cse 543 computer security fall 2007
play

CSE 543 - Computer Security (Fall 2007) Lecture 1 - Introduction - PowerPoint PPT Presentation

Nov 30, 2022 •292 likes •534 views

CSE 543 - Computer Security (Fall 2007) Lecture 1 - Introduction Professor: Trent Jaeger URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Some bedtime stories

  1. CSE 543 - Computer Security (Fall 2007) Lecture 1 - Introduction Professor: Trent Jaeger URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  2. Some bedtime stories … CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  3. This course … • We are going to explore why these events are not isolated, infrequent, or even unexpected. – Why are we doing so poorly in computing systems at protecting our users and data from inadvertent or intentional harm? The answer: stay tuned! CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  4. This course … • This course is a systems course covering general topics in computer and network security. We will investigate the tools and problems of contemporary security. Topics will include: – network security, authentication, security protocol design and analysis, key management, program safety, intrusion detection, DDOS detection and mitigation, architecture/operating systems security, security policy, group systems, biometrics, web security, language-based security, and other emerging topics (as time permits) CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  5. You need a basic understanding of … • IP Networks • Modern Operating Systems • Discrete Mathematics • Basics of systems theory and implementation – E.g., File systems, distributed systems, networking, operating systems, .... CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  6. Why are we here? -- Goals • My goal: to provide you with the tools to understand and evaluate research in computer security . – Basic technologies – Engineering/research trade-offs – How to read/write/present security research papers • This is going to be a hard course . The key to success is sustained effort. Failure to keep up with readings and project will likely result in poor grades, and ultimately little understanding of the course material. • Pay-off: security competence is a rare, valuable skill CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  7. Course Materials • Website - I am maintaining the course website at http://www.cse.psu.edu/~tjaeger/cse543-f07/ • Course assignments, slides, and other artifacts will be made available on the course website. • Course textbook – Kaufman, C., Perlman, R. and Speciner, M., Network Security (Private Communication in a Public World), 2nd edition, Prentice Hall 2002. 7 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  8. Course Calendar • The course calendar as all the relevant readings, assignments and test dates • The calendar page contains electronic links to online papers assigned for course readings. • Please check the website frequently for announcements and changes to the schedule. Students are responsible for any change on the schedule (I will try to make announcements in class). CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  9. Grades • Grading policy – 20% Mid-term Exam (11/1, 6:30-7:45, 160 Willard) – 15% Quizzes and Assignments (including Crypto Mini-Exam) – 10% Class Participation and Reviews – 25% Final Exam (end of semester) – 30% Course Project • Lateness policy - Assignments and project milestones are assessed a 10% per-day late penalty, up to a maximum of 4 days. Unless the problem is apocalyptic, don't give me excuses. Students with legitimate reasons who contact the professor before the deadline may apply for an extension. CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  10. Assignments, Quizzes, Reviews • Assignments: Practice Exam Questions – Conceptual Questions (Basic and Complex) – Constructions – Precise Answers • Quizzes (small exams on last paper) – Reserve right to assign these (1 week notice) • Review of Papers (for each class) – Define Concepts – Comparison with Other Approaches – Details of Approach • Written and Oral Reviewing Are Important CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  11. Project • End Result: Research Paper – Motivation for an Experiment – Background – Related Work – Experimental Approach – Experimental Evaluation • I Will Provide Topic Areas – General Areas • Start with an Existing System/Approach – Break It – Improve It • Aim for a Research-Quality Result CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  12. Ethics Statement This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class. When in doubt, please contact the instructor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from Professor Jaeger. CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  13. And the rest of this course … 1. Introduction a. Security, Threats, and Vulnerabilities b. Security Models c. Cryptography and Cryptanalysis 2. Secure Communication a. Authentication b. Authentication Protocols c. Protocol Analysis 3. Computer Security a. Access Control b. OS Security 4. Network Security a. IP Security b. Firewalls c. IPsec/VPNs d. Worms e. DDOS 5. Special Topics a. Language-Based Security b. Virtual Machine Security c. Linux Security CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  14. What is computer (information) security? • Garfinkel and Spafford (1991) – “A computer is secure if you can depend on it and its software to behave as expected.” • Harrison, Ruzzo, Ullman (1978) – “Prevent access by unauthorized users” • Not really satisfactory – does not truly capture that security speaks to the behavior of others – Expected by whom? – Under what circumstances? CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  15. Risk • At- risk valued resources that can be misused – Monetary – Data (loss or integrity) – Time – Confidence – Trust • What does being misused mean? – Privacy (personal) – Confidentiality (communication) – Integrity (personal or communication) – Availability (existential or fidelity) • Q: What is at stake in your life? CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  16. Threats • A threat is a specific means by which an attacker can put a system at risk – An ability of an attacker (e.g., eavesdrop on a communication channel) – Independent of what can be compromised • A threat model is a collection of threats that deemed important for a particular environment – A collection of attacker(s) abilities – E.g., A powerful attacker can read and modify all communications and generate messages on a communication channel • Q: What were (unaddressed) risks/threats in the introductory examples? – ZDNet – Yale/Princeton CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  17. Vulnerabilities (attack vectors) • A vulnerability is a systematic artifact that exposes the user, data, or system to a threat – E.g., buffer-overflow, WEP key leakage • What is the source of a vulnerability? – Bad software (or hardware) – Bad design, requirements – Bad policy/configuration – System Misuse • unintended purpose or environment • E.g., student IDs for liquor store CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  18. Adversary • An adversary is any entity trying to circumvent the security infrastructure – The curious and otherwise generally clueless (e.g., script- kiddies) – Casual attackers seeking to understand systems – Venal people with an ax to grind – Malicious groups of largely sophisticated users (e.g, chaos clubs) – Competitors (industrial espionage) – Governments (seeking to monitor activities) CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  19. Are users adversaries? • Have you ever tried to circumvent the security of a system you were authorized to access? • Have you ever violated a security policy (knowingly or through carelessness)? CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

  20. Attacks • An attack occurs when someone attempts to exploit a vulnerability • Kinds of attacks – Passive (e.g., eavesdropping) – Active (e.g., password guessing) – Denial of Service (DOS) • Distributed DOS – using many endpoints • A compromise occurs when an attack is successful – Typically associated with taking over/altering resources CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL:

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL:

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Mandatory Access Control Is about administration

462 views • 19 slides
CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL:

CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL:

CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 OS Security An secure OS should provide the

873 views • 28 slides
CSE 543 - Computer Security Lecture 2 - Introduction August 30, 2007 URL:

CSE 543 - Computer Security Lecture 2 - Introduction August 30, 2007 URL:

CSE 543 - Computer Security Lecture 2 - Introduction August 30, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 A historical moment Mary Queen of Scots is

631 views • 29 slides
CSE 543 - Computer Security Lecture 26 - Mobile phone security December 11, 2007 URL:

CSE 543 - Computer Security Lecture 26 - Mobile phone security December 11, 2007 URL:

CSE 543 - Computer Security Lecture 26 - Mobile phone security December 11, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Mobile Phones Networked device

302 views • 11 slides
CSE 543 - Computer Security Lecture 3 - Principles September 4, 2007 URL:

CSE 543 - Computer Security Lecture 3 - Principles September 4, 2007 URL:

CSE 543 - Computer Security Lecture 3 - Principles September 4, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Data Encryption Standard (DES) Introduced by the

384 views • 17 slides
CSE 543 - Computer Security Lecture 20 - Firewalls November 8, 2007 URL:

CSE 543 - Computer Security Lecture 20 - Firewalls November 8, 2007 URL:

CSE 543 - Computer Security Lecture 20 - Firewalls November 8, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Midterm Grades (High is 83) 77-94 -- A (4)

930 views • 29 slides
CSE 543 - Computer Security Lecture 27 - Wrapup December 13, 2007 URL:

CSE 543 - Computer Security Lecture 27 - Wrapup December 13, 2007 URL:

CSE 543 - Computer Security Lecture 27 - Wrapup December 13, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Final Tuesday, December 18, 8:00am-9:50am in 102

167 views • 12 slides
CSE 543 - Computer Security Lecture 4 - Cryptography September 6, 2007 URL:

CSE 543 - Computer Security Lecture 4 - Cryptography September 6, 2007 URL:

CSE 543 - Computer Security Lecture 4 - Cryptography September 6, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Hash Algorithms Hash algorithm

358 views • 22 slides
CSE 543 - Computer Security Lecture 14 - Access Control October 11, 2007 URL:

CSE 543 - Computer Security Lecture 14 - Access Control October 11, 2007 URL:

CSE 543 - Computer Security Lecture 14 - Access Control October 11, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Access Control System Protection Domain

663 views • 25 slides
CSE 543 - Computer Security Lecture 22 - Denial of Service November 15, 2007 URL:

CSE 543 - Computer Security Lecture 22 - Denial of Service November 15, 2007 URL:

CSE 543 - Computer Security Lecture 22 - Denial of Service November 15, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Denial of Service Intentional prevention

663 views • 25 slides
Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer Security? Generally concerned with protection of computer related assets Risk analysis and management! Manage could mean prevention of

537 views • 26 slides
1 Electronic Pearl Harbor Is this just scare-mongering? Slammer worm took down Bank of

1 Electronic Pearl Harbor Is this just scare-mongering? Slammer worm took down Bank of

Website: http://www.richmond.edu/~dszajda/classes/cs334/ Fall_2008/main.html Fall 2008 Fall 2008 CS 334 Computer Security 1 Fall 2008 CS 334 Computer Security 2 Text: Security in Computing by Charles P. Thanks to Anthony Joseph, Doug and

278 views • 6 slides
Law and Security CS461/ECE422 Computer Security I Fall 2010 Slide #6-1 Overview Law and

Law and Security CS461/ECE422 Computer Security I Fall 2010 Slide #6-1 Overview Law and

Law and Security CS461/ECE422 Computer Security I Fall 2010 Slide #6-1 Overview Law and privacy Cybercrime Laws Affecting Computer Use Slide #6-2 Reading Material Secrets of Computer Espionage: Tactics and Countermeasures

690 views • 33 slides
Network Security Architecture CS461/ECE422 Computer Security I Fall 2008 Reading Material

Network Security Architecture CS461/ECE422 Computer Security I Fall 2008 Reading Material

Network Security Architecture CS461/ECE422 Computer Security I Fall 2008 Reading Material Computer Security chapter 26. Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second

1.24k views • 50 slides
CSE 543 - Computer Security (Fall 2006) Lecture 18 - Network Security November 7, 2006 URL:

CSE 543 - Computer Security (Fall 2006) Lecture 18 - Network Security November 7, 2006 URL:

CSE 543 - Computer Security (Fall 2006) Lecture 18 - Network Security November 7, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ CSE543 Computer (and Network) Security - Fall 2006 - Professor Jaeger 1 Denial of Service Intentional

406 views • 18 slides
CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer:

CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer:

CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer: William Enck November 30, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06 CSE 543 Computer (and Network) Security - Fall 2006 - Professor

677 views • 21 slides
Software Thread Level Speculation for the Java Language and Virtual Machine Environment

Software Thread Level Speculation for the Java Language and Virtual Machine Environment

Software Thread Level Speculation for the Java Language and Virtual Machine Environment Christopher J.F. Pickett and Clark Verbrugge School of Computer Science, McGill University Montr eal, Qu ebec, Canada H3A 2A7 { cpicke,clump }

1.02k views • 38 slides
Computational Expression Computer and Java Basics Janyl Jumadinova 4 September, 2019 Janyl

Computational Expression Computer and Java Basics Janyl Jumadinova 4 September, 2019 Janyl

Computational Expression Computer and Java Basics Janyl Jumadinova 4 September, 2019 Janyl Jumadinova Computational Expression 4 September, 2019 1 / 22 What is Computer Science? A computation is a sequence of well-defined operations that

656 views • 36 slides
Safety-Critical Java for Low-End Embedded Platforms Stephan E. Korsholm & Hans Sndergaard

Safety-Critical Java for Low-End Embedded Platforms Stephan E. Korsholm & Hans Sndergaard

Safety-Critical Java for Low-End Embedded Platforms Stephan E. Korsholm & Hans Sndergaard VIA University College, Horsens, DK Anders P. Ravn CISS, Aalborg University, DK JTRES October 2012 1 The Problem Low-End Industrial Platforms

180 views • 16 slides
Parallel programming with Java Slides 1: Introduc:on Michelle

Parallel programming with Java Slides 1: Introduc:on Michelle

Parallel programming with Java Slides 1: Introduc:on Michelle Ku=el August/September 2012 mku=el@cs.uct.ac.za (lectures will be recorded) Changing a major

580 views • 40 slides
Database Application Development Ramakrishnan & Gehrke, Chapter 6 320302 Databases & Web

Database Application Development Ramakrishnan & Gehrke, Chapter 6 320302 Databases & Web

Database Application Development Ramakrishnan & Gehrke, Chapter 6 320302 Databases & Web Services (P. Baumann) SQL Integration Approaches Create special API to call SQL commands API = application programming interface JDBC,

874 views • 31 slides
SURFmedia & SURFmedia Core Platform, Architecture and Features A full featured video platform

SURFmedia & SURFmedia Core Platform, Architecture and Features A full featured video platform

1 SURFmedia & SURFmedia Core Platform, Architecture and Features A full featured video platform for students, teachers and educational institutions to use in everyday educational environments Alexander Blanc Frans Ward

605 views • 39 slides
Putting Java in its place Diary of a soldier in Dukes army by Robert Bor Tuesday, 18 June 13

Putting Java in its place Diary of a soldier in Dukes army by Robert Bor Tuesday, 18 June 13

Putting Java in its place Diary of a soldier in Dukes army by Robert Bor Tuesday, 18 June 13 A Star is Born Tuesday, 18 June 13 Java made no small claims It claimed nothing less than universality Tuesday, 18 June 13 ... although Java

874 views • 83 slides
Design of Web Applications Web applications: an overview General Introduction Why this course?

Design of Web Applications Web applications: an overview General Introduction Why this course?

Design of Web Applications 1 : Overview Global course introduction Design of Web Applications Web applications: an overview General Introduction Why this course? Planned technologies in PWA/DWA More 3 / 20 Rmi Emonet Design of

663 views • 39 slides

More recommend