110 likes | 288 Views
Cmpe 471. Lecture 1- Is There a Security Problem in Computing?. Security in Computing. Computer Intrusion Principle of easiest penetration Kinds of Security Breaches Exposure Vulnerability Attack Threats: interception, interruption, modification, fabricate Control.
E N D
Cmpe 471 Lecture 1- Is There a Security Problem in Computing?
Security in Computing • Computer Intrusion • Principle of easiest penetration • Kinds of Security Breaches • Exposure • Vulnerability • Attack • Threats: interception, interruption, modification, fabricate • Control
Security Goals and Vulnerabilities • Confidentiality • Integrity • Availability confidentiality integrity availability
Integrity • Precise • Accurate • Unmodified • Modified only in acceptable ways • Modified only by authorised people • Modified only by authorised processes • Consistent • Internally consistent • Meaningful and correct results
Availability • Different expectations of availability: • Precence of object or service in usable form • Capacity to meet service needs • Progress: bounded waiting time • Adequate time timeliness of service
Availability • Goals of availability: • Timely response • Fair allocation • Fault tolerance • Utility or usability • Controlled concurrency: support for simultaneous access, deadlock management, and exclusive access as required
Vulnerabilities interception (theft) interruption (denial of service) HARDWARE Interruption (loss) Interruption (deletion) Interception SOFTWARE DATA Modification Interception Fabrication Modification
Other Exposed Assets • Storage media • Networks • Access • Key people
Methods of Defense • Controls • Encryption • Software controls: internal program controls, operating system controls, development controls • Hardware controls • Policies • Physical controls
The People Involved • Amateurs • Crackers • Career criminals
Effectiveness of Controls • Awareness of problem • Likelihood of use • Overlapping controls • Periodic review