Security TerminologyIntegrityConfidentialitySecurity TerminologyIntegrity•Several definitions exist in the computer security domain–Prevention of unauthorized writing (dual of confidentiality)–Following correct procedures:E.g. Clark-Wilson model: No user of the system, even if authorized, may be permitted to modify data items in such a way that assets or accounting records of the company are lost or corrupted.–Prevention of all unauthorized actions---confidentiality Integrity–Data integrity: E.g., Orange book: The state that exists when computerized data is the same as that in the source documents and has not been exposed to accidental or malicious alterations or destructions. Similar to external consistency.–In communications security—the detection and correction of modification, insertion, deletion, or replay of transmitted data including both intentional manipulations and random transmission errors.Confidentiality•Unauthorized users should not be learning sensitive information.•Captures secrecy and privacy aspects•Privacy --- protection of personal data•Secrecy --- protection of data belonging to an
View Full Document