Slide #1-1
Ch ng 1: T ng quanươ ổ
•
Các thành ph n c b n c a An toàn BM HTTTầ ơ ả ủ
•
Các m i e d aố đ ọ
•
Chính sách và k thu tỹ ậ
•
S tin c yự ậ
•
V n nghi p vấ đề ệ ụ
•
V n con ng iấ đề ườ
Slide #1-2
Các thành ph n c b nầ ơ ả
•
B o m t - Confidentialityả ậ
–
Keeping data and resources hidden
•
Toàn v n - Integrityẹ
–
Data integrity (integrity)
–
Origin integrity (authentication)
•
Kh d ng - Availabilityả ụ
–
Enabling access to data and resources
Slide #1-3

–
If policies conflict, discrepancies may create
security vulnerabilities
Slide #1-5
M c tiêu c a An toàn BMụ ủ
•
Ng n ch n - Preventionă ặ
–
Prevent attackers from violating security policy
•
Phát hi n - Detectionệ
–
Detect attackers’ violation of security policy
•
Ph c h i - Recoveryụ ồ
–
Stop attack, assess and repair damage
–
Continue to function correctly even if attack
succeeds
Slide #1-6
Các lo i k thu t An toàn BMạ ỹ ậ
secure
precise
broad
set of reachable states set of secure states
Slide #1-7
Xây d ng h th ng tin c yự ệ ố ậ
•
c t - SpecificationĐặ ả

Slide #1-9
V n con ng iấ đề ườ
•
Organizational Problems
–
Power and responsibility
–
Financial benefits
•
People problems
–
Outsiders and insiders
–
Social engineering
Slide #1-10
G n k t các v n ắ ế ấ đề
Threats
Policy
Specification
Design
Implementation
Operation
Slide #1-11
Key Points
•
Policy defines security, and mechanisms
enforce security
–
Confidentiality
–