• No results found

Computer and Information Security

N/A
N/A
Protected

Academic year: 2021

Share "Computer and Information Security"

Copied!
31
0
0

Loading.... (view fulltext now)

Full text

(1)

university-logo

Computer and Information Security

Lecture 1

Simen Hagen

Introduction

(2)

Course Description

This course builds on

Operating Systems

Network and System Administration 1

Lectures and all class assignments will be in English 10 ECTS

No final exam

(3)

university-logo

The lectures

Lectures

Time:Wednesday, 08:30 - 10:15 Location:P35-PI257

Problem Classes (Øvingstimer)

Time:Tuesday, 12:30 - 14:15 Location:P35-PI257

(4)

Curriculum

Required Reading

This book is the curriculum:

Computer Security, Dieter Gollmann All references, if not otherwise specified, will be to this book

(5)

university-logo

Curriculum

Required Reading, option 1

This book is the curriculum:

Introduction to Computer Security, Matt Bishop

This book covers the curriculum, and is a good book, but is a bit more detailed.

(6)

Curriculum

Required Reading, option 2

Computer Security: Art and Science, Matt Bishop This book can be used in stead of the other Bishop book It has even more information than the Bishiop book on the previous slide

(7)

university-logo

Curriculum

Required Reading, option 3

Network Security Essentials: Applications and Standards, William Stallings

Have not been able to review it properly Seems to have potential. Can be used in place of the others.

(8)

Curriculum

Optional Reading

Other books worth reading:

Secrets and Lies, Bruce Schneier

The Code Book, Simon Singh

The art of intrusion, Kevin Mitnick

(9)

university-logo

My expectations

Course: 10 ECTS Work week: 40 hours

Your work load: 13 hours 20 minutes every week

(10)

Handing in Work

When writing an answer, do not copy. This means that you may not copy from:

The Internet From Co-students

Work previously handed in by former students Any other source, including, but not limited to

Books Magazines Papers

(11)

university-logo

Handing in Work

Legal ways to copy

You may “copy” others work if you are

Quoting (or Citing) Paraphrasing Rephrase

But only do this on short sections.

Definition (Quote) “Repeat or copy out, typically with an indication that one is not the original author or speaker.” Definition (Paraphrase) “Express the meaning of the writer using different words.” Definition (Rephrasing) “Express in an alternative way, especially with the purpose of changing the detail or perspective of the original idea.”

(12)

Handing in Work

Do it, and to it well

Discuss with fellow students. Research your questions. Do the work by yourself.

Do not just copy from others.

(13)

university-logo

Computers and Security

Security is security, whether it is on a computer or not. The principles are general.

We want to protect our assets. So what is valuable to us?

Money Information

Freedom of speech . . .

(14)

Risk and Certainty

There is alway an element of risk.

What level of risk can we accept?

We want to protect our property or interest. Restrict or grant access.

(15)

university-logo

Risk and Certainty

Criteria for measuring computer security:

Confidentiality/Privacy The ability to keep things private/confidential.

Trust Can we trust this data?

Authenticity Are we talking with whom we think we are talking?

Integrity Is the system compromised/altered?

Non-repudiation It should not be possible to deny having done an action.

(16)

Threats to the system

Physical Threats

The environment that the computer is a part of can be dangerous. Weather Rain Lightning Natural Disasters Flood Earthquake Hurricane Power failures

(17)

university-logo

Threats to the system

Human Threats

Humans can be dangerous to computer systems. Stealing Trickery Bribery Hacking Spying Sabotage Accident etc. . .

(18)

Threats to the system

Software threats

Computers can be a threat to other computers. Malicious software is a huge problem.

Virus

Trojan Horses Logic Bombs

(19)

university-logo

Threats to the system

What are the risks?

As mentioned, there are many threats to the system. So what do we stand to lose?

We might lose

the control of the system the ability to use the system

privacy (e.g. private or sensitive information) data (deleted files)

face/reputation money

(20)

Goals of security

Prevention Detection Recovery

(21)

university-logo

Security Mantra

Security Mantra #1

Every problem in security boils down to a question of trust.

Who or what do we trust?

(22)

So what do we trust?

Predictability

We trust things that are predictable. We believe we are secure if we trust.

(23)

university-logo

Security Mantra

Security Mantra #2

Security is a property of systems.

Security should be designed or built into the system from the start.

(24)

Where do we need security?

User Interface Functionality Algorithms/Methods System calls Hardware Communication

(25)

university-logo

What can we do to be secure?

Failure

All systems fail. We have to make sure that they fail predictably.

Main theme

What can we do to ensure predictability?

(26)

What can we do to be secure?

Create protocols Limit functionality Standardise Behaviour Interface Communication

(27)

university-logo

Policy

Definition (From Merriam-Webster Online)

a: a definite course or method of action selected from among alternatives and in light of given conditions to guide and determine present and future decisionsb: a high-level overall plan embracing the general goals and acceptable procedures especially of a governmental body

Definition (From Wikipedia)

A policy is a plan of action for tackling issues.

(28)

Security policy

Definition (Policy)

Asecurity policyis a statement of what is, and what is not, allowed.

(29)

university-logo

Policy

There are several challenges with making policies: We have to state what we value.

We do not always agree on what is valuable. Security is often inconvenient.

Management is necessary (assign and control of privileges).

(30)

Final thoughts

Do you trust the information in this course?

Do you trust the identity and authenticity of the source? Can you verify that I am who I say I am?

Do I have a hidden agenda? How much proof is enough?

(31)

university-logo

Contact Information

Simen Hagen mailto:simen.hagen@iu.hio.no http://www.iu.hio.no/~simenhag Lu Xing mailto:Lu.Xing@stud.iu.hio.no

References

Related documents

See Larry May, Masculinity and Morality (New York: Cornell University Press, 1998).. only on the others caused by men, but also on men themselves. 92 If she can show, then,

Future total worth for the Modular product line at Source International 29 Figure 14: Approximate savings for the Modular product line after implementation of change 30 Figure

Class Work and  Homework Policy:   

quarterly), and local levels (normally annual) to make certain that your business maintains its tax accounts as current. Check with the city’s revenue or finance department

Samsung’s Galaxy Note generally termed as Samsung note is the corporate phone series launched in 2011 termed as “Phablet” aimed to provide the big screen with a 5.3 inches

General properties (diameter, heartwood percentage, bark and pith, sapwood thickness and pith diameter), physical (specific gravity, radial, tangential and volume shrinkage, ratio

The study of consumer’s behaviour has become a concern of marketing specialists, because they can learn how buyers choose their goods and services required to meet their

CPE 355 - Real Time Embedded Kernels - Spring ‘12 Nuno Alves (nalves@wne.edu), College of Engineering. Summary of software