computer security dd2395
play

Computer Security DD2395 - PowerPoint PPT Presentation

Oct 27, 2023 •225 likes •670 views

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 1, Oct. 25, 2010 Introduction Oct. 25, 2010 Computer Security, Sonja Buchegger 1 Outline for Today About

  1. Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 1, Oct. 25, 2010 Introduction Oct. 25, 2010 Computer Security, Sonja Buchegger 1

  2. Outline for Today  About the course  About computer security Oct. 25, 2010 Computer Security, Sonja Buchegger 2

  3. Outline for Today  About the course  About computer security Oct. 25, 2010 Computer Security, Sonja Buchegger 3

  4. General Goals  Learn about security concepts  Have tools and methods to reason about security  Spot threats, vulnerabilities  Know and propose counter-measures  Present concepts to others Oct. 25, 2010 Computer Security, Sonja Buchegger 4

  5. Learning Outcomes The students should be able to: • recognize threats to confidentiality, integrity, and availability of systems • explain the basic computer security terminology and concepts and use them correctly • find and apply documentation of security-related problems and tools • analyze small pieces of code or system descriptions in terms of their security • identify vulnerabilities of such code or descriptions and predict their corresponding threats • select counter-measures to identified threats and argue their effectiveness • compare counter-measures and evaluate their side-effects • present and explain their reasoning to others Oct. 25, 2010 Computer Security, Sonja Buchegger 5

  6. People  Course leader: Sonja Buchegger, buc@csc.kth.se, Osquars Backe 2, 4 th floor, room 1437  Extra lectures given by Stefan Nilsson, Alexander Baltatzis  Lab assistants: Musard Baliu, Eric Druid, Christopher Engelbrektsson, Dan Hyyrynen Oct. 25, 2010 Computer Security, Sonja Buchegger 6

  7. Current Info Check course website regularly for updates! DD2395 dasakh10 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Oct. 25, 2010 Computer Security, Sonja Buchegger 7

  8. Syllabus: Times and Places look at schema, course code DD2395 Oct. 25, 2010 Computer Security, Sonja Buchegger 8

  9. Syllabus: Lectures Content (preliminary)  L1: intro, admin [ch1]  L8: web attacks  L2: cryptography [2,20]  L9: buffer overflow [11]  L3: authentication [3]  L10: programming  L4: access control [4]  L11: models, MLS [10]  L5:intrusion detection [6]  L12:social engineering  L6: firewalls [9]  L13: audits  L7: malware, DoS [7,8]  L14: recap, buffer Oct. 25, 2010 Computer Security, Sonja Buchegger 9

  10. Syllabus: Extra Lectures  Operating systems: Alexander Baltatzis, Friday, October 29, Q31, 15-17h  Computer architectures: Stefan Nilsson, Thursday, November 4, Q36, 13-15h Oct. 25, 2010 Computer Security, Sonja Buchegger 10

  11. Syllabus: Lab Exercises  See schema for times and rooms  4 different exercises 1st: on GnuPG, remote or at CSC, report - 2nd: on iptables/firewalls, at CSC - 3rd: on web attacks, remote or at CSC - 4th: presentation at CSC, report, assess - Oct. 25, 2010 Computer Security, Sonja Buchegger 11

  12. Exercise 4  Presentation on computer security topic  Pairs of students  Topic distribution on web site  Group sessions, scheduled on web site Oct. 25, 2010 Computer Security, Sonja Buchegger 12

  13. Exam  December 14, 2010, 14h, Room D1  Next exam in March Oct. 25, 2010 Computer Security, Sonja Buchegger 13

  14. Assessment, Grades  6 ECTS in total, that’s about 160 hours of work  3 ECTS Exam: A-F  3 ECTS Labs: - pass/fail, no grades - bonus points for exam when handed in early, see lab descriptions Oct. 25, 2010 Computer Security, Sonja Buchegger 14

  15. Books Oct. 25, 2010 Computer Security, Sonja Buchegger 15

  16. Language  Course given in English  Some extra lectures in Swedish  Questions in Swedish OK Oct. 25, 2010 Computer Security, Sonja Buchegger 16

  17. Accounts  Needed for lab exercises  Who doesn't have an account and access card?  Send me an e-mail buc@csc.kth.se Oct. 25, 2010 Computer Security, Sonja Buchegger 17

  18. RAPP  Register for DD2395 dasakh10, if not already  http://rapp.nada.kth.se Oct. 25, 2010 Computer Security, Sonja Buchegger 18

  19. Next Courses  Networking Security with Johan Karlander  Foundations of Cryptography with Douglas Wikström Oct. 25, 2010 Computer Security, Sonja Buchegger 19

  20. CSC honor code, plus: Defense Against the Dark Arts: Do not attack a running system without the consent of the owner and the users! Oct. 25, 2010 Computer Security, Sonja Buchegger 20

  21. Questions for you: My most important question about the course: my experience, knowledge HIGH My most important question about computer security: LOW HIGH my expectations Oct. 25, 2010 Computer Security, Sonja Buchegger 21

  22. Questions? Oct. 25, 2010 Computer Security, Sonja Buchegger 22

  23. Outline for Today  About the course  About computer security Oct. 25, 2010 Computer Security, Sonja Buchegger 23

  24. Computer Security Slides adapted from Lawrie Brown's set of slides for the course book “Computer Security: Principles and Practice” by William Stallings and Lawrie Brown Oct. 25, 2010 Computer Security, Sonja Buchegger 24

  25. Computer Security Oct. 25, 2010 Computer Security, Sonja Buchegger 25

  26. Overview Computer Security: protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications). Oct. 25, 2010 Computer Security, Sonja Buchegger 26

  27. Key Security Concepts Oct. 25, 2010 Computer Security, Sonja Buchegger 27

  28. Challenges  Why is security hard to achieve?  Think about it for 2 min.  Turn to your neighbor and discuss for 3 min. Oct. 25, 2010 Computer Security, Sonja Buchegger 28

  29. Computer Security Challenges not simple 1. must consider potential attacks 2. procedures used counter-intuitive 3. involve algorithms and secret info 4. must decide where to deploy mechanisms 5. battle of wits between attacker / admin 6. not perceived on benefit until fails 7. requires regular monitoring 8. too often an after-thought 9. 10. regarded as impediment to using system Oct. 25, 2010 Computer Security, Sonja Buchegger 29

  30. Security Terminology Oct. 25, 2010 Computer Security, Sonja Buchegger 30

  31. Vulnerabilities and Attacks  system resource vulnerabilities may - be corrupted (loss of integrity) - become leaky (loss of confidentiality) - become unavailable (loss of availability)  attacks are threats carried out and may be - passive - active - insider - outsider Oct. 25, 2010 Computer Security, Sonja Buchegger 31

  32. Countermeasures  means used to deal with security attacks - prevent - detect - recover  may result in new vulnerabilities  will have residual vulnerability  goal is to minimize risk given constraints Oct. 25, 2010 Computer Security, Sonja Buchegger 32

  33. Threat Consequences  unauthorized disclosure - exposure, interception, inference, intrusion  deception - masquerade, falsification, repudiation  disruption - incapacitation, corruption, obstruction  usurpation - misappropriation, misuse Oct. 25, 2010 Computer Security, Sonja Buchegger 33

  34. Scope of Computer Security Oct. 25, 2010 Computer Security, Sonja Buchegger 34

  35. Network Security Attacks  classify as passive or active  passive attacks are eavesdropping - release of message contents - traffic analysis - are hard to detect so aim to prevent  active attacks modify/fake data - masquerade - replay - modification - denial of service - hard to prevent so aim to detect  Networking Security class next term Oct. 25, 2010 Computer Security, Sonja Buchegger 35

  36. Security Functional Requirements  technical measures: - access control; identification & authentication; system & communication protection; system & information integrity  management controls and procedures - awareness & training; audit & accountability; certification, accreditation, & security assessments; contingency planning; maintenance; physical & environmental protection; planning; personnel security; risk assessment; systems & services acquisition  overlapping technical and management: - configuration management; incident response; media protection Oct. 25, 2010 Computer Security, Sonja Buchegger 36

  37. X.800 Security Architecture  X.800, Security Architecture for OSI  systematic way of defining requirements for security and characterizing approaches to satisfying them  defines: - security attacks - compromise security - security mechanism - act to detect, prevent, recover from attack - security service - counter security attacks Oct. 25, 2010 Computer Security, Sonja Buchegger 37

  38. Security Taxonomy Oct. 25, 2010 Computer Security, Sonja Buchegger 38

  39. Still true? Security Trends Oct. 25, 2010 Computer Security, Sonja Buchegger 39

  40. Computer Security Losses Oct. 25, 2010 Computer Security, Sonja Buchegger 40

  41. Security Technologies Used Oct. 25, 2010 Computer Security, Sonja Buchegger 41

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 11, Nov. 29, 2010 Multi-Level Security Trusted Computing and Multilevel Security present some interrelated

1k views • 41 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak12/ Fall 2012

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak12/ Fall 2012

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak12/ Fall 2012 Sonja Buchegger buc@kth.se Lecture 9 Firewalls (maybe start on Multilevel Security) DD2395 Sonja Buchegger 1 Catch-up Labs l Labbvecka in June

540 views • 35 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 13, Dec. 6, 2010 Auditing Security Audit an independent review and examination of a system's records

353 views • 33 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 3 User Authentication KTH DD2395 Sonja Buchegger 1 More Follow-up Courses l EP2500: Networked Systems

821 views • 26 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 8 Denial of Service DD2395 Sonja Buchegger 1 Course Admin l WANTED: Student representatives for the

1.29k views • 37 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin l Lab 2: - prepare before lab session - signup!

844 views • 39 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010 Sonja Buchegger buc@kth.se Lecture 8, Feb. 10, 2010 Malicious Software, Denial of Service Announcements ! Lab reports ! Bonus points !

1.08k views • 42 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 10, Nov. 24, 2011 Social Engineering DD2395, Sonja Buchegger 1 Course Admin GPG Lab 1 bonus results in

1.22k views • 39 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010 Sonja Buchegger buc@kth.se Lecture 2, Jan. 20, 2010 Cryptography Scope of Computer Security Jan. 20, 2010 KTH DD2395 Sonja Buchegger 2

469 views • 45 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 2, Oct. 27, 2010 Cryptography Oct. 27, 2010 KTH DD2395 Sonja Buchegger 1 Questionnaire Results Prior

602 views • 42 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 4 Access Control 1 Access Control l The prevention of unauthorized use* of a resource, including the

429 views • 39 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010 Sonja Buchegger buc@kth.se Lecture 7, Feb. 8, 2010 Malicious Software Malicious Software programs exploiting system vulnerabilities known

427 views • 10 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 1, Oct. 25, 2011 Introduction Oct. 25, 2011 Computer Security, Sonja Buchegger 1 Outline for Today ! About

565 views • 45 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasakh10/ Spring 2010 Sonja Buchegger buc@kth.se Lecture 7, Nov. 15, 2010 Malicious Software, Denial of Service Nov. 15, 2010 DD2395 Sonja Buchegger 1 Malicious

589 views • 48 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Fall 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Fall 2010 Sonja Buchegger buc@kth.se Lecture 3 User Authentication KTH DD2395 Sonja Buchegger 1 User Authentication KTH DD2395 Sonja Buchegger 2 User

485 views • 27 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Gravitationally lensed Lyman-alpha emitters studied with Vera Patrcio (DARK),

Gravitationally lensed Lyman-alpha emitters studied with Vera Patrcio (DARK),

J O H A N R I C H A R D ( C R A L ) Gravitationally lensed Lyman-alpha emitters studied with Vera Patrcio (DARK), Renske Smit (Cambridge), Guillaume Mahler (U.Michigan), Adlade Claeyssens (CRAL), Johany Martinez (CRAL),

142 views • 13 slides
1-859-359-6124 You can find sermon notes and videos on our website at jccrichmond.com/sermons/

1-859-359-6124 You can find sermon notes and videos on our website at jccrichmond.com/sermons/

Text your questions, comments, or prayer needs to: 1-859-359-6124 You can find sermon notes and videos on our website at jccrichmond.com/sermons/ Ruth 2:1-4 Now Naomi had a relative of her husband's, a worthy man of the clan of Elimelech, whose

277 views • 26 slides
11 Men of Galilee, they said, why do do you stan you stand her d here loo e lookin

11 Men of Galilee, they said, why do do you stan you stand her d here loo e lookin

11 Men of Galilee, they said, why do do you stan you stand her d here loo e lookin king g int into the o the sky sky? Thi ? This sam s same Jes e Jesus us, who ha , who has be s been en taken tak en fr from om you

377 views • 20 slides
CCM: The CORBA Component Model Portable Object Adapter (POA) revisited Portable Object

CCM: The CORBA Component Model Portable Object Adapter (POA) revisited Portable Object

DF14900 Software Engineering TDDD05 Component-Based Software CCM: The CORBA Component Model Portable Object Adapter (POA) revisited Portable Object Adapter (POA) revisited CORBA Objects CORBA Objects CORBA Component Model

342 views • 12 slides
Programming Language Concepts: Lecture 20 Madhavan Mukund Chennai Mathematical Institute

Programming Language Concepts: Lecture 20 Madhavan Mukund Chennai Mathematical Institute

Programming Language Concepts: Lecture 20 Madhavan Mukund Chennai Mathematical Institute madhavan@cmi.ac.in http://www.cmi.ac.in/~madhavan/courses/pl2009 PLC 2009, Lecture 20, 06 April 2009 Simply typed -calculus A separate set of

1.12k views • 99 slides
Cop and Robber Game and Hyperbolicity J. Chalopin 1 V. Chepoi 1 . Papasoglu 2 T. Pecatte 3 P 1 LIF

Cop and Robber Game and Hyperbolicity J. Chalopin 1 V. Chepoi 1 . Papasoglu 2 T. Pecatte 3 P 1 LIF

Cop and Robber Game and Hyperbolicity J. Chalopin 1 V. Chepoi 1 . Papasoglu 2 T. Pecatte 3 P 1 LIF , CNRS & Aix-Marseille Universit 2 Mathematical Institute, University of Oxford 3 NS de Lyon GRASTA, 31/03/2014 GRASTA14 Cop and

935 views • 50 slides
Generalized Hamiltonian Cycles Jakub Teska School of ITMS University of Ballarat, VIC 3353,

Generalized Hamiltonian Cycles Jakub Teska School of ITMS University of Ballarat, VIC 3353,

Generalized Hamiltonian Cycles Jakub Teska School of ITMS University of Ballarat, VIC 3353, Australia Jakub Teska, October 2, 2006 Generalized Hamiltonian Cycles - p. 1/27 Hamiltonian cycle Hamiltonian cycle is a cycle in a graph which

820 views • 77 slides
Minimal Geometric Graph Representations of Order Types Oswin Aichholzer, Martin Balko, Michael

Minimal Geometric Graph Representations of Order Types Oswin Aichholzer, Martin Balko, Michael

Minimal Geometric Graph Representations of Order Types Oswin Aichholzer, Martin Balko, Michael Hoffmann, Jan Kyn cl, Wolfgang Mulzer, Irene Parada, Alexander Pilz, Manfred Scheucher, Pavel Valtr, Birgit Vogtenhuber, Emo Welzl 1 Order Types

558 views • 43 slides

More recommend