What is security?

  • Very Important part of computers
  • The most critical information is now stored on computers
  • This information must not be made available to everyone

The Three Basic Concepts: --each concept must be implemented
  • Confidentiality (Authorization)
  • Integrity (Authentication)
  • Availablility

The Major Security Threats
  • Hackers
    • A hacker is a person who specializes in undermining security mechanisms implemented for computer and network systems.
  • Unauthorized users
    • An unaurthorized user is a user that has gained access to a system without permission from the Administrator.
  • Malware
    • Software designed to infiltrate or damage a computer system without the owner's consent.
  • Hooks
    • Similar to back doors, hooks are left by programers as ways to re-gain access to thier software.

Confidentiality Models
  • Flow Model
    • Lays out the scheme which relates users to objects
  • Access Control
    • Same as flow model but also includes types of operations that can be performed
      • Operations
        • Read only
        • Write only
        • Execute


*Classify Data* --
it is important to classify data into varying levels of security.

  • Authenticity
  • Accountability
  • Non-repudiation

Threats To Integrity
  • Salami Slicing
  • Falsification

  • The system/data is available for use
  • Logging/Auditing

Mainframe Security Tools
  • RACF
    • Resource Access Control Facility
      • Identify/authenticate users
      • Authorization
      • Log and report
      • Security administrator controls access
      • RACF works with parellel sysplex
  • ACF2
    • Access Control Facility 2