安全与可信security and trusted脆弱性安全 vs. 结构性安全...课件.ppt

TCG对于可信计算平台的划分8 categories of Trusted platform 体系结构Architecture TPM 移动设备Mobile 客户端PC Client 服务器Server 软件包 Software Stack 存储Storage 可信网络连接 Trusted Network Connect TCG的IWG和TNC的对应关系the IWG and TNC architecture TNC体系结构TNC architecture TNC体系结构下的消息流Message flow between components 拥有TPM的TNC体系结构The TNC architecture with the TPM 思科的自防御网络体系Cisco’s self-defending network 思科的自防御网络体系Cisco’s self-defending network 松散安全结构的代表——框架和方案Loose security structure — Framework 松散结构中的各个部件关联关系，常常靠人的集成来实现 The connection among the components of loose structure is always integrated by human. 松散结构常常表现为框架Framework 技术框架Technology framework 管理体系Management system ISO27001, ISO20000, etc. 技术功能是PDR的衍生PDR can express technology framework 检测能力是松散技术结构的关联要素Detection make the loose structure tight 攻击者不得不面对越来越多的 Attackers have to face more 入侵检测 IDS 漏洞扫描 scanner 应用审计系统 Application auditing system 日志系统 log system 蜜罐 honey pot 取证系统 forensic system 监控平台 monitoring platform 等等 etc. 一个信息安全管理体系的结构Structure of a ISMS (modified ISO27001) 结构性安全中的脆弱性Vulnerabilities in structures 你对刚才阐述的结构性安全有什么感觉？What’s your feeling about structural security? 复杂 complex 怀疑其完备性 concern about the completion 成本 cost 蠢人永远有 stupid guys are there … … 不要被“结构性安全”给忽悠了！Do not be misled by structural security 不要被“结构性安全”给忽悠了！脆弱性安全和结构性安全并不是对立的，也不是两个发展阶段；脆弱性安全也有结构，结构性安全也有脆弱性。 Do not be misled by structural security Vulnerability-oriented security also has structure Structural security also has vulnerabilities 借助非技术环节来侵害技术结构Find vulnerabilities from non-technology parts Randomly Generated Symmetric Key (seed + PRNG) Alice Public key Private key Private key Public key Bob 借助非技术环节来侵害技术结构Find vulnerabilities from non-technology parts Randomly Generated Symmetric Key (seed + PRNG) Alice Public key Private key Private key Public key Bob Private key Public key Carl 线路的透明插入，可以完成对于加密通信的嗅探攻击 安全与可信security and trusted脆弱性安全 vs. 结构性安全Vulnerability vs. Structure攻防两端如何在结构性安全环境中寻求空间Space in the structural environment 潘柱廷(大潘) Jordan Pan mai