dilemma and design
play

Dilemma and Design CSM27 Computer Security Dr Hans Georg Schaathun - PowerPoint PPT Presentation

Aug 17, 2023 •285 likes •817 views

Dilemma and Design CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2007 Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 1 / 30 The session Outline The session 1 Security Design 2 Security and

  1. Dilemma and Design CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2007 Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 1 / 30

  2. The session Outline The session 1 Security Design 2 Security and Simplicity The fundamental dilemma Design Decisions Attack trees 3 Attack trees Exercises Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 2 / 30

  3. The session Session objectives Realise how difficult security is. Realise how easy security is. Consider some general design decisions which have to be made Understand how (much) security depends on both software features, physical features, and organisational structure and policy. Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 3 / 30

  4. Security Design Outline The session 1 Security Design 2 Security and Simplicity The fundamental dilemma Design Decisions Attack trees 3 Attack trees Exercises Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 4 / 30

  5. Security Design Security and Simplicity Outline The session 1 Security Design 2 Security and Simplicity The fundamental dilemma Design Decisions Attack trees 3 Attack trees Exercises Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 5 / 30

  6. Security Design Security and Simplicity How difficult is security? Which is the most challenging? Building a secure system? Securing a built system? Why? Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 6 / 30

  7. Security Design Security and Simplicity How difficult is security? Which is the most challenging? Building a secure system? Securing a built system? Why? Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 6 / 30

  8. Security Design Security and Simplicity Patchwork security Security added as an afterthought. Existing, insecure system is extremely complex. Reverse-engineering to find flaws. Many flaws found only upon attack. Security experts on their heels Patching holes as they are exploited System too complex to understand Trial-and-Error Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 7 / 30

  9. Security Design Security and Simplicity Patchwork security Security added as an afterthought. Existing, insecure system is extremely complex. Reverse-engineering to find flaws. Many flaws found only upon attack. Security experts on their heels Patching holes as they are exploited System too complex to understand Trial-and-Error Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 7 / 30

  10. Security Design Security and Simplicity Patchwork security Security added as an afterthought. Existing, insecure system is extremely complex. Reverse-engineering to find flaws. Many flaws found only upon attack. Security experts on their heels Patching holes as they are exploited System too complex to understand Trial-and-Error Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 7 / 30

  11. Security Design Security and Simplicity Patchwork security Security added as an afterthought. Existing, insecure system is extremely complex. Reverse-engineering to find flaws. Many flaws found only upon attack. Security experts on their heels Patching holes as they are exploited System too complex to understand Trial-and-Error Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 7 / 30

  12. Security Design Security and Simplicity Patchwork security Security added as an afterthought. Existing, insecure system is extremely complex. Reverse-engineering to find flaws. Many flaws found only upon attack. Security experts on their heels Patching holes as they are exploited System too complex to understand Trial-and-Error Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 7 / 30

  13. Security Design Security and Simplicity Patchwork security Security added as an afterthought. Existing, insecure system is extremely complex. Reverse-engineering to find flaws. Many flaws found only upon attack. Security experts on their heels Patching holes as they are exploited System too complex to understand Trial-and-Error Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 7 / 30

  14. Security Design Security and Simplicity Patchwork security Security added as an afterthought. Existing, insecure system is extremely complex. Reverse-engineering to find flaws. Many flaws found only upon attack. Security experts on their heels Patching holes as they are exploited System too complex to understand Trial-and-Error Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 7 / 30

  15. Security Design Security and Simplicity Patchwork security Security added as an afterthought. Existing, insecure system is extremely complex. Reverse-engineering to find flaws. Many flaws found only upon attack. Security experts on their heels Patching holes as they are exploited System too complex to understand Trial-and-Error Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 7 / 30

  16. Security Design Security and Simplicity Secure design No features ⇒ no security holes. Only add secure features. Default is always ‘access denied’. Access given when demonstrateably necessary. Need-to-know policy Security is maintained during the design and building. Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 8 / 30

  17. Security Design Security and Simplicity Secure design No features ⇒ no security holes. Only add secure features. Default is always ‘access denied’. Access given when demonstrateably necessary. Need-to-know policy Security is maintained during the design and building. Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 8 / 30

  18. Security Design Security and Simplicity Secure design No features ⇒ no security holes. Only add secure features. Default is always ‘access denied’. Access given when demonstrateably necessary. Need-to-know policy Security is maintained during the design and building. Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 8 / 30

  19. Security Design Security and Simplicity Secure design No features ⇒ no security holes. Only add secure features. Default is always ‘access denied’. Access given when demonstrateably necessary. Need-to-know policy Security is maintained during the design and building. Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 8 / 30

  20. Security Design Security and Simplicity Secure design No features ⇒ no security holes. Only add secure features. Default is always ‘access denied’. Access given when demonstrateably necessary. Need-to-know policy Security is maintained during the design and building. Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 8 / 30

  21. Security Design Security and Simplicity Adding features to the box Feature-oriented design Users must be able to add data Security-oriented design Authorised users and nobody else must be able to add data. We only add features if we can maintain security Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 9 / 30

  22. Security Design Security and Simplicity Adding features to the box Feature-oriented design Users must be able to add data Security-oriented design Authorised users and nobody else must be able to add data. We only add features if we can maintain security Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 9 / 30

  23. Security Design Security and Simplicity Adding features to the box Feature-oriented design Users must be able to add data Security-oriented design Authorised users and nobody else must be able to add data. We only add features if we can maintain security Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 9 / 30

  24. Security Design The fundamental dilemma Outline The session 1 Security Design 2 Security and Simplicity The fundamental dilemma Design Decisions Attack trees 3 Attack trees Exercises Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 10 / 30

  25. Security Design The fundamental dilemma Product and System Product is a software package designed for general use in a variety of systems. System is a specific IT installation, with a particular purpose and operational environment. A secure product can be deployed insecurily in a system. A system can incorporate non-standard security requirements of a particular application. Secure products can be mass-produced Security affects many users. Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 11 / 30

  26. Security Design The fundamental dilemma The fundamental dilemma The users Require security No security expertise The expert Security expertise Unfamiliar of the application and local requirements Who can capture the local security requirements? Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 12 / 30

  27. Security Design The fundamental dilemma The fundamental dilemma The users Require security No security expertise The expert Security expertise Unfamiliar of the application and local requirements Who can capture the local security requirements? Dr Hans Georg Schaathun Dilemma and Design Autumn 2007 12 / 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Platform-based Design and the First Generation Dilemma By Jiang Xu and Wayne Wolf Dept. of ELE

Platform-based Design and the First Generation Dilemma By Jiang Xu and Wayne Wolf Dept. of ELE

Platform-based Design and the First Generation Dilemma By Jiang Xu and Wayne Wolf Dept. of ELE Princeton University April. 2002 Outline Background Typical system-level design methodology Platform-based design methodology First

288 views • 7 slides
The Bioshield Bioshield Dilemma: Dilemma: The Developing New Technologies At an Affordable

The Bioshield Bioshield Dilemma: Dilemma: The Developing New Technologies At an Affordable

Introduction to Homeland Security Sept. 21, 2005 Lecture 4A: The Bioshield Bioshield Dilemma: Dilemma: The Developing New Technologies At an Affordable Price Stephen M. Maurer Goldman School of Public Policy Introduction The Need. The

522 views • 30 slides
Product Development Dilemma Product Development Dilemma

Product Development Dilemma Product Development Dilemma

A Revolutionary Solution for A Revolutionary Solution for Unified RF System and Circuit Unified RF System and Circuit Design Design EDP-2002 Conference Monterey, California April 21-23 James Spoto President and CEO AWR Product

172 views • 6 slides
Multi-Voltage Floorplan Design with Optimal Voltage Assignment Introduction Dilemma between

Multi-Voltage Floorplan Design with Optimal Voltage Assignment Introduction Dilemma between

Qian Zaichen, Evangeline F.Y. Young Department of CSE The Chinese University of Hong Kong Multi-Voltage Floorplan Design with Optimal Voltage Assignment Introduction Dilemma between delay & power Power is proportional to Voltage

602 views • 29 slides
AI and Big data in health the dilemma of Truth the dilemma of Truth christian.lovis@hcuge.ch

AI and Big data in health the dilemma of Truth the dilemma of Truth christian.lovis@hcuge.ch

AI and Big data in health the dilemma of Truth the dilemma of Truth christian.lovis@hcuge.ch medical information sciences AI in Musique Bach style chorale Experiences Emmy Vivaldi David Cope, The Emily Howell project Emmy Beethoven beg 2

726 views • 45 slides
THE BANCASSURANCE DILEMMA THE BANCASSURANCE DILEMMA Should banks be brokers with higher

THE BANCASSURANCE DILEMMA THE BANCASSURANCE DILEMMA Should banks be brokers with higher

19 TH INDIA FELLOWSHIP SEMINAR 19 INDIA FELLOWSHIP SEMINAR JUNE 2013 THE BANCASSURANCE DILEMMA THE BANCASSURANCE DILEMMA Should banks be brokers with higher responsibility towards customers or should they continue as corporate agents? Bhavna

463 views • 29 slides
Mutual Fund Investors dilemma Expectations Reality THE DISCONNECT Investors dilemma

Mutual Fund Investors dilemma Expectations Reality THE DISCONNECT Investors dilemma

Mutual Fund Investors dilemma Expectations Reality THE DISCONNECT Investors dilemma Expectations Reality THE DISCONNECT Typical investor behavior observed through different phases of markets Every bull and bear run in the market

589 views • 19 slides
FOOD ALLERGIES - THE DILEMMA 2002 The Dilemma Accurate identification of the allergenic food

FOOD ALLERGIES - THE DILEMMA 2002 The Dilemma Accurate identification of the allergenic food

Dr. Janice M. Joneja, Ph.D. FOOD ALLERGIES - THE DILEMMA 2002 The Dilemma Accurate identification of the allergenic food is crucial for correct management of food allergy Inaccurate identification of the allergenic food leads to

463 views • 22 slides
Physical Design Closure Physical Design Closure Olivier Coudert Monterey Design System DAC 2000

Physical Design Closure Physical Design Closure Olivier Coudert Monterey Design System DAC 2000

Physical Design Closure Physical Design Closure Olivier Coudert Monterey Design System DAC 2000 DAC2000 (C) Monterey Design Systems 1 DSM Dilemma SOC DSM Time to market Higher resistance Abstraction Million gates

580 views • 35 slides
(Other) Lessons from Primary School Aka The Diversity Dilemma Paula Burton (Ngov) Shennae Searle

(Other) Lessons from Primary School Aka The Diversity Dilemma Paula Burton (Ngov) Shennae Searle

(Other) Lessons from Primary School Aka The Diversity Dilemma Paula Burton (Ngov) Shennae Searle Kudos: John Sullivan, Co-Founder of original @paulangov @shennaesearle Diversity Dilemma talk #beautyOfTech Transcript for Video 1

596 views • 23 slides
The Quest for design closure The Quest for design closure Olivier Coudert Monterey Design System

The Quest for design closure The Quest for design closure Olivier Coudert Monterey Design System

Part IV Part IV The Quest for design closure The Quest for design closure Olivier Coudert Monterey Design System ASP-DAC 2001, tutorial 3 ASP-DAC'01 Olivier Coudert IV-1 DSM Dilemma SOC DSM Time to market Higher resistance Abstraction

774 views • 66 slides
Probabilistic Programs Guy Van den Broeck StarAI Workshop @ AAAI, Feb 7, 2020 The AI Dilemma

Probabilistic Programs Guy Van den Broeck StarAI Workshop @ AAAI, Feb 7, 2020 The AI Dilemma

Computer Science Querying Advanced Probabilistic Models: From Relational Embeddings to Probabilistic Programs Guy Van den Broeck StarAI Workshop @ AAAI, Feb 7, 2020 The AI Dilemma Pure Learning Pure Logic The AI Dilemma Pure Learning

851 views • 63 slides
Reasoning and Learning Guy Van den Broeck WUSTL CSE, Jan 23, 2020 The AI Dilemma Pure Learning

Reasoning and Learning Guy Van den Broeck WUSTL CSE, Jan 23, 2020 The AI Dilemma Pure Learning

Computer Science Towards a New Synthesis of Reasoning and Learning Guy Van den Broeck WUSTL CSE, Jan 23, 2020 The AI Dilemma Pure Learning Pure Logic The AI Dilemma Pure Learning Pure Logic Slow thinking: deliberative, cognitive,

751 views • 53 slides
Evolu&onary Dynamics of the Spa&al Prisoners Dilemma

Evolu&onary Dynamics of the Spa&al Prisoners Dilemma

Evolu&onary Dynamics of the Spa&al Prisoners Dilemma Carla Silva, Welma Pereira, Jan Knotek and Pedro Campos Faculty of Economics, University of

442 views • 42 slides
Looking back and forwards: the Execution Dilemma and the Importance of Radical

Looking back and forwards: the Execution Dilemma and the Importance of Radical

Looking back and forwards: the Execution Dilemma and the Importance of Radical Innovation Domenico Rossi ST Microelectronics CAS Workshop 2017 Pavia March 20 th 21 st Almo Collegio Borromeo The semiconductor industry:

579 views • 45 slides
Employer Name Understanding the EAP 1-800-395-1616 The Workplace Dilemma... What happens at

Employer Name Understanding the EAP 1-800-395-1616 The Workplace Dilemma... What happens at

Employer Name Understanding the EAP 1-800-395-1616 The Workplace Dilemma... What happens at home... Is brought to work. Stress and Anxiety Absenteeism Depression Return-to-work Sick Leave Marriage Problems Loss of a loved one Anger

470 views • 22 slides
Type checking privacy policies in the

Type checking privacy policies in the

Type checking privacy policies in the -calculus Anna Philippou University of Cyprus Joint work with Dimitrios

572 views • 28 slides
6 Years of Test Automation @mikeb2701 Assumptions Testing is important Automating

6 Years of Test Automation @mikeb2701 Assumptions Testing is important Automating

6 Years of Test Automation @mikeb2701 Assumptions Testing is important Automating testing is important Types of tests Static Analysis Unit Testing Integration Testing Acceptance Testing Performance Testing

619 views • 33 slides
2 nd quarter FY16 results 15 th Sept 2015 Disclaimer This document contains certain

2 nd quarter FY16 results 15 th Sept 2015 Disclaimer This document contains certain

2 nd quarter FY16 results 15 th Sept 2015 Disclaimer This document contains certain forward-looking statements with respect to Astro Malaysia Holdings Berhads (Astro) financial condition, results of operations and business, and

352 views • 20 slides
UHE Cosmic Particles studies from space: super-EUSO: a possible next-generation experiment ?

UHE Cosmic Particles studies from space: super-EUSO: a possible next-generation experiment ?

Villa Mondragone - Frascati (Roma) / May 14, 2009 UHE Cosmic Particles studies from space: super-EUSO: a possible next-generation experiment ? Alessandro Petrolini Universit` a di Genova and INFN sezione di Genova BR-247 Cosmic Vision Cosmic

526 views • 27 slides
AFEP Francesca Maritan 14.9.2016 Welcome u ... To our veteran members u Thank you

AFEP Francesca Maritan 14.9.2016 Welcome u ... To our veteran members u Thank you

AFEP Francesca Maritan 14.9.2016 Welcome u ... To our veteran members u Thank you to MMS for hosGng Agenda Introduc)on to member mee)ng: Francesca Maritan The Arms War Fraud in the Digital Age: Andrew BarneL, Director, Barclays

302 views • 26 slides
The World Wide Web Lecture 7 COMPSCI111/111G Todays lecture u Recap material on the

The World Wide Web Lecture 7 COMPSCI111/111G Todays lecture u Recap material on the

The World Wide Web Lecture 7 COMPSCI111/111G Todays lecture u Recap material on the Internet and World Wide Web (WWW) u Understand how the WWW works u Understand how search engines work u The implications of search engines Recap u

559 views • 30 slides
2 3 4 5 Builds on existing solutions The Brokerage is complimentary as long as existing waste

2 3 4 5 Builds on existing solutions The Brokerage is complimentary as long as existing waste

2 3 4 5 Builds on existing solutions The Brokerage is complimentary as long as existing waste frameworks and contracts contain a retain ownership of material option strategic management national aggregation of resource materials In

509 views • 18 slides
Deeply Uncertain: Comparing Methods of Uncertainty Quantification in Deep Learning Algorithms

Deeply Uncertain: Comparing Methods of Uncertainty Quantification in Deep Learning Algorithms

Deeply Uncertain: Comparing Methods of Uncertainty Quantification in Deep Learning Algorithms Joao Caldeira ICLR Fundamental Science in the era of Al workshop 26 April 2020 [talk recorded on 14 April 2020] FER M I LA B-S L I D ES-20-008-S CD T

724 views • 17 slides

More recommend