cse 484 cse m 584 computer security and privacy
play

CSE 484 / CSE M 584: Computer Security and Privacy Autumn 2017 - PowerPoint PPT Presentation

Dec 27, 2023 •106 likes •426 views

CSE 484 / CSE M 584: Computer Security and Privacy Autumn 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,

  1. CSE 484 / CSE M 584: Computer Security and Privacy Autumn 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ...

  2. What’s Wrong With This Picture? 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 2

  3. What’s Wrong With This Picture? 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 3

  4. Course Staff • Instructor: – Franziska Roesner (Franzi) • TAs: – John Abercrombie, Zelina Chen, Garrett Marconet, Jared Moore, Michael Yu • How to reach us: cse484-tas@cs.washington.edu 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 4

  5. Waitlist / Overload Instructions • Overload instructions will be shared on Friday. 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 5

  6. Quiz Sections and Office Hours • Quiz sections: – Thursday, 1:30-2:20pm, EEB 003 – Thursday, 2:30-3:20pm, LOW 205 • Office hours – Franzi: Mondays 11am-12pm, CSE 654 – TAs: • Thursdays, 11:30am-1pm, CSE 220 • Fridays, 11:30am-12:30pm, CSE 007 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 6

  7. Prerequisites (CSE 484) • Required: Data Structures (CSE 326) or Data Abstractions (CSE 332) • Required: Hardware/Software Interface (CSE 351) or Machine Org and Assembly Language (CSE 378) • Assume: Working knowledge of C and assembly – One of the labs will involve writing buffer overflow attacks in C – You must have detailed understanding of x86 architecture, stack layout, calling conventions, etc. • Assume: Working knowledge of software engineering tools for Unix environments (gdb, etc) • Assume: Working knowledge of Java and JavaScript 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 7

  8. Prerequisites (CSE 484) • Recommended: Computer Networks; Operating Systems – Will help provide deeper understanding of security mechanisms and where they fit in the big picture • Recommended: Complexity Theory; Discrete Math; Algorithms – Will help with the more theoretical aspects of this course. 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 8

  9. Prerequisites (CSE 484) • Most of all: Eagerness to learn! – This is a 400 level course. – We expect you to push yourself to learn as much as possible. – We expect you to be a strong, independent learner capable of learning new concepts from the lectures, the readings, and on your own. 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 9

  10. Course Logistics (CSE 484) • Lectures: MWF: 3:30-4:20pm Sections: Thurs: 1:30-2:20pm and 2:30-3:20pm • Security is a contact sport! • Labs (45% of the grade) – Hands-on experience with security issues – Can generally be done in teams of 3 students (see specific lab descriptions for details) • Homework (25% of grade) • Participation and in-class activities (10% of the grade) • Final project (20% of the grade) 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 10

  11. Course Logistics (CSE M 584) • Same as before, but… • Labs (42% of the grade) [-3%] • Homework (22% of grade) [-3%] • Research readings (10%) [+10%] • Participation and in-class activities (10%) • Final (16% of the grade) [-4%] 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 11

  12. Labs • General plan: – 3 labs (timeline TBD, tentative date on website) • First lab out next week – Submit to Catalyst system (URL on website) – Groups of up to three generally allowed (check each project page for details) • http://courses.cs.washington.edu/courses/ cse484/17au/assignments.html 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 12

  13. Labs • First lab: Software security – Buffer overflow attacks, double-free exploits, format string exploits, ... • Second lab: Web security – XSS attacks, SQL injection, ... • Third lab: TBD 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 13

  14. Homework • 2 or 3 homeworks distributed across the quarter (tentative dates on website) – http://courses.cs.washington.edu/courses/ cse484/17au/assignments.html – First homework out now (due Oct 6) • Do now: sign ethics form! 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 14

  15. Final Project • No midterm or final exam! • Instead: 12-15 min video about a security/privacy topic of your choice – Groups of up to 3 people – Security is a broad field, and this class can’t remotely cover everything – this is your chance to explore a security or privacy topic in more detail! – Multiple checkpoint deadlines throughout quarter • Details: http://courses.cs.washington.edu/courses/cse484/17au/ project/final.html 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 15

  16. Participation • In-class activities (like the one from today!) – You’ll have 5 free in-class days (for travel etc.) • Contributions to class forums – Don’t be silent for 9 weeks and then make 10 posts on the last day of the quarter • In class: harder in a large class, but worth it! – More opportunities in section! 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 16

  17. Ethics • To learn to defend systems, you will learn to attack them. You must use this knowledge ethically. • In order to get a non-zero grade in this course, you must electronically sign the “Security and Privacy Code of Ethics” form by 11:59pm on Wed, Oct 4. 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 17

  18. Late Submission Policy • 3 free late days, no questions asked – Cumulative, throughout the quarter – Use however you wish (all at once, 3x1, …) • After that, late assignments will be dropped 20% per calendar day. – Late days will be rounded up – So an assignment turned in 26 hours late will be downgraded 40% – See website for exceptions -- some assignments must be turned in on time 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 18

  19. Course Materials • Textbook: – Daswani, Kern, Kesavan, “Foundations of Security” – Additional materials linked to from course website • Attend lectures – Lectures will not follow the textbook and will cover a significant amount of material that is not in the textbook – Lectures will focus on “big-picture” principles and ideas • Attend sections – Details not covered in lecture, especially about homeworks and labs – More opportunity for discussion 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 19

  20. Other Helpful Books (Online) • Ross Anderson, “Security Engineering” – Focuses on design principles for secure systems – Wide range of entertaining examples: banking, nuclear command and control, burglar alarms • Menezes, van Oorschot, and Vanstone, “Handbook of Applied Cryptography” • Many many other useful books exist, not all online 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 20

  21. Other Books, Movies, … • Pleasure books include: – Little Brother by Cory Doctorow • Available online here http://craphound.com/littlebrother/download/ – Cryptonomicon and REAMDE by Neal Stephenson – The Art of Intrusion and The Art of Deception by Kevin Mitnick – Many more -- please feel free to post your favorites on the forum! • Movies include: – Hackers – Sneakers – Die Hard 4 – WarGames – Many more -- please feel free to post your favorites on the forum! • Historical texts include: – The Codebreakers by David Kahn – The Code Book by Simon Singh 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 21

  22. Guest Lectures • We will have a few guest lectures throughout the quarter – Useful to give you a different perspective: research, industry, government, legal – Some already scheduled, others TBD 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 22

  23. Mailing List multi_cse484a_au17@uw.edu • Make sure you’re on the mailing list – We’ll send a test mail after class; � everyone enrolled should receive it • URL for mailing list on course website • Used for announcements 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 23

  24. Forum • We’ve set up a forum for this course to discuss assignments – https://catalyst.uw.edu/gopost/board/franzi/44137 • Please use it to discuss the homework assignments and labs and other general class materials • You can also use it to exercise the “security mindset” – (Including discussions of movies, books, and security in the real world) 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 24

  25. What Does “Security” Mean to You? • See worksheet, Q1 • (Feel free to answer Q3 now too) 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 25

  26. How Systems Fail Systems may fail for many reasons, including: • Reliability deals with accidental failures • Usability deals with problems arising from operating mistakes made by users • Security deals with intentional failures created by intelligent parties – Security is about computing in the presence of an adversary – But security, reliability, and usability are all related 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 26

  27. Challenges: What is “Security”? • What does security mean? – Often the hardest part of building a secure system is figuring out what security means – What are the assets to protect? – What are the threats to those assets? – Who are the adversaries , and what are their resources ? – What is the security policy or goals ? Current events, security reviews, and other discussions • Perfect security does not exist! are designed to exercise our thinking about these issues. – Security is not a binary property – Security is about risk management 9/27/17 CSE 484 / CSE M 584 - Autumn 2017 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSE 484 / CSE M 584: Computer Security and Privacy

CSE 484 / CSE M 584: Computer Security and Privacy

CSE 484 / CSE M 584: Computer Security and Privacy Spring 2015 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter

531 views • 31 slides
CSE 484 / CSE M 584: Computer Security and Privacy

CSE 484 / CSE M 584: Computer Security and Privacy

CSE 484 / CSE M 584: Computer Security and Privacy Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter

708 views • 34 slides
Web Privacy Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI)

Web Privacy Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI)

CS 563 - Advanced Computer Security: Web Privacy Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI) Administrative Learning Objectives : Consider the difference between security and privacy Discuss work

814 views • 43 slides
Admin Today: finish web privacy, start mobile security Friday: Lab #2 due (8pm)

Admin Today: finish web privacy, start mobile security Friday: Lab #2 due (8pm)

CSE 484 / CSE M 584: Computer Security and Privacy Web Privacy [finish] Mobile Platform Security [start] Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner,

535 views • 29 slides
CS573 Data Privacy and Security Li Xiong Department of Mathematics and Computer Science Emory

CS573 Data Privacy and Security Li Xiong Department of Mathematics and Computer Science Emory

CS573 Data Privacy and Security Li Xiong Department of Mathematics and Computer Science Emory University Today Meet everyone in class Course overview Why data privacy and security What is data privacy and security What we

810 views • 70 slides
Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher Lecture 18 CS 118 Page 1 Winter 2016 Another type of layer deficiency Some layers of protocol do not provide any security or privacy What if

708 views • 59 slides
CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

5/18/2016 Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B. Authentication 12C. Authorization Security and Privacy 12D. Trust 12E. At-Rest Encryption Mark Kampe (markk@cs.ucla.edu) Security and Privacy

116 views • 8 slides
SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY Christian Kaestner with slides from Eunsuk Kang Required reading: Hulten, Geoff. "Building Intelligent Systems: A Guide to Machine Learning

1.95k views • 113 slides
S & P SECURITY & PRIVACY GROUP Security and Privacy for Payment Channel Networks

S & P SECURITY & PRIVACY GROUP Security and Privacy for Payment Channel Networks

FAKULTT FR !NFORMATIK Faculty of Informatics S & P SECURITY & PRIVACY GROUP Security and Privacy for Payment Channel Networks Pedro Moreno-Sanchez Blockchain Summer School BDLT19 Vienna, Sep 2nd 2019 Blockchain Research

1.41k views • 73 slides
Introduction to Computer Security Session 4.4 Web Privacy Prof. Nadim Kobeissi 4.4a Web

Introduction to Computer Security Session 4.4 Web Privacy Prof. Nadim Kobeissi 4.4a Web

CSCI-UA.9480 Introduction to Computer Security Session 4.4 Web Privacy Prof. Nadim Kobeissi 4.4a Web Privacy Goals 2 CSCI-UA.9480: Introduction to Computer Security Nadim Kobeissi Web privacy goals. Preventing websites from learning:

337 views • 14 slides
Web Security [Privacy] Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan

Web Security [Privacy] Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan

CS 642: Computer Security and Privacy Web Security [Privacy] Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John Manferdelli, John Mitchell, Franzi Roesner,

839 views • 32 slides
CSE 484 / CSE M 584: Computer Security and Privacy Fall2016 Adam (Ada) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy Fall2016 Adam (Ada) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy Fall2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet

654 views • 51 slides
Privacy Computer Security Peter Reiher December 11, 2014 Lecture 16 Page 1 CS 136, Fall 2014

Privacy Computer Security Peter Reiher December 11, 2014 Lecture 16 Page 1 CS 136, Fall 2014

Privacy Computer Security Peter Reiher December 11, 2014 Lecture 16 Page 1 CS 136, Fall 2014 Privacy Data privacy issues Network privacy issues Some privacy solutions Lecture 16 Page 2 CS 136, Fall 2014 What Is Privacy?

789 views • 63 slides
Syllabus Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI)

Syllabus Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI)

CS 563 - Advanced Computer Security: Syllabus Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI) Learning Objectives Before CS 563: Intermediate knowledge of computer security topics Experience working

775 views • 38 slides
Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much

Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much

Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much easier if there were someone we could all TRUST with our data Be8er data mining -- using MORE data, while respec@ng users PRIVACY

888 views • 35 slides
Understanding Sports Concussion: Should Our Kids Play Contact Sports? Carlin Senter, MD

Understanding Sports Concussion: Should Our Kids Play Contact Sports? Carlin Senter, MD

6/20/2018 Disclosures Understanding Sports Concussion: Should Our Kids Play Contact Sports? Carlin Senter, MD Associate Professor Co-Director UCSF Sports Concussion Program Primary Care Sports Medicine University of California San Francisco

305 views • 16 slides
OTHER EXAMPLE: 2 OTHER EXAMPLE: 3 OTHER EXAMPLE: 4 OBJECTIVE CASE 5 PERSONAL PRONOUNS

OTHER EXAMPLE: 2 OTHER EXAMPLE: 3 OTHER EXAMPLE: 4 OBJECTIVE CASE 5 PERSONAL PRONOUNS

OTHER EXAMPLE: 2 OTHER EXAMPLE: 3 OTHER EXAMPLE: 4 OBJECTIVE CASE 5 PERSONAL PRONOUNS Vejamos alguns exemplos. Leave me alone, I need think about this. (Me deixe em paz (sozinho), eu preciso pensar sobre isso) I gave you a new car. (Eu

475 views • 21 slides
Tools to Support the Development of a Performance Driven Culture Presenters NYS Success

Tools to Support the Development of a Performance Driven Culture Presenters NYS Success

Tools to Support the Development of a Performance Driven Culture Presenters NYS Success Briannon OConnor, Project Director Brian Smith, Project Assistant CCSIs Center for Collaboration in Community Health John Lee,

1.71k views • 155 slides
DEVELOPMENT OF THE CLASSIFICATION-ORIENTED AUTHORITY CONTROL: the experience of the National and

DEVELOPMENT OF THE CLASSIFICATION-ORIENTED AUTHORITY CONTROL: the experience of the National and

DEVELOPMENT OF THE CLASSIFICATION-ORIENTED AUTHORITY CONTROL: the experience of the National and University Library in Zagreb Ana Vukadin National and University Library in Zagreb UDC Seminar 2015, Lisbon, 29-30 October 2015 Defining the

616 views • 17 slides
Entrepren trepreneur urial Leader ershi hip Brian an Braul ult EO Western NY Lev ever

Entrepren trepreneur urial Leader ershi hip Brian an Braul ult EO Western NY Lev ever

1/11/2013 Lesley Hay ayes, Brian an & Les EO Calgary Entrepren trepreneur urial Leader ershi hip Brian an Braul ult EO Western NY Lev ever erage age yo your r Moder erator tor Opportun tunity! ty! Who are we? Brian

922 views • 13 slides
list en t o o t he prob oblem -rich h envi nvironm nm ent nt com e up up w it h h an n

list en t o o t he prob oblem -rich h envi nvironm nm ent nt com e up up w it h h an n

list en t o o t he prob oblem -rich h envi nvironm nm ent nt com e up up w it h h an n idea t he hen n ano not he her one ne find peo eople e w ho can hel elp you su succeed eed list en t o o t he prob oblem -rich h

508 views • 35 slides
Software Engineering and Architecture Introduction to SWEA Corona Combat These are

Software Engineering and Architecture Introduction to SWEA Corona Combat These are

Software Engineering and Architecture Introduction to SWEA Corona Combat These are challenging times Move to your Stamhold Section Wipe the surfaces ugens spritter Stay at your seat in the break unless Nature

497 views • 27 slides
Tips on Competitive Programming Section 1.11.2 Dr. Mayfield and Dr. Lam Department of

Tips on Competitive Programming Section 1.11.2 Dr. Mayfield and Dr. Lam Department of

Tips on Competitive Programming Section 1.11.2 Dr. Mayfield and Dr. Lam Department of Computer Science James Madison University Sep 18, 2015 Competitive Programming Core directive: Given well-known computer science problems, solve them

308 views • 16 slides

More recommend