chapter 1 introduction
play

Chapter 1: Introduction Components of computer security Threats - PDF document

Jan 29, 2024 •294 likes •381 views

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues April 1, 2004 ECS 235 Slide #1 Basic Components

  1. Chapter 1: Introduction • Components of computer security • Threats • Policies and mechanisms • The role of trust • Assurance • Operational Issues • Human Issues April 1, 2004 ECS 235 Slide #1 Basic Components • Confidentiality – Keeping data and resources hidden • Integrity – Data integrity (integrity) – Origin integrity (authentication) • Availability – Enabling access to data and resources April 1, 2004 ECS 235 Slide #2 1

  2. Classes of Threats • Disclosure – Snooping • Deception – Modification, spoofing, repudiation of origin, denial of receipt • Disruption – Modification • Usurpation – Modification, spoofing, delay, denial of service April 1, 2004 ECS 235 Slide #3 Policies and Mechanisms • Policy says what is, and is not, allowed – This defines “security” for the site/system/ etc . • Mechanisms enforce policies • Composition of policies – If policies conflict, discrepancies may create security vulnerabilities April 1, 2004 ECS 235 Slide #4 2

  3. Goals of Security • Prevention – Prevent attackers from violating security policy • Detection – Detect attackers’ violation of security policy • Recovery – Stop attack, assess and repair damage – Continue to function correctly even if attack succeeds April 1, 2004 ECS 235 Slide #5 Trust and Assumptions • Underlie all aspects of security • Policies – Unambiguously partition system states – Correctly capture security requirements • Mechanisms – Assumed to enforce policy – Support mechanisms work correctly April 1, 2004 ECS 235 Slide #6 3

  4. Types of Mechanisms secure broad precise set of reachable states set of secure states April 1, 2004 ECS 235 Slide #7 Assurance • Specification – Requirements analysis – Statement of desired functionality • Design – How system will meet specification • Implementation – Programs/systems that carry out design April 1, 2004 ECS 235 Slide #8 4

  5. Operational Issues • Cost-Benefit Analysis – Is it cheaper to prevent or recover? • Risk Analysis – Should we protect something? – How much should we protect this thing? • Laws and Customs – Are desired security measures illegal? – Will people do them? April 1, 2004 ECS 235 Slide #9 Human Issues • Organizational Problems – Power and responsibility – Financial benefits • People problems – Outsiders and insiders – Social engineering April 1, 2004 ECS 235 Slide #10 5

  6. Tying Together Threats Policy Specification Design Implementation Operation April 1, 2004 ECS 235 Slide #11 Chapter 13: Design Principles • Overview • Principles – Least Privilege – Fail-Safe Defaults – Economy of Mechanism – Complete Mediation – Open Design – Separation of Privilege – Least Common Mechanism – Psychological Acceptability April 1, 2004 ECS 235 Slide #12 6

  7. Overview • Simplicity – Less to go wrong – Fewer possible inconsistencies – Easy to understand • Restriction – Minimize access – Inhibit communication April 1, 2004 ECS 235 Slide #13 Least Privilege • A subject should be given only those privileges necessary to complete its task – Function, not identity, controls – Rights added as needed, discarded after use – Minimal protection domain April 1, 2004 ECS 235 Slide #14 7

  8. Fail-Safe Defaults • Default action is to deny access • If action fails, system as secure as when action began April 1, 2004 ECS 235 Slide #15 8

Recommend

Introduction 1.1 Legal background This series of lectures lecture has been prepared using the

Introduction 1.1 Legal background This series of lectures lecture has been prepared using the

AAT Tax Update 2014 Chapter 1 Introduction Chapter 2 Budget round-up - overview of key announcements - particular interest/ importance Personal tax Income tax, NICs, tax allowances etc Chapter 3 Chapter 4 Business tax review - MIP/SME

1.23k views • 74 slides
Chapter 1: Introduction to Computers and Java Chapter Topics Chapter 1 discusses the following

Chapter 1: Introduction to Computers and Java Chapter Topics Chapter 1 discusses the following

Chapter 1: Introduction to Computers and Java Chapter Topics Chapter 1 discusses the following main topics: Introduction Why Program? Computer Systems: Hardware and Software Programming Languages What Is a Program Made Of?

1k views • 61 slides
Chapter 1: Introduction CMPS 105: Systems Programming Prof. Scott Brandt T Th 2-3:45 Soc Sci 2,

Chapter 1: Introduction CMPS 105: Systems Programming Prof. Scott Brandt T Th 2-3:45 Soc Sci 2,

Chapter 1: Introduction CMPS 105: Systems Programming Prof. Scott Brandt T Th 2-3:45 Soc Sci 2, Rm. 167 Class Outline Chapter 1: Introduction Chapter 2: Unix Standards and Implementations Chapter 3: File I/O Chapter 4: Files and

204 views • 17 slides
Chapter 3 Chapter 3 Data Description McGraw-Hill, Bluman, 7 th ed, Chapter 3 1 Ch Chapter 3

Chapter 3 Chapter 3 Data Description McGraw-Hill, Bluman, 7 th ed, Chapter 3 1 Ch Chapter 3

Chapter 3 Chapter 3 Data Description McGraw-Hill, Bluman, 7 th ed, Chapter 3 1 Ch Chapter 3 Overview t 3 O i Introduction Introduction 3-1 Measures of Central Tendency 3-2 Measures of Variation 3-3 Measures of Position 3

892 views • 87 slides
INTRODUCTION TO TRANSACTION PROCESSING CHAPTER 21 (6/E) CHAPTER 17 (5/E) CHAPTER 21 OUTLINE

INTRODUCTION TO TRANSACTION PROCESSING CHAPTER 21 (6/E) CHAPTER 17 (5/E) CHAPTER 21 OUTLINE

INTRODUCTION TO TRANSACTION PROCESSING CHAPTER 21 (6/E) CHAPTER 17 (5/E) CHAPTER 21 OUTLINE Introduction to Transaction Processing Desirable Properties of Transactions Transaction Support in SQL 2 DEFINITIONS

636 views • 15 slides
Reading assignment Chapter 3.1, 3.2 Chapter 4.1, 4.3 1 Outline Introduction to

Reading assignment Chapter 3.1, 3.2 Chapter 4.1, 4.3 1 Outline Introduction to

Reading assignment Chapter 3.1, 3.2 Chapter 4.1, 4.3 1 Outline Introduction to assembly programing Introduction to Y86 Y86 instructions, encoding and execution 2 Assembly The CPU uses machine language to perform all its

1.06k views • 48 slides
Chapter 13: Introduction to Analysis of Chapter 13: Introduction to Analysis of Variance I t

Chapter 13: Introduction to Analysis of Chapter 13: Introduction to Analysis of Variance I t

Chapter 13: Introduction to Analysis of Chapter 13: Introduction to Analysis of Variance I t Introduction d ti Analysis of variance (ANOVA) is a hypothesis-testing procedure that is used to evaluate mean differences between two or

754 views • 46 slides
Introduction to Business Statistics Introduction to Business Statistics QM 120 Ch Chapter 4 t

Introduction to Business Statistics Introduction to Business Statistics QM 120 Ch Chapter 4 t

DEPARTMENT OF QUANTITATIVE METHODS & INFORMATION SYSTEMS Introduction to Business Statistics Introduction to Business Statistics QM 120 Ch Chapter 4 t 4 Spring 2008 Dr. Mohammad Zainal Chapter 4: Experiment, outcomes, and sample space

1.02k views • 63 slides
Chapter 21 Listings www.charltonslaw.com 0 Index Page Introduction 3 Chapter 20

Chapter 21 Listings www.charltonslaw.com 0 Index Page Introduction 3 Chapter 20

Chapter 21 Listings www.charltonslaw.com 0 Index Page Introduction 3 Chapter 20 Listings 4 Chapter 21 Listings 5 Reasons for Listing under Chapter 21 6 Restrictive Regime 9 Jurisdictional Comparison 17

753 views • 35 slides
Chapter 13 Chapter 13 1 What is this? Chapter 13 2 What is this? Chapter 13 3 What is

Chapter 13 Chapter 13 1 What is this? Chapter 13 2 What is this? Chapter 13 3 What is

Chapter 13 Chapter 13 1 What is this? Chapter 13 2 What is this? Chapter 13 3 What is this? Uncertainty Chapter 13 4 Outline Uncertainty Probability Syntax and Semantics Inference Independence and Bayes Rule

688 views • 37 slides
INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

ADVANCED COMPUTER SECURITY INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT IS SECURITY? A systems security policies describe What the system is supposed to do Store and provide access

479 views • 16 slides
Table of Contents Chapter 1 Introduction Chapter 2 First Prototypes of an

Table of Contents Chapter 1 Introduction Chapter 2 First Prototypes of an

Table of Contents Chapter 1 Introduction Chapter 2 First Prototypes of an Associative Computing (ASC) Processor Design and Implementation of an FPGA-Based Chapter 3 A Scalable Pipelined ASC Processor With Scalable

367 views • 9 slides
Simulation Simulation CHAPTER 1 INTRODUCTION TO SIMULATION 2 MODELING CHAPTER 1 INTRODUCTION

Simulation Simulation CHAPTER 1 INTRODUCTION TO SIMULATION 2 MODELING CHAPTER 1 INTRODUCTION

Introduction to Simulation Simulation CHAPTER 1 INTRODUCTION TO SIMULATION 2 MODELING CHAPTER 1 INTRODUCTION TO SIMULATION 3 MODELING Simulation Modeling Paradigm that creates simplified representations of complex systems Generates

540 views • 22 slides
Introduction to Business Statistics QM 220 Chapter 10 Dr. Mohammad Zainal Chapter 10:

Introduction to Business Statistics QM 220 Chapter 10 Dr. Mohammad Zainal Chapter 10:

Department of Quantitative Methods & Information Systems Introduction to Business Statistics QM 220 Chapter 10 Dr. Mohammad Zainal Chapter 10: Estimation and hypothesis testing: two populations What are we going to cover? 10.1

722 views • 47 slides
Chapter 1 Introduction Computer Networking: A Top Down Approach Featuring the Internet , 3 rd

Chapter 1 Introduction Computer Networking: A Top Down Approach Featuring the Internet , 3 rd

Chapter 1 Introduction Computer Networking: A Top Down Approach Featuring the Internet , 3 rd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2004. Introduction 1-1 Chapter 1: Introduction Our goal: Overview: get feel and

792 views • 35 slides
Chapter 1 Introduction Adapted from Computer Networking: A Top Down Approach, 6th edition,

Chapter 1 Introduction Adapted from Computer Networking: A Top Down Approach, 6th edition,

Chapter 1 Introduction Adapted from Computer Networking: A Top Down Approach, 6th edition, Jim Kurose, Keith Ross Addison-Wesley, March 2012 Introduction 1-1 Chapter 1: introduction Review : what s the Internet? what s a

1.01k views • 59 slides
Last Unit Judiciary Chapter 16 Civil liberties Chapter 5 Civil Rights Chapter 6 Introduction

Last Unit Judiciary Chapter 16 Civil liberties Chapter 5 Civil Rights Chapter 6 Introduction

Last Unit Judiciary Chapter 16 Civil liberties Chapter 5 Civil Rights Chapter 6 Introduction Alexander Hamilton: the judiciary would be the least dangerous branch of the national govt. Do you agree that the judiciary is an

1.31k views • 84 slides
OVERVIEW OF CHAPTER 40B FUNDAMENTALS The Next Chapter of 40B: A Training on the Latest

OVERVIEW OF CHAPTER 40B FUNDAMENTALS The Next Chapter of 40B: A Training on the Latest

OVERVIEW OF CHAPTER 40B FUNDAMENTALS The Next Chapter of 40B: A Training on the Latest Developments in the Affordable Housing Law Fall 2011 Presented by CPTC In Cooperation with CHAPA Introduction to 40B l History of Chapter 40B l 2008

352 views • 20 slides
Chapter Chapter 1 Computer Abstractions and Technology 1.1 Introduction The Computer

Chapter Chapter 1 Computer Abstractions and Technology 1.1 Introduction The Computer

Chapter Chapter 1 Computer Abstractions and Technology 1.1 Introduction The Computer Revolution Progress in computer technology Underpinned by Moores Law Makes novel applications feasible Computers in automobiles Cell

736 views • 46 slides
Chapter 2.0: Introduction Welcome to the second of five chapters in a digital workbook on

Chapter 2.0: Introduction Welcome to the second of five chapters in a digital workbook on

Chapter 2 Construct Coherence This digital workbook on educational assessment design and evaluation was developed by edCount, LLC, under Enhanced Assessment Grants Program, CFDA 84.368A. 1 1 Chapter 2.0: Introduction Welcome to the second of

1.05k views • 83 slides
Introduction This presentation will provide an overview of the Chapter 8 Tax Sale. 2 A Few

Introduction This presentation will provide an overview of the Chapter 8 Tax Sale. 2 A Few

CHAPTER 8 TAX SALES An Overview Presented by The State Controllers Office Hanford, CA October, 2016 Introduction This presentation will provide an overview of the Chapter 8 Tax Sale. 2 A Few Facts About Completed Chapter 8 Tax Sale

714 views • 22 slides
Course Review 2 Quantitative Overview Chapter 1 (Introduction) 0.5 session, 14 slides

Course Review 2 Quantitative Overview Chapter 1 (Introduction) 0.5 session, 14 slides

Mechanical Equipment (ENGI-7903) Spring 2013 Course Review 2 Quantitative Overview Chapter 1 (Introduction) 0.5 session, 14 slides Chapter 2 (Thermofluids fundamentals) 2.5 sessions, 20 slides, 4 examples Chapter 3 (Flow

368 views • 20 slides
7 View-synchronous Group Communication 7.1 Introduction This chapter starts from where Chapter

7 View-synchronous Group Communication 7.1 Introduction This chapter starts from where Chapter

Security and Fault-tolerance in Distributed Systems ETHZ, Summer 2005 Christian Cachin, IBM Zurich Research Lab www.zurich.ibm.com/cca/ 7 View-synchronous Group Communication 7.1 Introduction This chapter starts from where Chapter 4

230 views • 4 slides
Chapter 1 Introduction Chapter 1 Objectives Know the difference between computer

Chapter 1 Introduction Chapter 1 Objectives Know the difference between computer

Chapter 1 Introduction Chapter 1 Objectives Know the difference between computer organization and computer architecture. Understand units of measure common to computer systems. Appreciate the evolution of computers. Understand

1.2k views • 73 slides

More recommend