1 / 18

Overview

Overview. CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004. Acknowledgements. Many of these slides came from Matt Bishop, author of Computer Security: Art and Science. Web 1: Getting Started (1/3). Due Friday, March 12 Subscribe to rhit.csse.security Publishing

grangerd
Télécharger la présentation

Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Overview CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 8, 2004

  2. Acknowledgements Many of these slides came from Matt Bishop, author of Computer Security: Art and Science

  3. Web 1: Getting Started (1/3) • Due Friday, March 12 • Subscribe to rhit.csse.security • Publishing • Reply to the article entitled "My Home Town" • Include a website describing your home town.

  4. Web 1: Getting Started (2/3) • Reviewing • Read some of the postings by your fellow students and follow the links to the websites. • Review at least 3 of those websites • Assign a score for each of the key attributes • Give your justification for those scores • Reply to the original posting about that site with your review

  5. Web 1: Getting Started (3/3) • Review Scores (0-5 for each, where 0 is worst and 5 is best) • Accuracy • Completeness • Up-to-date • Ease of Use • Links

  6. Overview of Course Website http://www.rose-hulman.edu/class/csse/csse490/csse490-security/index.html

  7. Chapter 1: Introduction • Components of computer security • Threats • Policies and mechanisms • The role of trust • Assurance • Operational Issues • Human Issues

  8. Basic Components • Confidentiality • Keeping data and resources hidden • Integrity • Data integrity (integrity) • Origin integrity (authentication) • Availability • Enabling access to data and resources

  9. Classes of Threats • Disclosure - unauthorized access • Snooping • Deception - acceptance of false data • Modification, spoofing, repudiation of origin, denial of receipt • Disruption - interruption of correct operation • Modification • Usurpation - unauthorized control • Modification, spoofing, delay, denial of service

  10. Policies and Mechanisms • Policy says what is, and is not, allowed • This defines “security” for the site/system/etc. • Mechanisms enforce policies • Composition of policies • If policies conflict, discrepancies may create security vulnerabilities

  11. Goals of Security • Prevention • Prevent attackers from violating security policy • Detection • Detect attackers’ violation of security policy • Recovery • Stop attack, assess and repair damage • Continue to function correctly even if attack succeeds

  12. Trust and Assumptions • Underlie all aspects of security • Policies • Unambiguously partition system states • Correctly capture security requirements • Mechanisms • Assumed to enforce policy • Support mechanisms work correctly

  13. Types of Mechanisms secure broad precise set of reachable states set of secure states

  14. Assurance • Specification • Requirements analysis • Statement of desired functionality • Design • How system will meet specification • Implementation • Programs/systems that carry out design

  15. Operational Issues • Cost-Benefit Analysis • Is it cheaper to prevent or recover? • Risk Analysis • Should we protect something? • How much should we protect this thing? • Laws and Customs • Are desired security measures illegal? • Will people do them?

  16. Human Issues • Organizational Problems • Power and responsibility • Financial benefits • People problems • Outsiders and insiders • Social engineering

  17. Tying Together Threats Policy Specification Design Implementation Operation

  18. Key Points • Policy defines security, and mechanisms enforce security • Confidentiality • Integrity • Availability • Trust and knowing assumptions • Importance of assurance • The human factor

More Related