1 / 11

Cmpe 471

Cmpe 471. Lecture 1- Is There a Security Problem in Computing?. Security in Computing. Computer Intrusion Principle of easiest penetration Kinds of Security Breaches Exposure Vulnerability Attack Threats: interception, interruption, modification, fabricate Control.

brent
Download Presentation

Cmpe 471

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cmpe 471 Lecture 1- Is There a Security Problem in Computing?

  2. Security in Computing • Computer Intrusion • Principle of easiest penetration • Kinds of Security Breaches • Exposure • Vulnerability • Attack • Threats: interception, interruption, modification, fabricate • Control

  3. Security Goals and Vulnerabilities • Confidentiality • Integrity • Availability confidentiality integrity availability

  4. Integrity • Precise • Accurate • Unmodified • Modified only in acceptable ways • Modified only by authorised people • Modified only by authorised processes • Consistent • Internally consistent • Meaningful and correct results

  5. Availability • Different expectations of availability: • Precence of object or service in usable form • Capacity to meet service needs • Progress: bounded waiting time • Adequate time timeliness of service

  6. Availability • Goals of availability: • Timely response • Fair allocation • Fault tolerance • Utility or usability • Controlled concurrency: support for simultaneous access, deadlock management, and exclusive access as required

  7. Vulnerabilities interception (theft) interruption (denial of service) HARDWARE Interruption (loss) Interruption (deletion) Interception SOFTWARE DATA Modification Interception Fabrication Modification

  8. Other Exposed Assets • Storage media • Networks • Access • Key people

  9. Methods of Defense • Controls • Encryption • Software controls: internal program controls, operating system controls, development controls • Hardware controls • Policies • Physical controls

  10. The People Involved • Amateurs • Crackers • Career criminals

  11. Effectiveness of Controls • Awareness of problem • Likelihood of use • Overlapping controls • Periodic review

More Related