Chapter-01PPT課件

1、The art of war teaches us to rely not on the likelihood of the enemys not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. The Art of War, Sun Tzu第1頁(yè)/共22頁(yè)The combination of space, time, and st

2、rength that must be considered as the basic elements of this theory of defense makes this a fairly complicated matter. Consequently, it is not easy to find a fixed point of departure. On War, Carl Von Clausewitz第2頁(yè)/共22頁(yè)Computer Security the protection afforded to an automated information system in o

3、rder to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications)第3頁(yè)/共22頁(yè)Key Security Concepts第4頁(yè)/共22頁(yè)Levels of Impact can define 3 levels of impact

4、from a security breach Low Moderate High第5頁(yè)/共22頁(yè)Examples of Security Requirements confidentiality student grades integrity patient information availability authentication service第6頁(yè)/共22頁(yè)Computer Security Challenges第7頁(yè)/共22頁(yè)OSI Security Architecture ITU-T X.800 “Security Architecture for OSI” defines

5、a systematic way of defining and providing security requirements for us it provides a useful, if abstract, overview of concepts we will studyM acintosh P IC Tim age form atis not supported第8頁(yè)/共22頁(yè)Aspects of Security consider 3 aspects of information security: security attack security mechanism secur

6、ity service note termsthreat a potential for violation of securityattack an assault on system security, a deliberate attempt to evade security services第9頁(yè)/共22頁(yè)P(yáng)assive Attacks第10頁(yè)/共22頁(yè)Active Attacks第11頁(yè)/共22頁(yè)Security Service enhance security of data processing systems and information transfers of an o

7、rganization intended to counter security attacks using one or more security mechanisms often replicates functions normally associated with physical documents which, for example, have signatures, dates; need protection from disclosure, tampering, or destruction; be notarized or witnessed; be recorded

8、 or licensed第12頁(yè)/共22頁(yè)Security Services X.800:“a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers” RFC 2828:“a processing or communication service provided by a system to give a specific kind of protection to syste

9、m resources”第13頁(yè)/共22頁(yè)Security Services (X.800) Authentication - assurance that communicating entity is the one claimed have both peer-entity & data origin authentication Access Control - prevention of the unauthorized use of a resource Data Confidentiality protection of data from unauthorized disclo

10、sure Data Integrity - assurance that data received is as sent by an authorized entity Non-Repudiation - protection against denial by one of the parties in a communication Availability resource accessible/usable第14頁(yè)/共22頁(yè)Security Mechanism feature designed to detect, prevent, or recover from a securit

11、y attack no single mechanism that will support all services required however one particular element underlies many of the security mechanisms in use: cryptographic techniques hence our focus on this topic第15頁(yè)/共22頁(yè)Security Mechanisms (X.800)specific security mechanisms: encipherment, digital signatur

12、es, access controls, data integrity, authentication exchange, traffic padding, routing control, notarizationpervasive security mechanisms: trusted functionality, security labels, event detection, security audit trails, security recovery第16頁(yè)/共22頁(yè)Model for Network Security第17頁(yè)/共22頁(yè)Model for Network Se

13、curityusing this model requires us to: ldesign a suitable algorithm for the security transformation lgenerate the secret information (keys) used by the algorithm ldevelop methods to distribute and share the secret information 1.specify a protocol enabling the principals to use the transformation and

14、 secret information for a security service 第18頁(yè)/共22頁(yè)Model for Network Access Security第19頁(yè)/共22頁(yè)Model for Network Access Securityusing this model requires us to: lselect appropriate gatekeeper functions to identify users 1.implement security controls to ensure only authorised users access designated information or resources 第20頁(yè)/共22頁(yè)Summary topic