Scribd
Upload
24 views8 pages

Lecture 2

The document discusses trust and assumptions in information security. It notes that trust and assumptions underlie all aspects of security. Policies are meant to unambiguously define system states and capture security requirements, while mechanisms are assumed to enforce policies and ensure components work correctly. The document also examines types of security mechanisms, assurance, operational issues, human issues, and ties these concepts together in information security.

Uploaded by

Khawar Zulfiqar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
24 views8 pages

Lecture 2

The document discusses trust and assumptions in information security. It notes that trust and assumptions underlie all aspects of security. Policies are meant to unambiguously define system states and capture security requirements, while mechanisms are assumed to enforce policies and ensure components work correctly. The document also examines types of security mechanisms, assurance, operational issues, human issues, and ties these concepts together in information security.

Uploaded by

Khawar Zulfiqar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 8

Trust and Assumptions in

Information Security
Trust and Assumptions
• Underlie all aspects of security
• Policies
• Unambiguously partition system states
• Correctly capture security requirements
• Mechanisms
• Assumed to enforce policy
• Support mechanisms work correctly

Introduction to Computer Security


November 1, 2004 Slide #1-2
©2004 Matt Bishop
Types of Mechanisms

secure precise broad

set of reachable states set of secure states

Introduction to Computer Security


November 1, 2004 Slide #1-3
©2004 Matt Bishop
Assurance
• Specification
• Requirements analysis
• Statement of desired functionality
• Design
• How system will meet specification
• Implementation
• Programs/systems that carry out design

Introduction to Computer Security


November 1, 2004 Slide #1-4
©2004 Matt Bishop
Operational Issues
• Cost-Benefit Analysis
• Is it cheaper to prevent or recover?
• Risk Analysis
• Should we protect something?
• How much should we protect this thing?
• Laws and Customs
• Are desired security measures illegal?
• Will people do them?

Introduction to Computer Security


November 1, 2004 Slide #1-5
©2004 Matt Bishop
Human Issues
• Organizational Problems
• Power and responsibility
• Financial benefits
• People problems
• Outsiders and insiders
• Social engineering

Introduction to Computer Security


November 1, 2004 Slide #1-6
©2004 Matt Bishop
Tying Together

Threats
Policy
Specification

Design

Implementation

Operation

Introduction to Computer Security


November 1, 2004 Slide #1-7
©2004 Matt Bishop
Key Points
• Policy defines security, and mechanisms enforce security
• Confidentiality
• Integrity
• Availability
• Trust and knowing assumptions
• Importance of assurance
• The human factor

Introduction to Computer Security


November 1, 2004 Slide #1-8
©2004 Matt Bishop

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy