150 likes | 201 Views
Information Security. Newroz N. Abdulrazaq. Science College- Department of Computer Science & I.T. newroz.abudlrazaq@su.edu.kurd. Mobile: 07504052680. Chapter 1: Introduction. Components of computer security Threats هەڕەشە Policies and mechanisms (میکانزم و پلان)
E N D
Information Security Newroz N. Abdulrazaq Science College- Department of Computer Science & I.T. newroz.abudlrazaq@su.edu.kurd Mobile: 07504052680 Salahaddin University- Erbil
Chapter 1: Introduction • Components of computer security • Threats هەڕەشە • Policies and mechanisms(میکانزم و پلان) • The role of trust (رۆڵێ متمانە پێبوون) • Assurance (دڵنیایی) • Operational Issues • Human Issues Salahaddin University- Erbil
Basic Components • Confidentiality (پاراستنی نهێنی) • Keeping data and resources hidden • Integrity (کاملبوون) • Data integrity (integrity) • Origin integrity (authentication) • Availability (بەردەستبوون) • Enabling access to data and resources Salahaddin University- Erbil
Classes of Threats • Disclosure درکاندنی نهێنی • Snooping چاوگێڕان بە دزییەوە • Deception گومڕاکردن • Modification, spoofing, repudiation of origin, denial of receipt • Disruption (شلەژان) • Modification • Usurpation (زۆرداری) • Modification, spoofing, delay, denial of service Salahaddin University- Erbil
Policies and Mechanisms • Policy says what is, and is not, allowed • This defines “security” for the site/system/etc. • Mechanisms enforce policies • Composition of policies • If policies conflict, discrepancies may create security vulnerabilities Salahaddin University- Erbil
Goals of Security • Prevention • Prevent attackers from violating security policy • Detection • Detect attackers’ violation of security policy • Recovery • Stop attack, assess and repair damage • Continue to function correctly even if attack succeeds Salahaddin University- Erbil
Trust and Assumptions • Underlie all aspects of security • Policies • Unambiguously partition system states • Correctly capture security requirements • Mechanisms • Assumed to enforce policy • Support mechanisms work correctly Salahaddin University- Erbil
Types of Mechanisms secure broad precise set of reachable states set of secure states Salahaddin University- Erbil
Types of Mechanisms Secure پارێزراو جۆرێکی پارێزراوە.. بەڵام سیستەم (کۆمپیوتەر) ناتوانێت بگاتە هەندێک شوێن لە بارە پارێزراوەکە. جۆرێکی دروست و ووردە.. سیستەم (کۆمپیوتەر) دەتوانێت بگاتە هەموو شوێنێکی بارە پارێزراوەکە. Precise دروست-وورد Broad فراوان- بەربڵاو جۆرێکی ناپارێزراوە.. شوێنی ناپارێزراو بەردەستە بۆ سیستەم Salahaddin University- Erbil
Assurance • Specification • Requirements analysis • Statement of desired functionality • Design • How system will meet specification • Implementation • Programs/systems that carry out design Salahaddin University- Erbil
Operational Issues • Cost-Benefit Analysis • Is it cheaper to prevent or recover? • Risk Analysis • Should we protect something? • How much should we protect this thing? • Laws and Customs • Are desired security measures illegal? • Will people do them? Salahaddin University- Erbil
Human Issues • Organizational Problems • Power and responsibility • Financial benefits • People problems • Outsiders and insiders • Social engineering Salahaddin University- Erbil
Tying Together Threats Policy Specification Design Implementation Operation Salahaddin University- Erbil
Key Points • Policy defines security, and mechanisms enforce security • Confidentiality • Integrity • Availability • Trust and knowing assumptions • Importance of assurance • The human factor Salahaddin University- Erbil
Reference 1. Matt Bishop, Introduction to Computer Science, Addison Wesley professional, 2004 2. William Stalling, Cryptography and Network Security: Principles and Practice, Pearson , 7th Edition, 2017 Salahaddin University- Erbil