csci e 170 lecture 11 redux of papers logging the law
play

CSCI E-170 Lecture 11: Redux of papers, Logging, The Law, Integrity - PowerPoint PPT Presentation

Sep 16, 2023 •324 likes •881 views

CSCI E-170 Lecture 11: Redux of papers, Logging, The Law, Integrity Management Simson L. Garfinkel Center for Research on Computation and Society Harvard University December 5, 2005 1 Todays Agenda 1. Administrivia 2. Midterm Projects:

  1. CSCI E-170 Lecture 11: Redux of papers, Logging, The Law, Integrity Management Simson L. Garfinkel Center for Research on Computation and Society Harvard University December 5, 2005 1

  2. Today’s Agenda 1. Administrivia 2. Midterm Projects: Redux 3. Logging 4. Federal Rules of Evidence 5. Federal Computer Crime Statutes 6. Integrity Management 2

  3. Administrivia 1: HW4 You should be working now on P2, not HW4. HW4 should be released by next Monday. 3

  4. Administrivia 1: P1 Overall, we were very impressed with the projects. Best papers: • Trends in Biometrics and User Acceptance , by Team Future (Ellen Jervis, Matt Kennedy, Neal Kepler, and Julia Kim). • Steganography: Two Faces of a Coin , by Team Money (Migdalia Rosa, David Root, Ricardo Rodriguez, Gerrick Rodrigues) 4

  5. P1 Continued . . . Some groups had issues regarding citation and sourcing. You were all very careful not to plagiarize! . . . But you were not careful to use proper academic citations or sources. 5

  6. Which is the better reference? [1] http://www.accessdata.com/Product04 Overview.htm? ProductNum=04 [1] Access Data. Forensic toolkit—overview, 2005. http://www. accessdata.com/Product04 Overview.htm?ProductNum=04 6

  7. Which is the better reference? (2) [2] US Environmental Protection Agency. Wastes: The hazardous waste manifest system, 2005. http://www.epa.gov/epaoswer/hazwaste/gener/manifest/ . [2] http://www.epa.gov/epaoswer/hazwaste/gener/manifest/ 7

  8. Which is the better reference? (3) [3] American Library Association Office for Information Technology Policy. Managing cookies to protect patron privacy, 2005. http://www.ala.org/ala/washoff/oitp/ emailtutorials/privacya/20.htm . Accessed April 20, 2005. [3] http://www.ala.org/ala/washoff/oitp/emailtutorials/ privacya/20.htm. 8

  9. Which is the better reference? (4) [1] Steven Bauer and Nissanka B. Priyantha. “Secure data deletion for Linux file systems.” In Proc. 10th Usenix Security Symposium, pages 153–164. Usenix, San Antonio, Texas, 2001. [1] Chuvakin, Anton, Ph.D. “Linux Data Hiding and Recovery,” LinuxSecurity.COM, Posted 10 March 2002, http://www.linuxsecurity.com/content/view/117638/49/ . 9

  10. What’s wrong with Dr. Chuvakin’s article? About the Author Anton Chuvakin, Ph.D. is a Senior Security Analyst with netForensics ( http://www.netforensics.com ), a security information management company that provides real-time network security monitoring solutions. 10

  11. What’s wrong with this citation? [1] “Feds Get Wide Wiretap Authority,” CBS News, November 18, 2002. http://www.cbsnews.com/stories/2002/08/23/attack/ main519606.shtml 11

  12. Common mistakes in sources on midterm projects: • Providing URLs instead of proper citations. • Citing articles in popular press . • Citing market research reports (e.g. Gartner Group). • Citing articles about patents rather than the patents themselves. • Citing references that are out-of-date. 12

  13. P1 was a research report. P2 is a conference article. Key differences: Why Johnny Canʼt Encrypt: A Usability Evaluation of PGP 5.0 Abstract 1 Introduction • Strict page limit. • Two column format. 13

  14. Logging % ls -l /var/log/ | grep -v gz total 1224 -rw-r--r-- 1 root wheel 112590 Dec 5 13:45 asl.log -rw-r--r-- 1 root wheel 60159 Dec 4 00:12 crashreporter.log drwxr-xr-x 7 root wheel 238 Nov 28 15:11 cups/ -rw-r--r-- 1 root wheel 216534 Dec 5 03:14 daily.out drwxr-xr-x 2 root wheel 68 Mar 20 2005 fax/ -rw-r----- 1 root admin 0 Dec 4 05:50 ftp.log drwxr-xr-x 10 root wheel 340 Dec 4 05:50 httpd/ -rw-r--r-- 1 root admin 0 Dec 1 17:41 install.log -rw-r----- 1 root admin 0 Dec 4 05:50 ipfw.log -rw-r----- 1 root admin 14112 Dec 5 13:41 lastlog -rw-r----- 1 root admin 0 Dec 4 05:50 lpr.log -rw-r----- 1 root admin 713 Dec 5 03:14 mail.log -rw-r----- 1 root wheel 3742 May 12 2005 mb.log -rw-r--r-- 1 root wheel 721 Dec 1 17:41 monthly.out -rw-r----- 1 root admin 0 Dec 4 05:50 netinfo.log drwxr-xr-x 2 root wheel 68 Mar 26 2005 ppp/ -rw-r----- 1 root admin 0 Dec 4 05:50 ppp.log drwxr-xr-x 2 root wheel 68 Mar 20 2005 sa/ drwxr-xr-x 4 root wheel 136 Jun 22 23:15 samba/ -rw-r----- 1 root admin 5033 Dec 5 13:23 secure.log -rw-r----- 1 root admin 8504 Dec 5 13:45 system.log -rw-r--r-- 1 root wheel 2741 Dec 4 05:50 weekly.out -rw-r----- 1 root admin 49132 Dec 5 13:23 windowserver.log -rw-r----- 1 root admin 56188 Nov 30 06:21 windowserver_last.log -rw-r--r-- 1 root admin 3312 Dec 5 13:41 wtmp 14

  15. What is a log? 15

  16. What gets logged? 16

  17. What gets logged? • Logins & Logouts • Privilege escalation • Security relevant events 17

  18. What gets logged? • Logins & Logouts • Privilege escalation • Security relevant events 18

  19. Why keep logs? 19

  20. Why look at logs? Policy may require it. Regulations may require it. Cost savings—find inefficiencies that can be avoided. 20

  21. But what really gets logged? 21

  22. What really gets logged... windowserver.log: Nov 30 09:00:40 [70] Server is starting up Nov 30 09:00:42 [70] Accel caps: 00000003 Nov 30 09:00:42 [70] Accel caps: 00000003 Nov 30 09:00:42 [70] CGXPerformInitialDisplayConfiguration Nov 30 09:00:42 [70] Display 0x4270a80: MappedDisplay Unit 0; Vendor 0x610 Model 0x9c2a S/N 0; online enabled built-in (0,0)[1024 x 768], base addr 0xb0015000 Nov 30 09:00:42 [70] Display 0x3f003d: MappedDisplay Unit 1; Vendor 0xffffffff Model 0xffffff ff S/N -1; offline enabled (2048,0)[1 x 1], base addr 0xb2016000 Nov 30 09:00:49 [70] kCGErrorIllegalArgument: CGXSetWindowListTags: Operation on a window 0x1 not owned by caller SecurityAgent Nov 30 09:00:50 [70] kCGErrorIllegalArgument: CGXOrderWindow: Operation on a window 0x1 not owned by caller SecurityAgent Nov 30 09:02:32 [70] kCGErrorFailure: CGXDisableUpdate: UI updates were forcibly disabled by application "Finder" for over 1 second. Server has re-enabled them. Nov 30 09:09:37 [70] "loginwindow" (0x3eb3) set hot key operating mode to all disabled Nov 30 09:09:37 [70] Hot key operating mode is now all disabled Nov 30 11:55:15 [70] "loginwindow" (0x3eb3) set hot key operating mode to normal Nov 30 11:55:15 [70] Hot key operating mode is now normal Nov 30 11:57:17 [70] "loginwindow" (0x3eb3) set hot key operating mode to all disabled Nov 30 11:57:17 [70] Hot key operating mode is now all disabled Nov 30 11:57:22 [70] kCGErrorCannotComplete: CGXPostNotification2 : Time out waiting for reply from "coreaudiod" for notification type 102 (CID 0xc903, PID 42) Most log files are created for debugging, not for security. 22

  23. What does this mean? Nov 30 09:00:40 [70] Server is starting up Month and day (no year!) Nov 30 The time (is it accurate?) 09:00:40 Unix Process ID [70] Message Server is starting up 23

  24. There is no regularity for log files—not even within a single log file. windowserver.log: Nov 30 09:00:40 [70] Server is starting up secure.log: Dec 4 13:01:44 localhost com.apple.SecurityServer: Entering Dec 4 13:01:51 G12-2 SecurityAgent[90]: Showing Login Window Dec 4 13:01:54 G12-2 SecurityAgent[90]: User Authenticated: Dec 4 13:01:54 G12-2 com.apple.SecurityServer: authinternal authenticated user simsong (uid 501). Most log files are created to be read by humans, not programs. 24

  25. Log files can contain unexpectedly sensitive information These logs are readable by anybody: -rw-r--r-- 1 root wheel 112590 Dec 5 13:45 asl.log -rw-r--r-- 1 root wheel 60159 Dec 4 00:12 crashreporter.log -rw-r--r-- 1 root wheel 216534 Dec 5 03:14 daily.out -rw-r--r-- 1 root admin 0 Dec 1 17:41 install.log -rw-r--r-- 1 root wheel 721 Dec 1 17:41 monthly.out -rw-r--r-- 1 root wheel 2741 Dec 4 05:50 weekly.out -rw-r--r-- 1 root admin 3312 Dec 5 13:41 wtmp These logs are protected: -rw-r----- 1 root admin 0 Dec 4 05:50 ftp.log -rw-r----- 1 root admin 0 Dec 4 05:50 ipfw.log -rw-r----- 1 root admin 14112 Dec 5 13:41 lastlog -rw-r----- 1 root admin 713 Dec 5 03:14 mail.log -rw-r----- 1 root wheel 3742 May 12 2005 mb.log -rw-r----- 1 root admin 5033 Dec 5 13:23 secure.log -rw-r----- 1 root admin 8504 Dec 5 13:45 system.log -rw-r----- 1 root admin 49132 Dec 5 13:23 windowserver.log -rw-r----- 1 root admin 56188 Nov 30 06:21 windowserver_last.log Why? 25

  26. Conventional thinking is to protect any log that may contain sensitive information -rw-r----- 1 root admin 0 Dec 4 05:50 ftp.log -rw-r----- 1 root admin 0 Dec 4 05:50 ipfw.log -rw-r----- 1 root admin 14112 Dec 5 13:41 lastlog -rw-r----- 1 root admin 713 Dec 5 03:14 mail.log -rw-r----- 1 root wheel 3742 May 12 2005 mb.log -rw-r----- 1 root admin 5033 Dec 5 13:23 secure.log -rw-r----- 1 root admin 8504 Dec 5 13:45 system.log -rw-r----- 1 root admin 49132 Dec 5 13:23 windowserver.log -rw-r----- 1 root admin 56188 Nov 30 06:21 windowserver_last.log What’s sensitive? • Usernames — users may provide passwords by accident. • Email records — reveals relationships. But conventional thinking may be wrong. It may be appropriate to keep all log files confidential. 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DATABASE SYSTEM IMPLEMENTATION GT 4420/6422 // SPRING 2019 // @JOY_ARULRAJ LECTURE #5: LOGGING

DATABASE SYSTEM IMPLEMENTATION GT 4420/6422 // SPRING 2019 // @JOY_ARULRAJ LECTURE #5: LOGGING

DATABASE SYSTEM IMPLEMENTATION GT 4420/6422 // SPRING 2019 // @JOY_ARULRAJ LECTURE #5: LOGGING AND RECOVERY PROTOCOLS 2 TODAYS AGENDA Logging Schemes Crash Course on ARIES protocol Physical Logging Logical Logging 3 LOGGING &

1.64k views • 125 slides
1 8 Months of Redux March 4, 2017 Yuri Takhteyev CTO + 19 Ranglers Redux at Rangle

1 8 Months of Redux March 4, 2017 Yuri Takhteyev CTO + 19 Ranglers Redux at Rangle

1 8 Months of Redux March 4, 2017 Yuri Takhteyev CTO + 19 Ranglers Redux at Rangle Weve been actively using Redux for a bit over 18 months. This is a good opportunity to re fl ect on what weve De fi ne learned. Prepare

545 views • 33 slides
Logging and Recovery Module 6, Lectures 3 and 4 If you are going to be in the logging business,

Logging and Recovery Module 6, Lectures 3 and 4 If you are going to be in the logging business,

Logging and Recovery Module 6, Lectures 3 and 4 If you are going to be in the logging business, one of the things that you have to do is to learn about heavy equipment. Robert VanNatta, Logging History of Columbia County Database Management

534 views • 26 slides
Introduction to Experimental Robotics CSCI 1108 Lecture 15 PID Controller CSCI 1108 Lecture

Introduction to Experimental Robotics CSCI 1108 Lecture 15 PID Controller CSCI 1108 Lecture

Introduction to Experimental Robotics CSCI 1108 Lecture 15 PID Controller CSCI 1108 Lecture 15 1 / 18 PID Controller Introduction PID Controller is a common technique to control a wide variety of machinery, including vehicles, robots

663 views • 18 slides
Introduction to Experimental Robotics CSCI 1108 Lecture 2 Introduction to Aseba CSCI 1108

Introduction to Experimental Robotics CSCI 1108 Lecture 2 Introduction to Aseba CSCI 1108

Introduction to Experimental Robotics CSCI 1108 Lecture 2 Introduction to Aseba CSCI 1108 Lecture 2 1 / 18 Administrivia For Section 2 (1-2:30pm): A note taker is required to assist one of your peers. If you are interested, please go to

636 views • 18 slides
Debugging & Logging Java Logging Java has built-in support for logging Logs contain

Debugging & Logging Java Logging Java has built-in support for logging Logs contain

Debugging & Logging Java Logging Java has built-in support for logging Logs contain messages that provide information to Software developers (e.g., debugging) System administrators Customer support agents Programs send

254 views • 10 slides
L1 June 5, 2018 1 Lecture 1: Welcome to CSCI 1360E! CSCI 1360E: Foundations for Informatics and

L1 June 5, 2018 1 Lecture 1: Welcome to CSCI 1360E! CSCI 1360E: Foundations for Informatics and

L1 June 5, 2018 1 Lecture 1: Welcome to CSCI 1360E! CSCI 1360E: Foundations for Informatics and Analytics 1.1 Overview and Objectives In this lecture, well go over the basic principles of the field of data science and analytics. By the

260 views • 10 slides
TomskGAZPROMgeofjzika Company Profjle { Logging while drilling { Production logging for reservoir

TomskGAZPROMgeofjzika Company Profjle { Logging while drilling { Production logging for reservoir

TomskGAZPROMgeofjzika Geophysical Services We provide full range of well logging and mud logging op- erations, cement quality control, MWD and well engineering services throughout Western and Eastern Siberia. Over 15 years of top quality

554 views • 31 slides
LHC LOGGING Timeline of t he proj ect , resources Cont ext : where does logging f it in? Basic

LHC LOGGING Timeline of t he proj ect , resources Cont ext : where does logging f it in? Basic

Outline Launching of t he LHC Logging proj ect Mandat e, scope and obj ect ives LHC LOGGING Timeline of t he proj ect , resources Cont ext : where does logging f it in? Basic f unct ionalit ies Filt ering of dat a I nt erf acing t o ot

667 views • 3 slides
CSCI 5832 Natural Language Processing Lecture 23 Jim Martin 4/24/07 CSCI 5832 Spring 2006 1

CSCI 5832 Natural Language Processing Lecture 23 Jim Martin 4/24/07 CSCI 5832 Spring 2006 1

CSCI 5832 Natural Language Processing Lecture 23 Jim Martin 4/24/07 CSCI 5832 Spring 2006 1 Today: 4/17 Finish Lexical Semantics Wrap up Information Extraction 4/24/07 CSCI 5832 Spring 2006 2 1 Inside Words Thematic roles:

203 views • 19 slides
CSCI 5582 Artificial Intelligence Lecture 23 Jim Martin CSCI 5582 Fall 2006 Today 11/30

CSCI 5582 Artificial Intelligence Lecture 23 Jim Martin CSCI 5582 Fall 2006 Today 11/30

CSCI 5582 Artificial Intelligence Lecture 23 Jim Martin CSCI 5582 Fall 2006 Today 11/30 Natural Language Processing Overview 2 sub-problems Machine Translation Question Answering CSCI 5582 Fall 2006 1 Readings

429 views • 32 slides
CSCI 5582 Artificial Intelligence Lecture 26 Jim Martin CSCI 5582 Fall 2006 Today 12/12

CSCI 5582 Artificial Intelligence Lecture 26 Jim Martin CSCI 5582 Fall 2006 Today 12/12

CSCI 5582 Artificial Intelligence Lecture 26 Jim Martin CSCI 5582 Fall 2006 Today 12/12 Machine Translation Review Automatic Evaluation Question Answering CSCI 5582 Fall 2006 1 Readings Chapters 22 and 23 in Russell

443 views • 31 slides
CSCI 5582 Artificial Intelligence Lecture 4 Jim Martin CSCI 5582 Fall 2006 Today 9/7

CSCI 5582 Artificial Intelligence Lecture 4 Jim Martin CSCI 5582 Fall 2006 Today 9/7

CSCI 5582 Artificial Intelligence Lecture 4 Jim Martin CSCI 5582 Fall 2006 Today 9/7 Review Depth-limits Administration Uninformed and informed methods A* and Heuristics Beam search IDA* CSCI 5582 Fall 2006

462 views • 15 slides
Lecture 7: Empiricism and Evidence 1 Today: 1. First papers 2. Empiricism and evidence 1.

Lecture 7: Empiricism and Evidence 1 Today: 1. First papers 2. Empiricism and evidence 1.

HPSC 1001/1901/2101/2901 WHAT IS THIS THING CALLED SCIENCE? Semester 2, 2020 Lecture 7: Empiricism and Evidence 1 Today: 1. First papers 2. Empiricism and evidence 1. First papers Things to do: (i) Write as clearly as you can. Usually, the

987 views • 21 slides
CSCI 5582 Artificial Intelligence Lecture 24 Jim Martin CSCI 5582 Fall 2006 Today 12/5

CSCI 5582 Artificial Intelligence Lecture 24 Jim Martin CSCI 5582 Fall 2006 Today 12/5

CSCI 5582 Artificial Intelligence Lecture 24 Jim Martin CSCI 5582 Fall 2006 Today 12/5 Machine Translation Background Why MT is hard Basic Statistical MT Models Training Decoding CSCI 5582 Fall 2006 1

830 views • 28 slides
CSCI 5832 Natural Language Processing Lecture 22 Jim Martin 4/24/07 CSCI 5832 Spring 2006 1

CSCI 5832 Natural Language Processing Lecture 22 Jim Martin 4/24/07 CSCI 5832 Spring 2006 1

CSCI 5832 Natural Language Processing Lecture 22 Jim Martin 4/24/07 CSCI 5832 Spring 2006 1 Today: 4/12 More on meaning Lexical Semantics A seemingly endless set of random facts about words 4/24/07 CSCI 5832 Spring 2006 2 1

353 views • 22 slides
CHILDHOOD We wanted to understand more about the day-to-day lives of these young

CHILDHOOD We wanted to understand more about the day-to-day lives of these young

Civil and Criminal Law DIALOGUE WITH CHILDREN Private and Public Law CHILDREN, DIVORCE AND CITIZENSHIP BREN NEALE CHILD STUDIES CHILDHOOD ADULT PERSPECTIVE CHILD PERSPECTIVE Welfare Liberationist INDIVIDUAL STATUS Principle View

397 views • 3 slides
Collimation with hollow electron lenses G. Stancari, A. Drozhdin, G. Kuznetsov, V. Shiltsev, D.

Collimation with hollow electron lenses G. Stancari, A. Drozhdin, G. Kuznetsov, V. Shiltsev, D.

Collimation with hollow electron lenses G. Stancari, A. Drozhdin, G. Kuznetsov, V. Shiltsev, D. Still, A. Valishev, L. Vorobiev (FNAL), A. Romanov (BINP Novosibirsk), J. Smith (SLAC), R. Assmann, R. Bruce (CERN) Accelerator Advisory Committee

510 views • 38 slides
Be Prepared Another Round of PPP Loans are Coming to your Local Bank S The PPP Loan u The

Be Prepared Another Round of PPP Loans are Coming to your Local Bank S The PPP Loan u The

Be Prepared Another Round of PPP Loans are Coming to your Local Bank S The PPP Loan u The Paycheck Protection Program (PPP) is a loan designed to provide a direct incentive for small businesses to keep their workers on the payroll. u The PPP is

328 views • 17 slides
Rates Retention Pilot 2018/19 GCC 389.2 Million Budget Sources of Finance Business Rates 24%

Rates Retention Pilot 2018/19 GCC 389.2 Million Budget Sources of Finance Business Rates 24%

Gloucestershire 100% Business Rates Retention Pilot 2018/19 GCC 389.2 Million Budget Sources of Finance Business Rates 24% 95.5m Other Grant 3% 10.9m Council Tax 73% 282.8m Business Rates Retention (BRR) Main funding mechanism

585 views • 16 slides
Complaints Against Police Directorate of Professional Standards A/DCI Mark Lawrence Is this a

Complaints Against Police Directorate of Professional Standards A/DCI Mark Lawrence Is this a

Complaints Against Police Directorate of Professional Standards A/DCI Mark Lawrence Is this a public complaint? A complaint about the conduct of an individual or group of individuals. Includes Allegation of criminal offence

103 views • 9 slides
Hybrid contract checking via symbolic simplification Dana N. Xu INRIA Paris-Rocquencourt Dana N.

Hybrid contract checking via symbolic simplification Dana N. Xu INRIA Paris-Rocquencourt Dana N.

Hybrid contract checking via symbolic simplification Dana N. Xu INRIA Paris-Rocquencourt Dana N. Xu (INRIA Paris-Rocquencourt) Hybrid contract checking via symbolic simplification 1 / 30 From Types to Contracts (* val inc : int -> int *)

330 views • 32 slides
Java Interfaces 6 May 2019 OSU CSE 1 Conceptual Framework A firm conceptual foundation for

Java Interfaces 6 May 2019 OSU CSE 1 Conceptual Framework A firm conceptual foundation for

Java Interfaces 6 May 2019 OSU CSE 1 Conceptual Framework A firm conceptual foundation for understanding and designing modern software recognizes: Modern software consists of potentially large numbers of components that are composed

580 views • 39 slides
Contract-based Discovery and Adaptation of Web Services Luca Padovani Jointly with Samuele

Contract-based Discovery and Adaptation of Web Services Luca Padovani Jointly with Samuele

Contract-based Discovery and Adaptation of Web Services Luca Padovani Jointly with Samuele Carpineti, Giuseppe Castagna, Nils Gesbert, Cosimo Laneve 9th International School on Formal Methods for the Design of Computer, Communication and

700 views • 65 slides

More recommend