Introduction Security and operating systems Attacks and controls Cryptography Other controls Summary
Introduction Security and operating systems Attacks and controls Cryptography Other controls Summary
Overview
SMD149 - Operating Systems - Security
Roland Parviainen
Security goals and principles Security and operating systems Common security threats and controls Cryptography Other controls Summary
December 9, 2005
1 / 63
2 / 63
Introduction Security and operating systems Attacks and controls Cryptography Other controls Summary
Introduction Security and operating systems Attacks and controls Cryptography Other controls Summary
Security goals
Principle of easiest penetration
Traditionally:
Confidentiality Integrity Availability
Intruders/attackers will use any means of penetration. A security system is only as good as its weakest link. I.e. an attacker need to find one possible vulnerability, while the security specialist must consider all possible vulnerabilities.
3 / 63
4 / 63
Introduction Security and operating systems Attacks and controls Cryptography Other controls Summary
Introduction Security and operating systems Attacks and controls Cryptography Other controls Summary
Principle of adequate protection
Principle of effectiveness
Things need to be protected only until they lose their value. Things need only be protected to a level consistent with their value.
Controls must be used to be effective. Control should be efficient, simple and appropriate.
5 / 63
6 / 63
Introduction Security and operating systems Attacks and controls Cryptography Other controls Summary
Introduction Security and operating systems Attacks and controls Cryptography Other controls Summary
Threat model
Security and Operating systems
Security evaluation needs a threat model
Who are the attackers? What are their resources? What attacks are protecting against? What is the value of what we are protecting?...