CSE 127: Lecture 2
The topics covered in this lecture are
security model, continued,
threat model/assessment.
Security Goals, continued
In earlier discussion of security identified the assets to be
protected and in what ways. Next we estimate what happens if security
becomes violated. Note we are not yet figuring out the cost of trying
to provide the desired security properties or the likelihood that
security may be violated. The goal of this is to estimate the amount
of effort (or money) to be spent on security measures.
Potential Damage
Here we are concerned with what is the potential damage if security is
violated. If the confidentiality of battle plans is violated, more
lives might be lost. If a new product plan is leaked to a competitor,
they may obtain critical patents (possibly based on leaked
information) that block our products or quickly work on and release a
similar competing product.
The earlier secret Coke formula example discussed the damage that
might result from integrity loss. The damage that would occur if ICBM
targetting software is modified is also pretty obvious. News stories
on DDOS damage often cite millions of dollars of loss revenue when
ecommerce web servers are flooded, even for a couple of hours.
The key here is to accurately estimate the loss that would be incurred
if security measures fail. This information will be used later to
help us decide which of possibly many different security measures to
employ. In a way, security models are easier in the Cold War days:
security failures would lead to catastrophic losses (the west being
overrun by the Soviet Union / nuclear armageddon / etc), and so it
makes sense to deploy even rather expensive security measures. In the
post Cold War era -- or for commercial computer security -- the
trade-offs are less stark.
Having determined what we want to protect, the next step is to look at
what the threats are to the security assets.
The next step in the building of our security model is determining
what the fundamental assumptions upon which the security system design
will rely.
[
search CSE |
CSE |
bsy's home page |
links |
webster |
MRQE |
google |
yahoo |
citeseer |
certserver
]
bsy+cse127w02@cs.ucsd.edu, last updated Mon Mar 25 15:22:09 PST 2002. Copyright 2002 Bennet Yee.
email bsy.