Downloaded 609 times
More Related Content
More from sommerville-videos
System security
- 1. System security System security,2013 Slide 1
- 2. Security • The securityof a system is a system property that reflects the system’s ability to protect itself from accidental or deliberate external attack. System security, 2013 Slide 2
- 3.
- 4. • Security isessential as most systems are networked so that external access to the system through the Internet is possible. • Security is a pre-condition for availability, reliability and safety. System security, 2013 Slide 4
- 5. Damage from insecurity •Denial of service – The system is forced into a state where normal services are unavailable or where service provision is significantly degraded System security, 2013 Slide 5
- 6. • Corruption ofprograms or data – The programs or data in the system may be modified in an unauthorised way System security, 2013 Slide 6
- 7. • Disclosure ofconfidential information – Information that is managed by the system may be exposed to people who are not authorised to read or use that information System security, 2013 Slide 7
- 8. • Asset – Something,such as a computer system, that needs to be protected – Example: The records of patients receiving treatment in a hospital System security, 2013 Slide 8
- 9. • Exposure – Possibleloss or harm that could result from a security failure – Potential financial loss from future patients who do not seek treatment because they do not trust the clinic to maintain their data. Financial loss from legal action by patients. Loss of reputation. System security, 2013 Slide 9
- 10. • Vulnerability – Aweakness in a system that may be exploited to cause loss or harm – A weak password system which makes it easy for users to set guessable passwords System security, 2013 Slide 10
- 11. • Attack – Anexploitation of a system’s vulnerability that is a deliberate attempt to cause some damage – An impersonation of an authorized user to gain access to records system System security, 2013 Slide 11
- 12. • Threat – Asystem vulnerability that is subjected to an attack. – An unauthorized user will gain access to the system by guessing the credentials (login name and password) of an authorized user. System security, 2013 Slide 12
- 13. • Control – Aprotective measure that reduces a system’s vulnerability. – A password checking system that disallows user passwords that are proper names or words that are normally included in a dictionary. System security, 2013 Slide 13
- 14. Security assurance • Vulnerabilityavoidance – The system is designed so that vulnerabilities do not occur. For example, if there is no external network connection then external attack is impossible System security, 2013 Slide 14
- 15. • Attack detectionand elimination – The system is designed so that attacks on vulnerabilities are detected and neutralised before they result in an exposure. For example, virus checkers find and remove viruses before they infect a system System security, 2013 Slide 15
- 16. • Exposure limitationand recovery – The system is designed so that the adverse consequences of a successful attack are minimised. For example, a backup policy allows damaged information to be restored System security, 2013 Slide 16
- 17. Summary • Security is asystem property that reflects the system’s ability to protect itself from malicious use • A system has to be secure if we are to be confident in its dependability • Damage includes – Denial of service – Loss or corruption of data – Disclosure of confidential information System security, 2013 Slide 17
- 18. Summary • Security can bemaintained through strategies such as – Vulnerability avoidance – Attack detection and elimination – Exposure limitation and recovery System security, 2013 Slide 18