wrapup
play

Wrapup CSE443 - Spring 2012 Introduction to Computer and Network - PowerPoint PPT Presentation

Nov 24, 2023 •371 likes •558 views

Wrapup CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Final The final is on

  1. Wrapup CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger

  2. Final • The final is on – Thursday, May 3, 2:30 in 101 Althouse • Be late at your own peril (We may lock the door at 2:40) • You will have the full time to take the test, but no more • Coverage: – Anything we talked about in class … – or appeared in the readings – Mainly topics since mid-term • Types of questions – Constructive (here is scenario, design X and explain it) – Philosophical (why does Z argue that …) – Explanatory (what is the key tradeoff between A and B …) CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 2

  3. Prior Topics • Terminology – Any term defined in the early lectures • Crypto Algorithms – Diffie-Hellman and RSA • Crypto protocols – Public key – Secret key – Integrity, Authenticity, Secrecy • Authentication – Kerberos, SSH, SSL, IPsec • Program Security – Buffer and other overflows, name resolution attacks • Access Control – Protection v Security, Mandatory Protection System, Reference Monitor CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 3

  4. Topics Since Midterm • Capabilities and Sandboxes • Network Security • Web Security • Intrusion Detection • Stuxnet • MAC systems • Return-oriented programming • Virtual machine systems • Trusted Computing • Wireless Security CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 4

  5. Capabilities • Problems – Confused deputy • Considerations – Chroot – Sandboxing and TOCTTOU – Capability definition – Crypto capabilities – Forgery – Confine access using capabilities – Usability CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 5

  6. Network Security • Problems – Network protocol vulnerabilities, network access, secure communication at IP level (IPsec), worms, bots • Considerations – Basis for the various vulnerabilities – Firewall rule specification – IPsec principles – Worm propagation – Botnets and command & control CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 6

  7. Web Security • Problems – Secure communication (SSL/TLS), cookie, server vulnerabilities, client vulnerabilities, client defenses • Considerations – SSL protocol tasks and results – Secure cookie design – Dynamic content processing – Javascript, applets, ... – Client security architectures CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 7

  8. Intrusion Detection • Anomaly and misuse detection • Network and host IDS • Positives/Negatives • Bayes’ Rate Fallacy CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 8

  9. Modern Attacks • Problems – Stuxnet and Return-oriented programming • Considerations – Stuxnet threats – Limitations that made these threats viable – Relationship between overflows and ROP – ROP execution model – Gadgets CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 9

  10. MAC Systems VM Systems • MAC systems – how does SELinux confine root processes? – how does SELinux prevent access to setuid programs? – why used for confining network facing daemons? • VM systems – virtualization types – tasks for securing VM computation (VAX VMM) – IOMMU CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 10

  11. Trusted Computing • Extend – TPM hash chain operation over PCRs • Quote/Attest – Sign PCR using challenge-response protocol CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 11

  12. Wireless Security • Attacks on wireless – radio channel • Attacks on WEP • NIST recommendations – Why? CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 12

  13. The state of security … • … issues are in public consciousness – Press coverage is increasing … – Losses mounting … (billions and billions) – Affect increasing …… (ATMs, commerce) • What are we doing? “… sound and fury signifying nothing …” - W. Shakespeare (well, its not quite that bad) CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 13

  14. The problems … • What is the root cause? – Security is not a key goal … – … and it never has been … … so , we need to figure out how to change the way we do engineering (and science) … … to make computers secure. • Far too much misunderstanding about basic security and the use of technology • This is also true physical security CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 14

  15. The current solutions … • Make better software – “we mean it” - B. Gates (2002) – “no really …” - B. Gates (2003) – “Linux is bad too …” - B. Gates (2005) – “it’s in longhorn ...” - B. Gates (2006) • CERT/SANS-based problem/event tracking – Experts tracking vulnerabilities – Patch system improving • Destructive research – Back-pressure on product developers – Arms-race with bad guys • Problem: reactive, rather than proactive CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 15

  16. The real solutions … • Fix the economic incentive equation … – Eventually, MS/Sun/Apple/*** will be in enough pain that they change the way they make software • Education – Things will get better when people understand when how to use technology • Fix engineering practices – Design for security • Apply technology – What we have been talking about CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 16

  17. The bottom line • The Web/Internet and new technologies are being limited by their ability to address security and privacy concerns … • … it is incumbent in us as scientists to meet these challenges. – Evangelize importance of security … – Provide sound technologies … – Define better practices … CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 17

  18. Thank You!!! tjaeger@cse.psu.edu CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Beyond Semantics Wrapup Annual meeting of the DGfS AG 1 Gttingen, 2011 Wrapup Bonnie

Beyond Semantics Wrapup Annual meeting of the DGfS AG 1 Gttingen, 2011 Wrapup Bonnie

Beyond Semantics Wrapup Annual meeting of the DGfS AG 1 Gttingen, 2011 Wrapup Bonnie Webber: Patterns of Explicit and Implicit Clausal Connectors: What this might suggest for "beyond semantics" Irn Korzen and Matthias

236 views • 13 slides
Frontend Wrapup COMP 520: Compiler Design (4 credits) Alexander Krolik

Frontend Wrapup COMP 520: Compiler Design (4 credits) Alexander Krolik

COMP 520 Winter 2017 Frontend Wrapup (1) Frontend Wrapup COMP 520: Compiler Design (4 credits) Alexander Krolik alexander.krolik@mail.mcgill.ca MWF 13:30-14:30, MD 279 COMP 520 Winter 2017 Frontend Wrapup (2) Announcements (Wednesday,

842 views • 31 slides
Wrapup Final Exam Monday, December 15, 1-3:30pm This

Wrapup Final Exam Monday, December 15, 1-3:30pm This

Wrapup Final Exam Monday, December 15, 1-3:30pm This classroom CumulaAve, but emphasizes material post- midterm. Study old homework assignments,

377 views • 22 slides
Wrapup: IE, QA, and Dialog Mausam Grading 50% 40% project 20% final exam 15% 20%

Wrapup: IE, QA, and Dialog Mausam Grading 50% 40% project 20% final exam 15% 20%

Wrapup: IE, QA, and Dialog Mausam Grading 50% 40% project 20% final exam 15% 20% regular reviews 15% 10% midterm survey 10% presentation Extra credit: participation Plan (1 st half of the course) Classical

697 views • 37 slides
Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science

Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science

Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University of British Columbia CPSC 547, Information Visualization 28 November 2017 http://www.cs.ubc.ca/~tmm/courses/547-17F Today writing infovis

656 views • 50 slides
Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science

Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science

Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University of British Columbia CPSC 547, Information Visualization 26 November 2019 http://www.cs.ubc.ca/~tmm/courses/547-19 Final presentations timing

644 views • 49 slides
Wrapup: final presentations 3:00-3:10 Albina Gibadullina 4:56-5:08 Gabby Xiong and

Wrapup: final presentations 3:00-3:10 Albina Gibadullina 4:56-5:08 Gabby Xiong and

Today Final Presentations Schedule Wrapup: final presentations 3:00-3:10 Albina Gibadullina 4:56-5:08 Gabby Xiong and Michael Cao. Geographic-Financial. Android App Similarity Visualization. final reports 3:10-3:22

573 views • 4 slides
RegExpr:Review & Wrapup; Lecture 13b Larry Ruzzo Outline More regular expressions &

RegExpr:Review & Wrapup; Lecture 13b Larry Ruzzo Outline More regular expressions &

RegExpr:Review & Wrapup; Lecture 13b Larry Ruzzo Outline More regular expressions & pattern matching: groups substitute greed RegExpr Syntax Theyre strings Most punctuation is special; needs to be escaped by backslash (e.g.,

523 views • 25 slides
CNN wrapup and Visual attributes Thurs April 26 Kristen Grauman UT Austin Last time

CNN wrapup and Visual attributes Thurs April 26 Kristen Grauman UT Austin Last time

CS 376: Computer Vision - lecture 26 4/26/2018 CNN wrapup and Visual attributes Thurs April 26 Kristen Grauman UT Austin Last time Evaluation Scoring an object detector Scoring a multi-class recognition system Spatial pyramid

356 views • 22 slides
Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University of

Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University of

Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University of British Columbia CPSC 547, Information Visualization 3 December 2020 http://www.cs.ubc.ca/~tmm/courses/547-20 Today final presentations

830 views • 51 slides
CSE 543 - Computer Security Lecture 27 - Wrapup December 13, 2007 URL:

CSE 543 - Computer Security Lecture 27 - Wrapup December 13, 2007 URL:

CSE 543 - Computer Security Lecture 27 - Wrapup December 13, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Final Tuesday, December 18, 8:00am-9:50am in 102

167 views • 12 slides
CS 360 Programming Languages Streams Wrapup Quick Review of Constructing Streams Usually

CS 360 Programming Languages Streams Wrapup Quick Review of Constructing Streams Usually

CS 360 Programming Languages Streams Wrapup Quick Review of Constructing Streams Usually two ways to construct a stream. Method 1: Use a function that takes a(n) argument(s) from which the next element of the stream can be

478 views • 18 slides
Objects/Inheritance Wrapup Class : descrip5on of a data type

Objects/Inheritance Wrapup Class : descrip5on of a data type

Objects/Inheritance Wrapup Class : descrip5on of a data type that can contain fields (variables) and methods (func5ons) Think of a class as a

669 views • 12 slides
Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University

Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University

Wrapup: Research Papers and Process Tamara Munzner Department of Computer Science University of British Columbia CPSC 547, Information Visualization 6 April 2017 http://www.cs.ubc.ca/~tmm/courses/547-17 Today writing infovis papers:

706 views • 46 slides
Programming Languages Streams Wrapup, Memoization, Type Systems, and Some Monty Python Adapted

Programming Languages Streams Wrapup, Memoization, Type Systems, and Some Monty Python Adapted

Programming Languages Streams Wrapup, Memoization, Type Systems, and Some Monty Python Adapted from Dan Grossmans PL class, U. of Washington Quick Review of Constructing Streams Usually two ways to construct a stream. Method 1: Use

706 views • 45 slides
Today Optical flow wrapup Activity in video Actions in video Background subtraction

Today Optical flow wrapup Activity in video Actions in video Background subtraction

4/26/2011 Today Optical flow wrapup Activity in video Actions in video Background subtraction Monday, April 25 Recognition of actions based on motion patterns Kristen Grauman Example applications UT-Austin Using optical

450 views • 8 slides
Bias Also Matters: Bias Attribution for Deep Neural Network Explanation Shengjie Wang*, Tianyi

Bias Also Matters: Bias Attribution for Deep Neural Network Explanation Shengjie Wang*, Tianyi

Bias Also Matters: Bias Attribution for Deep Neural Network Explanation Shengjie Wang*, Tianyi Zhou*, Jeff A. Bilmes University of Washington, Seattle Explain DNNs as a linear model per data point DNN with piecewise linear activations like

250 views • 9 slides
Course Introduction 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich Why is

Course Introduction 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich Why is

Course Introduction 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich Why is Building Quality Software Hard? Compare to other engineering disciplines Often done; sometimes valid, sometimes not For other disciplines

320 views • 11 slides
Computing Systems Wei Tang*, Narayan Desai # , Venkatram Vishwanarth# Daniel Buettner#, Zhiling

Computing Systems Wei Tang*, Narayan Desai # , Venkatram Vishwanarth# Daniel Buettner#, Zhiling

Job Coscheduling on Coupled High-End Computing Systems Wei Tang*, Narayan Desai # , Venkatram Vishwanarth# Daniel Buettner#, Zhiling Lan* * Illinois Institute of Technolology # Argonne National Laboratory Outline Background &

559 views • 27 slides
Functional Dependencies and Normalization There are many forms of constraints on relational

Functional Dependencies and Normalization There are many forms of constraints on relational

Functional Dependencies and Normalization There are many forms of constraints on relational database schemata other than key dependencies. Undoubtedly most important is the functional dependency. A functional dependency, or FD, is a

716 views • 50 slides
Q2 2018 Management Commentary August 1, 2018 NYSE: DVN devonenergy.com Exe xecu cuting ting

Q2 2018 Management Commentary August 1, 2018 NYSE: DVN devonenergy.com Exe xecu cuting ting

Q2 2018 Management Commentary August 1, 2018 NYSE: DVN devonenergy.com Exe xecu cuting ting the 20 e 2020 Vi Visi sion on Q2 light-oil production exceeds high end of guidance Driven by strong well productivity in Delaware and STACK

482 views • 8 slides
Roadmap for Section 2.3. Environment Subsystems System Service Dispatching Windows on Windows -

Roadmap for Section 2.3. Environment Subsystems System Service Dispatching Windows on Windows -

Unit OS2: Operating System Principles 2.3. Windows on Windows - OS Personalities Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 2.3. Environment Subsystems System

678 views • 20 slides
ANALYSIS OF THE INFLUENCE OF THE URBAN DRAINAGE SYSTEM IN THE AREA OF THE POOL FORMED AFTER

ANALYSIS OF THE INFLUENCE OF THE URBAN DRAINAGE SYSTEM IN THE AREA OF THE POOL FORMED AFTER

ANALYSIS OF THE INFLUENCE OF THE URBAN DRAINAGE SYSTEM IN THE AREA OF THE POOL FORMED AFTER LEAKAGE OF OIL PIPELINES Edmilson Pinto da Silva Marcelo Bernardes Secron INTRODUCTION The dimensions of the pool depend on the portion of the

610 views • 14 slides
Trails and Networks: Loom; Going from Trails to Networks and Networks to Trails Mihovil

Trails and Networks: Loom; Going from Trails to Networks and Networks to Trails Mihovil

<Your Name> Trails and Networks: Loom; Going from Trails to Networks and Networks to Trails Mihovil Bartulovic mbartulovic@cmu.edu Dr. Kathleen M. Carley kathleen.carley@cs.cmu.edu Center for Computational Analysis of Social and

393 views • 18 slides

More recommend