Introduction
Tom Kelliher, CS 325
Aug. 29, 2011
Read Chapter 1.
- Syllabus.
- Introduction.
- Discussion.
What is a secure system? Take a few minutes and write a paragraph.
- Relationship between vulnerability, threat, and control:
- Threat types:
- Interception.
- Interruption.
- Modification.
- Fabrication.
Recent ``Real world'' examples?
- Attacker must have:
- Method.
- Opportunity.
- Motive.
- Security goals:
- Confidentiality.
- Integrity.
- Availability.
- Principles:
- Easiest penetration.
- Adequate protection.
- Vulnerabilities
- Hardware: Interruption (DoS, theft), interception, modification,
fabrication.
- Software: Interruption (deletion), interception, modification,
fabrication.
- Data: Interruption (loss), interception, modification,
fabrication.
- Consider a ``hit counter'' on a Web page. Who might want to attack
this? What types of harm might they want to cause? What kind of
vulnerabilities might they want to exploit?
- Consider an online database of, say, student grades. Who might want
to attack this? What types of harm might they want to cause? What kind of
vulnerabilities might they want to exploit?
- What types of damage could a company suffer if the integrity of its
software or data were compromised?
Thomas P. Kelliher
2011-08-26
Tom Kelliher