Вы находитесь на странице: 1из 31

Introduction Computer Security Summary

Computer and Information Security


Lecture 1 Simen Hagen

Introduction

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Course Description Curriculum Course Work

Course Description

This course builds on


Operating Systems Network and System Administration 1

Lectures and all class assignments will be in English 10 ECTS No nal exam Folder assessment (mappevurdering)

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Course Description Curriculum Course Work

The lectures

Lectures
Time: Wednesday, 08:30 - 10:15 Location: P35-PI257

Problem Classes (vingstimer)


Time: Tuesday, 12:30 - 14:15 Location: P35-PI257

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Course Description Curriculum Course Work

Curriculum
Required Reading

This book is the curriculum: Computer Security, Dieter Gollmann All references, if not otherwise specied, will be to this book

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Course Description Curriculum Course Work

Curriculum
Required Reading, option 1

This book is the curriculum: Introduction to Computer Security, Matt Bishop This book covers the curriculum, and is a good book, but is a bit more detailed.

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Course Description Curriculum Course Work

Curriculum
Required Reading, option 2

Computer Security: Art and Science, Matt Bishop This book can be used in stead of the other Bishop book It has even more information than the Bishiop book on the previous slide

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Course Description Curriculum Course Work

Curriculum
Required Reading, option 3

Network Security Essentials: Applications and Standards, William Stallings Have not been able to review it properly Seems to have potential. Can be used in place of the others.
Simen Hagen Security

university-logo

Introduction Computer Security Summary

Course Description Curriculum Course Work

Curriculum
Optional Reading

Other books worth reading: Secrets and Lies, Bruce Schneier The Code Book, Simon Singh The art of intrusion, Kevin Mitnick The art of deception, Kevin Mitnick

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Course Description Curriculum Course Work

My expectations

Course: 10 ECTS Work week: 40 hours Your work load: 13 hours 20 minutes every week

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Course Description Curriculum Course Work

Handing in Work

When writing an answer, do not copy. This means that you may not copy from: The Internet From Co-students Work previously handed in by former students Any other source, including, but not limited to
Books Magazines Papers

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Course Description Curriculum Course Work

Handing in Work
Legal ways to copy Denition (Quote) Repeat or copy out, typically with an indication that one is not the original author or speaker. Denition (Paraphrase) Express the meaning of the writer using different words. Denition (Rephrasing)

You may copy others work if you are Quoting (or Citing) Paraphrasing Rephrase But only do this on short sections.

Simen Hagen

Security

Express in an alternative way, especially with the purpose of changing the university-logo detail or perspective of the original idea.

Introduction Computer Security Summary

Course Description Curriculum Course Work

Handing in Work
Do it, and to it well

Discuss with fellow students. Research your questions. Do the work by yourself.
Do not just copy from others.

Think for your self.

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Threats to the system Security Policy

Computers and Security

Security is security, whether it is on a computer or not. The principles are general. We want to protect our assets. So what is valuable to us?
Money Information Freedom of speech ...

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Threats to the system Security Policy

Risk and Certainty

There is alway an element of risk.


What level of risk can we accept?

We want to protect our property or interest. Restrict or grant access.


Who can we trust?

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Threats to the system Security Policy

Risk and Certainty

Criteria for measuring computer security: Condentiality/Privacy The ability to keep things private/condential. Trust Can we trust this data? Authenticity Are we talking with whom we think we are talking? Integrity Is the system compromised/altered? Non-repudiation It should not be possible to deny having done an action.

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Threats to the system Security Policy

Threats to the system


Physical Threats

The environment that the computer is a part of can be dangerous. Weather


Rain Lightning

Natural Disasters
Flood Earthquake Hurricane

Power failures etc. . .

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Threats to the system Security Policy

Threats to the system


Human Threats

Humans can be dangerous to computer systems. Stealing Trickery Bribery Hacking


Spying Sabotage

Accident etc. . .

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Threats to the system Security Policy

Threats to the system


Software threats

Computers can be a threat to other computers. Malicious software is a huge problem. Virus Trojan Horses Logic Bombs Denial of Service (DOS) attack

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Threats to the system Security Policy

Threats to the system


What are the risks?

As mentioned, there are many threats to the system. So what do we stand to lose? We might lose the control of the system the ability to use the system privacy (e.g. private or sensitive information) data (deleted les) face/reputation money

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Threats to the system Security Policy

Goals of security

Prevention Detection Recovery

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Threats to the system Security Policy

Security Mantra

Security Mantra #1 Every problem in security boils down to a question of trust. Who or what do we trust?

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Threats to the system Security Policy

So what do we trust?
Predictability

We trust things that are predictable. We believe we are secure if we trust.

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Threats to the system Security Policy

Security Mantra

Security Mantra #2 Security is a property of systems. Security should be designed or built into the system from the start.

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Threats to the system Security Policy

Where do we need security?

User Interface Functionality Algorithms/Methods System calls Hardware Communication Implicit trust relationships

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Threats to the system Security Policy

What can we do to be secure?

Failure All systems fail. We have to make sure that they fail predictably. Main theme What can we do to ensure predictability?

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Threats to the system Security Policy

What can we do to be secure?

Create protocols Limit functionality Standardise


Behaviour Interface Communication

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Threats to the system Security Policy

Policy

Denition (From Merriam-Webster Online) a : a denite course or method of action selected from among alternatives and in light of given conditions to guide and determine present and future decisions b : a high-level overall plan embracing the general goals and acceptable procedures especially of a governmental body Denition (From Wikipedia) A policy is a plan of action for tackling issues.

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Threats to the system Security Policy

Security policy

Denition (Policy) A security policy is a statement of what is, and what is not, allowed.

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Threats to the system Security Policy

Policy

There are several challenges with making policies: We have to state what we value. We do not always agree on what is valuable. Security is often inconvenient. Management is necessary (assign and control of privileges).

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Final thoughts

Do you trust the information in this course? Do you trust the identity and authenticity of the source? Can you verify that I am who I say I am? Do I have a hidden agenda? How much proof is enough?

university-logo

Simen Hagen

Security

Introduction Computer Security Summary

Contact Information

Simen Hagen
mailto:simen.hagen@iu.hio.no http://www.iu.hio.no/~simenhag

Lu Xing
mailto:Lu.Xing@stud.iu.hio.no

university-logo

Simen Hagen

Security

Вам также может понравиться