chapter 1 introduction
play

Chapter 1: Introduction Components of computer security Threats - PDF document

Jan 29, 2024 •294 likes •381 views

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues April 1, 2004 ECS 235 Slide #1 Basic Components

  1. Chapter 1: Introduction • Components of computer security • Threats • Policies and mechanisms • The role of trust • Assurance • Operational Issues • Human Issues April 1, 2004 ECS 235 Slide #1 Basic Components • Confidentiality – Keeping data and resources hidden • Integrity – Data integrity (integrity) – Origin integrity (authentication) • Availability – Enabling access to data and resources April 1, 2004 ECS 235 Slide #2 1

  2. Classes of Threats • Disclosure – Snooping • Deception – Modification, spoofing, repudiation of origin, denial of receipt • Disruption – Modification • Usurpation – Modification, spoofing, delay, denial of service April 1, 2004 ECS 235 Slide #3 Policies and Mechanisms • Policy says what is, and is not, allowed – This defines “security” for the site/system/ etc . • Mechanisms enforce policies • Composition of policies – If policies conflict, discrepancies may create security vulnerabilities April 1, 2004 ECS 235 Slide #4 2

  3. Goals of Security • Prevention – Prevent attackers from violating security policy • Detection – Detect attackers’ violation of security policy • Recovery – Stop attack, assess and repair damage – Continue to function correctly even if attack succeeds April 1, 2004 ECS 235 Slide #5 Trust and Assumptions • Underlie all aspects of security • Policies – Unambiguously partition system states – Correctly capture security requirements • Mechanisms – Assumed to enforce policy – Support mechanisms work correctly April 1, 2004 ECS 235 Slide #6 3

  4. Types of Mechanisms secure broad precise set of reachable states set of secure states April 1, 2004 ECS 235 Slide #7 Assurance • Specification – Requirements analysis – Statement of desired functionality • Design – How system will meet specification • Implementation – Programs/systems that carry out design April 1, 2004 ECS 235 Slide #8 4

  5. Operational Issues • Cost-Benefit Analysis – Is it cheaper to prevent or recover? • Risk Analysis – Should we protect something? – How much should we protect this thing? • Laws and Customs – Are desired security measures illegal? – Will people do them? April 1, 2004 ECS 235 Slide #9 Human Issues • Organizational Problems – Power and responsibility – Financial benefits • People problems – Outsiders and insiders – Social engineering April 1, 2004 ECS 235 Slide #10 5

  6. Tying Together Threats Policy Specification Design Implementation Operation April 1, 2004 ECS 235 Slide #11 Chapter 13: Design Principles • Overview • Principles – Least Privilege – Fail-Safe Defaults – Economy of Mechanism – Complete Mediation – Open Design – Separation of Privilege – Least Common Mechanism – Psychological Acceptability April 1, 2004 ECS 235 Slide #12 6

  7. Overview • Simplicity – Less to go wrong – Fewer possible inconsistencies – Easy to understand • Restriction – Minimize access – Inhibit communication April 1, 2004 ECS 235 Slide #13 Least Privilege • A subject should be given only those privileges necessary to complete its task – Function, not identity, controls – Rights added as needed, discarded after use – Minimal protection domain April 1, 2004 ECS 235 Slide #14 7

  8. Fail-Safe Defaults • Default action is to deny access • If action fails, system as secure as when action began April 1, 2004 ECS 235 Slide #15 8

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction 1.1 Legal background This series of lectures lecture has been prepared using the

Introduction 1.1 Legal background This series of lectures lecture has been prepared using the

AAT Tax Update 2014 Chapter 1 Introduction Chapter 2 Budget round-up - overview of key announcements - particular interest/ importance Personal tax Income tax, NICs, tax allowances etc Chapter 3 Chapter 4 Business tax review - MIP/SME

1.23k views • 74 slides
Chapter 1: Introduction to Computers and Java Chapter Topics Chapter 1 discusses the following

Chapter 1: Introduction to Computers and Java Chapter Topics Chapter 1 discusses the following

Chapter 1: Introduction to Computers and Java Chapter Topics Chapter 1 discusses the following main topics: Introduction Why Program? Computer Systems: Hardware and Software Programming Languages What Is a Program Made Of?

1k views • 61 slides
Chapter 1: Introduction CMPS 105: Systems Programming Prof. Scott Brandt T Th 2-3:45 Soc Sci 2,

Chapter 1: Introduction CMPS 105: Systems Programming Prof. Scott Brandt T Th 2-3:45 Soc Sci 2,

Chapter 1: Introduction CMPS 105: Systems Programming Prof. Scott Brandt T Th 2-3:45 Soc Sci 2, Rm. 167 Class Outline Chapter 1: Introduction Chapter 2: Unix Standards and Implementations Chapter 3: File I/O Chapter 4: Files and

204 views • 17 slides
Chapter 3 Chapter 3 Data Description McGraw-Hill, Bluman, 7 th ed, Chapter 3 1 Ch Chapter 3

Chapter 3 Chapter 3 Data Description McGraw-Hill, Bluman, 7 th ed, Chapter 3 1 Ch Chapter 3

Chapter 3 Chapter 3 Data Description McGraw-Hill, Bluman, 7 th ed, Chapter 3 1 Ch Chapter 3 Overview t 3 O i Introduction Introduction 3-1 Measures of Central Tendency 3-2 Measures of Variation 3-3 Measures of Position 3

889 views • 87 slides
INTRODUCTION TO TRANSACTION PROCESSING CHAPTER 21 (6/E) CHAPTER 17 (5/E) CHAPTER 21 OUTLINE

INTRODUCTION TO TRANSACTION PROCESSING CHAPTER 21 (6/E) CHAPTER 17 (5/E) CHAPTER 21 OUTLINE

INTRODUCTION TO TRANSACTION PROCESSING CHAPTER 21 (6/E) CHAPTER 17 (5/E) CHAPTER 21 OUTLINE Introduction to Transaction Processing Desirable Properties of Transactions Transaction Support in SQL 2 DEFINITIONS

636 views • 15 slides
Reading assignment Chapter 3.1, 3.2 Chapter 4.1, 4.3 1 Outline Introduction to

Reading assignment Chapter 3.1, 3.2 Chapter 4.1, 4.3 1 Outline Introduction to

Reading assignment Chapter 3.1, 3.2 Chapter 4.1, 4.3 1 Outline Introduction to assembly programing Introduction to Y86 Y86 instructions, encoding and execution 2 Assembly The CPU uses machine language to perform all its

1.06k views • 48 slides
Chapter 13: Introduction to Analysis of Chapter 13: Introduction to Analysis of Variance I t

Chapter 13: Introduction to Analysis of Chapter 13: Introduction to Analysis of Variance I t

Chapter 13: Introduction to Analysis of Chapter 13: Introduction to Analysis of Variance I t Introduction d ti Analysis of variance (ANOVA) is a hypothesis-testing procedure that is used to evaluate mean differences between two or

754 views • 46 slides
Introduction to Business Statistics Introduction to Business Statistics QM 120 Ch Chapter 4 t

Introduction to Business Statistics Introduction to Business Statistics QM 120 Ch Chapter 4 t

DEPARTMENT OF QUANTITATIVE METHODS & INFORMATION SYSTEMS Introduction to Business Statistics Introduction to Business Statistics QM 120 Ch Chapter 4 t 4 Spring 2008 Dr. Mohammad Zainal Chapter 4: Experiment, outcomes, and sample space

1.02k views • 63 slides
Chapter 21 Listings www.charltonslaw.com 0 Index Page Introduction 3 Chapter 20

Chapter 21 Listings www.charltonslaw.com 0 Index Page Introduction 3 Chapter 20

Chapter 21 Listings www.charltonslaw.com 0 Index Page Introduction 3 Chapter 20 Listings 4 Chapter 21 Listings 5 Reasons for Listing under Chapter 21 6 Restrictive Regime 9 Jurisdictional Comparison 17

753 views • 35 slides
Chapter 13 Chapter 13 1 What is this? Chapter 13 2 What is this? Chapter 13 3 What is

Chapter 13 Chapter 13 1 What is this? Chapter 13 2 What is this? Chapter 13 3 What is

Chapter 13 Chapter 13 1 What is this? Chapter 13 2 What is this? Chapter 13 3 What is this? Uncertainty Chapter 13 4 Outline Uncertainty Probability Syntax and Semantics Inference Independence and Bayes Rule

688 views • 37 slides
INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

ADVANCED COMPUTER SECURITY INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT IS SECURITY? A systems security policies describe What the system is supposed to do Store and provide access

479 views • 16 slides
Table of Contents Chapter 1 Introduction Chapter 2 First Prototypes of an

Table of Contents Chapter 1 Introduction Chapter 2 First Prototypes of an

Table of Contents Chapter 1 Introduction Chapter 2 First Prototypes of an Associative Computing (ASC) Processor Design and Implementation of an FPGA-Based Chapter 3 A Scalable Pipelined ASC Processor With Scalable

367 views • 9 slides
Simulation Simulation CHAPTER 1 INTRODUCTION TO SIMULATION 2 MODELING CHAPTER 1 INTRODUCTION

Simulation Simulation CHAPTER 1 INTRODUCTION TO SIMULATION 2 MODELING CHAPTER 1 INTRODUCTION

Introduction to Simulation Simulation CHAPTER 1 INTRODUCTION TO SIMULATION 2 MODELING CHAPTER 1 INTRODUCTION TO SIMULATION 3 MODELING Simulation Modeling Paradigm that creates simplified representations of complex systems Generates

540 views • 22 slides
Introduction to Business Statistics QM 220 Chapter 10 Dr. Mohammad Zainal Chapter 10:

Introduction to Business Statistics QM 220 Chapter 10 Dr. Mohammad Zainal Chapter 10:

Department of Quantitative Methods & Information Systems Introduction to Business Statistics QM 220 Chapter 10 Dr. Mohammad Zainal Chapter 10: Estimation and hypothesis testing: two populations What are we going to cover? 10.1

722 views • 47 slides
Chapter 1 Introduction Computer Networking: A Top Down Approach Featuring the Internet , 3 rd

Chapter 1 Introduction Computer Networking: A Top Down Approach Featuring the Internet , 3 rd

Chapter 1 Introduction Computer Networking: A Top Down Approach Featuring the Internet , 3 rd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2004. Introduction 1-1 Chapter 1: Introduction Our goal: Overview: get feel and

792 views • 35 slides
Chapter 1 Introduction Adapted from Computer Networking: A Top Down Approach, 6th edition,

Chapter 1 Introduction Adapted from Computer Networking: A Top Down Approach, 6th edition,

Chapter 1 Introduction Adapted from Computer Networking: A Top Down Approach, 6th edition, Jim Kurose, Keith Ross Addison-Wesley, March 2012 Introduction 1-1 Chapter 1: introduction Review : what s the Internet? what s a

1.01k views • 59 slides
Strengthening Early Childhood in Kansas in 2019 WEBINAR April 17, 2019 Welcome Amanda

Strengthening Early Childhood in Kansas in 2019 WEBINAR April 17, 2019 Welcome Amanda

Strengthening Early Childhood in Kansas in 2019 WEBINAR April 17, 2019 Welcome Amanda Petersen, Director of Early Childhood Kansas State Department of Education Melissa Rooker, Executive Director Kansas Childrens Cabinet and Trust Fund

791 views • 21 slides
Questions of Trust Jason Quinley, Christopher Ahern University of T ubingen, University of

Questions of Trust Jason Quinley, Christopher Ahern University of T ubingen, University of

Introduction Politeness Theory Game Theory Trust and Modals Conclusion Questions of Trust Jason Quinley, Christopher Ahern University of T ubingen, University of Pennsylvania August 13, 2012 Quinley and Ahern () Questions of Trust

957 views • 36 slides
Board of Trustees Retreat October 26, 2013 An Equal Opportunity University A Time of Great

Board of Trustees Retreat October 26, 2013 An Equal Opportunity University A Time of Great

Board of Trustees Retreat October 26, 2013 An Equal Opportunity University A Time of Great Momentum THE UNIVERSITY OF KENTUCKY see tomorrow . STRATEGIC PLAN Strategic Planning Building on momentum Process of setting high goals and

335 views • 7 slides
Master Trusts Coming Full Circle Vincent Boyle Chief Executive APT Workplace Pensions

Master Trusts Coming Full Circle Vincent Boyle Chief Executive APT Workplace Pensions

Master Trusts Coming Full Circle Vincent Boyle Chief Executive APT Workplace Pensions Limited IAPF Annual Governance Conference 2018 IORPS II Early 2019 effective system of governance principles of prudential

411 views • 20 slides
Lect ure # 24 ADVANCED DATABASE SYSTEMS Databases on New Hardware @ Andy_Pavlo // 15- 721 //

Lect ure # 24 ADVANCED DATABASE SYSTEMS Databases on New Hardware @ Andy_Pavlo // 15- 721 //

Lect ure # 24 ADVANCED DATABASE SYSTEMS Databases on New Hardware @ Andy_Pavlo // 15- 721 // Spring 2018 2 ADM IN ISTRIVIA Snowflake Guest: May 2 th @ 3:00pm Final Exam Handout: May 2 nd Code Review #2: May 2 nd @ 11:59pm We will use the

1.01k views • 73 slides
Utilizing the Latest Features of Intel's Performance Monitoring Unit Scalable Tools Workshop 2019

Utilizing the Latest Features of Intel's Performance Monitoring Unit Scalable Tools Workshop 2019

Utilizing the Latest Features of Intel's Performance Monitoring Unit Scalable Tools Workshop 2019 Michael Chynoweth Intel Fellow Contributors: Patrick Konsor, Sneha Gohad, Joe Olivas, Vishnu Naikawadi, Andi Kleen, Ahmad Yasin Agenda

420 views • 15 slides
osstest The Xen Projects CI system Some interesting architectural features Xen Summit

osstest The Xen Projects CI system Some interesting architectural features Xen Summit

osstest The Xen Projects CI system Some interesting architectural features Xen Summit Budapest 2017 Ian Jackson Citrix a harness instance multiple harness instances & versions cr* control (& cron) building sg* step

390 views • 7 slides
EPSCoR Webinar OCTOBER 25, 2019 Emera Technologies, LLC Safety Briefing 2 Introduction Quik

EPSCoR Webinar OCTOBER 25, 2019 Emera Technologies, LLC Safety Briefing 2 Introduction Quik

EPSCoR Webinar OCTOBER 25, 2019 Emera Technologies, LLC Safety Briefing 2 Introduction Quik Quarter/Thrifty Nickel Air Force / VA Tech / UNM EE Intel MODE / Emcore / SolAero Novalux Cell Robotics FootPrints TriLumina

490 views • 22 slides

More recommend