Cmpe 471

1
Cmpe 471

• Lecture 1- Is There a Security Problem in
  Computing?

2
Security in Computing

• Computer Intrusion
• Principle of easiest penetration
• Kinds of Security Breaches
• Exposure
• Vulnerability
• Attack
• Threats interception, interruption,
  modification, fabricate
• Control

3
Security Goals and Vulnerabilities

• Confidentiality
• Integrity
• Availability

confidentiality
integrity
availability
4
Integrity

• Precise
• Accurate
• Unmodified
• Modified only in acceptable ways
• Modified only by authorised people
• Modified only by authorised processes
• Consistent
• Internally consistent
• Meaningful and correct results

5
Availability

• Different expectations of availability
• Precence of object or service in usable form
• Capacity to meet service needs
• Progress bounded waiting time
• Adequate time timeliness of service

6
Availability

• Goals of availability
• Timely response
• Fair allocation
• Fault tolerance
• Utility or usability
• Controlled concurrency support for simultaneous
  access, deadlock management, and exclusive access
  as required

7
Vulnerabilities
interception (theft)
interruption (denial of service)
HARDWARE
Interruption (loss)
Interruption (deletion)
Interception
DATA
SOFTWARE
Modification
Interception
Fabrication
Modification
8
Other Exposed Assets

• Storage media
• Networks
• Access
• Key people

9
Methods of Defense

• Controls
• Encryption
• Software controls internal program controls,
  operating system controls, development controls
• Hardware controls
• Policies
• Physical controls

10
The People Involved

• Amateurs
• Crackers
• Career criminals

11
Effectiveness of Controls

• Awareness of problem
• Likelihood of use
• Overlapping controls
• Periodic review