Introduction into Computer Security Outline Introduction to ... - Courses
Recommend Documents
Introduction to. Computer Security. International Edition. Michael T. Goodrich.
Department of Computer Science. University of California, Irvine. Roberto ...
present an overview of security measures is presented. 1 Introduction ... tions, the condition of computer security has never been so poor. Actually, it is.
Introduction to Computer Security Michael Goodrich Roberto Tamassia on ... Goodrich Roberto Tamassia Read Reviews ISBN 1
1. IS2150/TEL2810 Introduction to Computer Security. Final Examination.
Tuesday, December 13, 2005. Name: Email: Total Time : 2:30 Hours. Total Score
: 100.
A. Course Number and Title: DA102. Introduction to Computer Security
Investigations and. Hardware Fundamentals (Intro to CSI/DF). B. Curriculum:
Information ...
Sep 18, 2015 ... The program we will exploit is the “Badly Coded File Archiver,” or BCZIP (loosely
modeled on the ... which is installed setuid root. This program ...
database systems rather than the traditional file systems. ... David M.Kroenke and
David J. Auer, Database. Concepts, 4th Edition, Pearson International. Edition ...
Fundamental principles of operating systems: process synchronization,
deadlocks, ... Abraham Silberschatz, Peter B. Galvin and Greg Gagne, Operating
System ...
Security in computer systems is strongly related to the notion of dependabil- ity.
Informally ... types of security threats to consider (Pfleeger, 1997): 1. Interception.
taking this course in Network Security. No further copies are ..... Free to choose
any key. ❍ More about “non-trivial” later. ..... *William Stallings, Cryptography and
Network. Security, Principles and Practices, 4th edition,. Pearson Education, I
Amazon Web Services (AWS) delivers a scalable cloud computing platform designed for high availability and dependability,
environments running on AWS against 20+ standards, including the HIPAA, CESG (UK), and Singapore Multi-tier Cloud. Secur
CMPS 10. Introduction to Computer Science. Lecture Notes. Chapter 1:
Introduction. What is Computer Science? Some possible misconceptions are: •
The study ...
The goal of computer vision is to develop algorithms that allow computer to “see”.
Also called ... Textbook: Introductory Techniques for 3-D Computer. Vision, by ...
Understanding Computers: An Overview for Records and Archives Staff ....
describing the concepts associated with computer technology, this module
explains.
1.0 Introduction ... Fig 1 gives an example of a network in a school comprising of
a local area .... What are the advantages and disadvantages of a Wireless LAN?
these notes as much as we enjoyed preparing them. If you have specific ... Olin is
the author of the introductory book The Way Computer Graphics. Works.
Sony: Beowulf. Motion capture. - performance ... performance of real actors. Sony
Image works – Beowulf (2007) .... of the scene outside the fov θ = 2 tan-1 h/(2d) ...
http://www.cis.nctu.edu.tw/~ichenlin/courses.ht · m. ▫ Text book: ▫ D. Hearn, M.P.
Baker, Computer Graphics with. OpenGL 3rd Ed., Prentice Hall, 2004.
[Keshav] “An Engineering Approach to Computer Networking”, S. Keshav, ...
Theoretical approach, fundamentals ideas behind basic building b locks of a ...
2.4 Memory â A Place to Store Data (and Other Things) . . . . . . . . . . . . . . . . . .... 7.2.3 The Additional Assembly Language Generated by the Compiler . ...... The user is prompted to enter an integer in decimal, and the user's response is r
Jan 8, 2014 ... EECS 3026: Introduction to Computer Architecture & Organization ... D. A.
Patterson and J. L. Hennessy Computer Organization and Design, ...
Dec 10, 2003 ... l Age 8 - astronaut l Age 12 - baseball player l Age 16 - computer scientist l Age
21 - computer engineer l Age 31 - computer engineer/professor.
Introduction into Computer Security Outline Introduction to ... - Courses
Introduction into computer security. • Upcoming important dates and action items.
• Next session preview. Introduction to. Computer Security. Introduction to.
Outline
Introduction into Computer Security
• • • • •
Miscellaneous Last session re-cap Introduction into computer security Upcoming important dates and action items Next session preview
EECE 412 Session 2
Introduction to Computer Security
Introduction to Computer Security
What is Security?
Goals of Security
•security -- “safety, or freedom from worry” •How can it be achieved?
• Prevention
– Make computers too heavy to steal – Buy insurance – Create redundancy (disaster recovery services)
– Prevent attackers from violating security policy
• Detection – Detect attackers’ violation of security policy
• Recovery – Stop attack, assess and repair damage – Continue to function correctly even if attack succeeds
1
Solovki Monastery, White Sea, Russia
Conventional, fortress-based, security Goal: Prevent people from violating system’s security policy Means: Fortification – – – – –
Some points about fortresses • • • • • • • • •
provides safety involves layering expensive requires maintenance eventually compromised
Limitations of Fortresses
No absolute safety One weakness/error sufficient Extra layers extra cost Important to understand threats Limited defender’s resources Adjust to attacks Resource suppliers Distinguishing noncombatants from attackers Containment
2
Fortress Analogy Limitations Fortress • Against external attackers
Computer security • Control of insiders
• Protects only insiders
• Has to keep system usable
• Defenses cannot change
• Has to protect from new types of attacks
What Computer Security Policies are Concerned with? • Confidentiality – Keeping data and resources hidden
• Integrity
What Computer Security Policies are Concerned with?
– Data integrity (integrity) – Origin integrity (authentication)
• Availability – Enabling access to data and resources
Conventional Approach to Security
• Confidentiality – Keeping data and resources hidden
Protection • provided by a set of mechanisms (countermeasures) to prevent bad things (threats) from happening
Operational Assurance
Development Assurance
NonRepudiation
Requirements Assurance
Audit
Assurance
Availability
Disaster Recovery
CIA
Accountability
Service Continuity
– Enabling access to data and resources
Data Protection
• Availability
Protection Authorization
Access Control
– Data integrity (integrity) – Origin integrity (authentication)
Design Assurance
• Integrity
Authentication Cryptography
Authorization protection against breaking rules Rule examples: – Only registered students should be able to take exam or fill out surveys – Only the bank account owner can debit an account – Only hospital’s medical personnel should have access to the patient’s medical records – Your example…
3
Authorization Mechanisms: Data Protection • No way to check the rules – e.g. telephone wire or wireless networks
• No trust to enforce the rules – e.g. MS-DOS
Availability
• Service continuity -- you can always get to your resources • Disaster recovery -- you can always get back to your work after the interruption
Accountability
You can tell who did what when • (security) audit -- actions are recorded in audit log • Non-Repudiation -- evidence of actions is generated and stored
Types of Mechanisms
secure
precise
set of reachable states
broad
set of secure states
Assurance Set of things the system builder and the operator of the system do to convince you that it is really safe to use.
Securing Systems
– the system can enforce the policy you are interested in, and – the system works as intended
4
Asset Value
It’s all about risk
Th
re
V at
al
ue
Vulnerability Value
Risk = Asset * Vulnerability * Threat
Source: Common Criteria for Information Technology Security Evaluation. 1999
Steps of Improving Security
Classes of Threats
1. analyze risks
• Disclosure
asset values threat degrees vulnerabilities
• • •
2. 3. 4. 5.
– Snooping
• Deception
develop/change policies choose & develop countermeasures assure go back to the beginning
Key Points
Authentication Cryptography
Operational Assurance
Development Assurance
Design Assurance
Requirements Assurance
Disaster Recovery
NonRepudiation
Assurance
Availability
Service Continuity
Data Protection
Access Control
Accountability
Audit
– Modification – denial of service
• Usurpation – – – –
Modification Spoofing Delay denial of service
Key Points (cont-ed)
Protection Authorization
– Modification – Spoofing – repudiation of origin – denial of receipt
![[PDF] Introduction to Computer Security - Google Sites](https://m.moam.info/img/260x300/pdf-introduction-to-computer-security-google-sites_6477306f097c4786708b6ee2.jpg)
