computer science 161 computer security
play

Computer Science 161: Computer Security Computer Science 161 Fall - PowerPoint PPT Presentation

Mar 21, 2023 •431 likes •866 views

Computer Science 161: Computer Security Computer Science 161 Fall 2016 Popa and Weaver Prof. Raluca Ada Popa Nicholas Weaver http://inst.eecs.berkeley.edu/~cs161/ 1 And a team of talented TAs Computer Science 161 Fall 2016 Popa and

  1. Computer Science 161: 
 Computer Security Computer Science 161 Fall 2016 Popa and Weaver Prof. Raluca Ada Popa Nicholas Weaver http://inst.eecs.berkeley.edu/~cs161/ 1

  2. And a team of talented TAs Computer Science 161 Fall 2016 Popa and Weaver

  3. What is security? Computer Science 161 Fall 2016 Popa and Weaver Enforcing a desired property in the presence of an attacker data confidentiality user privacy data and computation integrity authentication availability … 3

  4. Today’s outline Computer Science 161 Fall 2016 Popa and Weaver • Why is security important? • Course logistics • Intro to security principles 4

  5. Why is security important? Computer Science 161 Fall 2016 Popa and Weaver 5

  6. Why is security important? Computer Science 161 Fall 2016 Popa and Weaver It is important for our • physical safety • confidentiality/privacy • functionality • protecting our assets • successful business • a country’s economy and safety • and so on… 6

  7. Physical safety threats Computer Science 161 Fall 2016 Popa and Weaver 7

  8. Privacy/confidentiality Computer Science 161 Fall 2016 Popa and Weaver Breaches in 2015 [ITRC]: Number of breaches = 5,497 Number of Records = 818,004,561 8

  9. Can a ff ect a country’s economy Computer Science 161 Fall 2016 Popa and Weaver 9

  10. … Computer Science 161 Fall 2016 Popa and Weaver 10

  11. What is hackable? Computer Science 161 Fall 2016 Popa and Weaver • Everything! • Especially things connected to the Internet 11

  12. Computer Science 161 Fall 2016 Popa and Weaver One needs to consider security for any part of computer systems 12

  13. Computer Science 161 Fall 2016 Popa and Weaver Course logistics 13

  14. Course structure Computer Science 161 Fall 2016 Popa and Weaver • Intro to security • memory safety, OS principles • Cryptography • Network Security • Web Security • Miscellaneous topics 14

  15. Grading structure Computer Science 161 Fall 2016 Popa and Weaver • Absorb material presented in lectures and section • Please attend lecture! • 3 course projects (24% total) • Done individually or in small groups • 3-4 homework (16% total) • Done individually • Two midterms (30%) • A comprehensive final exam (30%) 15

  16. Class Policies Computer Science 161 Fall 2016 Popa and Weaver • Late homework: no credit • Late project: <24 hours: -10%, <48 hours: -20%, 
 <72 hours: -40%, ≥ 72 hours: no credit • Never share solutions, code, etc or let other students see them. Work on your own unless it is a group assignment • Don’t use our slides to answer questions during class • Sign up for a class account • Participate in Piazza • Email doesn’t scale: course related questions/comments should be on Piazza or asked during o ffi ce hours 16

  17. Textbooks Computer Science 161 Fall 2016 Popa and Weaver • No required textbook. If you want additional reading • Optional: Introduction to Computer Security, Goodrich & Tamassia • Optional: The Craft of System Security, Smith & Marchesini • We will also make available interesting readings online 17

  18. Intellectual Honesty Policy: 
 Detection and Retribution Computer Science 161 Fall 2016 Popa and Weaver • We view those who would cheat as “attackers” • This includes sharing code on homework or projects, midterms, finals, etc… • But through this class we (mostly) assume rational attackers • Benefit of attack > Expected cost of the attack • Cost of launching attack + cost of getting caught * probability of getting caught • We take a detection and response approach • We use many tools to detect violations • "Obscurity is not security", but obscurity can help. 
 Just let it be known that "We Have Ways" • We will go to DEFCON 1 (aka "launch the nukes") immediately • “Nick doesn’t make threats. He keeps promises ” 18

  19. Ethics Guide for Defense Against the Dark Arts Computer Science 161 Fall 2016 Popa and Weaver • Of necessity, this class has a fair amount of "dark arts" content • As defenders you must understand the o ff ense: 
 You can't learn defense against the dark arts without including the dark arts Not the evil Polyjuice 
 • But a lot of "don't try this at home" stu ff Doppleganger Version... • Big key is consent • Its usually OK to break into your own stu ff (modulo the DMCA) • Its a great way to evaluate systems • Its usually OK to break into someone else's stu ff with explicit permission to do so • It is both grossly unethical and often exceedingly criminal to access systems without authorization 19

  20. Also... Computer Science 161 Fall 2016 Popa and Weaver • There exists a classic game theory problem called the Prisoner's Dilemma • For single-round Prisoner's Dilemma, the optimum strategy is "always-defect" • For multi-round Prisoner's Dilemma, the optimum strategy in practice is "tit-for-tat" • AKA, be nice unless someone isn't nice to you • Life is multi-round : 
 so be excellent to each other! • Making things hostile for others makes the world worse for all • Stopping things from being hostile to others makes the world better for you 20

  21. Stress Management & 
 Mental Health... Computer Science 161 Fall 2016 Popa and Weaver • We'll try to not over-stress you too much • But there really is a lot to cover and this really is a demanding major • We are going to somewhat front-load the 3 projects • Since everybody else has stu ff due at the very end • If you feel overwhelmed, please use the resources available • Academically: Ask on Piazza, Tutoring, O ffi ce hours • Non-Academic: Take advantage of University Health Services if you need to • I did! Zoloft (an antidepressant) and therapy saved my life, twice. 21

  22. Webcasts? 
 Yes Computer Science 161 Fall 2016 Popa and Weaver • Benefits of webcasts: • Allows students to catch up on lecture at some other time • Allows sharing the lecture with a larger community • This would be a benefit, but the University won’t pay for human-done captions, while YouTube’s automatic captions could get the University sued! • Costs of webcasts: • Students may not attend class because “hey, webcast” But webcast has less context, and we will have your TAs note if you avoid lecture • • Both of us like to use the blackboard • Which is not captured in this room • Nick has occasional outbursts of profanity • But we’re doing it. 22

  23. Some Philosophy Computer Science 161 Fall 2016 Popa and Weaver • The rest of this lecture is largely focused on philosophical issues • People and Money • Threat Model • OODA loops and decision cycles • Prevention, Detection & Response, Mitigation and Recovery • False Positives, False Negatives, and Compositions • And then some real word security tips 23

  24. It All Comes Down To People... 
 The Attacker(s) Computer Science 161 Fall 2016 Popa and Weaver • People attack systems for some reason • If there are no attackers, there is no computer 
 security problem • They may do it for money • They may do it for politics • They may do it for the lulz • They may just want to watch the world burn • Often the most e ff ective security is to 
 attack the reasons for an attacker • "We are sick of playing whak-a-mole on bad guys... 
 Instead we play whak-a-mole on bad-guy business models" 24

  25. It All Comes Down to People... The Users Computer Science 161 Fall 2016 Popa and Weaver • If a security system is unusable it will be unused • Or at least so greatly resented that users will actively attempt to subvert it: 
 "Let's set the nuclear launch code to 00000000" 
 (oh, and write down the password anyway!) • Users will subvert systems anyway • Programmers will make mistakes Well, @SwiftOnSecurity, aka SecuriTay • And mistakes are tied to the tools they use • "If you don't loath C and C++ by the time this class is over we have failed" • And Social Engineering... • "Because there is no patch for Human Stupidity" 25

  26. But Don't Blame The 
 Users... Computer Science 161 Fall 2016 Popa and Weaver • Often we blame the user when an attacker takes advantage of them... • Yet we've consistently constructed systems that encourage users to do the wrong thing! • Phishing is a classic example: • Which is a phishing email and which is an actual email from Chase? 26

  27. Oh, and it comes 
 down to money too... Computer Science 161 Fall 2016 Popa and Weaver • "You don't put a $10 lock on a $1 rock... • Unless the attacker can leverage that $1 rock to attack something more important • "You don't risk exposing a $1M zero-day on a nobody" • So I'm quite content to use my iPhone in a hostile environment: 
 free market cost of a zero-day (unknown/unpatchable) exploit for iOS is $500k to $1M. • Cost/benefit analyses appear all throughout security 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
System Security Chapter 29 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

System Security Chapter 29 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

System Security Chapter 29 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 29-1 Outline Introduction Policy Networks Users Authentication Processes Files Retrospective Computer Security: Art

951 views • 59 slides
User Security Chapter 30 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

User Security Chapter 30 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

User Security Chapter 30 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 30-1 Outline Policy Access Files, devices Processes Electronic communications Computer Security: Art and Science , 2 nd Edition

945 views • 62 slides
Security Across the Computer Science Curriculum L. Felipe Perrone perrone@bucknell.edu Dept. of

Security Across the Computer Science Curriculum L. Felipe Perrone perrone@bucknell.edu Dept. of

Security Across the Computer Science Curriculum L. Felipe Perrone perrone@bucknell.edu Dept. of Computer Science Bucknell University 1 SwA CBK Monterey, CA August 18, 2006 Security and Software Assurance in Computer Science Programs

289 views • 18 slides
The Security Theme: an introduction School of Computer Science The University of Manchester 1

The Security Theme: an introduction School of Computer Science The University of Manchester 1

Advanced Computer Science Security Theme The Security Theme: an introduction School of Computer Science The University of Manchester 1 Advanced Computer Science Security Theme Outline Ratio of hackers to security professionals Why

784 views • 22 slides
Quick Intro to Computer Security What is computer security? Securing communication

Quick Intro to Computer Security What is computer security? Securing communication

Carnegie Mellon Quick Intro to Computer Security What is computer security? Securing communication Cryptographic tools Access control User authentication Computer security and usability Thanks to Mike Reiter for the

412 views • 38 slides
Principles of Computer What is a computer? Science I What is computer science? Course

Principles of Computer What is a computer? Science I What is computer science? Course

Lecture Outline Principles of Computer What is a computer? Science I What is computer science? Course mechanics Prof. Nadeem Abdul Hamid Hardware &amp; programming overview CSC 120 Fall 2005 Lecture Unit 1 - Introduction

259 views • 9 slides
Cryptographic Protocols and Network Security G. Sivakumar Computer Science and Engineering IIT

Cryptographic Protocols and Network Security G. Sivakumar Computer Science and Engineering IIT

Some Puzzles Security Connection Cryptography Need For Formal Methods Cryptographic Protocols and Network Security G. Sivakumar Computer Science and Engineering IIT Bombay siva@iitb.ac.in Oct 14, 2004 G. Sivakumar Computer Science and

671 views • 43 slides
Communication Systems Security Overview University of Freiburg Computer Science Computer

Communication Systems Security Overview University of Freiburg Computer Science Computer

Communication Systems Security Overview University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer Organization I. Data and voice communication in IP networks II. Security issues in

792 views • 25 slides
Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL

Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL

Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL injection Web security, part 1 Announcements intermission Stephen McCamant University of Minnesota, Computer Science &amp; Engineering Web

522 views • 5 slides
Insider Problem and Elec1ons Ma3 Bishop Computer Security Lab Dept. of Computer Science

Insider Problem and Elec1ons Ma3 Bishop Computer Security Lab Dept. of Computer Science

Insider Problem and Elec1ons Ma3 Bishop Computer Security Lab Dept. of Computer Science University of California, Davis Ma3 Bishop, February 18, 2016 Slide #1 Opening Thought Theres no sense in being precise when you don't even know

810 views • 54 slides
Brian Randells Contributions To Computer Security John Rushby Computer Science Laboratory

Brian Randells Contributions To Computer Security John Rushby Computer Science Laboratory

An Appreciation of Some of Brian Randells Contributions To Computer Security John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby Brian Randell and Computer Security: 1 Prelude Brian joined

800 views • 27 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
From Penetrate and Patch to Building Security In Michael Hicks Professor of Computer Science

From Penetrate and Patch to Building Security In Michael Hicks Professor of Computer Science

From Penetrate and Patch to Building Security In Michael Hicks Professor of Computer Science and the UofM Institute for Advanced Computer Studies (UMIACS) Distinguished Scholar-Teacher talk September 28, 2015 Security breaches Just a few:

898 views • 74 slides
Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer Security? Generally concerned with protection of computer related assets Risk analysis and management! Manage could mean prevention of

537 views • 26 slides
Evaluating Systems Chapter 22 Computer Security: Art and Science , 2 nd Edition Version 1.0

Evaluating Systems Chapter 22 Computer Security: Art and Science , 2 nd Edition Version 1.0

Evaluating Systems Chapter 22 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 22-1 Outline Goals of formal evaluation Trusted Computer Security Evaluation Criteria (TCSEC), 19831999 International Efforts and

1.32k views • 101 slides
How Achaeans Would Construct Columns in Troy Alekh Jindal, Felix Martin Schuhknecht, Jens

How Achaeans Would Construct Columns in Troy Alekh Jindal, Felix Martin Schuhknecht, Jens

How Achaeans Would Construct Columns in Troy Alekh Jindal, Felix Martin Schuhknecht, Jens Dittrich, Karen Khachatryan, Alexander Bunte Number of Visas Received 1 0,75 0,5 0,25 0 Alekh Jens Health Level 5 days before CIDR 100

731 views • 72 slides
Regional Convergence in Japan: A Bayesian Spatial Econometrics Perspective Kazuhiko Kakamu

Regional Convergence in Japan: A Bayesian Spatial Econometrics Perspective Kazuhiko Kakamu

Regional Convergence in Japan: A Bayesian Spatial Econometrics Perspective Regional Convergence in Japan: A Bayesian Spatial Econometrics Perspective Kazuhiko Kakamu Hajime Wago Faculty of Law and Economics, Chiba University Department of

832 views • 19 slides
History of Computing Hello, world!* *Warm-up: When was this term first coined? Welcome to

History of Computing Hello, world!* *Warm-up: When was this term first coined? Welcome to

History of Computing Hello, world!* *Warm-up: When was this term first coined? Welcome to CSE 490H! Melissa Hovik BS/MS Student TA/instructor in Allen School for various courses including CSE 143/154/311/332/341 Many

658 views • 21 slides
ResourceSync for Seman/c Web Data Copying and Synchroniza/on

ResourceSync for Seman/c Web Data Copying and Synchroniza/on

ResourceSync for Seman/c Web Data Copying and Synchroniza/on Simeon Warner (Cornell University) h@p://orcid.org/0000-0002-7970-7855 SWIB13, Hamburg, Germany

922 views • 73 slides
St Strengthening Our Community y through Me Mentorship, Service, Leadership, and In

St Strengthening Our Community y through Me Mentorship, Service, Leadership, and In

St Strengthening Our Community y through Me Mentorship, Service, Leadership, and In Inclusiveness Sven Dickinson Samsung AI Research, Toronto Department of Computer Science, University of Toronto Th The e Stres ess of of Bei Being g

117 views • 9 slides
Forecast Geomagnetic Secular Variation via NASA Geomagnetic Ensemble Modeling System (GEMS)

Forecast Geomagnetic Secular Variation via NASA Geomagnetic Ensemble Modeling System (GEMS)

Forecast Geomagnetic Secular Variation via NASA Geomagnetic Ensemble Modeling System (GEMS) Weijia Kuang, NASA Goddard Space Flight Center with contributions from BW Project: bavk Andrew Tangborn (UMBC) Ce Yi (SSAI) Terence Sabaka (GSFC)

287 views • 18 slides
for Mathematicians Andrea Kohlhase Jacobs University, Germany FIZ Karlsruhe, Germany

for Mathematicians Andrea Kohlhase Jacobs University, Germany FIZ Karlsruhe, Germany

Search Interfaces for Mathematicians Andrea Kohlhase Jacobs University, Germany FIZ Karlsruhe, Germany MathSearch Project FormulaSearch = MathWebSearch How to make best use of it for Mathematicians? Design for Mathematicians? An older

787 views • 50 slides
A missing value tour Julie Josse Ecole Polytechnique, INRIA 26 january 2020 Workshop of the

A missing value tour Julie Josse Ecole Polytechnique, INRIA 26 january 2020 Workshop of the

A missing value tour Julie Josse Ecole Polytechnique, INRIA 26 january 2020 Workshop of the Applied Machine Learning Days 2020, Lausanne 1 Overview 1. Introduction 2. Handling missing values (inferential framework) 3. Supervised learning

657 views • 43 slides

More recommend