-
What is Authorization?
- Authorization specifies the rights of actors to access resources.
- It is the most basic element of computer security, as the policies which circumscribe these rights also define the security threats.
- The word attacker is synonymous with unauthorized actor.
-
What is Confidentiality?
- Confidentiality means that information is not disclosed to unauthorized entities.
- It is sometimes referred to as secrecy or privacy, both imprecise terms which can have other meanings.
- In terms of information flow it is a safety property – information does not flow from authorized to unauthorized entities.
-
What is Integrity?
- Integrity means that if information is altered by unauthorized entities then authorized entities are aware that it was altered.
- Some authors consider that integrity means that unauthorized alteration is impossible, but this is not realistic for unsecured communication channels.
- Instead, we say that the receiver (or reader) of altered information will refuse to accept it, if unauthorized alteration is detected.
-
What is Authentication?
- Authentication refers to the verification of identity.
- It includes authentication of an entity to a computing resource (“logging on” by password or suchlike) and authentication of one entity to another (verifying other users’ identities remotely, usually in the context of verifying the originator of a message).
- It is a safety property of information flow in the sense that an attacker is unable to spoof an identity.
-
What is Non-repudiation?
- Non-repudiation means that an actor cannot deny having taken a particular action.
- In this course it will be limited to an actor being unable to deny that they authored a particular message.
- It means that unforgeable evidence exists that the message was sent by them.
- It is a liveness property of information flow, and a sort of complement to anonymity (which does not appear in this course).
-
What is Availability?
- Availability means that information and resources are available to authorized parties.
- In terms of information flow it is a liveness property – information does flow when authorized.
- In this sense it is a complement to authorization.
|
|