system security
DESCRIPTION
Accompanies video on my YouTube channel on system securityTRANSCRIPT
System security, 2013 Slide 1
System security
System security, 2013 Slide 2
Security• The security of a system is a
system property that reflects the system’s ability to protect itself from accidental or deliberate external attack.
System security, 2013 Slide 3
Principal dependability properties
System security, 2013 Slide 4
• Security is essential as most systems are networked so that external access to the system through the Internet is possible.
• Security is a pre-condition for availability, reliability and safety.
System security, 2013 Slide 5
Damage from insecurity
• Denial of service– The system is forced into a state
where normal services are unavailable or where service provision is significantly degraded
System security, 2013 Slide 6
• Corruption of programs or data– The programs or data in the system
may be modified in an unauthorised way
System security, 2013 Slide 7
• Disclosure of confidential information– Information that is managed by the
system may be exposed to people who are not authorised to read or use that information
System security, 2013 Slide 8
• Asset– Something, such as a computer
system, that needs to be protected
– Example: The records of patients receiving treatment in a hospital
System security, 2013 Slide 9
• Exposure– Possible loss or harm that could result from a
security failure
– Potential financial loss from future patients who do not seek treatment because they do not trust the clinic to maintain their data. Financial loss from legal action by patients. Loss of reputation.
System security, 2013 Slide 10
• Vulnerability– A weakness in a system that may be
exploited to cause loss or harm
– A weak password system which makes it easy for users to set guessable passwords
System security, 2013 Slide 11
• Attack– An exploitation of a system’s vulnerability
that is a deliberate attempt to cause some damage
– An impersonation of an authorized user to gain access to records system
System security, 2013 Slide 12
• Threat– A system vulnerability that is
subjected to an attack.
– An unauthorized user will gain access to the system by guessing the credentials (login name and password) of an authorized user.
System security, 2013 Slide 13
• Control– A protective measure that reduces a
system’s vulnerability.
– A password checking system that disallows user passwords that are proper names or words that are normally included in a dictionary.
System security, 2013 Slide 14
Security assurance• Vulnerability avoidance
– The system is designed so that vulnerabilities do not occur. For example, if there is no external network connection then external attack is impossible
System security, 2013 Slide 15
• Attack detection and elimination– The system is designed so that
attacks on vulnerabilities are detected and neutralised before they result in an exposure. For example, virus checkers find and remove viruses before they infect a system
System security, 2013 Slide 16
• Exposure limitation and recovery– The system is designed so that the
adverse consequences of a successful attack are minimised. For example, a backup policy allows damaged information to be restored
System security, 2013 Slide 17
Summary• Security is a system property that reflects the
system’s ability to protect itself from malicious use
• A system has to be secure if we are to be confident in its dependability
• Damage includes– Denial of service
– Loss or corruption of data
– Disclosure of confidential information
System security, 2013 Slide 18
Summary• Security can be maintained through strategies
such as– Vulnerability avoidance
– Attack detection and elimination
– Exposure limitation and recovery