4. • Text Book
1. Cryptography and Network Security by Behrouz A.
Forouzan, TATA McGraw hill.
2. Security in Computing by Charles P. Pfleeger ,
Pearson Education
• Reference Book
1. Cryptography and Network Security, William
Stalling, Prentice hall
System Security - Introduction 4
7. Vulnerability
Weakness in the security
system
Threat
Circumstances that cause
harm or loss to system
Attack
Exploiting the
vulnerability of system
System Security - Introduction 7
8. Control
• An action, device, procedure or technique to
remove or reduce vulnerability.
• A threat is blocked by controlling
vulnerability.
System Security - Introduction 8
11. Interception
• Unauthorized party has gained access to an
asset.
• Unauthorized party can be a Person,
Program or System.
• Copying data , Wiretapping
System Security - Introduction 11
13. Interruption
• An asset of the system becomes
unavailable or unusable.
o Destruction of hardware devices.
o Deleting program or data file.
o Malfunction of O.S.
System Security - Introduction 13
14. Modification
• Unauthorized tempering of asset.
o Change database value
o Alter program to perform additional
computation
o Modify data to be transmitted
System Security - Introduction 14
15. Fabrication
• Fabrication of counterfeit objects on a
computing system.
o Add records to an existing database
System Security - Introduction 15
16. Software Vulnerability
• Software Deletion(Interruption)
• Software Modification
o Logic Bomb
o Trojan Horse
o Virus
o Trap Door
o Information Leak
• Software Theft
System Security - Introduction 16
19. Confidentiality
• No unauthorized disclosure of information
System Security - Introduction 19
I Don’t want
anyone to steal
my credit card
number
20. Confidentiality
• Only authorized party can access the
protected data.
• Determine authorized people
• Determine data access policy
• Awareness of sensitivity of data
System Security - Introduction 20
21. Integrity
• No unauthorized modification of information
System Security - Introduction 21
I Don’t want
anyone to
change my
report
23. Availability
• System should be available for legitimate
use.
System Security - Introduction 23
I want to check
my E-Mails
24/7
24. Availability
• Applicable to data and services.
o Timely response to the request
o Fault Tolerance
o Easy to use
o Concurrency Controlled
o Deadlock Management
System Security - Introduction 24
25. Computer Security
• The protection afforded to an automated
information system in order to attain the
applicable objectives of preserving the
integrity , availability and confidentiality of
resources.
System Security - Introduction 25
38. Active Attack Passive Attack
Access and modify
information
Access information
System is harmed No harm to system
Easy to detect than prevent
Difficult to detect than
prevent
Threat to Integrity, Availability Threat to Confidentiality
Masquerading, Repudiation,
DOS
Snooping, Traffic analysis
System Security - Introduction 38
40. Service Security Mechanism
Data
Confidentiality
Encipherment , Routing Control
Data Integrity
Encipherment , Digital Signature,
Data Integrity
Authentication
Encipherment , Digital Signature,
Authentication Exchange
Nonrepudiation
Digital Signature, Data Integrity,
Notarization
Access Control Access Control
System Security - Introduction 40