wrapup
play

Wrapup CSE497b - Spring 2007 Introduction Computer and Network - PowerPoint PPT Presentation

Sep 11, 2023 •416 likes •597 views

Wrapup CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Final The final is on

  1. Wrapup CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger

  2. Final • The final is on – Tuesday, May 8, 8:00 in 160 Willard (here) • Be late at your own peril (We may lock the door at 8:10) • You will have the full time to take the test, but no more • Coverage: – Anything we talked about in class … – or appeared in the readings – Mainly topics since mid-term • Types of questions – Constructive (here is scenario, design X and explain it) – Philosophical (why does Z argue that …) – Explanatory (what is the key tradeoff between A and B …) CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 2

  3. Prior Topics • Terminology – Any term defined in the early lectures • Crypto Algorithms – Diffie-Hellman and RSA – Keys • Crypto protocols – Public key – Secret key – Integrity, Authenticity, Secrecy CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 3

  4. Topics Since Midterm • Code Security • Access Control Principles • UNIX Security • Windows Security • Trusted Computing • Secrecy • Integrity • Intrusion Detection • MAC systems • Virtual machine systems CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 4

  5. Code Security • Problems – Buffer overflows, printf, integer overflows, names, characters • Considerations for writing and deploying secure code – Validate input (prevent vulnerabilities) – Minimize attack surface (number of points of potential vulnerabilities) – Minimize permissions – Safe transition of privilege via invocation – Return little information • Type safety – Implications to attacks above CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 5

  6. Access Control Principles • Protection System – Protection State – State Enforcer • Access Matrix – Use it – Variants (RBAC) – Security guarantees from policies • Protection and Security – Know the difference • Reference Monitor – Know the guarantees – Know how to apply them to other systems • How does X satisfy RM guarantees? CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 6

  7. UNIX and Windows • Subjects – UNIX: users; Windows: more complex • Objects – UNIX: files; Windows: more complex • User Authentication • Access Enforcement – Process – Implications for security • Transitions – UNIX: Setuid; Windows: Windows Services • Constrained execution – UNIX: chroot, nobody; Windows: Restricted contexts • General vulnerabilities CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 7

  8. Trusted Computing • Palladium • TPM • Know the difference • Mechanisms – Protected Storage – Attestation – How TPM supports • Boot guarantees CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 8

  9. Secrecy and Integrity • Secrecy – Secrecy and security – Multilevel security, Chinese Wall Security – Secrecy properties – Miscellaneous • Trojan horses, covert channels – Program secrecy (Denning) • Integrity – Integrity and security – Biba and LOMAC – Integrity realization – Privilege separation CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 9

  10. Intrusion Detection • Anomaly and misuse detection • Relation to access control • Network and host IDS • Positives/Negatives • Bayes ’ Rule Analysis CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 10

  11. MAC Systems and VM Systems • Relation to Reference Monitors • Mandatory Access Control • Multics • Transitions (all) • SELinux/LSM architecture • Virtual Machine architectures • VM principles • Xen enforcement • VM vs OS enforcement • Java enforcement CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 11

  12. The state of security … • … issues are in public consciousness – Press coverage is increasing … – Losses mounting … (billions and billions) – Affect increasing …… (ATMs, commerce) • What are we doing? “… sound and fury signifying nothing …” - W. Shakespeare (well, its not quite that bad) CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 12

  13. The problems … • What is the root cause? – Security is not a key goal … – … and it never has been … … so , we need to figure out how to change the way we do engineering (and science) … … to make computers secure. • Far too much misunderstanding about basic security and the use of technology • This is also true physical security CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 13

  14. The current solutions … • Make better software – “we mean it” - B. Gates (2002) – “no really …” - B. Gates (2003) – “Linux is bad too …” - B. Gates (2005) – “it ’ s in longhorn ...” - B. Gates (2006) • CERT/SANS-based problem/event tracking – Experts tracking vulnerabilities – Patch system completely broken • Destructive research – Back-pressure on product developers – Arms-race with bad guys • Problem: reactive, rather than proactive CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 14

  15. The real solutions … • Fix the economic incentive equation … – Eventually, MS/Sun/Apple/*** will be in enough pain that they change the way they make software • Education – Things will get better when people understand when how to use technology • Fix engineering practices – Design for security • Apply technology – What we have been talking about CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 15

  16. The bottom line • The Web/Internet and new technologies are being limited by their ability to address security and privacy concerns … • … it is incumbent in us as scientists to meet these challenges. – Evangelize importance of security … – Provide sound technologies … – Define better practices … CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 16

  17. Thank You!!! tjaeger@cse.psu.edu CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Page 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Beyond Semantics Wrapup Annual meeting of the DGfS AG 1 Gttingen, 2011 Wrapup Bonnie

Beyond Semantics Wrapup Annual meeting of the DGfS AG 1 Gttingen, 2011 Wrapup Bonnie

Beyond Semantics Wrapup Annual meeting of the DGfS AG 1 Gttingen, 2011 Wrapup Bonnie Webber: Patterns of Explicit and Implicit Clausal Connectors: What this might suggest for "beyond semantics" Irn Korzen and Matthias

236 views • 13 slides
Frontend Wrapup COMP 520: Compiler Design (4 credits) Alexander Krolik

Frontend Wrapup COMP 520: Compiler Design (4 credits) Alexander Krolik

COMP 520 Winter 2017 Frontend Wrapup (1) Frontend Wrapup COMP 520: Compiler Design (4 credits) Alexander Krolik alexander.krolik@mail.mcgill.ca MWF 13:30-14:30, MD 279 COMP 520 Winter 2017 Frontend Wrapup (2) Announcements (Wednesday,

842 views • 31 slides
Wrapup Final Exam Monday, December 15, 1-3:30pm This

Wrapup Final Exam Monday, December 15, 1-3:30pm This

Wrapup Final Exam Monday, December 15, 1-3:30pm This classroom CumulaAve, but emphasizes material post- midterm. Study old homework assignments,

377 views • 22 slides
Wrapup: IE, QA, and Dialog Mausam Grading 50% 40% project 20% final exam 15% 20%

Wrapup: IE, QA, and Dialog Mausam Grading 50% 40% project 20% final exam 15% 20%

Wrapup: IE, QA, and Dialog Mausam Grading 50% 40% project 20% final exam 15% 20% regular reviews 15% 10% midterm survey 10% presentation Extra credit: participation Plan (1 st half of the course) Classical

697 views • 37 slides
Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science

Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science

Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University of British Columbia CPSC 547, Information Visualization 28 November 2017 http://www.cs.ubc.ca/~tmm/courses/547-17F Today writing infovis

656 views • 50 slides
Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science

Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science

Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University of British Columbia CPSC 547, Information Visualization 26 November 2019 http://www.cs.ubc.ca/~tmm/courses/547-19 Final presentations timing

644 views • 49 slides
Wrapup: final presentations 3:00-3:10 Albina Gibadullina 4:56-5:08 Gabby Xiong and

Wrapup: final presentations 3:00-3:10 Albina Gibadullina 4:56-5:08 Gabby Xiong and

Today Final Presentations Schedule Wrapup: final presentations 3:00-3:10 Albina Gibadullina 4:56-5:08 Gabby Xiong and Michael Cao. Geographic-Financial. Android App Similarity Visualization. final reports 3:10-3:22

573 views • 4 slides
RegExpr:Review & Wrapup; Lecture 13b Larry Ruzzo Outline More regular expressions &

RegExpr:Review & Wrapup; Lecture 13b Larry Ruzzo Outline More regular expressions &

RegExpr:Review & Wrapup; Lecture 13b Larry Ruzzo Outline More regular expressions & pattern matching: groups substitute greed RegExpr Syntax Theyre strings Most punctuation is special; needs to be escaped by backslash (e.g.,

523 views • 25 slides
CNN wrapup and Visual attributes Thurs April 26 Kristen Grauman UT Austin Last time

CNN wrapup and Visual attributes Thurs April 26 Kristen Grauman UT Austin Last time

CS 376: Computer Vision - lecture 26 4/26/2018 CNN wrapup and Visual attributes Thurs April 26 Kristen Grauman UT Austin Last time Evaluation Scoring an object detector Scoring a multi-class recognition system Spatial pyramid

356 views • 22 slides
Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University of

Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University of

Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University of British Columbia CPSC 547, Information Visualization 3 December 2020 http://www.cs.ubc.ca/~tmm/courses/547-20 Today final presentations

830 views • 51 slides
CSE 543 - Computer Security Lecture 27 - Wrapup December 13, 2007 URL:

CSE 543 - Computer Security Lecture 27 - Wrapup December 13, 2007 URL:

CSE 543 - Computer Security Lecture 27 - Wrapup December 13, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Final Tuesday, December 18, 8:00am-9:50am in 102

167 views • 12 slides
CS 360 Programming Languages Streams Wrapup Quick Review of Constructing Streams Usually

CS 360 Programming Languages Streams Wrapup Quick Review of Constructing Streams Usually

CS 360 Programming Languages Streams Wrapup Quick Review of Constructing Streams Usually two ways to construct a stream. Method 1: Use a function that takes a(n) argument(s) from which the next element of the stream can be

478 views • 18 slides
Objects/Inheritance Wrapup Class : descrip5on of a data type

Objects/Inheritance Wrapup Class : descrip5on of a data type

Objects/Inheritance Wrapup Class : descrip5on of a data type that can contain fields (variables) and methods (func5ons) Think of a class as a

669 views • 12 slides
Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University

Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University

Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University of British Columbia CPSC 547, Information Visualization 6 April 2017 http://www.cs.ubc.ca/~tmm/courses/547-17 Today writing infovis papers:

706 views • 46 slides
Programming Languages Streams Wrapup, Memoization, Type Systems, and Some Monty Python Adapted

Programming Languages Streams Wrapup, Memoization, Type Systems, and Some Monty Python Adapted

Programming Languages Streams Wrapup, Memoization, Type Systems, and Some Monty Python Adapted from Dan Grossmans PL class, U. of Washington Quick Review of Constructing Streams Usually two ways to construct a stream. Method 1: Use

706 views • 45 slides
Today Optical flow wrapup Activity in video Actions in video Background subtraction

Today Optical flow wrapup Activity in video Actions in video Background subtraction

4/26/2011 Today Optical flow wrapup Activity in video Actions in video Background subtraction Monday, April 25 Recognition of actions based on motion patterns Kristen Grauman Example applications UT-Austin Using optical

450 views • 8 slides
The New Era of Safe- Opioid Prescribing: Implications for Womens Health Soraya Azari, MD

The New Era of Safe- Opioid Prescribing: Implications for Womens Health Soraya Azari, MD

I have no disclosures. The New Era of Safe- Opioid Prescribing: Implications for Womens Health Soraya Azari, MD Associate Professor of Medicine Objectives Case 1 To be able to explain the risks associated with SE is a 64yo F with a

479 views • 14 slides
Laodicea Revelation 3:14-22 Patmos Laodicea Name: Lao = People Diceans =

Laodicea Revelation 3:14-22 Patmos Laodicea Name: Lao = People Diceans =

Laodicea Revelation 3:14-22 Patmos Laodicea Name: Lao = People Diceans = Rulers Rule by the People Nicolaitans Rule Over the People Laodicea Local: Based on Compromise The Economy Merchants

957 views • 58 slides
Results of the Burrows-Wheeler Algorithm Zichuan Wang (Jack) Nankai University, China Content

Results of the Burrows-Wheeler Algorithm Zichuan Wang (Jack) Nankai University, China Content

Results of the Burrows-Wheeler Algorithm Zichuan Wang (Jack) Nankai University, China Content Hamlet, Shakespeare The Mathematician, John von Neumann The Other Tiger, Jorge Luis Borges Luceafrul (Evening Star), Mihai Eminescu

1.01k views • 86 slides
Rediscovering Repentance Rediscovering Repentance Rediscovering Repentance Rediscovering

Rediscovering Repentance Rediscovering Repentance Rediscovering Repentance Rediscovering

Rediscovering Repentance Rediscovering Repentance Rediscovering Repentance Rediscovering Repentance 1 John 3:4- sin is lawlessness. Rediscovering Repentance Rediscovering Repentance James 4:17- Whoever knows the right thing to do

362 views • 33 slides
Stochastic multiscale modeling of subsurface and surface flows. Part I: Multiscale mortar mixed

Stochastic multiscale modeling of subsurface and surface flows. Part I: Multiscale mortar mixed

Stochastic multiscale modeling of subsurface and surface flows. Part I: Multiscale mortar mixed finite elements for Darcy flow Ivan Yotov Department of Mathematics, University of Pittsburgh KAUST WEP Workshop January 30February 1, 2010

498 views • 46 slides
Webinar agenda Beyond Bricks and Mortar: Rethinking Refugees and Housing 1. Presentation by Fuad

Webinar agenda Beyond Bricks and Mortar: Rethinking Refugees and Housing 1. Presentation by Fuad

Webinar agenda Beyond Bricks and Mortar: Rethinking Refugees and Housing 1. Presentation by Fuad Mahamed, CEO, Ashley Community Housing (Bristol, UK) 2. Presentation by Sophie Mirow, Program Coordinator North and Internationalization, Refugees

277 views • 25 slides
SAGNet: Structure-aware Generative Network for 3D- Shape Modeling Zhijie Wu

SAGNet: Structure-aware Generative Network for 3D- Shape Modeling Zhijie Wu

SAGNet: Structure-aware Generative Network for 3D- Shape Modeling Zhijie Wu Shenzhen University Xiang Wang Shenzhen University Di Lin Shenzhen

595 views • 36 slides
FASTING SATURDAYS @ 1MM 1 THINGS THAT BREAK THE FAST 1 2 3 4 5 6 7 2 SUNNAHS FOR FASTING

FASTING SATURDAYS @ 1MM 1 THINGS THAT BREAK THE FAST 1 2 3 4 5 6 7 2 SUNNAHS FOR FASTING

RAMADHAAN PREPARATION THE FIQH OF FASTING SATURDAYS @ 1MM 1 THINGS THAT BREAK THE FAST 1 2 3 4 5 6 7 2 SUNNAHS FOR FASTING 1 2 3 4 5 6 7 8 9 3 DISCOURAGED BEHAVIOR WHEN FASTING 1 2 3 4

256 views • 6 slides

More recommend