kerry Holdings Professor in Law University of Hong Kong Douglas.Arner@hku.hk FinTech Evolution and Typology FinTech Evolution The

1.13k views • 27 slides
UART Thou Mad? Mickey and Toby Legal Notice Our opinion is our own. It DOES NOT IN ANY WAY

UART Thou Mad? Mickey and Toby Legal Notice Our opinion is our own. It DOES NOT IN ANY WAY

UART Thou Mad? Mickey and Toby Legal Notice Our opinion is our own. It DOES NOT IN ANY WAY represent the view of our employers. whoami - Mickey whoami - Toby Agenda Intro UART o Background o Finding it Embedded systems overview

493 views • 24 slides
Privacy Preserving Data Mining Li Xiong Department of Mathematics and Computer Science

Privacy Preserving Data Mining Li Xiong Department of Mathematics and Computer Science

CS378 Introduction to Data Mining Privacy Preserving Data Mining Li Xiong Department of Mathematics and Computer Science Department of Biomedical Informatics Emory University Netflix Sequel 2006, Netflix announced the challenge 2007,

951 views • 58 slides
Wireless Security: A Perspective (aka. What Weve Done Wrong, and Some of What We Can Do About

Wireless Security: A Perspective (aka. What Weve Done Wrong, and Some of What We Can Do About

Wireless Security: A Perspective (aka. What Weve Done Wrong, and Some of What We Can Do About It) Wade Trappe Agenda Agenda Tales from the Dark Side of Security Wireless in Particular Decomposing the Problem into Problems

697 views • 40 slides
Data Society the Impact of Data Sharing on Our Everydays Life 1 st Swiss Workshop on Data

Data Society the Impact of Data Sharing on Our Everydays Life 1 st Swiss Workshop on Data

Data Society the Impact of Data Sharing on Our Everydays Life 1 st Swiss Workshop on Data Science ZHAW School of Engineering, Winterthur 21 March 2014 Andr Golliez Managing Partner itopia ag President Opendata.ch, Swiss Chapter of the

656 views • 30 slides
(IN)SECURITY , RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at

(IN)SECURITY , RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at

(IN)SECURITY , RISK & THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at Swisscom frei@techzoom.net Twitter @stefan_frei Cyber & Networking Security Networking security has become critical issue for all types

788 views • 66 slides
Dave Oran Network Systems Research & Design A solicitation from DARPA U.S. Defense

Dave Oran Network Systems Research & Design A solicitation from DARPA U.S. Defense

Dave Oran Network Systems Research & Design A solicitation from DARPA U.S. Defense Advanced Research Projects Agency A Broad Agency Announcement , which is a non-secret, open request for proposals You can find it at

211 views • 6 slides
Acknowledgment Thanks to the many IBM colleagues who contribute to and support different

Acknowledgment Thanks to the many IBM colleagues who contribute to and support different

M ULTI -V EHICLE M AP F USION USING GNU R ADIO O PTIMIZATION AND A CCELERATION O PPORTUNITIES Augusto Vega Akin Sisbot Alper Buyuktosunoglu Arun Paidimarri David Trilla John-David Wellman Pradip Bose IBM T. J. Watson Research Center IBM

662 views • 31 slides

More recommend