Computer Security Essentials: Components, Threats, Policies and Mechanisms
Explore the fundamental aspects of computer security, including components like confidentiality and integrity, classes of threats such as disclosure and disruption, policies, mechanisms, goals of security, and the role of assumptions and trust in ensuring robust security measures.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
An Overview of Computer Security Chapter 1 Computer Security: Art and Science, 2nd Edition Version 1.0 Slide 1-1
Outline Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer Security: Art and Science, 2nd Edition Version 1.0 Slide 1-2
Basic Components Confidentiality Keeping data and resources hidden Integrity Data integrity (integrity) Origin integrity (authentication) Availability Allowing access to data and resources Computer Security: Art and Science, 2nd Edition Version 1.0 Slide 1-3
Classes of Threats Disclosure Snooping Deception Modification, spoofing, repudiation of origin, denial of receipt Disruption Modification Usurpation Modification, spoofing, delay, denial of service Computer Security: Art and Science, 2nd Edition Version 1.0 Slide 1-4
Policies and Mechanisms Policy says what is, and is not, allowed This defines security for the site/system/etc. Mechanisms enforce policies Composition of policies If policies conflict, discrepancies may create security vulnerabilities Computer Security: Art and Science, 2nd Edition Version 1.0 Slide 1-5
Goals of Security Prevention Prevent attackers from violating security policy Detection Detect attackers violating security policy Recovery Stop attack, assess and repair damage Continue to function correctly even if attack succeeds Computer Security: Art and Science, 2nd Edition Version 1.0 Slide 1-6
Assumptions and Trust Underlie all aspects of security Policies Unambiguously partition system states Correctly capture security requirements Mechanisms Assumed to enforce policy Support mechanisms work correctly Computer Security: Art and Science, 2nd Edition Version 1.0 Slide 1-7
Types of Mechanisms secure broad precise set of reachable states set of secure states Computer Security: Art and Science, 2nd Edition Version 1.0 Slide 1-8
Assurance Specification Requirements analysis Statement of desired functionality Design How system will meet specification Implementation Programs or systems that carry out design Computer Security: Art and Science, 2nd Edition Version 1.0 Slide 1-9
Operational Issues Cost-benefit analysis Is it cheaper to prevent or recover? Risk analysis Should we protect something? How much should we protect this thing? Laws and customs Are desired security measures illegal? Will people do them? Computer Security: Art and Science, 2nd Edition Version 1.0 Slide 1-10
Human Issues Organizational problems Power and responsibility Financial benefits People problems Outsiders and insiders Social engineering Computer Security: Art and Science, 2nd Edition Version 1.0 Slide 1-11
Tying Together Threats Policy Specification Design Implementation Operation Computer Security: Art and Science, 2nd Edition Version 1.0 Slide 1-12
Key Points Policy defines security, and mechanisms enforce security Confidentiality Integrity Availability Trust and knowing assumptions Importance of assurance The human factor Computer Security: Art and Science, 2nd Edition Version 1.0 Slide 1-13
