What
you will learn from this:
- What Is Security?
- Elements of security.
- Security in distributed systems
- A protection model for access control
The topic of security is huge and includes all aspects of controlling access to computers,networks and the information stored,processed and transferred in computer systems.
In outline,security consists of:
External control -Security Classification
Encryption( and Decryption )
Authentication-'You are who you say you are'
Authorization and Protection (Access control )
Validation of important software
Security Classification:
We can develop a general framework for classifying computer systems.Such a framework may cover the classification of information into "top secret","secret", etc.
- The people using computer systems are then tagged according to which categories of information they may read,write and transfer.
- The system must be able to enforce such specified policies,e.g. unauthorized access to a given category of information must be refused by the system.
Security Categories:
The Standard security categories(Classification scheme) ,from highest to lowest,are as follows:
- Top secret
- Secret
- Confidential
- No markings (Unclassified)
Top Secret:
It is applied to information,the unauthorized disclosure of which could be expected to cause exceptionally grave damage to the National security that the original classification authority is able to identify or describe.
Secret:
Secret classification level is applied to the information,the unauthorized disclosure of which would be expected to cause serious damage to the National security that the original classification authority is able to identify or describe.
Confidential:
Secret classification level is applied to the information,the unauthorized disclosure of which would be expected to cause damage to the National security that the original classification authority is able to identify or describe.
Encryption:
Secure Message delivery offers the guarantee that should a message falls into hands of wrong person that message cannot be interpreted .
- Encryption is the method for encoding the message.
- Decryption is the method for decoding the message.
- The encryption technique is often used when data is transferred across networks.
- Data may also be stored in the encrypted form.For example,passwords are usually stored in encrypted form rather than as clear text.
Authentication:
The use of login procedure and a password is a part of authentication.
The idea is to establish the identity of the principal involved in any computational procedure.
- A principal can be thought of as a process running a program on behalf of a logged-on user.
- Identity is typically based on knowledge of a secret,such as password,or possession of an object,such as a swipe card.
- The latter may have an associated such as PIN(personal identity number).
Authorization And Validation:
An authorization policy specifies which principals may access an object and in what way.The systems must have mechanisms which can enforce the policies.
The access control policies and mechanism may be subverted by the careless use of unchecked software.
When you download and run a program,that program runs with all your access rights.It could read,overwrite or delete your files.It is therefore desirable that the source of software is authenticated (e.g. From a trusted site)!
Security In Distributed Systems:
Network based systems have additional security requirements over and above those of centralized systems.
- The communication medium is insecure-the information in transit may be intercepted and read by unauthorized parties.
- End to end consistency of security mechanism is required-when the source and destination systems for information transfer may be as secure as required.
- The information may pass through some intermediate systems.
- their degree of security must be specified as well.
Summary:
- Security is one kind of protection issue.
- Security comprises:
- Achieving security in distributed systems is more difficult than in centralized systems.
0 comments:
Post a Comment