Security

System Security
Prof. Rupesh Mishra
System Security - Introduction

Prerequisites
• Computer Networks
• Operating Systems
• Algorithm & Programming
• Computer Organization and Architecture
• Data Structure
System Security - Introduction 2

Syllabus
• 150 = 100 + 25 + 25
• Cryptography
• Access Control
• Software Security
• Network Security

• Text Book
1. Cryptography and Network Security by Behrouz A.
Forouzan, TATA McGraw hill.
2. Security in Computing by Charles P. Pfleeger ,
Pearson Education
• Reference Book
1. Cryptography and Network Security, William
Stalling, Prentice hall

Information Asset

Computing
System
Software
Hardware
Data

Vulnerability
Weakness in the security
system
Threat
Circumstances that cause
harm or loss to system
Attack
Exploiting the
vulnerability of system

Control
• An action, device, procedure or technique to
remove or reduce vulnerability.
• A threat is blocked by controlling
vulnerability.

•Interception
•Interruption
•Modification
•Fabrication
Threats

Interception

Interception
• Unauthorized party has gained access to an
asset.
• Unauthorized party can be a Person,
Program or System.
• Copying data , Wiretapping

Interruption

Interruption
• An asset of the system becomes
unavailable or unusable.
o Destruction of hardware devices.
o Deleting program or data file.
o Malfunction of O.S.

Modification
• Unauthorized tempering of asset.
o Change database value
o Alter program to perform additional
computation
o Modify data to be transmitted

Fabrication
• Fabrication of counterfeit objects on a
computing system.
o Add records to an existing database

Software Vulnerability
• Software Deletion(Interruption)
• Software Modification
o Logic Bomb
o Trojan Horse
o Virus
o Trap Door
o Information Leak
• Software Theft

Security
Confident-
iality
IntegrityAvailability

Confidentiality
• No unauthorized disclosure of information
I Don’t want
anyone to steal
my credit card
number

Confidentiality
• Only authorized party can access the
protected data.
• Determine authorized people
• Determine data access policy
• Awareness of sensitivity of data

Integrity
• No unauthorized modification of information
I Don’t want
anyone to
change my
report

AspectsofIntegrity
Authorized Action
Separation and
Protection
Error Detection &
Correction

Availability
• System should be available for legitimate
use.
I want to check
my E-Mails
24/7

Availability
• Applicable to data and services.
o Timely response to the request
o Fault Tolerance
o Easy to use
o Concurrency Controlled
o Deadlock Management

Computer Security
• The protection afforded to an automated
information system in order to attain the
applicable objectives of preserving the
integrity , availability and confidentiality of
resources.

Security
Attack
Active
Attack
Passive
attack

Snooping

Traffic Analysis

Modification

Masquerading

Replay

Repudiation

Denial of Service

Active Attack Passive Attack
Access and modify
information
Access information
System is harmed No harm to system
Easy to detect than prevent
Difficult to detect than
prevent
Threat to Integrity, Availability Threat to Confidentiality
Masquerading, Repudiation,
DOS
Snooping, Traffic analysis

Security
Attack
Confidentiality
(Passive)
Snooping
Traffic
Analysis
Integrity
(Active)
Modification
Masquerading
Replaying
Repudiation
Availability
(Active)
DOS

Service Security Mechanism
Data
Confidentiality
Encipherment , Routing Control
Data Integrity
Encipherment , Digital Signature,
Data Integrity
Authentication
Encipherment , Digital Signature,
Authentication Exchange
Nonrepudiation
Digital Signature, Data Integrity,
Notarization
Access Control Access Control

Encipherment
Cryptography
Steganography

Cryptography
• Secret writing
• Encryption * Decryption
• Symmetric * Asymmetric

Steganography
This course is about cryptography,
not on steganography
Thank You !!!!!!!

Security

More Related Content

What's hot

Viewers also liked

Similar to Security

More from Rupesh Mishra

Recently uploaded

Security