co co 447 co course introduction se secu curit rity p
play

CO CO 447 CO COURSE INTRODUCTION SE SECU CURIT RITY P PROP - PowerPoint PPT Presentation

Nov 12, 2023 •711 likes •984 views

CO CO 447 CO COURSE INTRODUCTION SE SECU CURIT RITY P PROP OPER ERTIE IES SE SECU CURE D RE DESIG SIGN Dr. Ben Livshits Hi High-Le Level el Course e Lo Logistics cs 2 https://co447.doc.ic.ac.uk/ Cou Course Log ogistics

  1. CO CO 447 CO COURSE INTRODUCTION SE SECU CURIT RITY P PROP OPER ERTIE IES SE SECU CURE D RE DESIG SIGN Dr. Ben Livshits

  2. Hi High-Le Level el Course e Lo Logistics cs 2 https://co447.doc.ic.ac.uk/

  3. Cou Course Log ogistics 3 Monday, Wednesday 2-hour time slot for the class Instructors Dr Ben Livshits, Dr Soteris Dimitriou Course TAs Ms. Dominika Woszczyk, Mr. Daniel Perez Email doc-staff-447@imperial.ac.uk Piazza https://piazza.com/class/k0r3cj25uu0137

  4. Wh What Helps You to Be Prepared for the Class Classes Cl Practica Pr cal knowledge You should ideally have maturity in both the ¨ Recommended (not required) ¨ mathematics of computer science and in the prerequisites are CO331 (Web engineering of computer systems and network security) This means that you should: have a good ¨ understanding of data structures and ¨ CO211 Operating systems algorithms; be comfortable writing programs from scratch in C, Java, and a scripting ¨ CO212 Networks and language like Python or JavaScript; be Communications comfortable writing and debugging assembly code; and be reasonably comfortable in a ¨ Related courses: command-line Unix development environment (gdb, gcc, etc). ¤ CO408H Privacy Enhancing Techniques You should also have a good understanding of ¨ computer architecture, operating systems, and ¤ CO409 Cryptography computer networks. It would also help to know a bit about programming languages and ¤ CO440 Software Reliability compilers. It would also be helpful to be ¤ CO470 Program Analysis. comfortable with web technologies such as HTML and JavaScript

  5. Fi First-Da Day y Su Survey 5 https://docs.google.com/f orms/d/1nL2hquKDC4- eUG67X9yIBeD- xhust97pLkuyN5SnafE

  6. Do Do NOT Be Be Scared ¨ Likely, nobody here has satisfied ev every single pr prerequi quisite . This is not the point. ¨ Most important thing of all: Eagerness to learn! ¤ ThisWe expect you to push yourself to learn as much as possible ¤ is a 400-level course. ¤ We expect you to be a strong, independent learner capable of learning new concepts from the lectures, the readings, and on your own.

  7. Participation M Matters! s! ¨ This is an optional course ¨ I assume you are here because you want to be here ¨ I also assume that you intend to use what you learn later in life ¨ We only have a few chances to interact during the term ¨ You don’t get as much from this course if you don’t participate

  8. Cou Course Reading: Textbook ook 8 ¨ The book is easy to read ¨ Not nearly as dry as an average textbook ¨ Has read-world illustrations and war stories ¨ Has lots of details not covered in lecture ¨ Proposes a different narrative focusing on the developer, which is good

  9. Other Helpful Bo Books (online) ¨ Ross Anderson, “Security Engineering” (1st edition) ¤ Focuses on design principles for secure systems ¤ Wide range of entertaining examples: banking, nuclear command and control, burglar alarms ¤ You should all at least look at the Table of Contents for this book (2nd edition available for purchase) ¨ Menezes, van Oorschot, and Vanstone, “Handbook of Applied Cryptography” ¨ Many many other useful books exist (not all online)

  10. Ro Role of Research 10 10 ¨ This is a 400-level course ¨ It is one of the goals to ge get you interested you in research in computer science

  11. Re Reading Re Research Papers 11 11

  12. Pa Paper Summaries 12 12

  13. Cou Course Structure Ba Basics We Web Mo Mobile To Topics

  14. Se Secu curity y Con Conce cepts 1. Authentication 2. Authorization 3. Confidentiality 4. Data/message integrity 5. Accountability 6. Availability 7. Non-repudiation

  15. 1) A Authentication ¨ Identity Verification ¨ How can Bob be sure that he is communicating with Alice? ¨ Three general strategies: ¤ Something you kn know w (i (i.e., Passwo words) ¤ Something you hav have (i.e .e., ., Tokens) ns) ¤ Something you are are (i.e .e., ., Biometri trics) cs)

  16. Something Y You K Know ¨ Example: Passwords ¤ Pros: n Simple to implement n Simple for users to understand ¤ Cons: n Easy to crack (unless users choose strong ones) n Passwords are reused many times ¨ One-time Passwords (OTP): different password used each time, but it is difficult for user to remember all of them

  17. Something Y You H Have ¨ OTP Cards (e.g. SecurID): generates new password each time user logs in ¨ Smart Card: tamper-resistant, stores secret information, entered into a card-reader ¨ Strength of authentication depends on difficulty of forging

  18. Yb Ybikey 18 18

  19. Or Or Maybe I Have a Browser Cookie 19 19 Cookie is part of subsequent requests

  20. Bi Biom ometrics cs 20 20 ¨ Pros: “raises the bar” Technique Effectiveness Acceptance ¨ Cons: false negatives/positives, Palm Scan 1 6 social acceptance, key Iris Scan 2 1 management Retinal Scan 3 7 ¤ False positive: authentic Fingerprint 4 5 user rejected Voice Id 5 3 ¤ False negative: impostor accepted Facial 6 4 Recognition Signature 7 2 Dynamics

  21. Final N Notes ¨ Two-factor Authentication: Methods can be combined (i.e. ATM card & PIN) ¨ Who is authenticating who? ¤ Person-to-computer? ¤ Computer-to-computer? ¨ Three types (e.g. SSL): ¤ Client Authentication: server verifies client’s id ¤ Server Authentication: client verifies server’s id ¤ Mutual Authentication (Client & Server) ¨ Authenticated user is a “ Pr Principal ”

  22. 2) 2) Au Authorization ¨ Checking whether a user has permission to conduct some action ¨ Identity vs. Authority ¨ Is a “subject” (Alice) allowed to access an “object” (open a file)? ¨ Access Control List : mechanism used by many operating systems to determine whether users are authorized to conduct different actions

  23. Co Configuring Mailing List Permissions 23 23

  24. Ac Access Control Lists (ACL CLs) ¨ Set of three-tuples Table 1-1. A Simple ACL ¤ <User, Resource, User Resource Privilege Privilege> Alice /home/Alice/* Read, write, ¤ Specifies which users execute are allowed to access which resources with which privileges Bob /home/Bob /* Read, write, execute ¨ Privileges can be assigned based on roles (e.g. ad admin )

  25. Access C ss Control M Models ¨ ACLs used to implement these models ¨ Ma Mandatory : computer system decides exactly who has access to which resources ¨ Di Discretionary (e.g. UNIX): users are authorized to determine which other users can access files or other resources that they create, use, or own ¨ Ro Role-Ba Based (Non-Discretionary): user’s access & privileges determined by role

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IT ITD D Cy Cyber ber Secu curi rity ty The NIST Framework High Value for ITS Shannon

IT ITD D Cy Cyber ber Secu curi rity ty The NIST Framework High Value for ITS Shannon

IT ITD D Cy Cyber ber Secu curi rity ty The NIST Framework High Value for ITS Shannon Barnes, CIO Craig Schumacher, CISO Idaho Transportation Department September 2015 NIST Cybersecurity Framework National Institute of Standards

336 views • 11 slides
Secu ecurity rity of EV f EV-charging charging Erik Poll Radboud University Nijmegen C-DAX

Secu ecurity rity of EV f EV-charging charging Erik Poll Radboud University Nijmegen C-DAX

Secu ecurity rity of EV f EV-charging charging Erik Poll Radboud University Nijmegen C-DAX is funded by the European Union's Seventh Framework Programme (FP7-ICT-2011-8) under grant agreement n 318708 EV EV ch char arging: ging: th

434 views • 19 slides
Leveragi aging g Physi sics cs for or Se Secu curi rity: Micro ro-PM PMUs Us Anna

Leveragi aging g Physi sics cs for or Se Secu curi rity: Micro ro-PM PMUs Us Anna

Leveragi aging g Physi sics cs for or Se Secu curi rity: Micro ro-PM PMUs Us Anna Scaglione, Arizona State University Funded by the U.S. Department of Energy and the U.S. Department of Homeland Security | cred-c.org 1 Contents

268 views • 22 slides
Smal allsa sat Cyber ber Secu ecuri rity ty IQM Research Institute September 25, 25, 2018

Smal allsa sat Cyber ber Secu ecuri rity ty IQM Research Institute September 25, 25, 2018

Smal allsa sat Cyber ber Secu ecuri rity ty IQM Research Institute September 25, 25, 2018 2018 24 Frank Lloyd Wright Drive Michigan A Aerospace M e Manufactures es A Association Space S e Symposium Ann Arbor, Michigan 48106 IQM

231 views • 11 slides
Relationships for NPOs June 25, 2019 Mode derato tor: : Kay Guinane nane, Ch Charity y

Relationships for NPOs June 25, 2019 Mode derato tor: : Kay Guinane nane, Ch Charity y

Tips for Successful Banking Relationships for NPOs June 25, 2019 Mode derato tor: : Kay Guinane nane, Ch Charity y &amp; S &amp; Secu curit rity y Ne Network rk Spe peake kers: s: John hn Byrne, e, AML Ri RightSo htSour

319 views • 19 slides
Web App Log Analytics www.roykim.ca roy@roykim.ca Op Open Web Applica cation tion Secu

Web App Log Analytics www.roykim.ca roy@roykim.ca Op Open Web Applica cation tion Secu

August 21, 2019 Web App Log Analytics www.roykim.ca roy@roykim.ca Op Open Web Applica cation tion Secu curity rity Project ject OWASP ModSecurity Core Rule Set (CRS) OWASP Top 10 Most Critical Web Application Security Risks

490 views • 21 slides
TH THE WEAKEST ST LINK IN CY CYBER ER SECU SECURITY TY 1 Introduction In Ren Sloos

TH THE WEAKEST ST LINK IN CY CYBER ER SECU SECURITY TY 1 Introduction In Ren Sloos

11/4/19 TH THE WEAKEST ST LINK IN CY CYBER ER SECU SECURITY TY 1 Introduction In Ren Sloos - MCT, MCSE, CNE, CSSA Technical Account Manager at Bulletproof IT Managed Service Provider for ~70 organizations Municipalities

67 views • 6 slides
CO CO 447 SECU CURE DE DESIGN PRINCI CIPLES JAVA SECU CURITY ROP AND D ADVANCE CED D EX

CO CO 447 SECU CURE DE DESIGN PRINCI CIPLES JAVA SECU CURITY ROP AND D ADVANCE CED D EX

CO CO 447 SECU CURE DE DESIGN PRINCI CIPLES JAVA SECU CURITY ROP AND D ADVANCE CED D EX EXPL PLOITS Dr. Ben Livshits Pa Password reuse 2 https://www.enzoic.com/8-stats-on-password-reuse/ Con Continued 3 So Some Su Survey

733 views • 48 slides
Defense Def ense and and Homeland S Homeland Secu ecurity rity Sim imula ulation tion

Defense Def ense and and Homeland S Homeland Secu ecurity rity Sim imula ulation tion

U.S. Army Research, Development and Engineering Command Learning in Intelligent Tutoring Environments (LITE) Lab personnel at USMA, April 2011 (L-R): Dr. Robert Sottilare Dr. Heather Holden Mr. Keith Brawner Mr. Benjamin Goldberg

411 views • 15 slides
NON T NON-T RADIT RADIT IONAL IONAL / / HUMAN SE HUMAN SE CURIT CURIT Y T Y T HRE

NON T NON-T RADIT RADIT IONAL IONAL / / HUMAN SE HUMAN SE CURIT CURIT Y T Y T HRE

NON T NON-T RADIT RADIT IONAL IONAL / / HUMAN SE HUMAN SE CURIT CURIT Y T Y T HRE HRE AT AT S S IN SOUT IN SOUT HE HE AST AST ASIA ASIA 30 Nove mbe r 30 Nove mbe r 2015 2015 NESTOR Z OCHOA AMBASSADOR OF THE REPUBLIC

677 views • 33 slides
A DE L PHI ST UDY OF COUNT E RME AS URE S T O SE CURIT Y Me linda L yle s T HRE

A DE L PHI ST UDY OF COUNT E RME AS URE S T O SE CURIT Y Me linda L yle s T HRE

A DE L PHI ST UDY OF COUNT E RME AS URE S T O SE CURIT Y Me linda L yle s T HRE AT S IN NE T WORKE D ME DICAL DE VICE S Pro b le m Sta te me nt Purpo se o f the Re se a rc h Re se a rc h Que stio ns

380 views • 13 slides
PL PLAN ANT T PR PROTE TECTION CTION MIN INIS ISTR TRY Y OF OF N NATIO TIONAL L FOO

PL PLAN ANT T PR PROTE TECTION CTION MIN INIS ISTR TRY Y OF OF N NATIO TIONAL L FOO

DE DEPAR ARTME TMENT NT OF OF PL PLAN ANT T PR PROTE TECTION CTION MIN INIS ISTR TRY Y OF OF N NATIO TIONAL L FOO OOD SE SECU CURIT ITY Y &amp; RES ESEA EARCH GOVT. . OF OF P PAKIS ISTAN AN PE PESTIC TICIDES

632 views • 23 slides
Unit ited Ara rab Emirates resenter: Sara Al l Saadi i Nucle Pre lear r Se Secu curit

Unit ited Ara rab Emirates resenter: Sara Al l Saadi i Nucle Pre lear r Se Secu curit

For official use only | Nuclear Security Regulatory Authorization and Assessment Pro rocess fo for Bara rakah NPP in in Unit ited Ara rab Emirates resenter: Sara Al l Saadi i Nucle Pre lear r Se

466 views • 20 slides
CO CO 447 | LEC3 SECU CURE DE DESIGN PRINCI CIPLES JAVA SECU CURITY ROP AND D ADVANCE CED

CO CO 447 | LEC3 SECU CURE DE DESIGN PRINCI CIPLES JAVA SECU CURITY ROP AND D ADVANCE CED

CO CO 447 | LEC3 SECU CURE DE DESIGN PRINCI CIPLES JAVA SECU CURITY ROP AND D ADVANCE CED D EX EXPL PLOITS Dr. Ben Livshits Java and Native Interactions 2 Possible to compile bytecode class file to native code class

1.22k views • 86 slides
T HE SPI RI T OF INNOVAT ION DE F E NSE HOME L AND SE CURIT Y SUST AINME NT

T HE SPI RI T OF INNOVAT ION DE F E NSE HOME L AND SE CURIT Y SUST AINME NT

T HE SPI RI T OF INNOVAT ION DE F E NSE HOME L AND SE CURIT Y SUST AINME NT &amp; SUPPORT ME DICAL INST RUME NT AT ION COMME RCIAL AVIAT ION 1 AGE NDA Sta te o f Glo b a l Se c urity a nd T hre a ts

419 views • 27 slides
MANAGING INF ORMAT ION PRIVACY &amp; SE CURIT Y RE MOT E L Y Pr e se nte d by: Mar y

MANAGING INF ORMAT ION PRIVACY &amp; SE CURIT Y RE MOT E L Y Pr e se nte d by: Mar y

MANAGING INF ORMAT ION PRIVACY &amp; SE CURIT Y RE MOT E L Y Pr e se nte d by: Mar y Golab, IPO In c ollabor ation with Damian Hollow, URO &amp; She lle y Gar r e tt, CISO Offic e F OI P L ia iso n Offic e r (F L O) Me e ting

263 views • 12 slides
Lumps, Bumps, Leaking and Pain Management of Breast Conditions Rebecca A. Jackson, MD Professor

Lumps, Bumps, Leaking and Pain Management of Breast Conditions Rebecca A. Jackson, MD Professor

10/9/15 Lumps, Bumps, Leaking and Pain Management of Breast Conditions Rebecca A. Jackson, MD Professor Department of Obstetrics, Gynecology and Reproductive Sciences University of California, San Francisco I HAVE NO DISCLOSURES 1 10/9/15

486 views • 33 slides
Monotype Semantics Dr. Mattox Beckman University of Illinois at Urbana-Champaign Department of

Monotype Semantics Dr. Mattox Beckman University of Illinois at Urbana-Champaign Department of

Introduction Typing Rules Monotypes Monotype Semantics Dr. Mattox Beckman University of Illinois at Urbana-Champaign Department of Computer Science Introduction Typing Rules Monotypes Objectives Explain the parts of a type judgment.

221 views • 19 slides
OBJECT-ORIENTED CONCEPTS, PROJECT WORK CSSE 120 Rose Hulman Institute of Technology Exam 2

OBJECT-ORIENTED CONCEPTS, PROJECT WORK CSSE 120 Rose Hulman Institute of Technology Exam 2

OBJECT-ORIENTED CONCEPTS, PROJECT WORK CSSE 120 Rose Hulman Institute of Technology Exam 2 Facts Date: Tuesday, October 16, 2007 Time: 7:00 to 9:00 PM Venue: Section 1 (Delvin) O257 Section 3 (Curt) O267 Section 2 (Claude) A-G

574 views • 19 slides
CHESS Computers and Humans Exploring Software Security Mr. Dustin Fraze 4/19/2018 1 Approved

CHESS Computers and Humans Exploring Software Security Mr. Dustin Fraze 4/19/2018 1 Approved

CHESS Computers and Humans Exploring Software Security Mr. Dustin Fraze 4/19/2018 1 Approved for public release; distribution is unlimited. CHESS Develop computer-human systems to rapidly discover all classes of vulnerability in complex

596 views • 21 slides
medication-related osteonecrosis of the jaw (MRONJ) Alberto Bedogni, M.D. FEBOMS Declaration: No

medication-related osteonecrosis of the jaw (MRONJ) Alberto Bedogni, M.D. FEBOMS Declaration: No

Hotel Diamante, Alessandria Sabato 5 maggio, 2018. New technologies help the functional reconstruction in advanced-stage mandibular medication-related osteonecrosis of the jaw (MRONJ) Alberto Bedogni, M.D. FEBOMS Declaration: No potential

463 views • 20 slides
Emergency Admissions: g y A journey in the right direction? Richard Hall Consultant Emergency

Emergency Admissions: g y A journey in the right direction? Richard Hall Consultant Emergency

Emergency Admissions: g y A journey in the right direction? Richard Hall Consultant Emergency Medicine Consultant Emergency Medicine University Hospital North Staffordshire Emergency Admissions: g y A journey in the right direction?

541 views • 31 slides
fragmented landscapes Jelle Treep Ecology and Biodiversity group h.j.treep@uu.nl Background:

fragmented landscapes Jelle Treep Ecology and Biodiversity group h.j.treep@uu.nl Background:

Optimizing seed dispersal in fragmented landscapes Jelle Treep Ecology and Biodiversity group h.j.treep@uu.nl Background: Master Computational Geo-ecology (UvA) Movement and dispersal Ecology Atmospheric sciences PhD Ecology and

795 views • 64 slides
Ribhu Kaul University of Kentucky Collaborators Nisheeta Desai (U. Ky) Dr. Jon Demidio (U. Ky

Ribhu Kaul University of Kentucky Collaborators Nisheeta Desai (U. Ky) Dr. Jon Demidio (U. Ky

Designer Hamiltonians for quantum spin liquids &amp; exotic valence bond ordered states Ribhu Kaul University of Kentucky Collaborators Nisheeta Desai (U. Ky) Dr. Jon Demidio (U. Ky Lausanne) Prof. Matt block(U. Ky CSU-Sacramento)

711 views • 53 slides

More recommend