Chapter 1  Problems: 1,3,4.

 

Confidentiality, Integrity and Availability  CIA

Confidentiality:

Aims to prevent unauthorized reading of information.

Customers of a bank cares about confidentiality.

A bank cares about confidentiality because the costumers do.

 

Integrity:

 

Information has integrity if unauthorized writing is prohibited.

 

Availability:

 

DoS (denial of service) tries to reduce availability/access to information.

 

--------------------------------------------------

 

Access control:

 

Authentication and authorization both deal with issues of access to resources.

 

Other:

 

bullet

Bugs in software

bullet

Malicious software

 

Real world security depends on 4 things:

  1. Specification/policy  WHAT IS THE SYSTEM SUPPOSED TO DO?

  2. Implementaion/mechanism  HOW DOES IT DO IT?

  3. Correctness/assurance  DOES IT REALLY WORK?

  4. Human nature CAN THE SYSTEM SURVIVE "CLEVER" USERS?

 

Classic cipher systems:

 

bullet

Simple Substitution Cipher

bullet

Double Transposition Cipher

bullet

One-Time Pad

bullet

Project Venona

bullet

Codebook Cipher

 

Modern cipher systems:

 

bullet

Symmetric key crypto

bullet

Public key crypto

bullet

Hash functions

 

Information hiding:

 

bullet

Watermarking

 

Access Control:

 

bullet

Authentication  PASSWORDS, BIOMETRICS, SMARTCARDS

bullet

Authorization  RESTRICTIONS ON AUTHENTICATED USERS, ACCESS CONTROL LISTS AND CAPABILITIES. MULTILEVEL SECURITY, INFERENCE CONTROL.