what is computer security
play

What is Computer Security? CSM27 Computer Security Dr Hans Georg - PowerPoint PPT Presentation

What is Computer Security? CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2009 Week 1 Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 Week 1 1 / 38 The module Security in our Department


  1. What is Computer Security? CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2009 – Week 1 Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 1 / 38

  2. The module Security in our Department Introduction to Multimedia Security Watermarking Cryptography Network Security Computer Security Web Security Many modules ⇒ Very specialised Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 2 / 38

  3. The module Module Objectives understand and be able to use formal models for computer security be able to avoid the many security pitfalls in computer system and software development apply defences against obvious and less obvious threats be able critically to evaluate security at each stage of the development process Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 3 / 38

  4. The module This module We will not deal with network security cryptography Our focus will tend towards The general and high-level The theoretical and formal Unfortunately, this means relatively few hands-on activities Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 4 / 38

  5. The module This module We will not deal with network security cryptography Our focus will tend towards The general and high-level The theoretical and formal Unfortunately, this means relatively few hands-on activities Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 4 / 38

  6. The module This module We will not deal with network security cryptography Our focus will tend towards The general and high-level The theoretical and formal Unfortunately, this means relatively few hands-on activities Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 4 / 38

  7. The session Session objectives Establish a common terminology to discuss (computer) security Be able to distinguish between vulnerabilities , threats , and attacks Get a glimpse of the wide range of threats Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 5 / 38

  8. The problem Yellow Stickers Exercise Sit in groups of 3-5. Write down all computer security problems that you can think of. One problem per yellow sticker. Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 6 / 38

  9. The problem Three faces of security Outline The module 1 The session 2 The problem 3 Three faces of security Two companions of security Risk analysis 4 Risk analysis Threats and Vulnerabilities Attacks Solutions Defining Computer Security Exercise 5 Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 7 / 38

  10. The problem Three faces of security Confidentiality Talking of security, we often mean confidentiality. Unauthorised entities cannot get information. Is it sufficient that they cannot get all the information? Are we allowed to leak a single bit? Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 8 / 38

  11. The problem Three faces of security Confidentiality Talking of security, we often mean confidentiality. Unauthorised entities cannot get information. Is it sufficient that they cannot get all the information? Are we allowed to leak a single bit? Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 8 / 38

  12. � � The problem Three faces of security Complete confidentiality Put the computer in a locked steel box, set it in concrete, and sink it in the ocean. � � � � Data � � � � � Is this good enough? The information is no good to anyone. Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 9 / 38

  13. � � The problem Three faces of security Complete confidentiality Put the computer in a locked steel box, set it in concrete, and sink it in the ocean. � � � � Data � � � � � Is this good enough? The information is no good to anyone. Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 9 / 38

  14. � � The problem Three faces of security Complete confidentiality Put the computer in a locked steel box, set it in concrete, and sink it in the ocean. � � � � Data � � � � � Is this good enough? The information is no good to anyone. Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 9 / 38

  15. � � The problem Three faces of security Complete confidentiality Put the computer in a locked steel box, set it in concrete, and sink it in the ocean. � � � � Data � � � � � Is this good enough? The information is no good to anyone. Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 9 / 38

  16. The problem Three faces of security Availability Definition (Availability) The system is accessible and useable upon demand by an authorised entity. Can we maintain availability and confidentiality at the same time? Denial of Service (DoS) attacks violate availability. E.g. a horde of computers send dummy request to a web server, causing a congestion which prevents legitimate users from using the web services in a timely fasion. Potentially costly damage. Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 10 / 38

  17. The problem Three faces of security Availability Definition (Availability) The system is accessible and useable upon demand by an authorised entity. Can we maintain availability and confidentiality at the same time? Denial of Service (DoS) attacks violate availability. E.g. a horde of computers send dummy request to a web server, causing a congestion which prevents legitimate users from using the web services in a timely fasion. Potentially costly damage. Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 10 / 38

  18. The problem Three faces of security Availability Definition (Availability) The system is accessible and useable upon demand by an authorised entity. Can we maintain availability and confidentiality at the same time? Denial of Service (DoS) attacks violate availability. E.g. a horde of computers send dummy request to a web server, causing a congestion which prevents legitimate users from using the web services in a timely fasion. Potentially costly damage. Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 10 / 38

  19. The problem Three faces of security Integrity Definition (Integrity) The state of the system or data can only be changed by an authorised entity. If integrity is not ensured. I could change your bank account to send money to my Swiss bank account. We could forge a file to incriminate the PM. You cannot trust your computer. Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 11 / 38

  20. The problem Three faces of security Integrity Definition (Integrity) The state of the system or data can only be changed by an authorised entity. If integrity is not ensured. I could change your bank account to send money to my Swiss bank account. We could forge a file to incriminate the PM. You cannot trust your computer. Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 11 / 38

  21. The problem Three faces of security The three faces of security Integrity Availability Security Confidentiality Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 12 / 38

  22. The problem Three faces of security Exercise Return to your groups. Take a handful of yellow stickers (not necessarily your own) For each one decide what kind of security problem it is, Integrity, Confidentiality, Availability? Two or three of the above? Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 13 / 38

  23. The problem Two companions of security Outline The module 1 The session 2 The problem 3 Three faces of security Two companions of security Risk analysis 4 Risk analysis Threats and Vulnerabilities Attacks Solutions Defining Computer Security Exercise 5 Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 14 / 38

  24. The problem Two companions of security Security threats Security is concerned with Intentional attacks Security is not (usually) concerned with Accidental mistakes (human error) Random, accidental events Yet, the three kinds of events are similar Similar protection Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 15 / 38

  25. The problem Two companions of security Reliability Reliability is concerned with damage or loss due to accidental and random events Reliability and security issues may overlap Fire can be accidental (reliability); or it can be arson (security) Reliability and security issues can enforce eachother A laptop with confidential data is lost on the train; the finder happens to have criminal intent Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 16 / 38

  26. The problem Two companions of security Reliability Reliability is concerned with damage or loss due to accidental and random events Reliability and security issues may overlap Fire can be accidental (reliability); or it can be arson (security) Reliability and security issues can enforce eachother A laptop with confidential data is lost on the train; the finder happens to have criminal intent Dr Hans Georg Schaathun What is Computer Security? Autumn 2009 – Week 1 16 / 38

Recommend


More recommend