Description of Class Introduction • Topics to be covered CS 239 • Prerequisites Computer Security • Grading Peter Reiher • Reading materials January 9, 2006 • Projects • Office hours • Web page Lecture 1 Lecture 1 Page 1 Page 2 CS 239, Winter 2006 CS 239, Winter 2006 Topics to Be Covered Prerequisites • Cryptography and authentication • Must have taken CS111 and CS118, or • Design of secure protocols equivalents • Network security – threats and • Desirable to have taken an advanced countermeasures OS course and advanced networking • Secure operating systems design course • Practical application of security principles • If time permits, other neat stuff Lecture 1 Lecture 1 Page 3 Page 4 CS 239, Winter 2006 CS 239, Winter 2006 Grading Class Format • Midterm – 25% • Typically we’ll start each session with a discussion of material from last • Project – 50% session • Final – 25% • Followed by lecture on new material • Always feel free to stop me for questions or interesting discussions Lecture 1 Lecture 1 Page 5 Page 6 CS 239, Winter 2006 CS 239, Winter 2006 1
Reading Materials Textbook • Textbook • Computer Security: Art and Science • Non-required supplemental texts –By Matt Bishop • Papers and web pages –First edition • Should be available in UCLA bookstore • First reading assignment: Chapter 1 Lecture 1 Lecture 1 Page 7 Page 8 CS 239, Winter 2006 CS 239, Winter 2006 Supplemental Text 1 Supplemental Text 2 • Applied Cryptography • Secrets and Lies – Also by Bruce Schneier – By Bruce Schneier • Not a textbook at all • Only covers what its title implies • A philosophy of computer security – And, as Schneierhimself argues, there’s a • Great for appreciating the field and problems lot more to security • Not great for depth of technical details • But an excellent book on its subject • Not required • Not required – No readings will be assigned from this book – No reading assignments from this book – But if you plan to work in this field, read it Lecture 1 Lecture 1 Page 9 Page 10 CS 239, Winter 2006 CS 239, Winter 2006 Papers and Web Pages Projects • Usually one paper per week and a • Either individual or small group couple of web pages –Depending on size of class • Usually made available electronically • Usually requiring program –Through class web page development • Material in papers might or might not • Related to some topic covered in class be lectured on • Must be approved by instructor –But it can appear on tests, regardless Lecture 1 Lecture 1 Page 11 Page 12 CS 239, Winter 2006 CS 239, Winter 2006 2
Choosing a Project Topic What Makes a Good Project? • Submit a 1 page proposal • Something new – By end of 3 d week of classes (January 27) • Something you’re interested in – Email submissions OK • Maybe it can turn into a paper for you • I will approve them and offer suggestions • Feasible to demonstrate something interesting within the quarter • Must be submitted, but not part of grade –Running code or other practical demonstration, not just a paper Lecture 1 Lecture 1 Page 13 Page 14 CS 239, Winter 2006 CS 239, Winter 2006 Possible Project Topics Project Updates th week of class • Security for Internet infrastructure • Due at the end of the 7 • Defenses against spam, phishing and click fraud –February 24 th • Handling botnets • Security for ad hoc wireless networks and peer systems • 1 page report on your group’s progress • Methods for measuring and evaluating security on its project • Intrusion and insider threat detection • DDoS and worm defense mechanisms –Email submission OK • Security for sensor networks • Security evaluations of local labs • Not graded, but required • Language-based approaches to secure coding –And should describe actual progress • OS enhancements for security Lecture 1 Lecture 1 Page 15 Page 16 CS 239, Winter 2006 CS 239, Winter 2006 Project Reports Project Demos • Written report on the project • Must show working version of project • Should: to instructor – Describe project • Schedule time individually for this – Discuss how project was performed • Must be done by middle of finals week – Cover difficulties and interesting points – Describe the implementation • Expected to be around 15 pages Lecture 1 Lecture 1 Page 17 Page 18 CS 239, Winter 2006 CS 239, Winter 2006 3
Project Deadlines Tests • Submit project proposal – January 27 th • Midterm – February 8 in class • Submit project update – February 24 th • Final – March 22 (3-6 PM) • Demonstration of project to instructor • Both tests will be open book and project reports – March 24 th –Essay questions concentrating on applying knowledge Lecture 1 Lecture 1 Page 19 Page 20 CS 239, Winter 2006 CS 239, Winter 2006 Office Hours Class Web Page www.lasr.cs.ucla.edu/classes/239_1.winter06 • MW 2-3 • Slides for classes will be posted there • Held in 3532F Boelter Hall – By 5 PM the previous afternoon • Other times available by prior – In 6-up PDF form arrangement • Readings will be posted there – With links to papers • Also links to other interesting info Lecture 1 Lecture 1 Page 21 Page 22 CS 239, Winter 2006 CS 239, Winter 2006 Introduction to Why Is Security Necessary? Computer Security • Because people aren’t always nice • Why do we need computer security? • Because a lot of money is handled by • What are our goals and what threatens computers them? • Because a lot of important information is handled by computers • Because our society is increasingly dependent on correct operation of computers Lecture 1 Lecture 1 Page 23 Page 24 CS 239, Winter 2006 CS 239, Winter 2006 4
Some Examples of Large Scale History of the Security Problem Security Problems • In the beginning, there was no computer security problem • The Internet Worm • Later, there was a problem, but nobody cared • Now, there’s a big problem and people care • New malicious code attacks – Only a matter of time before a real disaster – At least one company went out of business due to a • Distributed denial of service attacks DDoS attack – Many individuals have been harmed by phishing and • Vulnerabilities in commonly used identity theft systems – A cyberattack released a large quantity of sewage in Australia – Companies continue to increase spending on cybersecurity Lecture 1 Lecture 1 Page 25 Page 26 CS 239, Winter 2006 CS 239, Winter 2006 The Internet Worm Malicious Code Attacks • Launched in 1988 • Multiple new viruses, worms, and Trojan • A program that spread over the Internet to horses appear every week many sites • The Virkel.f Trojan horse attacks instant • Around 6,000 sites were shut down to get messaging rid of it – Clicking on a link in the instant message • And (apparently) its damage was largely infects your machine unintentional • IM attacks becoming increasingly popular • The holes it used have been closed – And cell phone attacks appearing – But the basic idea still works Lecture 1 Lecture 1 Page 27 Page 28 CS 239, Winter 2006 CS 239, Winter 2006 Distributed Denial of Service The DNS DDoS Attack Attacks • Use large number of compromised • Attack on the 13 root servers of the machines to attack one target DNS system – By exploiting vulnerabilities • Ping flood on all servers – Or just generating lots of traffic • Interrupted service from 9 of the 13 • Very common today • But did not interrupt DNS service in • Attacks are increasing in sophistication any noticeable way • In general form, an extremely hard problem Lecture 1 Lecture 1 Page 29 Page 30 CS 239, Winter 2006 CS 239, Winter 2006 5
Recommend
More recommend
