System SecurityProf. Rupesh Mishra
System Security - Introduction
Prerequisites
• Computer Networks
• Operating Systems
• Algorithm & Programming
• Computer Organization and Architecture
• Data Structure
System Security - Introduction 2
Syllabus
• 150 = 100 + 25 + 25
• Cryptography
• Access Control
• Software Security
• Network Security
System Security - Introduction 3
• Text Book
1. Cryptography and Network Security by Behrouz A.
Forouzan, TATA McGraw hill.
2. Security in Computing by Charles P. Pfleeger ,
Pearson Education
• Reference Book
1. Cryptography and Network Security, William
Stalling, Prentice hall
System Security - Introduction 4
Information Asset
System Security - Introduction 5
Computing System
Software
Hardware
Data
System Security - Introduction 6
VulnerabilityWeakness in the security
system
ThreatCircumstances that cause
harm or loss to system
AttackExploiting the
vulnerability of system
System Security - Introduction 7
Control
• An action, device, procedure or technique to
remove or reduce vulnerability.
• A threat is blocked by controlling
vulnerability.
System Security - Introduction 8
•Interception
•Interruption
•Modification
•Fabrication
Threats
System Security - Introduction 9
Interception
System Security - Introduction 10
Interception
• Unauthorized party has gained access to an
asset.
• Unauthorized party can be a Person,
Program or System.
• Copying data , Wiretapping
System Security - Introduction 11
Interruption
System Security - Introduction 12
Interruption
• An asset of the system becomes
unavailable or unusable.
oDestruction of hardware devices.
oDeleting program or data file.
oMalfunction of O.S.
System Security - Introduction 13
Modification
• Unauthorized tempering of asset.
oChange database value
oAlter program to perform additional
computation
oModify data to be transmitted
System Security - Introduction 14
Fabrication• Fabrication of counterfeit objects on a
computing system.
oAdd records to an existing database
System Security - Introduction 15
Software Vulnerability
• Software Deletion(Interruption)
• Software Modificationo Logic Bomb
o Trojan Horse
o Virus
o Trap Door
o Information Leak
• Software Theft
System Security - Introduction 16
System Security - Introduction 17
Security
Confident-iality
IntegrityAvailability
System Security - Introduction 18
Confidentiality
• No unauthorized disclosure of information
System Security - Introduction 19
I Don’t want anyone to steal my credit card
number
Confidentiality
• Only authorized party can access the
protected data.
• Determine authorized people
• Determine data access policy
• Awareness of sensitivity of data
System Security - Introduction 20
Integrity
• No unauthorized modification of information
System Security - Introduction 21
I Don’t want anyone to change my
report
Asp
ects
of
Inte
gri
tyAuthorized Action
Separation and Protection
Error Detection & Correction
System Security - Introduction 22
Availability
• System should be available for legitimate
use.
System Security - Introduction 23
I want to check my E-Mails
24/7
Availability
• Applicable to data and services.
o Timely response to the request
o Fault Tolerance
o Easy to use
oConcurrency Controlled
oDeadlock Management
System Security - Introduction 24
Computer Security
• The protection afforded to an automated
information system in order to attain the
applicable objectives of preserving the
integrity , availability and confidentiality of
resources.
System Security - Introduction 25
Security Attack
Active Attack
Passive attack
System Security - Introduction 26
Snooping
System Security - Introduction 27
Snooping
System Security - Introduction 28
Traffic Analysis
System Security - Introduction 29
Modification
System Security - Introduction 30
Modification
System Security - Introduction 31
Masquerading
System Security - Introduction 32
Masquerading
System Security - Introduction 33
Replay
System Security - Introduction 34
Repudiation
System Security - Introduction 35
Denial of Service
System Security - Introduction 36
Denial of Service
System Security - Introduction 37
Active Attack Passive Attack
Access and modify information
Access information
System is harmed No harm to system
Easy to detect than preventDifficult to detect than prevent
Threat to Integrity, Availability Threat to Confidentiality
Masquerading, Repudiation, DOS
Snooping, Traffic analysis
System Security - Introduction 38
Security Attack
Confidentiality (Passive)
Snooping
Traffic Analysis
Integrity (Active)
Modification
Masquerading
Replaying
Repudiation
Availability (Active)
DOS
System Security - Introduction 39
Service Security Mechanism
Data Confidentiality
Encipherment , Routing Control
Data IntegrityEncipherment , Digital Signature, Data Integrity
AuthenticationEncipherment , Digital Signature, Authentication Exchange
NonrepudiationDigital Signature, Data Integrity, Notarization
Access Control Access Control
System Security - Introduction 40
System Security - Introduction 41
Encipherment
Cryptography
Steganography
System Security - Introduction 42
Cryptography
• Secret writing
• Encryption * Decryption
• Symmetric * Asymmetric
System Security - Introduction 43
Steganography
This course is about cryptography,
not on steganography
Thank You !!!!!!!
System Security - Introduction 44