Scribd Logo
Carica

Benvenuto in Scribd!

  • System Security Introduction

    Caricato da

    Ali Ahmad Butt
    24 visualizzazioni20 pagine
    Introduction of System Security Course

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Introduction of System Security Course

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    24 visualizzazioni20 pagine

    System Security Introduction

    Caricato da

    Ali Ahmad Butt
    Introduction of System Security Course

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 20

    Systems Security

    Winfried E. Khnhauser
    Summer Term 2016

    Winfried E. Khnhauser
    CSI
    Ilmenau Technical University
    www.tu-ilmenau.de
    Systems Security, ST 2016 wk

    -1-

    Organization
    Teaching Units

    Lectures
    Periodical discussions

    Feedback for you: Understood everything?

    Feedback for me: Well explained?

    Exercises

    Every 2 weeks, 3 assignments

    Systems Security, ST 2016 wk

    -2-

    Organization

    Exercises
    Goal

    To turn knowledge into skills


    To discover ups and downs

    Working Style

    Quite some work 3 teams


    One assignment per team, every 2 weeks
    To be filed 24 hours before presentation to Wiki
    everyone has solutions of all assignments
    Presentations

    One per team every 2 weeks, 25 mins (presentation, demo, discussion)

    Rotating speakers

    Systems Security, ST 2016 wk

    -3-

    Organization

    Web Pages
    tu-ilmenau.de/vsbs, Lehre SS 2016 Systems Security
    Course description
    TOC
    Slides
    Assignments
    Literature

    Link to Wiki (password-protected)

    Assignment solutions

    Team communication (email etc.)

    organize pages yourself!

    Systems Security, ST 2016 wk

    -4-

    Organization

    Marks
    will be based on

    Quality of assignment presentations


    Oral examination

    Any
    questions?

    Systems Security, ST 2016 wk

    -5-

    Organization

    1 Introduction
    Topics Today
    Take a Look

    Where security is relevant


    Examples
    What are necessary system properties
    Security requirements

    Systems Security, ST 2016 wk

    -6-

    1 Introduction

    1.1 Risk Scenarios

    Systems Security, ST 2016 wk

    -7-

    1.1 Risikoszenarien

    1.1 Scenarios
    Information Systems

    Availability
    Timeliness

    Scalability

    Openness

    Systems Security, ST 2016 wk

    -8-

    Security
    Correctness

    1.1 Scenarios

    Communication Systems

    Availability
    Timeliness

    Scalability

    Openness

    Systems Security, ST 2016 wk

    -9-

    Security
    Correctness

    1.1 Scenarios

    Energy Management

    Availability
    Timeliness

    Scalability

    Openness

    Systems Security, ST 2016 wk

    - 10 -

    Security
    Correctness

    1.1 Scenarios

    Traffic Management

    Availability
    Timeliness

    Scalability

    Openness

    Systems Security, ST 2016 wk

    - 11 -

    Security
    Correctness

    1.1 Scenarios

    Security-relevant Application Scenarios

    Secure IT Systems
    Traffic
    Management

    Information Systems

    Energy
    Management
    Communikation
    Systems

    Systems Security, ST 2016 wk

    - 12 -

    1.1 Scenarios

    1.2 Security
    Example 1
    Our Facultys Examination Management System
    Maintains

    Students records (personal data, registration to examinations, grades)


    Course profiles (examination form, examination dates, credit points)

    Services

    Registration to examinations
    Registration of examination marks
    Information and attestations desk
    Web

    Clients

    Examinations
    Offices Server
    Systems Security, ST 2016 wk

    - 13 -

    1.2 Security

    Operational Risks
    Condition sine qua non:
    Provability of information properties

    Registration to examinations: integrity, non-repudiability


    Grades, personal data: confidentiality, integrity
    Attestations: Authenticity, integrity

    Systems Security, ST 2016 wk

    - 14 -

    1.2 Security

    Example 2
    Industrial Control Systems; e.g. Energy/Water Plants
    Chinese Hacking Team Caught Taking Over Decoy Water Plant
    http://www.technologyreview.com/news/517786/chinese-hacking-team-caught-taking-overdecoy-water-plant/

    Arte Netwars: Stadtwerke Ettlingen

    Discussion in 1st Exercise class

    Operational Risks
    Threat of primary community support systems

    Systems Security, ST 2016 wk

    - 15 -

    1.2 IT-Sicherheit

    Message: Goal of IT Security

    Reduction of Operational Risks of IT Systems


    Elementary: Protection of

    Confidentiality
    Integrity
    Availability
    Non-repudiability

    Systems Security, ST 2016 wk

    - 16 -

    1.2 Security

    Theres a Difference ...


    Safety
    Goal: to protect environment against hazards caused by system failures

    Technical failures: power failure, ageing, dirt


    Human errors: stupidity, lacking education, carelessness

    Force majeure: fire, lightning, earth quakes

    Safety

    making sure things work in the presence of system failures

    Security
    Goal: to protect IT systems against hazards caused by malicious attacks

    Industrial espionage, fraud, blackmailing


    Terrorism, vandalism

    making sure things work in the face of an intelligent and malicious adversary
    Systems Security, ST 2016 wk

    - 17 -

    1.2 Security

    Basic Terms

    Confidentiality (of information): the property of information to be


    available only to a limited user group

    Integrity: the property of information to be protected against


    unauthorized modification

    Availability: the property of information to be available in an


    reasonable time frame

    Authenticity: the property to be able to identify the author of an


    information

    Non-repudiability: the combination of integrity and authenticity

    Systems Security, ST 2016 wk

    - 18 -

    1.2 Security

    1.3 Security Engineering


    Security Engineering
    Method-driven engineering of secure IT systems

    Requirements
    Engineering

    Security
    Requirements
    Policy
    Engineering

    Security
    Policy
    Model
    Engineering

    Security
    Model
    Architecture
    Engineering

    Systems Security, ST 2016 wk

    - 19 -

    Security
    Architecture

    1.3 Security Engineering

    Roadmap

    Threats
    Vulnerabilities
    Risks

    Security Requirements

    Security Policies
    Modeling and Specification

    ACMs, HRU, RBAC, ABAC, MLS


    Skippy, XACML, SELinux SPSL

    Security Mechanisms

    Authentication
    Access Control
    Cryptography

    Security Architectures

    TCBs, Reference Monitors


    Nizza, SELinux, Kerberos

    Systems Security, ST 2016 wk

    - 20 -

    1.3 Security Engineering

    Potrebbero piacerti anche