cse 127 introduction to security
play

CSE 127: Introduction to Security Deian Stefan UCSD Fall 2020 - PowerPoint PPT Presentation

Jan 01, 2024 •340 likes •982 views

CSE 127: Introduction to Security Deian Stefan UCSD Fall 2020 Lecture 1 Instructor: Deian Stefan deian+cse127@cs.ucsd.edu Office Hours: Fri 9-10am TA: Sunjay Cauligi scauligi@eng.ucsd.edu Office Hours: Thu 7-8pm TA: Evan

  1. CSE 127: Introduction to Security Deian Stefan UCSD Fall 2020 Lecture 1

  2. • Instructor: Deian Stefan deian+cse127@cs.ucsd.edu • Office Hours: Fri 9-10am • TA: Sunjay Cauligi scauligi@eng.ucsd.edu • Office Hours: Thu 7-8pm • TA: Evan Johnson e5johnso@eng.ucsd.edu • Office Hours: Mon 7-8pm • TA: Kevin Yu shy147@ucsd.edu • Office Hours: Wed 10-11am • Tutor: Sam Liu szl005@ucsd.ed • Office Hours: Tue 1-2pm

  3. Many amazing folks at UCSD working on security Russell Daniele Mihir Nadia Deian Aaron Stefan Geoff Alex Impagliazzo Micciancio Bellare Heninger Stefan Schulman Savage Voelker Snoeren A l e x Theory Applied Crypto Systems Nadia kc Lawrence Ranjit Sorin Ryan Polikarpova Claffy Saul Jhala Lerner Kastner PL & Verification Embedded Networking ML

  4. My group’s research Memory safety and sandboxing (MS-Wasm, RLBox, Swivel) Practical verification for security (VeRA, IODINE, VeriWasm) Bugfinding for browsers and runtime systems (Sys, SafeV8) Constant-time programming (CT-Wasm, FaCT, CTFP) Web security and privacy Security foundations

  5. We focus on real-world impact

  6. Once upon a time I even cofounded a startup

  7. Topics Covered • The Security Mindset • Principles and threat modeling • Systems/Software Security • Classic attacks and defenses on memory safety, isolation • Web Security • Web architecture, web attacks, web defenses • Network Security • Network protocols, network attacks, network defenses • Cryptography • Public and private-key cryptography, TLS, PKI • Privacy and Ethics

  8. Course Goals • Critical thinking • How to think like an attacker • How to reason about threats and risks • How to balance security costs and benefits

  9. Course Goals • Critical thinking • How to think like an attacker • How to reason about threats and risks • How to balance security costs and benefits • Technical skills • How to protect yourself • How to manage and defend systems • How to design and implement secure systems

  10. Course Goals • Critical thinking • How to think like an attacker • How to reason about threats and risks • How to balance security costs and benefits • Technical skills • How to protect yourself • How to manage and defend systems • How to design and implement secure systems • Learn to be a security-conscious citizen

  11. Course Goals • Critical thinking • How to think like an attacker • How to reason about threats and risks • How to balance security costs and benefits • Technical skills • How to protect yourself • How to manage and defend systems • How to design and implement secure systems • Learn to be a security-conscious citizen • Learn to be a leet h4x0r

  12. Course Goals • Critical thinking • How to think like an attacker • How to reason about threats and risks • How to balance security costs and benefits • Technical skills • How to protect yourself • How to manage and defend systems • How to design and implement secure systems • Learn to be a security-conscious citizen • Learn to be a leet h4x0r , but an ethical one!

  13. Course Mechanics 80% Eight projects • Own programming and writeup • General discussion OK (even encouraged!)

  14. Course Mechanics 80% Eight projects • Own programming and writeup • General discussion OK (even encouraged!) 15% Final • Thu, Dec 17 00:00-23:59 • No collaboration • Open notes, open piazza

  15. Course Mechanics 80% Eight projects • Own programming and writeup • General discussion OK (even encouraged!) 15% Final • Thu, Dec 17 00:00-23:59 • No collaboration • Open notes, open piazza 5% Participation • Ask/answer questions, make comments, generate discussion!

  16. Course Mechanics 80% Eight projects • Own programming and writeup • General discussion OK (even encouraged!) 15% Final • Thu, Dec 17 00:00-23:59 • No collaboration • Open notes, open piazza 5% Participation • Ask/answer questions, make comments, generate discussion! ≤ 10 % Lecture notes • Work in groups • Our goal: use notes in future classes!

  17. Course Policies Early policy: • Can turn in assigments 3 days early to get 10% of your grade extra credit • No late days

  18. Course Policies Early policy: • Can turn in assigments 3 days early to get 10% of your grade extra credit • No late days Regrade policy: • Regrades should be the exception not the norm • Incorrect regrade request = ⇒ negative points

  19. Course Policies Early policy: • Can turn in assigments 3 days early to get 10% of your grade extra credit • No late days Regrade policy: • Regrades should be the exception not the norm • Incorrect regrade request = ⇒ negative points Academic integrity: • UC San Diego policy: https://academicintegrity.ucsd.edu • We have to report suspected cases, don’t make it weird • If you are not sure if something is cheating, ask

  20. Talk to us, it’s a weird time

  21. Course Resources • No official textbook. Optional books: • Security Engineering by Ross Anderson • Hacking: The Art of Exploitation by Jon Erikon

  22. Course Resources • No official textbook. Optional books: • Security Engineering by Ross Anderson • Hacking: The Art of Exploitation by Jon Erikon • Assignments and readings on course site: https://cse127.programming.systems

  23. Course Resources • No official textbook. Optional books: • Security Engineering by Ross Anderson • Hacking: The Art of Exploitation by Jon Erikon • Assignments and readings on course site: https://cse127.programming.systems • Questions? Post to Piazza. https://piazza.com/ucsd/fall2020/cse127

  24. Course Resources • No official textbook. Optional books: • Security Engineering by Ross Anderson • Hacking: The Art of Exploitation by Jon Erikon • Assignments and readings on course site: https://cse127.programming.systems • Questions? Post to Piazza. https://piazza.com/ucsd/fall2020/cse127 • Lectures, section, office hours: • On this Zoom • Everything will be recorded and posted online

  25. Ethics We will be discussing and implementing real-world attacks. Using some of these these techniques in the real world may be unethical, a violation of university policies, or a violation of federal law. This includes the course assignment infrastructure (e.g., grading system).

  26. Ethics We will be discussing and implementing real-world attacks. Using some of these these techniques in the real world may be unethical, a violation of university policies, or a violation of federal law. This includes the course assignment infrastructure (e.g., grading system). Be an ethical hacker • Ethics requires you to refrain from doing harm • Always respect human, privacy, property rights • There are many legitimate hacking capture-the-flags

  27. 18 U.S. CODE § 1030 - FRAUD AND RELATED ACTIVITY IN CONNECTION WITH COMPUTERS Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer...

  28. 18 U.S. CODE § 1030 - FRAUD AND RELATED ACTIVITY IN CONNECTION WITH COMPUTERS Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer... The punishment for an offense... - a fine under this title or imprisonment for not more than one year, or both..., - a fine under this title or imprisonment for not more than 5 years, or both... if— (i) the offense was committed for purposes of commercial advantage or private financial gain; (ii) the offense was committed in furtherance of any criminal or tortious act...; or (iii) the value of the information obtained exceeds $5,000

  29. The Good, the Bad, and the Ugly Good In 2012, FBI prosecuted weev for exposing data of 114K iPad users Bad In 2011, Sony sued George Hotz for jailbreaking PlayStation 3 Ugly In 2011, FBI prosecuted Aaron Swartz for downloading academic articles on MIT network from JSTOR

  30. What is security?

  31. Robustness vs. Security

  32. Robustness vs. Security “Computer security studies how systems behave in the presence of an adversary .” *Actively tries to cause the system to misbehave.

  33. The Security Mindset • Thinking like an attacker • Understand techniques for circumventing security • Look for ways security can break, not why it won’t

  34. The Security Mindset • Thinking like an attacker • Understand techniques for circumventing security • Look for ways security can break, not why it won’t • Thinking like a defender • Know what you’re defending, and against whom. • Weigh benefits vs. costs: No system is ever completely secure. • Rational paranoia Don’t build bridges to sustain bombings

  35. Thinking like an Attacker • Look for weakest links • Identify assumptions that security depends on Are they false?

  36. Thinking like an Attacker • Look for weakest links • Identify assumptions that security depends on Are they false? • Think outside the box

  37. Thinking like an Attacker • Look for weakest links • Identify assumptions that security depends on Are they false? • Think outside the box Not constrained by system designer’s worldview!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

ADVANCED COMPUTER SECURITY INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT IS SECURITY? A systems security policies describe What the system is supposed to do Store and provide access

479 views • 16 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Practices and Charter Research Branch Security Council Affairs Division Department of Political Affairs United Nations August

490 views • 28 slides
Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Affairs Division Department of Political Affairs United Nations August 2013 Outline What is the Security Council?

189 views • 16 slides
Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic algorithms 7.4 Digital signatures 7.5 Cryptography pragmatics 7.1. Introduction Why need security mechanisms in DS? Share of resources

364 views • 24 slides
Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to

Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to

Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to data security. - Security requirements. - Types of security threats. - Security risks. - Technologies and security solutions. Introduction

411 views • 37 slides
Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics WWW HTTP: Hyper Text Transfer Protocol HTTP Security HTML Protocol HTML Security

1.09k views • 74 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security

Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security

Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security Landscape Meraki Security Demo Security Landscape The Growing Importance of Security MALWARE HAS RISEN BY MORE THAN 10X IN THE LAST YEAR 70% M ALW AR E

604 views • 35 slides
Com puter Security Last tim e Introduction Threat analysis Threats Introduction

Com puter Security Last tim e Introduction Threat analysis Threats Introduction

Com puter Security Last tim e Introduction Threat analysis Threats Introduction to access control Policy matrix Specification Design Implementation Operation and Maintenance Security in the Course Lectures

784 views • 40 slides
Software Defjned Networking Security Outline Introduction What is SDN? SDN attack

Software Defjned Networking Security Outline Introduction What is SDN? SDN attack

Software Defjned Networking Security Outline Introduction What is SDN? SDN attack surface Recent vulnerabilities Security response Defensive technologies Next steps Introduction Security nerd, recovering

790 views • 39 slides
Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

CSS441 Introduction Concepts Architecture Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20

678 views • 23 slides
Digital Twin for Cyber Testing Michael J. OConnor Chief Technologist, Trideum, Huntsville,

Digital Twin for Cyber Testing Michael J. OConnor Chief Technologist, Trideum, Huntsville,

IT 2 EC 2020 IT 2 EC Extended Abstract Template Presentation/Panel Digital Twin for Cyber Testing Michael J. OConnor Chief Technologist, Trideum, Huntsville, United States Abstract This paper addresses both the Digital Twin Approach and

55 views • 3 slides
Th The ABC BCs of of ICS Th Threat Act ctiv ivit ity y Grou oups Au August st 2 26, 2

Th The ABC BCs of of ICS Th Threat Act ctiv ivit ity y Grou oups Au August st 2 26, 2

Th The ABC BCs of of ICS Th Threat Act ctiv ivit ity y Grou oups Au August st 2 26, 2 2020 Sergio Caltagirone Dave Bittner VP Threat Intelligence Producer & Host Dragos The CyberWire Podcast Before we get started - The

874 views • 17 slides
ABC: A Cryptocurrency-Focused Threat Modeling Framework Ghada Almashaqbeh 1 , Allison Bishop 1,2 ,

ABC: A Cryptocurrency-Focused Threat Modeling Framework Ghada Almashaqbeh 1 , Allison Bishop 1,2 ,

ABC: A Cryptocurrency-Focused Threat Modeling Framework Ghada Almashaqbeh 1 , Allison Bishop 1,2 , Justin Cappos 3 1 Columbia, 2 Proof Trading, 3 NYU CryBlock 2019, Paris, France Outline Background. Motivation. The ABC framework.

1.25k views • 26 slides
Outline Integer overflow debrief CSci 4271W Development of Secure Software Systems Code

Outline Integer overflow debrief CSci 4271W Development of Secure Software Systems Code

Outline Integer overflow debrief CSci 4271W Development of Secure Software Systems Code auditing Day 4: Auditing and Threat Modeling 1 Stephen McCamant Threat modeling University of Minnesota, Computer Science & Engineering Integer

313 views • 4 slides
Lecture 9: Discrete-Time Fourier Transform Mark Hasegawa-Johnson ECE 401: Signal and Image

Lecture 9: Discrete-Time Fourier Transform Mark Hasegawa-Johnson ECE 401: Signal and Image

Review DTFT DTFT Properties Examples Summary Lecture 9: Discrete-Time Fourier Transform Mark Hasegawa-Johnson ECE 401: Signal and Image Analysis, Fall 2020 Review DTFT DTFT Properties Examples Summary Review: Frequency Response 1

396 views • 38 slides
1A88F Push-Open with Silent Soft-Closing Specifications Undermount Slide for Face Frame Cabinet

1A88F Push-Open with Silent Soft-Closing Specifications Undermount Slide for Face Frame Cabinet

Undermount Slides www.kingslide.com 1A88F Push-Open with Silent Soft-Closing Specifications Undermount Slide for Face Frame Cabinet Length: 305 / 381 / 457 / 533mm (16mm) 12" / 15" / 18" / 21" Travel: Full

383 views • 4 slides
CSE 373: Tradeofgs and Abstractions Michael Lee Friday Jan 5, 2017 1 Warmup Warmup questions:

CSE 373: Tradeofgs and Abstractions Michael Lee Friday Jan 5, 2017 1 Warmup Warmup questions:

CSE 373: Tradeofgs and Abstractions Michael Lee Friday Jan 5, 2017 1 Warmup Warmup questions: Instructions: implementation of a data structure? 2 Recall: Whats an ADT? Whats a data structure? An Skim the Queue ADT on your

761 views • 41 slides
Bias Variance Trade-off Intuition: If the model is too simple, the solution is biased and

Bias Variance Trade-off Intuition: If the model is too simple, the solution is biased and

Carnegie Mellon University 10-701 Machine Learning Spring 2013 Bias Variance Trade-off Intuition: If the model is too simple, the solution is biased and does not fit the data If the model is too complex then it is very sensitive to

361 views • 14 slides

More recommend