Professional Documents
Culture Documents
Information Security-Lecture-04
Information Security-Lecture-04
➢ Example (Fig)
The attacker pose User A and sends a funds transfer request to bank (from A to attacker’s
account). The bank will do happily as (as by no means it think) Users A has requested to do so
Security Service: (Access Control)
➢ Access Control : Determines who should be able to access
what
▪ e.g. User A can view the records in database but cannot update
▪ Role Based: which user can do what (User Side)
▪ Rule based: which resource is accessible and under what circumstances
(Resource Side)
▪ Access Control List (ACL) specifies and controls who can access what
Security Service: (Data Confidentiality)
➢ Data Confidentiality: Protection of data from unauthorized
disclosure
➢ Message sent by User A is only exposed to its intended
recipient ‘User B’
➢ Example (Fig)
➢ User A sends an extension plan of his future products to User B – highly
confidential
➢ The attacker gets access to data files while transmission without the permission or
knowledge of A&B
Security Service: (Data Integrity)
➢ Data Integrity: Assurance that data received are exactly as is
sent by an authorized entity
➢ Contain no modification, insertion, deletion, or replay
➢ Can be applied to stream of messages, a single message or
selected fields within a message
Security Service: (Non-Repudiation)
➢ Non-repudiation: Protection against denial by one of the
parties in a communication
➢ Sender cannot deny that he has not sent the message
➢ Receiver cannot deny that he has not received the message
Security Service: (Availability)
➢ Availability: Ensures that a service or information is available
to an (authorized) user upon demand and without delay.
➢ Denial of Service (DoS) attacks seek to interrupt a service or
make some information unavailable to legitimate users
➢ Example (Fig)
Due to the intentional action of attacker, Users A is not able to access
User B
Security Attack v/s Security Service