-
7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security
1/18
Security Goals/
Key Principles of Security V.V.IMP
(Compulsory Question can beexpected for 5-10 M)
BY ::Prof Yogesh Doulatramani
VIT College
-
7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security
2/18
CIA Triad
2
-
7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security
3/18
Key Objectives Confidentiality
Data Confidentiality-informationnot disclosed tounauthorized individuals
Privacy individuals control how their information iscollected, stored, shared
Integrity
Data Integrity System Integrity
Availabilityservice not denied to authorized users
3
-
7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security
4/18
Security Goals
Integrity
Confidentiality
Avalaibility
4
-
7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security
5/18
Security Goals Confidentiality
Concealment of information or resources
Integrity Trustworthiness of data or resources
Availability Ability to use information or resources
5
-
7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security
6/18
Confidentiality Need for keeping information secret arises
from use of computers in sensitive fields such
as government and industry Access mechanisms, such as cryptography,
support confidentiality
Example: encrypting income tax return
Lost through unauthorized disclosure ofinformation
6
-
7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security
7/18
Integrity
Often requires preventing unauthorizedchanges
Includes data integrity (content) and origin
integrity (source of data also calledauthentication)
Include prevention mechanisms and detectionmechanisms Example: Newspaper prints info leaked from White
House and gives wrong source
Includes both correctness and trustworthiness Lost through unauthorized modification or
destruction of information 7
-
7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security
8/18
Availability Is an aspect of reliability and system design
Attempts to block availability, called denial of
service attacks (DoS) are difficult to detect Example: bank with two servers one is blocked, the
other provides false information
Ensures timely and reliable access to and use
of information Lost through disruption of access to
information or information system
8
-
7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security
9/18
3 Additional Goals Authenticity- being genuine and able to be
verified or trust; verifying that users are whothey say they are (use DigitalCertificates,Passwords,Biometrics)
Access Control : only users with
rights(r,w,x) will be allowed(use AccessControl Matrix)
Non-Repudiation : user cant deny later (useDi ital Si natures9
-
7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security
10/18
Security Attacks on Goals
10
-
7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security
11/18
Security Attacks
Information
source
Information
destination
Normal Flow
11
-
7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security
12/18
Security Attacks
Information
source
Information
destination
Interruption
Attack on availability
(ability to use desired information or resources)
12
-
7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security
13/18
Security Attacks
Information
source
Information
destination
Interception
Attack on confidentiality
(concealment of information)13
-
7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security
14/18
Security Attacks
Information
source
Information
destination
Fabrication
Attack on authenticity
(identification and assurance of origin of information)14
-
7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security
15/18
Security Attacks
Information
source
Information
destination
Modification
Attack on integrity
(prevention of unauthorized changes)Network Security 15
-
7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security
16/18
Security Threats/Attacks
16
-
7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security
17/18
Security Attacks Interruption: This is an attack on
availability
Disrupting traffic Physically breaking communication line
Interception: This is an attack onconfidentiality Overhearing, eavesdropping over a
communication line
17
-
7/30/2019 2 (v.v.imp) Security Goals or Key Principles of Security
18/18
Security Attacks (continued) Modification: This is an attack on
integrity
Corrupting transmitted data or tamperingwith it before it reaches its destination
Fabrication: This is an attack onauthenticity Faking data as if it were created by a
legitimate and authentic party
18