1 / 6

Preliminaries on Security

Preliminaries on Security. What is security?. Security: prevent bad things from happening – Confidential information leaked – Important information damaged – Critical services unavailable – Clients not paying for services – Improper access to physical resources

chuong
Download Presentation

Preliminaries on Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Preliminaries on Security

  2. What is security? Security: prevent bad things from happening – Confidential information leaked – Important information damaged – Critical services unavailable – Clients not paying for services – Improper access to physical resources – System used to violate law … or at least make them less likely • Versus an adversary! Security Summer School, June 2004

  3. Security properties Integrity • No improper modification of data • E.g., account balance is updated only by authorized transactions, only you can change your password • Integrity of security mechanisms is crucial • Enforcement: access control, digital signatures,… Confidentiality • Protect information from improper release • Limit knowledge of data or actions • E.g. D-Day attack date, contract bids • Also: secrecy • Enforcement: access control, encryption,… Security Summer School, June 2004

  4. Security properties Availability • system must respond to requests • Easy way to ensure confidentiality, integrity: unplug computer • Denial of Service Security Summer School, June 2004

  5. The Current State of Affairs Software security flaws cost our economy $10-$30 billion/year* .... .... and Moore’s law applies: The cost of software security failures is doubling every year.* Security Summer School, June 2004

  6. The Current State of Affairs • In 1998: • 85%* of all CERT advisories represent problems that cryptography can’t fix • 30-50%* of recent software security problems are due to buffer overflow in languages like C and C++ • problems that can be fixed with modern programming language technology (Java, ML, Modula, C#, Haskell, Scheme, ....) • perhaps many more of the remaining 35-55% may be addressed by programming language techniques Security Summer School, June 2004

More Related