computer and communications security comp4631
play

Computer and Communications Security COMP4631 Cunsheng Ding - PowerPoint PPT Presentation

Nov 19, 2023 •561 likes •1.01k views

Computer and Communications Security COMP4631 Cunsheng Ding cding@cs.ust.hk https://home.cse.ust.hk/faculty/cding/hkust_only/ C. Ding - COMP4631 - L01 1 Outline of this Lecture Brief introduction to COMP4631 Physical security: an

  1. Computer and Communications Security COMP4631 Cunsheng Ding cding@cs.ust.hk https://home.cse.ust.hk/faculty/cding/hkust_only/ C. Ding - COMP4631 - L01 1

  2. Outline of this Lecture • Brief introduction to COMP4631 • Physical security: an important step towards understanding computer security C. Ding - COMP4631 - L01 2

  3. Course Introduction C. Ding - COMP4631 - L01 3

  4. Course Structure Practice Core theory Windows NT security encryption Unix security authentication Distributed system security digital signature Network security Web security C. Ding - COMP4631 - L01 4

  5. Course Structure & Grading Lecture Tutorial x Grading: 3 assignments, 1 exam C. Ding - COMP4631 - L01 5

  6. Main Topics • Computer security: an introduction • Conventional cryptosystems • Public-key cryptosystems • Key management • Hash functions, authentication • Digital signature, identification • Access control • Unix security • Windows NT security • Distributed system security • Network security C. Ding - COMP4631 - L01 6

  7. Main Topics ctd. • IP security • Email security • WWW security • Firewalls • Virtual private networks C. Ding - COMP4631 - L01 7

  8. Reference Books • Behrouz A. Forouz, Cryptography and Network Security, McGraw Hill, 2008. • D. Gollmann, Computer Security, John Wiley & Sons, 1999. • W. Stallings and L. Brown, Computer Security: Principles and Practice, Pearson Education, 2008. C. Ding - COMP4631 - L01 8

  9. Learning Outcomes On completion of this course you will be able to: 1. evaluate potential vulnerabilities and attacks on computer and communication systems; 2. learn the basic security tools; 3. select and apply basic tools to build security systems; and 4. get familiar with real-world security systems. C. Ding - COMP4631 - L01 9

  10. Warning ! Prerequisites: Operating systems, Computer communication networks, Discrete mathematics C. Ding - COMP4631 - L01 10

  11. Important Information Take this course only if you have time to visit lectures, to work out assignments independently, and most importantly to have good math capability and a background in operating systems and computer networks. C. Ding - COMP4631 - L01 11

  12. Questions? C. Ding - COMP4631 - L01 12

  13. Physical Security: The first step towards understanding computer security C. Ding - COMP4631 - L01 13

  14. Definition of Physical Security • Physical security refers to the protection of building sites and equipment (and all information and software contained therein) from theft, vandalism, natural disaster, manmade catastrophes, and accidental damage (e.g., from electrical surges, extreme temperatures, and spilled coffee). C. Ding - COMP4631 - L01 14

  15. Definition in Wikipedia • Physical security describes measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media. • It can be as simple as a locked door or as elaborate as multiple layers of “armed guardposts”. C. Ding - COMP4631 - L01 15

  16. Armed Guard Post Armed Guardpost Security System • Security model – No wood, no walls, only three guards. – Can be placed anywhere • Security policies – The duties of each guard – Centralized or decentralized – How often should they move? • How to implement the policies? C. Ding - COMP4631 - L01 16

  17. Physical Security: Example • Your house • A cash room in a bank C. Ding - COMP4631 - L01 17

  18. Elements of Physical Security The field of security engineering has identified three elements to physical security: • Obstacles, to frustrate trivial attackers and delay serious ones. (Prevention) • Alarms, security lighting, security guard patrols or closed-circuit television cameras, to make it likely that attacks will be noticed. (Detection) • Security response, to repel, catch or frustrate attackers when an attack is detected. (Response) In a well designed system, these features must complement each other. C. Ding - COMP4631 - L01 18

  19. Design of Physical Security There are three layers of physical security: • Environmental design • Mechanical and electronic access control • Intrusion detection C. Ding - COMP4631 - L01 19

  20. Environmental Design • The initial layer of security for a campus, building, office, or physical space. • It is used to deter threats. • Examples: warning, fences, metal barriers, vehicle height-restrictors, site lighting. C. Ding - COMP4631 - L01 20

  21. Mechanical & Electronic Access Control • The second layer of physical security • Examples: – Doors with locks – Doors with security guards • Access control policy is implemented. Only authorized people are allowed. C. Ding - COMP4631 - L01 21

  22. Intrusion Detection • The third layer is intrusion detection systems or alarms. • Intrusion detection monitors for attacks. • It is less a preventative measure and more of a response measure. C. Ding - COMP4631 - L01 22

  23. Violating Physical Access Control • Masquerading: A person disguised as an authorized user. This can be done using a forged ID or pretending to be a repair man. • Piggy-backing: A person who enters the security perimeter by following an authorized user. C. Ding - COMP4631 - L01 23

  24. Violating Physical Access Control • Lock-picking: Any lock can be picked. Or better, go through dropped ceilings or removing the hinges from door. • http://www.wikihow.com/Pick-a-Lock- Using-a-Paperclip • The Complete Guide to Lock Picking • https://repo.zenk- security.com/Lockpicking/The%20Complete%20Guide%2 0To%20Lockpicking%20- %20Eddie%20the%20Wire%20-%20Loompanics.pdf C. Ding - COMP4631 - L01 24

  25. Violating Physical Access Control Visual/auditory • access: • Example: Russians spied on Americans by installing a telephone near a code-room. They got the secret key by hearing electric balls on typewriters. C. Ding - COMP4631 - L01 25

  26. A Case Study of Physical Security C. Ding - COMP4631 - L01 26

  27. A Real-World Example • Problem: Suppose you are the President of a country called The New Empire. You have ordered the killing of many innocent people in the world, and have thus many enemies. You would build a house as both your working office and residential place, which provides you as much security as possible. • Given a fixed amount of money for doing this, how would you build a secure house? C. Ding - COMP4631 - L01 27

  28. Some Design Requirements • The house should have at least one entrance door which is controlled by a (physical or electronic) lock or guard. • It should have at least one window for getting sunlight. • It should accommodate you (the President) and your spouse. • It should provide a “certain level” of security. C. Ding - COMP4631 - L01 28

  29. Possible Attacks • Biological attacks from the air (you have to breath). • Missile attacks from the air. • Break-in from the entrance door (there must be at least one door). • Tunnel attacks. • Fire break. • Attacks from your spouse and security guards. • Can you find out all possible attacks? C. Ding - COMP4631 - L01 29

  30. Security Model • Chinese Wall Model (other models too, b e.g. the guard post model) a • Human-machine d approach (security guards + locks) c • Security policy: access control C. Ding - COMP4631 - L01 30

  31. The First Design Decision: what is the focus of security controls? • Access control on the doors, assuming b that – all the walls are tall a enough; – all the walls are d very strong; c – all doors are very strong. C. Ding - COMP4631 - L01 31

  32. The Second Design Decision: where to place security controls? • The doors: – The man approach: b guards only – The machine a approach: locks only – man-machine d approach: a c combination • Which approach is better? C. Ding - COMP4631 - L01 32

  33. The Second Design Decision: where to place security controls? • The man approach – It is possible for one b single person to use her/his beauty or detrimental gas to settle all the guards. a d – If one lock, this may not be possible. c – Possible to bribe all. C. Ding - COMP4631 - L01 33

  34. The Second Design Decision: where to place security controls? • The machine approach b – What happens if you have a heart a attack? – In case of fire and d you cannot find the c key to door D, what will happen? C. Ding - COMP4631 - L01 34

  35. The Second Design Decision: where to place security controls? • Conclusion: – Man-machine b approach is better! a • Questions: – How many locks and d how many guards? – Which doors are c controlled by locks and guards? – Male or female? C. Ding - COMP4631 - L01 35

  36. The Third Design Decision: simplicity and assurance (1) • Access control policy: – For each door define b who has access right. – The access control on a door D is crutial (why). - Guard at A is not allowed to access other d doors. Guard at D is not allowed to cross A without c the permission of the President. C. Ding - COMP4631 - L01 36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 11: Public-Key Infrastructure Main Topics of this Lecture 1. Digital

433 views • 25 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 15: Electronic Mail Security Outline of this Lecture 1. Email security

580 views • 31 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 10: The RSA Public-Key Block Cipher Objectives of this Lecture 1. To

390 views • 20 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 7: Introduction to Public-Key Cryptography Objectives of this Lecture 1.

678 views • 21 slides
Computer Security Cunsheng DING, HKUST COMP4631 Dr. Cunsheng DING Computer Security

Computer Security Cunsheng DING, HKUST COMP4631 Dr. Cunsheng DING Computer Security

Dr. Cunsheng DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 Dr. Cunsheng DING Computer Security HKUST, Hong Kong Lecture 12: Key Distribution Protocols Outline of this Lecture 1.

174 views • 15 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 05: Introduction to Cryptography Outline of this Lecture A brief

446 views • 16 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 08: Key Management for One-key Ciphers Topics of this Lecture 1. The

377 views • 19 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 07: Several One-Key Block Ciphers Outline of this Lecture One-key

622 views • 24 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 06: One-Key Block Ciphers Outline of this Lecture One-key block ciphers

889 views • 22 slides
Fred Sam Joe Fred Sam Joe A BRIEF HISTORY OF COMMUNICATIONS SECURITY 6 COMPUTER SECURITY

Fred Sam Joe Fred Sam Joe A BRIEF HISTORY OF COMMUNICATIONS SECURITY 6 COMPUTER SECURITY

THERE AND BACK AGAIN BRIAN CHESS SEPTEMBER 2013 Fred Sam Joe Fred Sam Joe A BRIEF HISTORY OF COMMUNICATIONS SECURITY 6 COMPUTER SECURITY 7 THE PROGRAMMER "Programming is hard" Donald Knuth Programmers not historically

350 views • 21 slides
Unix Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C. Ding - COMP4631 - L19 1

Unix Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C. Ding - COMP4631 - L19 1

Unix Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C. Ding - COMP4631 - L19 1 Agenda A short history of Unix Login and user accounts access control Instances of general security principles Audit configuration

641 views • 38 slides
Introduction to Computer Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C.

Introduction to Computer Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C.

Introduction to Computer Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C. Ding - COMP4631 - L02 1 Outline of this Lecture A brief introduction to computer security A theoretical framework of computer security

972 views • 47 slides
Windows NT Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L20 1 Agenda

Windows NT Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L20 1 Agenda

Windows NT Security Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L20 1 Agenda Brief information about Windows NT Security architecture Identification and authentication Access control Administration C. Ding -

1.28k views • 52 slides
Anonymous communications and systems A short introduction George Danezis Computer Security

Anonymous communications and systems A short introduction George Danezis Computer Security

Anonymous communications and systems A short introduction George Danezis Computer Security Group Computer Laboratory 1 Introducing Hiding Two strategies to safeguard assets: protect (guards, walls, safes,

613 views • 25 slides
WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 -

WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 -

WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L22 1 Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security (TLS)

604 views • 42 slides
User Security Chapter 30 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

User Security Chapter 30 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

User Security Chapter 30 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 30-1 Outline Policy Access Files, devices Processes Electronic communications Computer Security: Art and Science , 2 nd Edition

945 views • 62 slides
In search of types Stephen Kell stephen.kell@cl.cam.ac.uk Computer Laboratory University of

In search of types Stephen Kell stephen.kell@cl.cam.ac.uk Computer Laboratory University of

In search of types Stephen Kell stephen.kell@cl.cam.ac.uk Computer Laboratory University of Cambridge 1 Are we sitting uncomfortably? type = data type? type system = ? { strongly, weakly, dynamically, implicitly, duck, ... }

1.1k views • 61 slides
CS445 / SE463 / ECE 451 / CS645 So,ware requirements

CS445 / SE463 / ECE 451 / CS645 So,ware requirements

CS445 / SE463 / ECE 451 / CS645 So,ware requirements specifica;on & analysis 8. Non-Func;onal Requirements (NFRs) Fall 2010 Mike Godfrey and

654 views • 40 slides
CS-5630 / CS-6630 Visualization Maps Alexander Lex alex@sci.utah.edu [xkcd] Principles

CS-5630 / CS-6630 Visualization Maps Alexander Lex alex@sci.utah.edu [xkcd] Principles

CS-5630 / CS-6630 Visualization Maps Alexander Lex alex@sci.utah.edu [xkcd] Principles Special type of Spatial Data Use maps when spatial relationships are paramount Map Tasks: Find Location / Feature (county, country, city, street) Find

1.35k views • 102 slides
From Concept to Concrete: Teaching Law Students about AI Jesse Bowman Stephan Martone Associate

From Concept to Concrete: Teaching Law Students about AI Jesse Bowman Stephan Martone Associate

From Concept to Concrete: Teaching Law Students about AI Jesse Bowman Stephan Martone Associate Law Librarian for Technology Support and Educational Technologist Initiatives and Instruction Northwestern Pritzker School of Law Northwestern

601 views • 56 slides
ConceptNet in Context Robyn Speer February 8, 2020 Origins Open Mind Common Sense

ConceptNet in Context Robyn Speer February 8, 2020 Origins Open Mind Common Sense

ConceptNet in Context Robyn Speer February 8, 2020 Origins Open Mind Common Sense Created by Catherine Havasi, Push Singh, Thomas Lin, others, in 1999 Motivating example: making search more natural my cat is sick ->

422 views • 38 slides
Learning Sentiment Polarity of Multiword Expressions M A X K A U F M A N N , N I C K C H E N ,

Learning Sentiment Polarity of Multiword Expressions M A X K A U F M A N N , N I C K C H E N ,

Learning Sentiment Polarity of Multiword Expressions M A X K A U F M A N N , N I C K C H E N , J E R E M Y M C L A I N What? Previous work Contextual polarity of single words Our work Contextual polarity of multiword

493 views • 7 slides
Lexemes in Wikidata Lexicographical data for everyone Lydia Pintscher @nightrose Wikidata in

Lexemes in Wikidata Lexicographical data for everyone Lydia Pintscher @nightrose Wikidata in

Lexemes in Wikidata Lexicographical data for everyone Lydia Pintscher @nightrose Wikidata in numbers Editors (5 or more edits a month) > 12.500 Items 74.8 Million Properties 7164 Statements 931 Million Statements linking to ouher

465 views • 21 slides
Techn hnolo ology gy Solution lutions s for r Commo mmon n Law w Pr Pract actice

Techn hnolo ology gy Solution lutions s for r Commo mmon n Law w Pr Pract actice

Techn hnolo ology gy Solution lutions s for r Commo mmon n Law w Pr Pract actice Produc oductivity tivity Prob oble lems ms January 22, 2020 Webinars for Busy Lawyers Mass LOMAP Reinvent the Wheel - Definition to redo

534 views • 50 slides

More recommend