lecture 1 introduction and overview
play

Lecture 1: Introduction and Overview January 4, 2011 Lecture 1, - PowerPoint PPT Presentation

Dec 15, 2023 •126 likes •412 views

Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues Lecture 1: Introduction and Overview January 4, 2011 Lecture 1, Slide 1 ECS 235B, Foundations of Information and Computer Security January 4, 2011

  1. Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues Lecture 1: Introduction and Overview January 4, 2011 Lecture 1, Slide 1 ECS 235B, Foundations of Information and Computer Security January 4, 2011

  2. Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues 1 About This Course 2 Basic Components Confidentiality, Integrity, Availability Threats 3 Policy and Mechanism Policy and Mechanism Goals of Security 4 Assurance Trust and Assumptions Assurance 5 Practical Issues Lecture 1, Slide 2 ECS 235B, Foundations of Information and Computer Security January 4, 2011

  3. Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues Goals of the Course What can security decide, and what can it not decide? Policy models: what can systems and people do, and what can they not do? Information flow: how can information move around a system? Lecture 1, Slide 3 ECS 235B, Foundations of Information and Computer Security January 4, 2011

  4. Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues Confidentiality, Integrity, Availability Confidentiality What it is Concealing information, resources May hide attributes (including existence) of data as well as content May hide resources to keep others from using them How to do this Cryptography File access controls Other access controls ( e.g. , firewalls) Lecture 1, Slide 4 ECS 235B, Foundations of Information and Computer Security January 4, 2011

  5. Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues Confidentiality, Integrity, Availability Confidentiality Example Example: protecting a tax return on a PC Tax return is enciphered, so it cannot be read directly If owner has the cryptographic key, she can read it by deciphering the tax return So can anyone who has that cryptographic key If someone can rig the decryption program to send them the decryption key, that also compromises the tax return Lecture 1, Slide 5 ECS 235B, Foundations of Information and Computer Security January 4, 2011

  6. Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues Confidentiality, Integrity, Availability Integrity What it is Has the data been altered without authorization, or in unauthorized ways? Is the data credible (trustworthy) Types of integrity Data integrity (contents) Origin integrity (source, authentication ) Example: database transaction If interrupted, may leave database in an inconsistent state Much harder to quantify than confidentiality Lecture 1, Slide 6 ECS 235B, Foundations of Information and Computer Security January 4, 2011

  7. Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues Confidentiality, Integrity, Availability Integrity Example Example: government leaking Newspaper prints information leaked to it from White House, attributing it to wrong source Data integrity: preserved, as information printed as received Origin integrity: corrupt, as source is mis-attributed Data trustworthiness: depends . . . Lecture 1, Slide 7 ECS 235B, Foundations of Information and Computer Security January 4, 2011

  8. Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues Confidentiality, Integrity, Availability Availability What it is Ability to use information or resource desired Key part of reliability as well as security Most models based on statistics, so assume a predicted pattern of use overall Attackers change the pattern of use, so the model no longer applies Mechanisms providing availability not designed for changed environment—and fail Lecture 1, Slide 8 ECS 235B, Foundations of Information and Computer Security January 4, 2011

  9. Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues Confidentiality, Integrity, Availability Availability Example Example: compromising a bank Anne controls secondary server that supplies bank balances for credit cards Anne blocks access to primary server, so requests sent to secondary server Anne supplies any balance she likes, ensuring none of her purchases is declined Lecture 1, Slide 9 ECS 235B, Foundations of Information and Computer Security January 4, 2011

  10. Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues Threats Threats A potential violation of security Actions that could cause it to occur are attacks Four classes of threats Disclosure: unauthorized access to information Deception: acceptance of false data Disruption: interruption or prevention of correct operation Usurpation: unauthorized control of some part of a system Lecture 1, Slide 10 ECS 235B, Foundations of Information and Computer Security January 4, 2011

  11. Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues Threats Common Threats and Their Classes Snooping, passive wiretapping: disclosure Modification, active wiretapping: deception, disruption, usurpation Masquerading, spoofing: deception, usurpation Delegation: a legitimate form of masquerading Repudiation of origin: deception Denial of receipt: deception Delay, denial of service: usurpation, may support deception Lecture 1, Slide 11 ECS 235B, Foundations of Information and Computer Security January 4, 2011

  12. Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues Policy and Mechanism Policy and Mechanism Policy says what is, and is not, allowed This defines “security” for the site/system/ etc . Mechanisms enforce the policy Policy composition: if they conflict, the discrepancies may create security vulnerabilities Lecture 1, Slide 12 ECS 235B, Foundations of Information and Computer Security January 4, 2011

  13. Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues Policy and Mechanism Expressions Policy expression Natural language: usually imprecise, but easy to understand Mathematics: usually precise but hard to understand Policy languages: look like some form of programming language and try to balance precision with ease of understanding Mechanisms Technical: controls in the computer enforce the policy Require the user supply a password to authenticate herself before using the computer Procedural: controls outside the system enforce the policy Require the firing of someone who beings in a disk containing a game program obtained from an untrusted source Lecture 1, Slide 13 ECS 235B, Foundations of Information and Computer Security January 4, 2011

  14. Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues Goals of Security Goals of Security Prevention: the attack will fail Detection: the attack will be identified Appropriate when the attack cannot be prevented Appropriate to check effectiveness of preventative measures Recovery: return system to correct functioning during (or after) attack First form: stop attack, assess and repair damage from that attack Second form: continue to function correctly during the attack (“attack tolerant”) Lecture 1, Slide 14 ECS 235B, Foundations of Information and Computer Security January 4, 2011

  15. Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues Trust and Assumptions Trust and Assumptions Underlie all aspects of security What happens if assumptions incorrect? Key needed to open a door lock ⇒ lock cannot be picked Good lock picker can pick a lock Consequent false, therefore antecedent (assumption) false Lecture 1, Slide 15 ECS 235B, Foundations of Information and Computer Security January 4, 2011

  16. Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues Trust and Assumptions Example Assumptions Assumptions policies make Unambiguously partition system states Correctly capture security requirements Assumptions mechanisms make Correctly implemented Support tools (libraries, operating system services, etc .) work correctly Installed, administered correctly Union of mechanisms implements all aspects of security policy Lecture 1, Slide 16 ECS 235B, Foundations of Information and Computer Security January 4, 2011

  17. Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues Trust and Assumptions Types of Mechanisms secure precise broad set of reachable states set of secure states Lecture 1, Slide 17 ECS 235B, Foundations of Information and Computer Security January 4, 2011

  18. Outline About This Course Basic Components Policy and Mechanism Assurance Practical Issues Assurance Assurance How much to trust a system, based on evidence obtained from specification, design, implementation, and operation Assurance based on assurance evidence gathered during analysis Assurance evidence provides a basis for assessing what one must trust in order to believe system is secure Assurance does not guarantee correctness or security Lecture 1, Slide 18 ECS 235B, Foundations of Information and Computer Security January 4, 2011

Recommend

Lecture Overview Web 2.0, Tagging, Multimedia, Introduction to Web 2.0 Overview of

Lecture Overview Web 2.0, Tagging, Multimedia, Introduction to Web 2.0 Overview of

Lecture Overview Web 2.0, Tagging, Multimedia, Introduction to Web 2.0 Overview of Tagging Systems Folksonomies, Lecture, Overview of tagging Important, Must Attend, Design and attributes Martin Halvey Case Studies

908 views • 13 slides
BIOE 301/362 Lecture One Overview of Lecture 1 Course Overview: Course organization

BIOE 301/362 Lecture One Overview of Lecture 1 Course Overview: Course organization

BIOE 301/362 Lecture One Overview of Lecture 1 Course Overview: Course organization Four questions we will answer Course project Technology assessment The big picture World health: an introduction Course Organization

932 views • 68 slides
Overview Course 02402 Introduction to Statistics 1 Introduction to simulation Example 1 Lecture

Overview Course 02402 Introduction to Statistics 1 Introduction to simulation Example 1 Lecture

Overview Course 02402 Introduction to Statistics 1 Introduction to simulation Example 1 Lecture 10: Simulation based statistical methods 2 Propagation of error Example 1, cont. 3 Confidence intervals using simulation: Bootstrapping Per Bruun

318 views • 6 slides
Introduction cont. Lecture goal: Overview: get context, overview, access net, physical

Introduction cont. Lecture goal: Overview: get context, overview, access net, physical

Introduction cont. Lecture goal: Overview: get context, overview, access net, physical media feel of networking performance: loss, delay more depth, detail later in course protocol layers, service models approach:

393 views • 12 slides
Lecture 1.1 Course Introduction Course Introduction and Overview Course Goals Learn how

Lecture 1.1 Course Introduction Course Introduction and Overview Course Goals Learn how

GPU Teaching Kit GPU Teaching Kit Accelerated Computing Lecture 1.1 Course Introduction Course Introduction and Overview Course Goals Learn how to program heterogeneous parallel computing systems and achieve High performance and

298 views • 9 slides
CFD Introduction Lecture 15 ME EN 412 Andrew Ning aning@byu.edu Outline CFD Overview CFD

CFD Introduction Lecture 15 ME EN 412 Andrew Ning aning@byu.edu Outline CFD Overview CFD

CFD Introduction Lecture 15 ME EN 412 Andrew Ning aning@byu.edu Outline CFD Overview CFD Overview Simulation Process 1. Define the problem 2. Model the geometry and a fluid domain 3. Create a mesh 4. Specify boundary conditions 5.

321 views • 7 slides
CENG4480 Lecture 01: Introduction Bei Yu byu@cse.cuhk.edu.hk (Latest update: September 11,

CENG4480 Lecture 01: Introduction Bei Yu byu@cse.cuhk.edu.hk (Latest update: September 11,

CENG4480 Lecture 01: Introduction Bei Yu byu@cse.cuhk.edu.hk (Latest update: September 11, 2019) Fall 2019 1 / 21 Overview Important Notes Grading System Introduction to Embedded Systems (ES) Course Overview 2 / 21 Overview Important

990 views • 29 slides
CENG4480 Lecture 01: Introduction Bei Yu byu@cse.cuhk.edu.hk (Latest update: August 19, 2020)

CENG4480 Lecture 01: Introduction Bei Yu byu@cse.cuhk.edu.hk (Latest update: August 19, 2020)

CENG4480 Lecture 01: Introduction Bei Yu byu@cse.cuhk.edu.hk (Latest update: August 19, 2020) Fall 2020 1 / 21 Overview Important Notes Grading System Introduction to Embedded Systems (ES) Course Overview 2 / 21 Overview Important

561 views • 29 slides
Outline of todays lecture Natural Language Processing Lecture 1: Introduction Overview of the

Outline of todays lecture Natural Language Processing Lecture 1: Introduction Overview of the

Natural Language Processing Natural Language Processing Outline of todays lecture Natural Language Processing Lecture 1: Introduction Overview of the course Simone Teufel Why NLP is hard Scope of NLP Computer Laboratory A sample

1.17k views • 67 slides
Lecture 1: Introduction to the Sum of Squares Hierarchy Lecture Outline Part I:

Lecture 1: Introduction to the Sum of Squares Hierarchy Lecture Outline Part I:

Lecture 1: Introduction to the Sum of Squares Hierarchy Lecture Outline Part I: Introduction/Motivation Part II: Planted Clique Part III: A Game for Sum of Squares (SOS) Part IV: SOS on General Equations Part V: Overview of SOS

748 views • 64 slides
Lecture 18 None of this is comprehensive only an overview and guide to what you should expect

Lecture 18 None of this is comprehensive only an overview and guide to what you should expect

CSE 331 The plan Software Design and Implementation Today: introduction to Java graphics and Swing/AWT libraries Then: event-driven programming and user interaction Lecture 18 None of this is comprehensive only an overview and guide to

317 views • 8 slides
Week 12 - Lecture Mechanical Event Simulation ME 24-688 Introduction to CAD/CAE Tools Lecture

Week 12 - Lecture Mechanical Event Simulation ME 24-688 Introduction to CAD/CAE Tools Lecture

Week 12 - Lecture Mechanical Event Simulation ME 24-688 Introduction to CAD/CAE Tools Lecture Topics Mechanical Event Simulation Overview Additional Element Types Joint Component Description General Constraint Refresh Mesh

744 views • 35 slides
Overview Lecture 1: Introduction 1 Lecture 2: Message Sequence Charts 2 Joost-Pieter Katoen

Overview Lecture 1: Introduction 1 Lecture 2: Message Sequence Charts 2 Joost-Pieter Katoen

Overview Lecture 1: Introduction 1 Lecture 2: Message Sequence Charts 2 Joost-Pieter Katoen Theoretical Foundations of the UML 1/32 Theoretical Foundations of the UML Lecture 1: Introduction Joost-Pieter Katoen Lehrstuhl fr Informatik 2

1.11k views • 63 slides
CFD Analysis ME 24-688 Introduction to CAD/CAE Tools Lecture Topics Team Project 2 Discussion

CFD Analysis ME 24-688 Introduction to CAD/CAE Tools Lecture Topics Team Project 2 Discussion

Week 14 - Lecture CFD Analysis ME 24-688 Introduction to CAD/CAE Tools Lecture Topics Team Project 2 Discussion Simulation Drivers CFD Overview CFD Use Cases and Examples Common Requirements for CFD Introduction to

917 views • 27 slides
Introduction cont. Network Core: Circuit Switching Lecture goal: Overview: network resources

Introduction cont. Network Core: Circuit Switching Lecture goal: Overview: network resources

Introduction cont. Network Core: Circuit Switching Lecture goal: Overview: network resources (e.g., bandwidth) divided into get context, overview, access net, physical media pieces feel of networking performance: loss,

803 views • 6 slides
Welcome! Todays Agenda: Introduction Course Formalities High Level Overview

Welcome! Todays Agenda: Introduction Course Formalities High Level Overview

/INFOMOV/ Optimization & Vectorization J. Bikker - Sep-Nov 2019 - Lecture 1: Introduction Welcome! Todays Agenda: Introduction Course Formalities High Level Overview Profiling INFOMOV Lecture 1

1.12k views • 68 slides
Stream Lines and Surfaces Lecture 9 February 20, 2020 Outline Introduction Overview of basic

Stream Lines and Surfaces Lecture 9 February 20, 2020 Outline Introduction Overview of basic

CS53000 - Spring 2020 Introduction to Scientific Visualization Stream Lines and Surfaces Lecture 9 February 20, 2020 Outline Introduction Overview of basic techniques Mathematical / numerical foundations CS530 / Spring 2020 : Introduction

1.71k views • 102 slides
ComputerVision October 30, 2018 1 Lecture 20: Introduction to Computer Vision CBIO (CSCI)

ComputerVision October 30, 2018 1 Lecture 20: Introduction to Computer Vision CBIO (CSCI)

ComputerVision October 30, 2018 1 Lecture 20: Introduction to Computer Vision CBIO (CSCI) 4835/6835: Introduction to Computational Biology 1.1 Overview and Objectives This week, were moving into image processing. In this lecture, well

448 views • 20 slides
Assemblies ME 24-688 Introduction to CAD/CAE Tools Lecture Topics Assemblies and Product

Assemblies ME 24-688 Introduction to CAD/CAE Tools Lecture Topics Assemblies and Product

Week 4 - Lecture Assemblies ME 24-688 Introduction to CAD/CAE Tools Lecture Topics Assemblies and Product Structure Bill of Materials PLM Role and Definition Design for Assembly Overview Case Study Examples ME 24-688

455 views • 43 slides
Overview of lecture series Background Introduction to Szumo Case study Semantic and

Overview of lecture series Background Introduction to Szumo Case study Semantic and

Overview of lecture series Background Introduction to Szumo Case study Semantic and implementation details Related concurrency models Ongoing and future work Laser 2005 - Summer School on 1 Software Engineering Goal

822 views • 56 slides
LECTURE 1: ubiquity ; INTRODUCTION interconnection ; intelligence ; delegation ;

LECTURE 1: ubiquity ; INTRODUCTION interconnection ; intelligence ; delegation ;

Overview Five ongoing trends have marked the history of computing: LECTURE 1: ubiquity ; INTRODUCTION interconnection ; intelligence ; delegation ; and Multiagent Systems human-orientation Based on An Introduction to

196 views • 6 slides
Introduction & Overview Lecture 01, 2018-03-19 Christian Schulte cschulte@kth.se Software

Introduction & Overview Lecture 01, 2018-03-19 Christian Schulte cschulte@kth.se Software

ID2204: Constraint Programming Introduction & Overview Lecture 01, 2018-03-19 Christian Schulte cschulte@kth.se Software and Computer Systems School of Electrical Engineering and Computer Science KTH Royal Institute of Technology Sweden

565 views • 39 slides
Lecture 3 Outline Readings discussion Introduction to qualitative research Overview of

Lecture 3 Outline Readings discussion Introduction to qualitative research Overview of

Lecture 3 Outline Readings discussion Introduction to qualitative research Overview of observations, diary studies, field studies Interviewing in detail Interviews that are done incorrectly are lost data Externalizing and

917 views • 80 slides
Lecture 3 Outline Readings discussion Introduction to qualitative research Overview of

Lecture 3 Outline Readings discussion Introduction to qualitative research Overview of

Lecture 3 Outline Readings discussion Introduction to qualitative research Overview of observations, diary studies, field studies Interviewing in detail Interviews that are done incorrectly are lost data Externalizing and

1.09k views • 84 slides

More recommend