1 / 13

Threats and Survivability Architectures

Threats and Survivability Architectures. Introduction to Security Architectures 21 Sept 2000. Review. Threats to security and survivability Information Warfare threats Nation states, terrorists, hacktivists, etc Other threats Natural disasters, casual hackers, accidents, insiders, ….

Download Presentation

Threats and Survivability Architectures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Threats and Survivability Architectures Introduction to Security Architectures 21 Sept 2000

  2. Review • Threats to security and survivability • Information Warfare threats • Nation states, terrorists, hacktivists, etc • Other threats • Natural disasters, casual hackers, accidents, insiders, …

  3. Review -2 • Two important factors in prioritizing threats • Frequency: expected number of incidents per unit time • Severity: maximum expected damage based on a successful threat

  4. Threats to What (pp25) • IT resources • Internal data storage • Data transmission • Service availability • Transaction repudiation • Reputation • Intellectual property

  5. Classes of threats (pp27) • Eavesdropping • Masquerade • Replay • Data Manipulation • Misrouting • Trojan Horse • Viruses/Worms • Repudiation • Denial of Service

  6. Weaknesses • Threats exploit weaknesses in: • Technology • Policy • Configuration • All of these can be identified in a security (or survivability) architecture

  7. Survivability Architectures Definition: View of a connected set of system components that exposes security-relevant properties • Can be hardware, operating system, network, internetwork, etc

  8. Security features include but are not limited to: • Integrity • Availability • Confidentiality Survivability features add performance, dependability, fitness, responsiveness, etc

  9. Flaws and Vulnerabilities • Flaws: system component does not implement specification or maintain required system attributes • Security flaw: a flaw that can lead to a violation of the security properties of a system • Vulnerability: a security flaw that may be exploited by a threat

  10. Security Architecture • Attempts to limit the impact of vulnerabilities through the application of an architectural abstraction • Identified elements in a security architecture should support the security attributes • All security-relevant elements evident at the specific level of abstraction should be included

  11. Example A company’s local area network is connected to the Internet. What are some of the architectural approaches to enhancing the security of the network? What are the impacts to usability, security, and performance to the approaches?

  12. Metrics associated with security architectures • Orange book • Verification and Validation • Red Teams • Fault Injection • Boundary checking • Certification • Functionality

  13. Discussion and issues • What are the differences (related to security) between development of an architecture from scratch versus modifying an existing architecture? • How are security requirements tied to security architectures?

More Related