Computer and Information Security

Transcription

1 Computer Computer and Information Lecture 1 Introduction

2 Computer Course Description Course Work Course Description This course builds on Operating Systems Network and System Administration 1 Lectures and all class assignments will be in English 10 ECTS No final exam Folder assessment (mappevurdering)

3 Computer Course Description Course Work The lectures Lectures Time: Wednesday, 08:30-10:15 Location: P35-PI257 Problem Classes (Øvingstimer) Time: Tuesday, 12:30-14:15 Location: P35-PI257

4 Computer Course Description Course Work Required Reading This book is the curriculum: Computer, Dieter Gollmann All references, if not otherwise specified, will be to this book

5 Computer Course Description Course Work Required Reading, option 1 This book is the curriculum: Introduction to Computer, Matt Bishop This book covers the curriculum, and is a good book, but is a bit more detailed.

6 Computer Course Description Course Work Required Reading, option 2 Computer : Art and Science, Matt Bishop This book can be used in stead of the other Bishop book It has even more information than the Bishiop book on the previous slide

7 Computer Course Description Course Work Required Reading, option 3 Network Essentials: Applications and Standards, William Stallings Have not been able to review it properly Seems to have potential. Can be used in place of the others.

8 Computer Course Description Course Work Optional Reading Other books worth reading: Secrets and Lies, Bruce Schneier The Code Book, Simon Singh The art of intrusion, Kevin Mitnick The art of deception, Kevin Mitnick

9 Computer Course Description Course Work My expectations Course: 10 ECTS Work week: 40 hours Your work load: 13 hours 20 minutes every week

10 Computer Course Description Course Work Handing in Work When writing an answer, do not copy. This means that you may not copy from: The Internet From Co-students Work previously handed in by former students Any other source, including, but not limited to Books Magazines Papers

11 Computer Course Description Course Work Handing in Work Legal ways to copy You may copy others work if you are Quoting (or Citing) Paraphrasing Rephrase But only do this on short sections. Definition (Quote) Repeat or copy out, typically with an indication that one is not the original author or speaker. Definition (Paraphrase) Express the meaning of the writer using different words. Definition (Rephrasing) Express in an alternative way, especially with the purpose of changing the detail or perspective of the original idea.

12 Computer Course Description Course Work Handing in Work Do it, and to it well Discuss with fellow students. Research your questions. Do the work by yourself. Do not just copy from others. Think for your self.

13 Computer Computers and is security, whether it is on a computer or not. The principles are general. We want to protect our assets. So what is valuable to us? Money Information Freedom of speech...

14 Computer Risk and Certainty There is alway an element of risk. What level of risk can we accept? We want to protect our property or interest. Restrict or grant access. Who can we trust?

15 Computer Risk and Certainty Criteria for measuring computer security: Confidentiality/Privacy The ability to keep things private/confidential. Trust Can we trust this data? Authenticity Are we talking with whom we think we are talking? Integrity Is the system compromised/altered? Non-repudiation It should not be possible to deny having done an action.

16 Computer Physical Threats The environment that the computer is a part of can be dangerous. Weather Rain Lightning Natural Disasters Flood Earthquake Hurricane Power failures etc...

17 Computer Human Threats Humans can be dangerous to computer systems. Stealing Trickery Bribery Hacking Spying Sabotage Accident etc...

18 Computer Software threats Computers can be a threat to other computers. Malicious software is a huge problem. Virus Trojan Horses Logic Bombs Denial of Service (DOS) attack

19 Computer What are the risks? As mentioned, there are many threats to the system. So what do we stand to lose? We might lose the control of the system the ability to use the system privacy (e.g. private or sensitive information) data (deleted files) face/reputation money

20 Computer Goals of security Prevention Detection Recovery

21 Computer Mantra Mantra #1 Every problem in security boils down to a question of trust. Who or what do we trust?

22 Computer So what do we trust? Predictability We trust things that are predictable. We believe we are secure if we trust.

23 Computer Mantra Mantra #2 is a property of systems. should be designed or built into the system from the start.

24 Computer Where do we need security? User Interface Functionality Algorithms/Methods System calls Hardware Communication Implicit trust relationships

25 Computer What can we do to be secure? Failure All systems fail. We have to make sure that they fail predictably. Main theme What can we do to ensure predictability?

26 Computer What can we do to be secure? Create protocols Limit functionality Standardise Behaviour Interface Communication

27 Computer Definition (From Merriam-Webster Online) a : a definite course or method of action selected from among alternatives and in light of given conditions to guide and determine present and future decisions b : a high-level overall plan embracing the general goals and acceptable procedures especially of a governmental body Definition (From Wikipedia) A policy is a plan of action for tackling issues.

28 Computer policy Definition () A security policy is a statement of what is, and what is not, allowed.

29 Computer There are several challenges with making policies: We have to state what we value. We do not always agree on what is valuable. is often inconvenient. Management is necessary (assign and control of privileges).

30 Computer Final thoughts Do you trust the information in this course? Do you trust the identity and authenticity of the source? Can you verify that I am who I say I am? Do I have a hidden agenda? How much proof is enough?

31 Computer Contact Information Lu Xing