Documente Academic
Documente Profesional
Documente Cultură
Integrity
• Data integrity
• Assures that information and programs are changed only in a
specified and authorized manner
• System integrity
• Assures that a system performs its intended function in an
unimpaired manner, free from deliberate or inadvertent unauthorized
manipulation of the system
Availability
• Assures that systems work promptly and service is not denied
to authorized users
CIA Triad
Accountability Authenticity
• The security goal • Verifying that users
that generates the are who they say
requirement for they are and that
actions of an entity each input arriving
to be traced uniquely at the system came
to that entity from a trusted
source
Possible additional concepts:
Breach of Security
Levels of Impact
• The loss could be expected to have a severe
or catastrophic adverse effect on
Hi organizational operations, organizational
assets, or individuals
gh
• The loss could be expected to have
• Security mechanism
• A process (or a device incorporating such a process) that is
designed to detect, prevent, or recover from a security
attack
• Security service
• A processing or communication service that enhances the
security of the data processing systems and the information
transfers of an organization
• Intended to counter security attacks, and they make use of
one or more security mechanisms to provide the service
Table 1.1
Threats and Attacks (RFC 4949)
Security Attacks
•AA means
means of
of classifying
classifying security
security
attacks,
attacks, used
used both
both in
in X.800
X.800 and
and
RFC
RFC 4949,
4949, is
is in
in terms
terms of
of passive
passive
attacks
attacks and
and active
active attacks
attacks
•AA passive
passive attack
attack attempts
attempts to
to
learn
learn or
or make
make use
use of
of information
information
from
from the
the system
system but
but does
does not
not
affect
affect system
system resources
resources
•An
An active
active attack
attack attempts
attempts to
to
alter
alter system
system resources
resources or
or affect
affect
their
their operation
operation
Passive
Attacks
• Access control
• Data confidentiality
• Data integrity
• Nonrepudiation
Table 1.2
Security
Services
(X.800)
• Availability service
• One that protects a system to ensure its availability
• Addresses the security concerns raised by denial-
of-service attacks
• Depends on proper management and control of
system resources
Table 1.3
Security
Mechanisms
(X.800)
Intercept or
modify data on Exploit service
behalf of users flaws in computers
who should not to inhibit use by
have access to legitimate users
that data
standards
NIST ISOC
• National Institute of Standards • Internet Society
and Technology
• Professional membership society
with worldwide organizational and
• U.S. federal agency that deals individual membership
with measurement science,
standards, and technology • Provides leadership in addressing
related to U.S. government issues that confront the future of
use and to the promotion of the Internet
U.S. private-sector innovation • Is the organization home for the
groups responsible for Internet
• NIST Federal Information infrastructure standards, including
Processing Standards (FIPS) the Internet Engineering Task
and Special Publications (SP) Force (IETF) and the Internet
have a worldwide impact Architecture Board (IAB)
• Standards