[SEC] Foundations of Security

Computer Security - Foundations of Security

Content

  • What is Computer Security
  • Managing security
  • Security vs Ease of use
  • Data vs Information
  • Principles of Computer Security Design

What is Computer Security

Security is about the protection of assets

  • Prevention: Preventing access and damage to assets
  • Detection: Steps to detect the access or damage of assets
  • Recovery: Measures allowing us to recover from asset damage
    Assets could be physical or simply information

Historic Computer Security

  • Historically systems have been built to serve single users
  • Often only a few highly trusted users were permitted to access a system
    • Mistakes still a concern
  • Current multi-user systems have totally different security concerns

Modern Computer Security

  • Possibly thousands of users
  • Distributed over wide networks
  • Not all users are inherently trustworthy
  • More and more things are moving electronic
    • Require protocols to manage them

Managing Security

  • Within organisations, management are responsible for defining security needs
  • Developers implement these policies
  • A concise document explaining the needs is called a Security Policy
    • What should be protected?
    • How should we protect it?

CIA

Usually defined as three key areas:

  • Confidentiality: prevention of unauthorised disclosure of information
  • Integrity: prevention of unauthorised modification of information
  • Availability: prevention of unauthorised witholding(使用) of information or resources

Confidentiality

  • The prevention of unauthorised users reading private or secret information.
  • Privacy is the protection of personal data.
  • Examples are : Medical records and Transfer of credit card details

Integrity

  • The prevention of unauthorised modification of data, and the assurance that data remains unmodified.
  • Examples are:
    • Distributed bank transactions
    • Database records

Availability

  • The property of being accessible an useable upon demand by an authorised entity.
  • In other words, we want to prevent denial of service(Dos)
  • Examples:
    • Redundant power supplies
    • Firewall packet filtering

Some other areas of computer security

Accountability

  • Users should be held responsible for their actions
  • The system should identify and authenticate users and ensure compliance
  • Audit trails(审计跟踪) must be kept

Non-repudiation(不可抵赖性)

  • Provides unforgeable evidence that someone did something
  • Evidence verifiable by a trusted third party
    • E.g. Notaries(公证人), Digital Certificates
  • Applies to physical security
  • Mostly a legal concept

A fundamental Dilemma

“Security-unaware users have specific security requirements but no security expertise”

  • There is a trade off between security and ease of use
    • Increased resource demands
    • Interferes with working patterns

Data vs Information

  • Security can be seen as controlling access to information
  • This is hard, we usually control access to data instead
    • Data- A means to represent information
    • Information - An interpretation of that data
  • Focusing on data can still leave information vulnerable

Security Design

System Focus

  • Computer Security is not rocket science if:
    • Approached in a systematic, disciplined and well planned manner
    • From the inception/design of a system
  • However: If added as an afterthought, will often lead to disaster.

Security Design

  • Good security design focuses on these principles:
    • Focus of control
    • Complexity vs. Assurance
    • Centralised or Decentralised Controls
    • Layered Security

Focus of Control

In a given, application, should the focus of protection mechanisms be:

  • Data
  • Operations
  • Users

Complexity vs. Assurance

Would we prefer a simple approach with high assurance? Or a feature-rich environment?

  • Feature-rich security systems and high assurance do not match easily
  • e.g. Linux and Windows permissions

Decentralised Controls

Should defining and enforcing security be performed by a central entity, or be left to individual components in a system?

  • Central Entity - A possible bottleneck
  • Distributed Solution - More efficient, but harder to manage

Layered Security

enter image description here
enter image description here

评论

发表评论

此博客中的热门博文

[MLE] Linear Classification

图片
Linear Classification Discriminant functions Least squares for classification Fisher’s linear discriminant K-Nearest Neighbour(KNN) Classification What’s decision boundaries/linearly separable? The goal in classification is to take an input vector x and to assign it to one of K discrete classes \(C_k\) where k = 1,…,K. In the most common scenario, the classes are taken to be disjoint, so that each input is assigned to one and only one class. The input space is thereby divided into decision regions whose boundaries are called decision boundaries or decision surfaces. In this blog, we consider linear models for classification , by which we mean that the decision surfaces are linear functions of the input vector x and hence are defined by (D-1) -dimensional hyperplanes within the D-dimensional input space. For example: in 3D input space, the decision boundary will be a 2D surface What is Linear Separability Linearly separable data: Datasets whose classes can be separated by
阅读全文

[AIM] MetaHeuristics

图片
Day2 Outline Metaheuristics -definition Single point based search method(simple stochastic local search) Iterated local search Scheduling Tabu Search Metaheuristic what is a metaheuristic? A metaheuristic is a high-level problem independent algorithmic framework that provides a set of guidelines or strategies to develop heuristic optimization algorithms. what is the difference between heuristic and metaheuristic? Heuristic : Heuristics are problem-dependent techniques. As such, they usually are adapted to the problem at hand and they try to take full advantage of the particularities of this problem. However, because they are often too greedy, they usually get trapped in a local optimum and thus fail, in general, to obtain the global optimum solution. Metaheuristic : Meta-heuristics, on the other hand, are problem-independent techniques . As such, they do not take advantage of any specificity of the problem and, therefore, can be used as black boxes . In general, t
阅读全文

[CS231] Neural Networks

图片
Neural Network Table of Contents: Quick intro without brain analogies Modeling one neuron Biological motivation and connections Single neuron as a linear classifier Commonly used activation functions Neural Network architectures Layer-wise organization Summary Additional references Quick intro It is possible to introduce neural networks without appealing to brain analogies. In the section on linear classification we computed scores for different visual categories given the image using the formula \( s = W x \), where \(W\) was a matrix and \(x\) was an input column vector containing all pixel data of the image. In the case of CIFAR-10, \(x\) is a [3072x1] column vector, and \(W\) is a [10x3072] matrix, so that the output scores is a vector of 10 class scores. An example neural network would instead compute \( s = W_2 \max(0, W_1 x) \). Here, \(W_1\) could be, for example, a [100x3072] matrix transforming the image into a 100-dimensional intermediate vector. The funct
阅读全文