Академический Документы
Профессиональный Документы
Культура Документы
SECURITY
-Lidong Chen, Guang Gong
Objective
• Gives a thorough understanding of information security technology
• Policy (what should be protected)
• Mechanisms (cryptography, electrical engineering, …)
• Attacks (malicious code, protocol failure …)
• Assurance – that there was the right information from the right source
• How to make this into a proper engineering discipline?
Security systems have critical assurance requirements. Their failure may-
• endanger human life and the environment (as with nuclear safety and control systems),
• do serious damage to major economic infrastructure (cash machines and other bank systems),
• undermine the viability of whole business sectors (pay-TV), and facilitate crime (burglar and
car alarms).
• While software engineering is about ensuring that certain things happen, security is about
ensuring that the unwanted doesn't happen.
• Security requirements differ greatly from one system to another. It requires a combination of
user authentication, integrity and accountability, fault tolerance, message secrecy, and
covertness.
But still systems fail because the wrong things are protected, or the right things are protected
in a wrong way
Communication system security includes
• information security
The objectives of providing security is achieved by applying security mechanisms based on trust
Main Requirements
Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to
guide policies for information security within an organization. The model is also sometimes
referred to as the
‘AIC triad’
Objectives can be achieved thru several Protection Mechanisms like cryptographic
functions or algorithms
1. Confidentiality:
• Integrity
• Maintaining the integrity of information means that only authorized parties can
manipulate the information and do so only in authorized ways.
• Availability
- third-party trust