DENNIS OSADEBAY UNIVERSITY, ANWAI, ASABA
FACULTY OF COMPUTING - DEPARTMENT OF CYBER SECURITY
CYB315: SYSTEM SECURITY
COMPUTER/SYSTEM SECURITY OVERVIEW
RECAP THE FOLLOWING; Basics Of Hardware; Operating Systems Access Controls; Memory
Protection; The OS Interface As Well As The Shortcomings Of Traditional OS And Hardware
Security. (SEE FUNDAMENTALS OF CYBER-SECURITY II)
When we talk about system security two things comes to mind which are;
Hardware
System software
Security means freedom from risk or danger: thus we define security by the risks and dangers we
want to avoid. In computer systems, these risks include unavailability of a system or
unauthorized behavior by users; in communications systems they include unauthorized
eavesdropping, tampering, or redirection of messages. It includes both prevention and detection.
We restrict our attention to malicious behavior by so called attackers, leaving computer
reliability to hardware experts and communications fidelity to engineers.
Computer security is an extremely wide field, and dificult to define. It includes purely
mathematical topics such as cryptography, and abstract quantifications of cryptographic
security, through to rather non-technical subjects such as access policy and resource
allocation. Computer security is primarily concerned with information ow, and some
people define computer security as that subset of information security which pertains to
computers. In this course we stick mainly to matters of network communications security.
There are a number of particular aspects of security which we want to consider here. We will
look at each in turn.
Authorization
Authorization specifies the rights of actors to access resources. This includes the rights
to view or change information on a shared system or database, as well as rights to know
or alter the content of certain communications. It is the most basic element of computer
security, as the policies which circumscribe these rights also define the security threats.
The word attacker is synonymous with unauthorized actor.
It is normally policed by the operating system, database management service, or other
program which administers the information. (Ensuring authorization in the absence
of a so-called reference monitor is particularly challenging.) The main difficulty with
authorization is less often about ensuring that the policies are followed, than in describing
and maintaining them correctly.
Confidentiality
Confidentiality means that information is not disclosed to unauthorized entities. It is
FACULTY OF COMPUTING - DEPARTMENT OF CYBER SECURITY
CYB315: SYSTEM SECURITY
COMPUTER/SYSTEM SECURITY OVERVIEW
RECAP THE FOLLOWING; Basics Of Hardware; Operating Systems Access Controls; Memory
Protection; The OS Interface As Well As The Shortcomings Of Traditional OS And Hardware
Security. (SEE FUNDAMENTALS OF CYBER-SECURITY II)
When we talk about system security two things comes to mind which are;
Hardware
System software
Security means freedom from risk or danger: thus we define security by the risks and dangers we
want to avoid. In computer systems, these risks include unavailability of a system or
unauthorized behavior by users; in communications systems they include unauthorized
eavesdropping, tampering, or redirection of messages. It includes both prevention and detection.
We restrict our attention to malicious behavior by so called attackers, leaving computer
reliability to hardware experts and communications fidelity to engineers.
Computer security is an extremely wide field, and dificult to define. It includes purely
mathematical topics such as cryptography, and abstract quantifications of cryptographic
security, through to rather non-technical subjects such as access policy and resource
allocation. Computer security is primarily concerned with information ow, and some
people define computer security as that subset of information security which pertains to
computers. In this course we stick mainly to matters of network communications security.
There are a number of particular aspects of security which we want to consider here. We will
look at each in turn.
Authorization
Authorization specifies the rights of actors to access resources. This includes the rights
to view or change information on a shared system or database, as well as rights to know
or alter the content of certain communications. It is the most basic element of computer
security, as the policies which circumscribe these rights also define the security threats.
The word attacker is synonymous with unauthorized actor.
It is normally policed by the operating system, database management service, or other
program which administers the information. (Ensuring authorization in the absence
of a so-called reference monitor is particularly challenging.) The main difficulty with
authorization is less often about ensuring that the policies are followed, than in describing
and maintaining them correctly.
Confidentiality
Confidentiality means that information is not disclosed to unauthorized entities. It is
