1 / 14

Applications of Information Security

Applications of Information Security. Dr. Jeff Teo Class 3 June 30, 2009. Deliverables. Lecture on Trusted Computing: Evolution and Direction Review of students’ blogs and assignments

hilda
Download Presentation

Applications of Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Applications of Information Security Dr. Jeff Teo Class 3 June 30, 2009

  2. Deliverables • Lecture on Trusted Computing: Evolution and Direction • Review of students’ blogs and assignments • Summarize today’s lecture on Trusted Computing: Evolution and Direction and post at least one blog entry on your blog • Trusted Computing Group • Trusted Platform Module Jeff Teo, Ph.D.

  3. Abstract – page 1 of text • Software-dominated defenses are woefully inadequate • Bellovin 2001 • Hands-on assignment- locate this article • Woefully inadequate- of poor quality, not up to standard, not able to do the job • Who is TCG (Trusted Computing Group)? • http://www.trustedcomputinggroup.org/ • Promotes open standards-based interoperability framework i.e. TCP/IP, 802.11, Ethernet • Promotes the use of both hardware and software to defend against computer attacks • Root of Trust is in hardware – Trusted Platform Module Jeff Teo, Ph.D.

  4. Trusted Platform Module- TPM • What is a Trusted Platform Module -TPM? • Basically a security chip, stores secrets and has a cryptographic engine built-in • Hands-On assignment: tell me the Chinese name of a TPM • Inexpensive, less than US $1.oo in bulk • Hands-On assignment: tell me which chip company makes the TPM • Security is enhanced by specially designed software • Hands-on assignment: tell me which software company writes software for the TPM Jeff Teo, Ph.D.

  5. Is computer security a big problem? • YES! • According to the latest survey, http://i.cmpnet.com/v2.gocsi.com/pdf/CSIsurvey2008.pdf • tremendous loss of time, productivity, information are incurred as a result of computer attacks of various types • Hands-on assignment – tell me the top three types of attacks • Important Question to consider throughout this course • WOULD THE USE OF TRUSTED COMPUTING/TRUSTED PLATFORM MODULE SOLVE THE TOP THREE TYPES OF ATTACKS? Jeff Teo, Ph.D.

  6. Important Question to Answer • WOULD THE USE OF TRUSTED COMPUTING/TRUSTED PLATFORM MODULE SOLVE THE TOP THREE TYPES OF ATTACKS? • If Yes, tell me why and how? • If No, tell me why and how? • Yes and No, tell me why and how? • Answer the above question in the form of a paper (minimum of 4 pages – this is an example of a final examination question). Jeff Teo, Ph.D.

  7. What is Trust? – see page 2 • There are many definitions of trust – McKnight and Chervany 2002 • Trust: the willingness of a party (person, group, company, country) to be vulnerable to the actions of actions of another party based on the expectations that the other would perform a particular action important to the trustor, irrespective of the ability to monitor or control that other party – Mayer 1995 • Vulnerable: without adequate/sufficient protection • Trustor: person trusting • Trustee: person receiving trust Jeff Teo, Ph.D.

  8. Trust in E-commerce • Business and commerce depend on trust • Trust is the foundation of e-commerce, Keen 1999 • 95% of consumers did not want to provide their personal information to web sites and 63% stated that they did not trust the companies collecting the data, Hoffman 1999 • Many researchers have conducted research in trust, especially as it relates to e-commerce • TCG is actively promoting trust in e-commerce by helping deploy trusted computing using TPMs Jeff Teo, Ph.D.

  9. Trusted Computing: Then and Now • TC is not new- United States military conducted research and development in the late 1960s • Hands-on assignment – review the history of mainframe computing • Multiprogramming and multiprocessing capable mainframes enabled time-sharing computing . This increased efficiency (you have to wait with batch processing) and reduced costs (you can share computer across security levels – earlier, separate computers must be used for each security level) Jeff Teo, Ph.D.

  10. Problems with time-sharing • One program can override a memory location used by another program • Users can read each other’s data – this created issues especially for the military • Different levels of security used by the military • Top secret • Secret • Confidential • Restricted • Public Jeff Teo, Ph.D.

  11. National Security Agency, NSA • As early as 1967, the NSA sponsored computer security research. • Hands-on assignment: Who or what does this agency do? • Hands-on assignment: Do other countries have a similar agency like the NSA? Name a European counterpart. • Hands-on assignment: Name an Asian counterpart • Hands-on assignment: Which agency in China is involved in the same activities as the NSA? Jeff Teo, Ph.D.

  12. Prominent Computer Security Researchers • Ware, 1967 • Weissman, 1969 • Anderson, 1972 • Karger and Schell, 1974 • Bell and LaPadula, 1976, 1973, 1974, and 1976 Jeff Teo, Ph.D.

  13. Orange Book – Rainbow Series • United States Department of Defense (DoD) promoted the used of trusted computer systems and Trusted Computing Base (TCB) • Trusted computer systems defined by DoD must employ sufficient hardware and software integrity measures to allow its used in processing multiple levels of classified or sensitive information • In 1985, it published the above standards stating the principle of Trusted Computing Base Jeff Teo, Ph.D.

  14. Trusted Computing Base • The heart of a trusted computer system is the Trusted Computing Base (TCB) which contains all of the elements of the system responsible for supporting the security policy and supporting the isolation of objects (code and data) on which the protection is based. The bounds of the TCB equate to the "security perimeter" referenced in some computer security literature. In the interest of understandable and maintainable protection, a TCB should be as simple as possible consistent with the functions it has to perform. Thus, the TCB includes hardware, firmware, and software critical to protection and must be designed and implemented such that system elements excluded from it need not be trusted to maintain protection. Jeff Teo, Ph.D.

More Related