Security Goals
Content
Security Goals
Integrity - Ability to not alter the real information. For example, web
transaction. Does not change the real information.
Confidentiality – Privacy
Availability – Os dados estarem disponíveis quando o usuário desejar ter a
informação.
Para todas essas metas é necessário ter autorização de acesso.
Authenticity – Ability to identify if some date is true. Statemens, policies and
permssions issued by a erson or system can be verified to be genuine,
Assurance – Refers to how trust is proided and managed in a computer
system.
Anonymity – We don’t know who is the user. But the user know about you.
Certain records and or transactions cannot be attribute to any individual.
What are the resources available?
What is the goal of the attack?
Is what ways can the attack be launched and what are the vulnerabilities?
A turned-off system is a secure system ?
Points to consider
Security is not an “add-on” feature.
A system is a secure as its weakest component. There is nothing that can
add to your system that can make it secure just by itself.
Thinking like an adversary is essential! – Who is the adversary? What are
the attack possibilities? What is at stake?
Security holes and vulnerabilities are invariably discovered constantly.
Security cannot be attained through obscure design.
Bank Heist
Tracking – Privacy violation.
Integrity - Ability to not alter the real information. For example, web
transaction. Does not change the real information.
Confidentiality – Privacy
Availability – Os dados estarem disponíveis quando o usuário desejar ter a
informação.
Para todas essas metas é necessário ter autorização de acesso.
Authenticity – Ability to identify if some date is true. Statemens, policies and
permssions issued by a erson or system can be verified to be genuine,
Assurance – Refers to how trust is proided and managed in a computer
system.
Anonymity – We don’t know who is the user. But the user know about you.
Certain records and or transactions cannot be attribute to any individual.
What are the resources available?
What is the goal of the attack?
Is what ways can the attack be launched and what are the vulnerabilities?
A turned-off system is a secure system ?
Points to consider
Security is not an “add-on” feature.
A system is a secure as its weakest component. There is nothing that can
add to your system that can make it secure just by itself.
Thinking like an adversary is essential! – Who is the adversary? What are
the attack possibilities? What is at stake?
Security holes and vulnerabilities are invariably discovered constantly.
Security cannot be attained through obscure design.
Bank Heist
Tracking – Privacy violation.
