1 / 17

Understanding Security in Computing: A Comprehensive Overview of Risks and Protections

This lecture provides a foundational understanding of security in computing, examining why securing valuable assets is essential. It delves into principles such as confidentiality, integrity, and availability—essential for protecting sensitive data. The discussion highlights various threats to computing systems, including malware and unauthorized access, while outlining defense mechanisms like prevention, detection, and recovery. Discover the complexity of security measures, including multi-layered protections and the need for collaborative efforts among multiple stakeholders to enhance system security.

ronda
Télécharger la présentation

Understanding Security in Computing: A Comprehensive Overview of Risks and Protections

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Security in Computing 01204427 Computer and Network Security Semester 1, 2011 Lecture #01

  2. What’s about Security • Why to secure something? • Valuable assets to protect • How to secure? • Place in a safe place • Guarding • How strong of protection? • May implement several layers • May be complex locks system • May need multiple parties to grant access

  3. Principle of Adequate Protection Computer items must be protected to a degree consistent with their value

  4. Security in Computing System • Computing System • Collection of • HW • SW • Storage • Data • People

  5. Threats, Controls, and Vulnerabilities • A threat is blocked by control of a vulnerability

  6. System Security Threats

  7. Security Goals

  8. Security Goal: Confidentiality • Only authorized people or system can access protected data • Ensuring the confidentiality can be difficult! • More to concern • Access : a single bit or the whole collection? • Disclose to other parties prohibit?

  9. Security Goal: Integrity • Several meanings • Precise • Accurate • Unmodified • Modified in acceptable way • Consistent • May cover two or more of above properties

  10. Security Goal: Availability • Several properties • Present in a usable form • Enough capacity to meet the service’s needs • Bounded waiting time • Completed services in an acceptable period of time • System is well available if :- • Timely response to a request • Generalized fairly allocate resources • Fault tolerance (graceful cessation instead of crash or abrupt) • Easily to be used • Concurrency is controlled (simultaneous, deadlock management, exclusive access)

  11. Vulnerabilities of Computing System

  12. Some of software modifications • Logic Bomb • Trojan • Virus • Trapdoor • Information Leaks

  13. Security of Data

  14. Computer Criminal • Armatures • Crackers • Career Criminals • Terrorists

  15. Method of Defense • Prevent • Blocking the attack • Closing the vulnerability • Deter • Making the attack harder • Deflect • Making another target more attractive • Detect • Discover real-time or off-line • Recover • From its effects

  16. Multiple Controls

  17. Q&A

More Related