Overview of Computer SecurityOutline of the TalkComputer SecurityThree Basic Security ServicesConfidentialitySupport for ConfidentialityIntegrityIntegrity MechanismsIntegrity vs. ConfidentialityAvailabilityThreatsExamples of ThreatsSlide 13Slide 14Policy and MechanismGoals of SecurityAssumptions and TrustSecure, Precise, BroadAssumptions for trusting security mechanism worksAssuranceOperational IssuesHuman IssuesSecurity Life Cycle1cs691chowC. Edward ChowC. Edward ChowOverview of Computer SecurityOverview of Computer SecurityCS691 – Chapter 1 of Matt Bishop2cs691chowOutline of the TalkOutline of the TalkDefinitionsThree Basic Security ServicesThreatsPolicy and MechanismAssumptions and TrustAssuranceOperational IssuesHuman IssuesDefinitionsThree Basic Security ServicesThreatsPolicy and MechanismAssumptions and TrustAssuranceOperational IssuesHuman Issues3cs691chowComputer SecurityComputer SecuritySecurity: 1. a feeling secure; freedom from fear, doubt, etc. 2. protection; safeguard3. something given as a pledge of repayment, etc.4. [pl.] bonds, stocks, etc.Secure1. [Firm] fastened, bound, adjusted2. [Safe] guarded, unharmed, defended3. [Self-confident] assured, stable, determinedAbove from Webster’s New World DictionaryComputer Security: issues, theories, techniques, and tools that deals with the protection and safeguard of computer systems.Security: 1. a feeling secure; freedom from fear, doubt, etc. 2. protection; safeguard3. something given as a pledge of repayment, etc.4. [pl.] bonds, stocks, etc.Secure1. [Firm] fastened, bound, adjusted2. [Safe] guarded, unharmed, defended3. [Self-confident] assured, stable, determinedAbove from Webster’s New World DictionaryComputer Security: issues, theories, techniques, and tools that deals with the protection and safeguard of computer systems.4cs691chowThree Basic Security ServicesThree Basic Security ServicesConfidentiality: the concealment of information or resources.Integrity: the trustworthiness of data and resourcesAvailability: the ability to use the information or resources desired.Confidentiality: the concealment of information or resources.Integrity: the trustworthiness of data and resourcesAvailability: the ability to use the information or resources desired.5cs691chowConfidentialityConfidentialityThe need for keeping information secret arises from:Enforcing the “need to know” principle in military and civilian government agencies.Protecting proprietary designs from competitorsProtecting a company’s personnel recordsProtecting personal financial/ID info against ID theft.Apply to existence of data or traffic patternApply to resource hidingSystem configuration dataSystems/Equipment/Service Provider used.The need for keeping information secret arises from:Enforcing the “need to know” principle in military and civilian government agencies.Protecting proprietary designs from competitorsProtecting a company’s personnel recordsProtecting personal financial/ID info against ID theft.Apply to existence of data or traffic patternApply to resource hidingSystem configuration dataSystems/Equipment/Service Provider used.6cs691chowSupport for ConfidentialitySupport for ConfidentialityAccess control mechanisms support confidentiality. For example,CryptographyFile access control –but when it fails, data is not protected–How the file access control protects the existence of data?These mechanisms requires supporting services from system kernel, and agents to provide correct data.Assumptions and trust underlie confidentiality mechanisms. E.g., openssl crypto library trustworthy?Access control mechanisms support confidentiality. For example,CryptographyFile access control –but when it fails, data is not protected–How the file access control protects the existence of data?These mechanisms requires supporting services from system kernel, and agents to provide correct data.Assumptions and trust underlie confidentiality mechanisms. E.g., openssl crypto library trustworthy?7cs691chowIntegrityIntegrityPreventing improper or unauthorized change.Two types of integrity: Data integrity (content of information)Origin integrity (source of the data, related to authentication) significant bearing on the credibility and trust of the people who creates the info.Example: newspaper print info from a leak at White House but attribute it to the wrong source. What integrity got violated?Preventing improper or unauthorized change.Two types of integrity: Data integrity (content of information)Origin integrity (source of the data, related to authentication) significant bearing on the credibility and trust of the people who creates the info.Example: newspaper print info from a leak at White House but attribute it to the wrong source. What integrity got violated?8cs691chowIntegrity MechanismsIntegrity MechanismsPrevention mechanisms: They seek to maintain the integrity of the data by blockingany unauthorized attempts to change the data, or–e.g., intrusion–Protect with adequate authentication and access controlsAny attempts to change the data in unauthorized ways, e.g., embezzlement such Enron?–Protect with (independent) Auditing, persons with integrity (those three persons of the year in Time Detection mechanisms: report the data integrity is compromised, by analyzing system events or data itself.Prevention mechanisms: They seek to maintain the integrity of the data by blockingany unauthorized attempts to change the data, or–e.g., intrusion–Protect with adequate authentication and access controlsAny attempts to change the data in unauthorized ways, e.g., embezzlement such Enron?–Protect with (independent) Auditing, persons with integrity (those three persons of the year in Time Detection mechanisms: report the data integrity is compromised, by analyzing system events or data itself.9cs691chowIntegrity vs. ConfidentialityIntegrity vs. ConfidentialityWhich one is harder? Confidentiality work finds whether data is compromised.Integrity work includes checking the correctness and trustworthiness of the data.This includes the history of the data–Integrity of the origin of data–How it is arrived (transport channel integrity)–How well it is protected after it arrived.Which one is
View Full Document