database security notes for Computer science course, Lecture notes of Database Management Systems (DBMS)

database security notes for Computer science course

Typology: Lecture notes

2015/2016

Uploaded on 11/21/2016

neoka1983
neoka1983 šŸ‡¹šŸ‡æ

4.5

(4)

9 documents

1 / 22

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Network Security
Network Security
Essentials
Essentials
Chapter 1
Chapter 1
Fourth Edition
Fourth Edition
by William Stallings
by William Stallings
Lecture slides by Lawrie Brown
Lecture slides by Lawrie Brown
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16

Partial preview of the text

Download database security notes for Computer science course and more Lecture notes Database Management Systems (DBMS) in PDF only on Docsity!

Network Security

Network Security

Essentials

Essentials

Chapter 1

Chapter 1

Fourth Edition

Fourth Edition

by William Stallings

by William Stallings

Lecture slides by Lawrie Brown

Lecture slides by Lawrie Brown

The art of war teaches us to rely not on the

The art of war teaches us to rely not on the

likelihood of the enemy's not coming, but

likelihood of the enemy's not coming, but

on our own readiness to receive him; not

on our own readiness to receive him; not

on the chance of his not attacking, but

on the chance of his not attacking, but

rather on the fact that we have made our

rather on the fact that we have made our

position unassailable.

position unassailable.

The Art of War,

The Art of War,

Sun Tzu

Sun Tzu

Computer Security

Computer Security



the protection afforded to an automated

the protection afforded to an automated

information system in order to attain the

information system in order to attain the

applicable objectives of preserving the

applicable objectives of preserving the

integrity, availability and confidentiality of

integrity, availability and confidentiality of

information system resources (includes

information system resources (includes

hardware, software, firmware,

hardware, software, firmware,

information/data, and telecommunications)

information/data, and telecommunications)

Key Security Concepts

Key Security Concepts

Examples of Security

Examples of Security

Requirements

Requirements



confidentiality – student grades

confidentiality – student grades



integrity – patient information

integrity – patient information



availability – authentication service

availability – authentication service

Computer Security Challenges

Computer Security Challenges

not simple

not simple

must consider potential attacks

must consider potential attacks

procedures used counter-intuitive

procedures used counter-intuitive

involve algorithms and secret info

involve algorithms and secret info

must decide where to deploy mechanisms

must decide where to deploy mechanisms

battle of wits between attacker / admin

battle of wits between attacker / admin

not perceived on benefit until fails

not perceived on benefit until fails

requires regular monitoring

requires regular monitoring

too often an after-thought

too often an after-thought

regarded as impediment to using system

regarded as impediment to using system

Aspects of Security

Aspects of Security



consider 3 aspects of information security:

consider 3 aspects of information security:



security attack

security attack



security mechanism

security mechanism



security service

security service



note terms

note terms



threat

threat

a

a potential for violation of security

potential for violation of security



attack

attack

an

an assault on system security, a

assault on system security, a

deliberate attempt to evade security services

deliberate attempt to evade security services

Passive Attacks

Passive Attacks

Security Service

Security Service



enhance security of data processing systems

enhance security of data processing systems

and information transfers of an organization

and information transfers of an organization



intended to counter security attacks

intended to counter security attacks



using one or more security mechanisms

using one or more security mechanisms



often replicates functions normally associated

often replicates functions normally associated

with physical documents

with physical documents

which, for example, have signatures, dates; need

which, for example, have signatures, dates; need

protection from disclosure, tampering, or

protection from disclosure, tampering, or

destruction; be notarized or witnessed; be

destruction; be notarized or witnessed; be

recorded or licensed

recorded or licensed

Security Services

Security Services



X.800:

X.800:

a service provided by a protocol layer of

a service provided by a protocol layer of

communicating open systems, which ensures

communicating open systems, which ensures

adequate security of the systems or of data

adequate security of the systems or of data

transfersā€

transfersā€



RFC 2828:

RFC 2828:

a processing or communication service

a processing or communication service

provided by a system to give a specific kind of

provided by a system to give a specific kind of

protection to system resourcesā€

protection to system resourcesā€

Security Mechanism

Security Mechanism



feature designed to detect, prevent, or

feature designed to detect, prevent, or

recover from a security attack

recover from a security attack



no single mechanism that will support all

no single mechanism that will support all

services required

services required



however

however

one particular element underlies

one particular element underlies

many of the security mechanisms in use:

many of the security mechanisms in use:



cryptographic techniques

cryptographic techniques



hence our focus on this topic

hence our focus on this topic

Security Mechanisms (X.800)

Security Mechanisms (X.800)

specific security mechanisms:

specific security mechanisms:



encipherment, digital signatures, access

encipherment, digital signatures, access

controls, data integrity, authentication

controls, data integrity, authentication

exchange, traffic padding, routing control,

exchange, traffic padding, routing control,

notarization

notarization

pervasive security mechanisms:

pervasive security mechanisms:



trusted functionality, security labels, event

trusted functionality, security labels, event

detection, security audit trails, security

detection, security audit trails, security

recovery

recovery

Model for Network Security

Model for Network Security



using this model requires us to:

using this model requires us to:

design a suitable algorithm for the security

design a suitable algorithm for the security

transformation

transformation

    generate the secret information (keys) used

generate the secret information (keys) used

by the algorithm

by the algorithm

develop methods to distribute and share the

develop methods to distribute and share the

secret information

secret information

    specify a protocol enabling the principals to

specify a protocol enabling the principals to

use the transformation and secret

use the transformation and secret

information for a security service

information for a security service

Model for Network Access

Model for Network Access

Security

Security