Scribd Logo
Upload

Welcome to Scribd!

  • Security and Protection

    Uploaded by

    Westore Acid
    5 views17 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views17 pages

    Security and Protection

    Uploaded by

    Westore Acid

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 17

    Security and Protection

    Maulida Dwi Agustiningsih


    Contents
    • Security
    • Protection
    Security
    • Is measure of confidence that the integrity of a system and its data
    will be preserved

    Protection
    • Set of mechanisms that control the access of processes and users to
    the resources defined by a computer systems.
    Security problem
    • Payroll
    • Financial data
    • Fraud
    • Bitcoin mining for sending sand
    • Secure if its resources are used and accessed as intended under all
    circumstances
    • It is easier to protect against accidental misuse than against malicious
    misuse.
    Security goals
    4-layered model of security
    Program threats
    • Malware
    Is software designed to exploit, disable or damage a computer systems.
    • Code injection
    Executable code is added or modified
    • Viruses and worms
    Is fragment of code embedded in legitimate program.
    System and network
    threats
    • Attacking network traffic
    • Denial of services
    • Port scanning
    Cryptography as a security tool
    • Encryption
    • Symmetric encryption
    • Asymmetric encryption
    • Authentication
    • Key distribution
    Cryptography as a security tool (Cont.)
    User authentication
    • Passwords
    • Password vulnerabilities
    • Intruder (either human or program)
    • Obvious information (name, date, etc.)
    • Use brute force, trying enumeration
    • Securing password
    • One-time passwords
    • Biometrics
    Implementing security defenses
    • Security policy
    • Vulnerability assessment
    • Et. risk assessment, penetration test
    • Intrusion prevention
    • Eg. Signature-based detection, anomaly detection
    • Virus protection
    • Auditing, accounting, and logging
    • Firewalling to protect systems and networks
    • Other solutions?
    Protection
    • System protection features are guided by the principle of need-to-
    know and implement mechanisms to enforce the principle of least
    privilege.
    • Computer systems contain objects that must be protected from
    misuse. Objects may be hardware (such as memory, CPU time, and
    I/O devices) or software (such as files, programs, and semaphores)
    Protection rings
    Domain structure
    Domain can be realized in a
    variety ways:
    • User
    • Process
    • Procedure
    Access Matrix
    References
    • Modern Operating Systems by Andrew S. Tanenbaum, Herbert Bos
    • Operating System Concepts by Abraham Silberschatz, Greg Gagne,
    Peter B. Galvin

    You might also like