cs 334 computer security
play

CS 334: Computer Security Prof. Doug Szajda - PowerPoint PPT Presentation

Jan 16, 2024 •42 likes •342 views

CS 334: Computer Security Prof. Doug Szajda http://www.richmond.edu/~dszajda Fall 2010 What Is This Class? Computer security = how to keep computing systems functioning as intended & free of abuse and keep data we care about

  1. CS 334: Computer Security Prof. Doug Szajda http://www.richmond.edu/~dszajda Fall 2010

  2. What Is This Class? • Computer security = how to keep computing systems functioning as intended & free of abuse … – … and keep data we care about accessed only as desired … – … in the presence of an adversary • We will look at: – Attacks and defenses for • Programs • Networks • Systems (OS, Web) – Securing data and communications – Enabling/thwarting privacy and anonymity • How these notions have played out in the Real World • Issues span a very large range of CS – Programming, systems, hardware, networking, theory

  3. What Will You Learn? • How to think adversarially • How to assess threats for their significance • How to build programs & systems that have robust security properties • How to gauge the protections and limitations provided by today’s technology – How to balance the costs of security mechanisms vs. the benefits they offer • How today’s attacks work in practice • How security issues have played out “for real” (case studies)

  4. Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty - and powerful eavesdropping technology • None of this is in any way an invitation to undertake these in any fashion other than with informed consent of all involved parties – The existence of a security hole is no excuse • These concerns regard not only ethics but UR policy and Virginia/United States law • If in some context there’s any question in your mind, come talk with me first

  5. Course Overview • Software issues – exploits, defenses, design principles • Web security – browsers, servers, authentication • Networking – protocols, imposing control, denial-of-service • Large-scale automated attacks – worms & botnets • Securing communication & data via cryptography – confidentiality, integrity, signatures, keys, e-cash

  6. Course Overview, con’t • Operating systems – access control, isolation, virtual machines, viruses & rootkits • The pervasive problem of Usability • Privacy – anonymity, releasing data, remanence • Detecting/blocking attacks in “real time” • Landscape of modern attacks – spam, phishing, underground economy • Case studies

  7. Some Broad Perspectives • A vital, easily overlooked facet of security is policy (and accompanying it: operating within constraints ) • High-level goal is risk management, not bulletproof protection. – Much of the effort concerns “raising the bar” and trading off resources • How to prudently spend your time & money? • Key notion of threat model: what you are defending against – This can differ from what you’d expect – Consider the Department of Energy …

  11. Modern Threats • An energetic arms race between attackers and defenders fuels rapid innovation in “malcode” … • … including powerful automated tools … • … and defenders likewise devise novel tactics …

  13. Modern Threats • An energetic arms race between attackers and defenders fuels rapid innovation in “malcode” … • … including powerful automated tools … • … and defenders likewise devise novel tactics …

  15. Modern Threats • An energetic arms race between attackers and defenders fuels rapid innovation in “malcode” … • … including powerful automated tools … • … and defenders likewise devise novel tactics …

  17. Modern Threats, con’t • Most cyber attacks aim for profit and are facilitated by a well-developed “underground economy … • … but recent times have seen the rise of nation-state issues, including: – Censorship / network control – Espionage – … and war

  22. Modern Threats, con’t • Most cyber attacks aim for profit and are facilitated by a well-developed “underground economy … • … there are also extensive threats to privacy including identity theft • … but recent times have seen the rise of nation-state issues, including: – Censorship / network control – Espionage – … and war

  24. Modern Threats, con’t • Most cyber attacks aim for profit and are facilitated by a well-developed “underground economy … • … there are also extensive threats to privacy including identity theft • … and recent times have seen the rise of nation-state issues, including: – Censorship / network control – Espionage – … and war

  26. Modern Threats, con’t • Most cyber attacks aim for profit and are facilitated by a well-developed “underground economy … • … there are also extensive threats to privacy including identity theft • … and recent times have seen the rise of nation-state issues, including: – Censorship / network control – Espionage – … and war

  28. Modern Threats, con’t • Most cyber attacks aim for profit and are facilitated by a well-developed “underground economy … • … there are also extensive threats to privacy including identity theft • … but recent times have seen the rise of nation-state issues, including: – Censorship / network control – Espionage – … and war

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Quick Intro to Computer Security What is computer security? Securing communication

Quick Intro to Computer Security What is computer security? Securing communication

Carnegie Mellon Quick Intro to Computer Security What is computer security? Securing communication Cryptographic tools Access control User authentication Computer security and usability Thanks to Mike Reiter for the

412 views • 38 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer Security? Generally concerned with protection of computer related assets Risk analysis and management! Manage could mean prevention of

537 views • 26 slides
Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

IN3210 Network Security Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure Computer Security Security of computers and networks Protection of digital assets Axioms of Computer Security:

240 views • 23 slides
Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak

Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak

8.10.2019 Information Security Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak Can Network Security: Hacettepe University Ensure security of communication over insecure medium

267 views • 10 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #2 Aug 25 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Economist Survey Please read it Main points Security is a MUCH

600 views • 27 slides
CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human

CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human

Overview CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human Security 3.Program Security Security Computer security threats Unintentional: - Coding faults - Operational faults -

238 views • 8 slides
CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL:

CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL:

CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 OS Security An secure OS should provide the

873 views • 28 slides
Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3:

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3:

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives

839 views • 38 slides
Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives Confidentiality

1.08k views • 42 slides
Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives Confidentiality

553 views • 39 slides
CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL:

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL:

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Mandatory Access Control Is about administration

462 views • 19 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #13 Oct 11 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #2 later today Allocate last 30 mins No Class

488 views • 30 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #25 Dec 1 st 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Remainder of the semester: Quiz #3 is Today 40 mins

414 views • 20 slides
Why No Worse Off is Worse Off John Aycock John

Why No Worse Off is Worse Off John Aycock John

Why No Worse Off is Worse Off John Aycock John Sullins Department of Computer Science Department of Philosophy University of Calgary, Canada

562 views • 27 slides
Re Remote Data Acquisition and IoT 01219335 Data Acquisition and Integration Chaipo Chaiporn J

Re Remote Data Acquisition and IoT 01219335 Data Acquisition and Integration Chaipo Chaiporn J

Re Remote Data Acquisition and IoT 01219335 Data Acquisition and Integration Chaipo Chaiporn J n Jaik aikae aeo De Department of f Computer Engineering Ka Kasetsart Unive versity Materials partly taken from lecture slides by Karl and

451 views • 34 slides
WINLAB Rutgers, The State University of New Jersey www.winlab.rutgers.edu Mete Rodoper, MSc

WINLAB Rutgers, The State University of New Jersey www.winlab.rutgers.edu Mete Rodoper, MSc

An Identity- -Based Based An Identity Cryptography (IBC) Scheme Cryptography (IBC) Scheme for WiMAX Security for WiMAX Security WINLAB Rutgers, The State University of New Jersey www.winlab.rutgers.edu Mete Rodoper, MSc Under supervision

331 views • 15 slides
Publishing open access in a subscription- based journal 1 Except when otherwise noted, this work

Publishing open access in a subscription- based journal 1 Except when otherwise noted, this work

Nicole Will De Delft University of Technol ology ogy Publishing open access in a subscription- based journal 1 Except when otherwise noted, this work is licensed CC-BY 4.0. Please attribute TU Delft Submitting to a subscription-based

298 views • 10 slides
MSSM Inflation and the LHC Rouzbeh Allahverdi University of New Mexico University of New Mexico

MSSM Inflation and the LHC Rouzbeh Allahverdi University of New Mexico University of New Mexico

MSSM Inflation and the LHC Rouzbeh Allahverdi University of New Mexico University of New Mexico GGI mini Workshop on LHC and Dark Mattetr GGI mini Workshop on LHC and Dark Mattetr 10 June 2010 Outline: Introduction Inflation in

623 views • 26 slides
Claims & Underwriting A Tale of Two Systems Mark Daley Daley & Associates, LLC

Claims & Underwriting A Tale of Two Systems Mark Daley Daley & Associates, LLC

Claims & Underwriting A Tale of Two Systems Mark Daley Daley & Associates, LLC Aashish Jain Capgemini Jim DuEst TriPlus Services, Inc. Types of Workflow System-Oriented Workflow Generally involve computer

595 views • 27 slides
HOPWA/COVID-19 - STRMU: Office Hours October 22, 2020 Presenters/Facilitators Collaborative

HOPWA/COVID-19 - STRMU: Office Hours October 22, 2020 Presenters/Facilitators Collaborative

HOPWA/COVID-19 - STRMU: Office Hours October 22, 2020 Presenters/Facilitators Collaborative Solutions, HIV Housing & Health Program Kate Briddell Crystal Pope Christine Campbell Emily Fischbein OHH Staff available for questions: Rita

402 views • 18 slides
Substantive Law What is the issue in the case? Where can I read the law? Where can I find more

Substantive Law What is the issue in the case? Where can I read the law? Where can I find more

Substantive Law What is the issue in the case? Where can I read the law? Where can I find more about the law if needed? Where can I find other resources? Resources available Everyone has access to the same information Topics in this

753 views • 22 slides

More recommend