security principles policies and tools cs 236 on line ms
play

Security Principles, Policies, and Tools CS 236 On-Line MS Program - PowerPoint PPT Presentation

Jan 27, 2024 •284 likes •419 views

Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 2 Page 1 CS 236 Online Outline Security design principles Security policies Basic concepts Security

  1. Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 2 Page 1 CS 236 Online

  2. Outline • Security design principles • Security policies – Basic concepts – Security policies for real systems • Classes of security tools – Access control Lecture 2 Page 2 CS 236 Online

  3. Design Principles for Secure Systems • Economy • Complete mediation • Open design • Separation of privileges • Least privilege • Least common mechanism • Acceptability • Fail-safe defaults Lecture 2 Page 3 CS 236 Online

  4. Economy in Security Design • Economical to develop – And to use – And to verify • Should add little or no overhead • Should do only what needs to be done • Generally, try to keep it simple and small Lecture 2 Page 4 CS 236 Online

  5. Complete Mediation • Apply security on every access to a protected object – E.g., each read of a file, not just the open • Also involves checking access on everything that could be attacked Lecture 2 Page 5 CS 236 Online

  6. Open Design • Don’t rely on “security through obscurity” • Assume all potential attackers know everything about the design – And completely understand it • This doesn’t mean publish everything important about your security system – Though sometimes that’s a good idea • Obscurity can provide some security, but it’s brittle – When the fog is cleared, the security disappears – And modern attackers have good fog blowers Lecture 2 Page 6 CS 236 Online

  7. Separation of Privileges • Provide mechanisms that separate the privileges used for one purpose from those used for another • To allow flexibility in security systems • E.g., separate access control on each file Lecture 2 Page 7 CS 236 Online

  8. Least Privilege • Give bare minimum access rights required to complete a task • Require another request to perform another type of access • E.g., don’t give write permission to a file if the program only asked for read Lecture 2 Page 8 CS 236 Online

  9. Least Common Mechanism • Avoid sharing parts of the security mechanism – among different users – among different parts of the system • Coupling leads to possible security breaches Lecture 2 Page 9 CS 236 Online

  10. Acceptability • Mechanism must be simple to use • Simple enough that people will use it without thinking about it • Must rarely or never prevent permissible accesses Lecture 2 Page 10 CS 236 Online

  11. Fail-Safe Designs • Default to lack of access • So if something goes wrong or is forgotten or isn’t done, no security lost • If important mistakes are made, you’ll find out about them – Without loss of security – But if it happens too often . . . Lecture 2 Page 11 CS 236 Online

  12. Thinking About Security When considering the security of any system, ask these questions: 1. What assets are you trying to protect? 2. What are the risks to those assets? 3. How well does the security solution mitigate those risks? 4. What other security problems does the security solution cause? 5. What tradeoffs does the security solution require? (This set of questions was developed by Bruce Schneier, for his book Beyond Fear ) Lecture 2 Page 12 CS 236 Online

Recommend

Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security

Outline Security Principles and Policies Security terms and concepts CS 239 Security policies Computer Security Basic concepts Peter Reiher Security policies for real systems January 13, 2005 Lecture 2 Lecture 2 Page 1

347 views • 9 slides
David Parter Background: Threats and Security Policies Tools and Defenses: University of

David Parter Background: Threats and Security Policies Tools and Defenses: University of

Network Security Topics David Parter Background: Threats and Security Policies Tools and Defenses: University of Wisconsin Firewalls Computer Sciences Department Virtual Private Networks Computer Systems Lab Network

659 views • 30 slides
Security Policies Security Policies for Large Who is allowed to do what when Systems

Security Policies Security Policies for Large Who is allowed to do what when Systems

Security Policies Security Policies for Large Who is allowed to do what when Systems And what happens if they do CS 239 something else Security for Networks and And whos responsible for making sure System Software thats

245 views • 3 slides
CS412 Software Security Security Policies Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Security Policies Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Security Policies Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Security Policies A policy is a deliberate system of principles to guide decisions and achieve rational outcomes. A policy is a

532 views • 41 slides
Experiences on how to p contact with end-users (policies and ISO security (policies and ISO

Experiences on how to p contact with end-users (policies and ISO security (policies and ISO

Experiences on how to p contact with end-users (policies and ISO security (policies and ISO security standards at campuses) p ) Brian OHora, BSc (Hons) & MBA Technology Management Information Systems Services, TCD TERENA E2E

325 views • 15 slides
Section I: Section I: Introduction to Command Line Tools Introduction to Command Line Tools CEG

Section I: Section I: Introduction to Command Line Tools Introduction to Command Line Tools CEG

Section I: Section I: Introduction to Command Line Tools Introduction to Command Line Tools CEG 333: Introduction to UNIX Dr. Travis Doom, Associate Professor Department of Computer Science and Engineering Wright State University

1.05k views • 94 slides
Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 19 Page 1 CS 236 Online Putting It All Together Weve talked a lot about security principles And about security problems And

209 views • 17 slides
Security Summer 2016 Cornell University 1 Today Security policies Enforcement

Security Summer 2016 Cornell University 1 Today Security policies Enforcement

CS 4410 Operating Systems Security Summer 2016 Cornell University 1 Today Security policies Enforcement Authenticating people Passwords 2 Security policy Security policies prescribe what must be done and what must not be

431 views • 13 slides
Com puter Security - Part Three Last tim e Multilevel and multilateral security Threats

Com puter Security - Part Three Last tim e Multilevel and multilateral security Threats

Com puter Security - Part Three Last tim e Multilevel and multilateral security Threats Security policies Confidentiality Policies Policy The Bell-LaPadula Model Specification Integrity Policies The Biba

698 views • 49 slides
Security Policies CS461/ECE422 Computer Security I Fall 2009 -1 Overview Natural language

Security Policies CS461/ECE422 Computer Security I Fall 2009 -1 Overview Natural language

Security Policies CS461/ECE422 Computer Security I Fall 2009 -1 Overview Natural language policies Example policies Implementation policies High level Low level -2 Reading Material Computer Security,

764 views • 40 slides
1 Current Security Monitoring Current Network Monitoring Visualization Humans learn visually

1 Current Security Monitoring Current Network Monitoring Visualization Humans learn visually

Overview The Thin Blue Line: Security SysAdmins Current state of Internet Security Better Tools for System Administration: all metrics show bad -> worse unpatched software vulnerabilities Enhancing the Human-Computer

583 views • 6 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 1 Fundamental Tools Roadmap Review of generally useful tools

592 views • 35 slides
CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012

CCM4350 Security Architecture and Engineering Lecture 2 Security Design Principles 15.10.2012 1 Content of Todays Lecture Summary and Wrap up on Security Terminology The Fundamental Dilemma of Security Five Design Principles

801 views • 25 slides
Security Policies EGI OMB meeting 27 July 2017 David Kelsey (STFC/RAL) www.egi.eu EGI-Engage

Security Policies EGI OMB meeting 27 July 2017 David Kelsey (STFC/RAL) www.egi.eu EGI-Engage

Updated (VO) Community Security Policies EGI OMB meeting 27 July 2017 David Kelsey (STFC/RAL) www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 EGI security policies

319 views • 12 slides
Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian Roth , Timothy Barron, Stefano Calzavara, Nick Nikiforakis & Ben Stock Network and Distributed System Security Symposium (NDSS '20) Cross-Site

878 views • 31 slides
= P ( t ) f ( x , y ) ds ( , t ) line A set of line integrals form

= P ( t ) f ( x , y ) ds ( , t ) line A set of line integrals form

Moscow-Bavarian Joint Advanced Student School 2006 / Medical Imaging Principles of Computerized Tomographic Imaging and Cone-Beam Reconstruction Line Integrals Line integrals represent the integral of some parameter of the object along the

658 views • 16 slides
More Enforceable Security Policies by Lujo Bauer, Jarred Ligatti and David W alker Presented by

More Enforceable Security Policies by Lujo Bauer, Jarred Ligatti and David W alker Presented by

More Enforceable Security Policies by Lujo Bauer, Jarred Ligatti and David W alker Presented by Khoo Yit Phang April 21, 2008 To Build Secure Systems... 1.What sort of security policies can and should w e demand of our system? 2.What mechanism

325 views • 15 slides
Week 1: Introduction to Remote Learning Format, Policies, Guiding Principles Max H. Farrell The

Week 1: Introduction to Remote Learning Format, Policies, Guiding Principles Max H. Farrell The

BUS 41100 Applied Regression Analysis Week 1: Introduction to Remote Learning Format, Policies, Guiding Principles Max H. Farrell The University of Chicago Booth School of Business Remote Instruction Guiding Principles Be patient Be

513 views • 49 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

1.15k views • 64 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

844 views • 56 slides
Creating Adaptive Policies: From Concept to Practical Tools January 30 th 2018 OCCIAR Webinar

Creating Adaptive Policies: From Concept to Practical Tools January 30 th 2018 OCCIAR Webinar

Creating Adaptive Policies: From Concept to Practical Tools January 30 th 2018 OCCIAR Webinar 1 Part I Decision-making in the 21 st Century 2 Surprises 3 Innovation 4 Subtle change 5 Interconnectedness 6 Policies that cannot perform

616 views • 47 slides
Best Practices in Electronic Record Retention A. Principles For Document Management Policies

Best Practices in Electronic Record Retention A. Principles For Document Management Policies

Best Practices in Electronic Record Retention A. Principles For Document Management Policies Arthur Anderson, LLD v. U.S ., 544 U.S. 696 (2005) (Document retention policies, which are created in part to keep certain information from

192 views • 6 slides
Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

5/18/2016 Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B. Authentication 12C. Authorization Security and Privacy 12D. Trust 12E. At-Rest Encryption Mark Kampe (markk@cs.ucla.edu) Security and Privacy

116 views • 8 slides
1.IMPLEMENTING THE HUMAN SECURITY CONCEPT 2. PROGRAM PROGRESS 1. IMPLEMENTING THE HUMAN

1.IMPLEMENTING THE HUMAN SECURITY CONCEPT 2. PROGRAM PROGRESS 1. IMPLEMENTING THE HUMAN

1.IMPLEMENTING THE HUMAN SECURITY CONCEPT 2. PROGRAM PROGRESS 1. IMPLEMENTING THE HUMAN SECURITY CONCEPT According to the human security principles PROTECTION OBJECTIVE TOP-DOWN Support the formulation of public policies (gender,

1.15k views • 14 slides

More recommend