CS453: Introduction to Information Security for E-Commerce
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton List Some Bad Things We Dont Want to Happen What Can Go Wrong? Exposure of confidential data Yours, customers
Loss, modification or destruction of data Denial of Service And other sabotage Inability to insure integrity Transaction completed? Data valid? Traditional Security Issues Confidentiality
Prevent unauthorized access or reading of information Integrity Insure that writing or operations are allowed and correct Availability System functions cannot be denied Security in the Real World
Professionals must address: Specification/Policy Requirements, analysis, planning, Implementation/mechanisms Algorithms, protocols, components, etc. Correctness/assurance Proof, testing, verification, attacks, etc. The Human Factor
Protecting against bad users and clever attackers All critical: CS453 focuses on the 2nd item Terms for Activities Related to E-Commerce Security Authentication Identification of a user for access Authorization Defining and enforcing rules or levels of
access Repudiation A party later denying a transaction has occurred Goal: insuring non-repudiation Briefly: Security Policy You should define a security policy document for your site or application A form of non-functional requirements
Might include: General philosophy toward security (high-level goals etc.) Items to be protected Whos responsible for protecting them Standards and measures to be used: how to measure to say youve built a secure system Whats Coming in this Unit?
Authentication Proving a user is who they say they are Methods? Passwords Digital signatures, digital certificates Biometrics (fingerprint readers etc.)
Smart cards and other HW Well discuss Cryptography Mechanisms: algorithms, web servers, biometrics, SSL Authorization We wont say much about this Approaches include: Access control lists
Capabilities Multi-level security systems Non-Repudiation Non-repudiation of origin proves that data has been sent Non-repudiation of delivery proves it has been received Digital signatures
And more crypto Digital Certificates On the Internet, no one knows youre a dog. Or do they? For commerce, we cant always allow anonymity How does UVas NetBadge work? http://www.itc.virginia.edu/netbadge/ Public Key Infrastructure (PKI)
Certifying Authorities in the commercial world E.g. VeriSign SSL: Secure Socket Layer A network protocol layer between TCP and the application. Provides: Secure connection client/server transmissions are encrypted, plus tamper detection Authentication mechanisms From both clients point of view and also servers
Is the other side trusted, who they say they are? Using certificates Is the Certificate Authority trusted? Cryptography Cryptography underlies much of this Interesting computer science And historical interest too Well touch on that But always try to come back to the practical and
e-commerce Topics: Symmetric Key Crypto.; Public Key Crypto.; Digital Signatures; Digital Certificates; SSL
DEOCS- measures perceptions of the organization's members on a variety of assessment factors, provides the commander the initial indicators on what may be going right, or wrong, within the organization as perceived by its members, and identifies key areas that...
Project Cost and Budget Tab. Most projects have only a Primary fund type. If there is more than one type of funds on your project, this will generally be noted in the State/LPA contract. Generally the total of your Federal...
ECDC Point Prevalence Survey of healthcare-associated infections and antimicrobial use in European acute care hospitals. ... AMR. PDR. AM (6) SIR. ... PPS of HAIs and antimicrobial use in European acute care hospitals, protocol version 5.3, Sep 2016 Last modified...
Your Fire lead (you are in purple) will inform Jacqui Sissons of anyone missing. Please demonstrate appropriate behaviour for students to follow. Please talk quietly. Jacqui Sissons. ... Nick Allcock would deal with Satellite rooms and Amy Whaite will inform...
Schizophrenia: Jeopardy-style game that teaches you about the characteristics of this complex disorder. Research: Questions neuroscientists ask and the research methods they use to try to answer them. ... In which author's novel is it "always winter but never Christmas"?...
Scope of the 802.24 TAG. The IEEE 802.24 Vertical Applications TAG focuses on application categories that use IEEE 802 technology and are of interest to multiple IEEE 802 WGs and have been assigned to IEEE 802.24 by the IEEE Executive...