CSC 386 Computer Security Scott Heggen Agenda The Foundations of Computer Security Foundations of Computer Security Define computer security Foundations of Computer Security Classical view of security: Prevention Detection Reaction Whats wrong with this model in the context of computer security? Foundations of Computer Security A more modern view of security: Confidentiality Unlinkability Anonymity Integrity Availability Denial of service Accountability Authentication Logging Non-repudiation Reliability The big 3! The Fundamental Dilemma Security-unaware users have specific security requirements but usually no security expertise Data vs. Information Whats the difference? Security-focused Design Decisions Decision 1: In a given application, should the protection mechanisms in a computer system focus on data, operations, or users? Security-focused Design Decisions Decision 2: Where in the computing system should a security mechanism be placed? Man-Machine Scale Security-focused Design Decisions Decision 3: Do you prefer simplicity and higher assurance to a feature-rich security environment, or vice versa? Whats the trade-off? Security-focused Design Decisions Decision 4: Who should be tasked with defining and enforcing security? A central entity, or the individual components in the system? Whats the trade-off? Security-focused Design Decisions Decision 5: How can you prevent an attacker from getting access to a layer below the protection mechanism? Next Class Due: Begin Homework 1 (Due Friday, 8/29) Agenda: Identification and Authentication