Computer and Information Security: Simen Hagen

Introduction Computer Security Summary
Computer and Information Security

Lecture 1 Simen Hagen
Introduction
university-logo
Simen Hagen
Security
Course Description Curriculum Course Work
Course Description
This course builds on

Operating Systems Network and System Administration 1
Lectures and all class assignments will be in English 10 ECTS No nal exam Folder assessment (mappevurdering)
university-logo
Simen Hagen
Security
The lectures
Lectures
Time: Wednesday, 08:30 - 10:15 Location: P35-PI257
Problem Classes (vingstimer)

Time: Tuesday, 12:30 - 14:15 Location: P35-PI257
university-logo
Simen Hagen
Security
Curriculum
Required Reading
This book is the curriculum: Computer Security, Dieter Gollmann All references, if not otherwise specied, will be to this book
university-logo
Simen Hagen
Security
Curriculum
Required Reading, option 1
This book is the curriculum: Introduction to Computer Security, Matt Bishop This book covers the curriculum, and is a good book, but is a bit more detailed.
university-logo
Simen Hagen
Security
Curriculum
Computer Security: Art and Science, Matt Bishop This book can be used in stead of the other Bishop book It has even more information than the Bishiop book on the previous slide
university-logo
Simen Hagen
Security
Curriculum
Network Security Essentials: Applications and Standards, William Stallings Have not been able to review it properly Seems to have potential. Can be used in place of the others.
Simen Hagen Security
university-logo
Curriculum
Optional Reading
Other books worth reading: Secrets and Lies, Bruce Schneier The Code Book, Simon Singh The art of intrusion, Kevin Mitnick The art of deception, Kevin Mitnick
university-logo
Simen Hagen
Security
My expectations
Course: 10 ECTS Work week: 40 hours Your work load: 13 hours 20 minutes every week
university-logo
Simen Hagen
Security
Handing in Work
When writing an answer, do not copy. This means that you may not copy from: The Internet From Co-students Work previously handed in by former students Any other source, including, but not limited to
Books Magazines Papers
university-logo
Simen Hagen
Security
Handing in Work
Legal ways to copy Denition (Quote) Repeat or copy out, typically with an indication that one is not the original author or speaker. Denition (Paraphrase) Express the meaning of the writer using different words. Denition (Rephrasing)
You may copy others work if you are Quoting (or Citing) Paraphrasing Rephrase But only do this on short sections.
Simen Hagen
Security
Express in an alternative way, especially with the purpose of changing the university-logo detail or perspective of the original idea.
Handing in Work
Do it, and to it well
Discuss with fellow students. Research your questions. Do the work by yourself.
Do not just copy from others.
Think for your self.
university-logo
Simen Hagen
Security
Threats to the system Security Policy
Computers and Security
Security is security, whether it is on a computer or not. The principles are general. We want to protect our assets. So what is valuable to us?
Money Information Freedom of speech ...
university-logo
Simen Hagen
Security
Risk and Certainty
There is alway an element of risk.

What level of risk can we accept?
We want to protect our property or interest. Restrict or grant access.

Who can we trust?
university-logo
Simen Hagen
Security
Risk and Certainty
Criteria for measuring computer security: Condentiality/Privacy The ability to keep things private/condential. Trust Can we trust this data? Authenticity Are we talking with whom we think we are talking? Integrity Is the system compromised/altered? Non-repudiation It should not be possible to deny having done an action.
university-logo
Simen Hagen
Security
Threats to the system

Physical Threats
The environment that the computer is a part of can be dangerous. Weather

Rain Lightning
Natural Disasters
Flood Earthquake Hurricane
Power failures etc. . .
university-logo
Simen Hagen
Security

Human Threats
Humans can be dangerous to computer systems. Stealing Trickery Bribery Hacking

Spying Sabotage
Accident etc. . .
university-logo
Simen Hagen
Security

Software threats
Computers can be a threat to other computers. Malicious software is a huge problem. Virus Trojan Horses Logic Bombs Denial of Service (DOS) attack
university-logo
Simen Hagen
Security

What are the risks?
As mentioned, there are many threats to the system. So what do we stand to lose? We might lose the control of the system the ability to use the system privacy (e.g. private or sensitive information) data (deleted les) face/reputation money
university-logo
Simen Hagen
Security
Goals of security
Prevention Detection Recovery
university-logo
Simen Hagen
Security
Security Mantra
Security Mantra #1 Every problem in security boils down to a question of trust. Who or what do we trust?
university-logo
Simen Hagen
Security
So what do we trust?
Predictability
We trust things that are predictable. We believe we are secure if we trust.
university-logo
Simen Hagen
Security
Security Mantra
Security Mantra #2 Security is a property of systems. Security should be designed or built into the system from the start.
university-logo
Simen Hagen
Security
Where do we need security?
User Interface Functionality Algorithms/Methods System calls Hardware Communication Implicit trust relationships
university-logo
Simen Hagen
Security
What can we do to be secure?
Failure All systems fail. We have to make sure that they fail predictably. Main theme What can we do to ensure predictability?
university-logo
Simen Hagen
Security
What can we do to be secure?
Create protocols Limit functionality Standardise

Behaviour Interface Communication
university-logo
Simen Hagen
Security
Policy
Denition (From Merriam-Webster Online) a : a denite course or method of action selected from among alternatives and in light of given conditions to guide and determine present and future decisions b : a high-level overall plan embracing the general goals and acceptable procedures especially of a governmental body Denition (From Wikipedia) A policy is a plan of action for tackling issues.
university-logo
Simen Hagen
Security
Security policy
Denition (Policy) A security policy is a statement of what is, and what is not, allowed.
university-logo
Simen Hagen
Security
Policy
There are several challenges with making policies: We have to state what we value. We do not always agree on what is valuable. Security is often inconvenient. Management is necessary (assign and control of privileges).
university-logo
Simen Hagen
Security
Final thoughts
Do you trust the information in this course? Do you trust the identity and authenticity of the source? Can you verify that I am who I say I am? Do I have a hidden agenda? How much proof is enough?
university-logo
Simen Hagen
Security
Contact Information
Simen Hagen
mailto:simen.hagen@iu.hio.no http://www.iu.hio.no/~simenhag
Lu Xing
mailto:Lu.Xing@stud.iu.hio.no
university-logo
Simen Hagen
Security

Computer and Information Security: Simen Hagen

Uploaded by

Computer and Information Security: Simen Hagen

Uploaded by

Introduction Computer Security Summary