Chương 1: Tổng quan • • • • • • Các thành phần An toàn BM HTTT Các mối đe dọa Chính sách kỹ thuật Sự tin cậy Vấn đề nghiệp vụ Vấn đề người Slide #1-1 Các thành phần • Bảo mật - Confidentiality – Keeping data and resources hidden • Tồn vẹn - Integrity – Data integrity (integrity) – Origin integrity (authentication) • Khả dụng - Availability – Enabling access to data and resources Slide #1-2 Các mối đe dọa • Tiết lộ - Disclosure – Snooping • Lừa đảo - Deception – Modification, spoofing, repudiation of origin, denial of receipt • Phá hoại - Disruption – Modification • Cướp đoạt - Usurpation – Modification, spoofing, delay, denial of service Slide #1-3 Chính sách kỹ thuật • Chính sách cho biết phép khơng phép hệ thống – This defines “security” for the site/system/etc • Kỹ thuật làm cho sách trở nên có hiệu lực • Tổng hợp sách – If policies conflict, discrepancies may create security vulnerabilities Slide #1-4 Mục tiêu An tồn BM • Ngăn chặn - Prevention – Prevent attackers from violating security policy • Phát - Detection – Detect attackers’ violation of security policy • Phục hồi - Recovery – Stop attack, assess and repair damage – Continue to function correctly even if attack succeeds Slide #1-5 Các loại kỹ thuật An toàn BM secure precise set of reachable states broad set of secure states Slide #1-6 Xây dựng hệ thống tin cậy • Đặc tả - Specification – Requirements analysis – Statement of desired functionality • Thiết kế - Design – How system will meet specification • Thực thi - Implementation – Programs/systems that carry out design Slide #1-7 Vấn đề tác nghiệp • Cost-Benefit Analysis – Is it cheaper to prevent or recover? • Risk Analysis – Should we protect something? – How much should we protect this thing? • Laws and Customs – Are desired security measures illegal? – Will people them? Slide #1-8 Vấn đề người • Organizational Problems – Power and responsibility – Financial benefits • People problems – Outsiders and insiders – Social engineering Slide #1-9 Gắn kết vấn đề Threats Policy Specification Design Implementation Operation Slide #1-10 Key Points • Policy defines security, and mechanisms enforce security – Confidentiality – Integrity – Availability • Trust and knowing assumptions • Importance of assurance • The human factor Slide #1-11 ... Policy defines security, and mechanisms enforce security – Confidentiality – Integrity – Availability • Trust and knowing assumptions • Importance of assurance • The human factor Slide #1-11 ... Phục hồi - Recovery – Stop attack, assess and repair damage – Continue to function correctly even if attack succeeds Slide #1-5 Các loại kỹ thuật An toàn BM secure precise set of reachable states... of reachable states broad set of secure states Slide #1-6 Xây dựng hệ thống tin cậy • Đặc tả - Specification – Requirements analysis – Statement of desired functionality • Thiết kế - Design –