introduction cs 136 computer security peter reiher
play

Introduction CS 136 Computer Security Peter Reiher January 10, - PowerPoint PPT Presentation

Jul 08, 2023 •29 likes •599 views

Introduction CS 136 Computer Security Peter Reiher January 10, 2017 Lecture 1 Page 1 CS 136, Winter 2017 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

  1. Introduction CS 136 Computer Security Peter Reiher January 10, 2017 Lecture 1 Page 1 CS 136, Winter 2017

  2. Purpose of Class • To introduce students to computer security issues • To familiarize students with secure software development • To learn to handle security in today’s installations and systems Lecture 1 Page 2 CS 136, Winter 2017

  3. Description of Class • Topics to be covered • Prerequisites • Grading • Reading materials • Homework • Office hours • Web page Lecture 1 Page 3 CS 136, Winter 2017

  4. Topics to Be Covered • Cryptography and authentication – Use, not design and analysis • Access control and security models • Secure software design and programming • Secure protocols • Network security – threats and countermeasures • Operating systems security • Security analysis and forensics • Malware, common attacks, and important defenses • Privacy • Practical computer security defenses Lecture 1 Page 4 CS 136, Winter 2017

  5. Prerequisites • CS111 (Operating Systems) • CS118 (Computer Networks) • Or equivalent classes elsewhere • If you aren’t familiar with this material, you’ll be at a disadvantage – People have had serious problems with this unfamiliarity recently Lecture 1 Page 5 CS 136, Winter 2017

  6. Teaching Assistant • Joshua Joy – jjoy@CS.UCLA.EDU • Weekly recitation sections Fridays – Section 1A: 2-4, Kinsey 1240B – Section 1B: 12-2 Haines A2 – Won’t cover new material – May help with problems with lectures • Will also handle all homework issues • Office hours: TBA Lecture 1 Page 6 CS 136, Winter 2017

  7. Grading • Midterm – 25% • Exercises – 35% • Final – 40% Lecture 1 Page 7 CS 136, Winter 2017

  8. Class Format • A lecture class • Questions and discussions always welcomed Lecture 1 Page 8 CS 136, Winter 2017

  9. Reading Materials • Textbook • Non-required supplemental text • Optional papers and web pages Lecture 1 Page 9 CS 136, Winter 2017

  10. Textbook • Computer Security: Art and Science – By Matt Bishop • Available in UCLA bookstore • Bishop has a shorter version – That’s not the one we’re using • First reading assignment: Chapter 1 Lecture 1 Page 10 CS 136, Winter 2017

  11. Supplemental Text • Secrets and Lies – By Bruce Schneier • Not a textbook at all • A philosophy of computer security • Great for appreciating the field and problems • Not great for depth of technical details • Not required – No readings will be assigned from this book – But if you plan to work in this field, read it Lecture 1 Page 11 CS 136, Winter 2017

  12. Papers and Web Pages • Non-required reading material • Might or might not be assigned each week • Usually made available electronically – Through class web page • Generally relevant news stories or discussion of security topics Lecture 1 Page 12 CS 136, Winter 2017

  13. Exercises • Five assignments • Requiring practical work • Performed on the Deter testbed – Accessible via the web from any connected location • Individual, not group, assignments Lecture 1 Page 13 CS 136, Winter 2017

  14. Exercise Topics 1. Access control and permissions • Week 3 2. Exploits • Week 4 3. Analysis of attacks and forensics • Week 5 4. Man in the middle attacks • Week 7 5. DDoS • Week 9 Lecture 1 Page 14 CS 136, Winter 2017

  15. More on Exercises • Each exercise has an associated web page – With full instructions and pointers to necessary tools • Due by midnight on Thursday of indicated week • Class TA will provide advise and assistance on exercises Lecture 1 Page 15 CS 136, Winter 2017

  16. The Deter Testbed • A set of machines devoted to security research and education • Located at ISI and SRI • Accessible remotely • Special accounts set up for this class • First discussion section will provide instructions on using Deter – With further assistance from TA – Key: CS136KEY Lecture 1 Page 16 CS 136, Winter 2017

  17. Tests • Midterm – Tuesday, February 14 in class • Final – Monday, March 20, 3 – 6 PM • Closed book/notes tests Lecture 1 Page 17 CS 136, Winter 2017

  18. Office Hours • TTh 2-3 • Held in 3532F Boelter Hall • Other times possible by appointment Lecture 1 Page 18 CS 136, Winter 2017

  19. Class Web Page http://www.lasr.cs.ucla.edu/classes/136_winter17 • Slides for classes will be posted there – By 5 PM the previous afternoon – In Powerpoint • Readings will be posted there – With links to web pages Lecture 1 Page 19 CS 136, Winter 2017

  20. Introduction to Computer Security • Why do we need computer security? • What are our goals and what threatens them? Lecture 1 Page 20 CS 136, Winter 2017

  21. Why Is Security Necessary? • Because people aren’t always nice • Because a lot of money is handled by computers • Because a lot of important information is handled by computers • Because our society is increasingly dependent on correct operation of computers Lecture 1 Page 21 CS 136, Winter 2017

  22. History of the Security Problem • In the beginning, there was no computer security problem • Later, there was a problem, but nobody cared • Now, there’s a big problem and people care – Only a matter of time before a real disaster – At least one company went out of business due to a DDoS attack – Identity theft and phishing claim vast number of victims – Stuxnet seriously damaged Iran’s nuclear capability – Video showed cyberattack causing an electric transformer to fail – There’s an underground business in cyber thievery – Increased industry spending on cybersecurity Lecture 1 Page 22 CS 136, Winter 2017

  23. Some Examples of Large Scale Security Problems • Malicious code attacks • Distributed denial of service attacks • Vulnerabilities in commonly used systems Lecture 1 Page 23 CS 136, Winter 2017

  24. Malicious Code Attacks • Multiple new viruses, worms, botnets, and Trojan horses appear every week • Recent estimate of $10 billion annual damages from botnets • Stuxnet worm targeted at nuclear facilities – Unspecified amounts of damage done to Iran’s nuclear program • IM and smartphone attacks are popular Lecture 1 Page 24 CS 136, Winter 2017

  25. Distributed Denial of Service Attacks • Use large number of compromised machines to attack one target – By exploiting vulnerabilities – Or just generating lots of traffic • Very common today • A favored tool for those wishing to damage someone on the Internet – E.g., recent attack on Krebs • In general form, an extremely hard problem Lecture 1 Page 25 CS 136, Winter 2017

  26. Vulnerabilities in Commonly Used Systems • Recently, critical vulnerabilities in Android, Windows, Linux kernel, BSD libc, VMWare • Many popular applications and middleware have vulnerabilities – Recent vulnerabilities in Ruby on Rails, Internet Explorer,, Adobe Flash, etc. • Many security systems have vulnerabilities – Cisco Adaptive Security Appliance, McAfee Virus Scan, OpenSSL recently • Many problems with IoT software – Grandstream cameras, Siemans CCTV cameras Lecture 1 Page 26 CS 136, Winter 2017

  27. Electronic Commerce Attacks • As Willie Sutton said when asked why he robbed banks, – “Because that’s where the money is” • Increasingly, the money is on the Internet • Criminals have followed • Common problems: – Credit card number theft (often via phishing) – Identity theft (phishing, again, is a common method) – Loss of valuable data from laptop theft – Manipulation of e-commerce sites – Extortion via DDoS attacks or threatened release of confidential data • 2010’s Sony data breach estimated to cost the company $170 million Lecture 1 Page 27 CS 136, Winter 2017

  28. Some Recent Statistics • 2015 Verizon report found over 2000 data breaches from just 70 organizations – In 60% of cases, attackers broke in within minutes – And only 20% of the organizations found the breach within a few days • FBI Cybercrime report for 2014 showed 260,000 reports – And losses of over $800,000,000 • Ponemon Institute 2014 survey showed 94% of healthcare organizations lost data in past two years Lecture 1 Page 28 CS 136, Winter 2017

  29. Cyberwarfare • Nation states have developed capabilities to use computer networks for such purposes • DDoS attacks on Estonia and Georgia – Probably just hackers • Some regard Stuxnet as real cyberwarfare – Pretty clear it was done by US • Attacks on Ukrainian power grid • Continuous cyberspying by many nations • Vulnerabilities of critical infrastructure – The smart grid increases the danger • Russian election hacking in 2016 Lecture 1 Page 29 CS 136, Winter 2017

  30. Something Else to Worry About • Are some of the attempts to deal with cybersecurity damaging liberty? • Does data mining for terrorists and criminals pose a threat to ordinary people? – The NSA is looking at a lot of stuff . . . – And they aren’t the only ones • Can I trust Facebook/Google/MySpace/Twitter/ whoever with my private information? • Are we in danger of losing all privacy? Lecture 1 Page 30 CS 136, Winter 2017

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction CS 136 Computer Security Peter Reiher January 8, 2008 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher January 8, 2008 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher January 8, 2008 Lecture 1 Page 1 CS 136, Winter 2008 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

1.19k views • 72 slides
Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136, Spring 2014 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

1.18k views • 72 slides
Introduction to Cryptography CS 136 Computer Security Peter Reiher January 17, 2017 Lecture 3

Introduction to Cryptography CS 136 Computer Security Peter Reiher January 17, 2017 Lecture 3

Introduction to Cryptography CS 136 Computer Security Peter Reiher January 17, 2017 Lecture 3 Page 1 CS 136, Winter 2017 Outline What is data encryption? Cryptanalysis Basic encryption methods Substitution ciphers

1.16k views • 66 slides
More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS 136, Winter 2008 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Some

701 views • 53 slides
Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136,

Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136,

Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136, Fall 2014 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Malware

838 views • 67 slides
Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136,

Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136,

Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136, Fall 2014 Outline Network security characteristics and threats Denial of service attacks Traffic control mechanisms Firewalls

797 views • 67 slides
Introduction CS 236 Advanced Computer Security Peter Reiher April 1, 2008 Lecture 1 Page 1

Introduction CS 236 Advanced Computer Security Peter Reiher April 1, 2008 Lecture 1 Page 1

Introduction CS 236 Advanced Computer Security Peter Reiher April 1, 2008 Lecture 1 Page 1 CS 236, Spring 2008 Outline Subject of class Class topics and organization Reading material Class web page Grading Projects

838 views • 50 slides
Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall

Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall

Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall 2014 Web Security Lots of Internet traffic is related to the web Much of it is financial in nature Also lots of private information flow

859 views • 70 slides
Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher Lecture 18 CS 118 Page 1 Winter 2016 Another type of layer deficiency Some layers of protocol do not provide any security or privacy What if

708 views • 59 slides
Introduction CS 118 Computer Network Fundamentals Peter Reiher Lecture 1 CS 118 Page 1

Introduction CS 118 Computer Network Fundamentals Peter Reiher Lecture 1 CS 118 Page 1

Introduction CS 118 Computer Network Fundamentals Peter Reiher Lecture 1 CS 118 Page 1 Winter 2016 Purpose of the class To familiarize you with the basic concepts of computer networking Computer networks are increasingly key to

1.13k views • 66 slides
Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1 CS 136, Winter 2008 Outline Basics of network security Definitions Sample attacks Defense mechanisms Lecture 11 Page 2 CS 136,

613 views • 50 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

844 views • 56 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

1.15k views • 64 slides
Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L.

Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L.

Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L. Reiher {pahp, reiher}@cs.ucla.edu Laboratory for Advanced Systems Research (LASR) University of California Los Angeles The 3 rd Workshop on Cyber

314 views • 28 slides
Intrusion Detection Computer Security Peter Reiher November 18, 2014 Lecture 11 Page 1 CS

Intrusion Detection Computer Security Peter Reiher November 18, 2014 Lecture 11 Page 1 CS

Intrusion Detection Computer Security Peter Reiher November 18, 2014 Lecture 11 Page 1 CS 136, Fall 2014 Outline Introduction Characteristics of intrusion detection systems Some sample intrusion detection systems Lecture 11

737 views • 63 slides
Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 19 Page 1 CS 236 Online Putting It All Together Weve talked a lot about security principles And about security problems And

209 views • 17 slides
STATE VETERANS COMMISSION MEETING June 1, 2018 CURRENT AND FUTURE UNIT MOBILIZATIONS FY18

STATE VETERANS COMMISSION MEETING June 1, 2018 CURRENT AND FUTURE UNIT MOBILIZATIONS FY18

STATE VETERANS COMMISSION MEETING June 1, 2018 CURRENT AND FUTURE UNIT MOBILIZATIONS FY18 OCT NOV DEC JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC JAN C 1-151 - 26 PAX 8 FICO- 25 pax 1902 CCD - 2 PAX 28th HQ DIV & HQ

1.52k views • 95 slides
Full Year 2018 Results losses not covered by existing provisions from zero to CHF 1.5 billion to

Full Year 2018 Results losses not covered by existing provisions from zero to CHF 1.5 billion to

Subsequent event Credit Suisse In March 2019, the Group reached a tentative settlement related to an existing dispute. As a result, the Group increased its 2018 litigation provision by CHF 33 million Fourth Quarter and in the Corporate &

1.26k views • 64 slides
Goals Writing Talks & Using Beamer What are we trying to do? Academic/scientific

Goals Writing Talks & Using Beamer What are we trying to do? Academic/scientific

Goals Writing Talks & Using Beamer What are we trying to do? Academic/scientific presentation Aaron Rendahl slides by Sanford Weisberg, based on work by G. Oehlert Results of data analysis Policy/management recommendations School of

531 views • 10 slides
Introduction to Bioinformatics Wrap-up 2010: Human genome in 15 minutes! Topics Sequence

Introduction to Bioinformatics Wrap-up 2010: Human genome in 15 minutes! Topics Sequence

Introduction to Bioinformatics Wrap-up 2010: Human genome in 15 minutes! Topics Sequence Reads assembler atgagccaag ttccgaacaa ggattcgcgg gtcggtaaag agcattggaa cgtcggagat aagaagcgga tgaatttccc cataacgcca gtggaagaga aggaggcggg cctcccgatc

805 views • 26 slides
Developing the business eco-system for the Internet of Things Brussels, June 2010 0

Developing the business eco-system for the Internet of Things Brussels, June 2010 0

Developing the business eco-system for the Internet of Things Brussels, June 2010 0 Telefnica Servicios Audiovisuales S.A. / Telefnica Espaa S.A. TELEFNICA I+D Ttulo de la ponencia / Otros datos de inters / 26-01-2010

506 views • 21 slides
Using 3D Visualization Tool Kapil Kadam 10438002 kapilkadam@iitb.ac.in Under the supervision of

Using 3D Visualization Tool Kapil Kadam 10438002 kapilkadam@iitb.ac.in Under the supervision of

Development of Mental Rotation Skills Using 3D Visualization Tool Kapil Kadam 10438002 kapilkadam@iitb.ac.in Under the supervision of Prof. Sridhar Iyer IDP in Educational Technology, Indian Institute of Technology Bombay 2 Background

1.13k views • 85 slides
Plan Introduction Tetralogie Proposition X-Plor Conclusion EGC-07 1

Plan Introduction Tetralogie Proposition X-Plor Conclusion EGC-07 1

Processing data stream s by relational analysis Ilhme Ghalamallah Institut de Recherche en Informatique de Toulouse, IRIT-SIG EGC-07 Plan Introduction Tetralogie Proposition X-Plor Conclusion EGC-07 1 Introduction

349 views • 13 slides
F ACIAL images convey many important human character- we examine in this paper four different

F ACIAL images convey many important human character- we examine in this paper four different

IEEE TRANSACTIONS ON PATTERN ANALYSIS AND MACHINE INTELLIGENCE, VOL. 36, NO. 2, FEBRUARY 2014 331 Neighborhood Repulsed Metric Learning for Kinship Verification Jiwen Lu, Member , IEEE , Xiuzhuang Zhou, Member , IEEE , Yap-Pen Tan, Senior

789 views • 15 slides

More recommend