移动通信安全设计.ppt

2005/09/20 Internet Security - System Analysis Planning 2005/09/20 Internet Security, Principles Practices John K Zao Lecture II : Security Analysis and Planning Internet Security: Principles Practices John K. Zao, PhD SMIEEE National Chiao-Tung University Fall 2005 Theme Objectives Highlight objectives of security system design implementation Introduce procedure of security system planning operation Motto Security/Safety is a relative measure NO system is absolutely secure ! Users’ sense of security is usually a fuzzy warm feeling Security specialists must specify quantify security measures Security systems only offer measured protection (safeguards) over selected resources (assets) against identified dangers (threats) Security protection is a perpetual practice consisting of planning, deployment, monitoring improvement Security System, Planning Operation Vulnerability Analysis Service Selection Mechanism Implementation Security System, Concepts Assets – system resources to be valued protected Vulnerability – system weakness exposes assets to threats Threats – persons/things/events pose dangers to assets Attacks – actual realizations of security threats Risks – cost measures of realized vulnerability (considering probability of successful attacks Countermeasures/Safeguards – structures/policies/mechanisms protect assets from threats Threats, Categorization Fundamental Threats Confidentiality Violation – leakage of information Integrity Violation – compromise of information consistency Denial of Services – service unavailability to legitimate users Illegitimate Use – service availability to illegitimate users Enabling Threats Penetration Threats Masquerade – identity falsification Control/Protection Bypass – system flaw exploitation Authorization Violation – insider violation of usage authorization Planting Threats Trojan Horse Trapdoor/Backdoor Threats, Categorization [Cont’d] Underlying Threats Eavesdropping Traffic Analysis Personnel Indiscretion/Misco