cse 127 introduction to security
play

CSE 127: Introduction to Security Deian Stefan UCSD Fall 2020 - PowerPoint PPT Presentation

Jan 01, 2024 •340 likes •982 views

CSE 127: Introduction to Security Deian Stefan UCSD Fall 2020 Lecture 1 Instructor: Deian Stefan deian+cse127@cs.ucsd.edu Office Hours: Fri 9-10am TA: Sunjay Cauligi scauligi@eng.ucsd.edu Office Hours: Thu 7-8pm TA: Evan

  1. CSE 127: Introduction to Security Deian Stefan UCSD Fall 2020 Lecture 1

  2. • Instructor: Deian Stefan deian+cse127@cs.ucsd.edu • Office Hours: Fri 9-10am • TA: Sunjay Cauligi scauligi@eng.ucsd.edu • Office Hours: Thu 7-8pm • TA: Evan Johnson e5johnso@eng.ucsd.edu • Office Hours: Mon 7-8pm • TA: Kevin Yu shy147@ucsd.edu • Office Hours: Wed 10-11am • Tutor: Sam Liu szl005@ucsd.ed • Office Hours: Tue 1-2pm

  3. Many amazing folks at UCSD working on security Russell Daniele Mihir Nadia Deian Aaron Stefan Geoff Alex Impagliazzo Micciancio Bellare Heninger Stefan Schulman Savage Voelker Snoeren A l e x Theory Applied Crypto Systems Nadia kc Lawrence Ranjit Sorin Ryan Polikarpova Claffy Saul Jhala Lerner Kastner PL & Verification Embedded Networking ML

  4. My group’s research Memory safety and sandboxing (MS-Wasm, RLBox, Swivel) Practical verification for security (VeRA, IODINE, VeriWasm) Bugfinding for browsers and runtime systems (Sys, SafeV8) Constant-time programming (CT-Wasm, FaCT, CTFP) Web security and privacy Security foundations

  5. We focus on real-world impact

  6. Once upon a time I even cofounded a startup

  7. Topics Covered • The Security Mindset • Principles and threat modeling • Systems/Software Security • Classic attacks and defenses on memory safety, isolation • Web Security • Web architecture, web attacks, web defenses • Network Security • Network protocols, network attacks, network defenses • Cryptography • Public and private-key cryptography, TLS, PKI • Privacy and Ethics

  8. Course Goals • Critical thinking • How to think like an attacker • How to reason about threats and risks • How to balance security costs and benefits

  9. Course Goals • Critical thinking • How to think like an attacker • How to reason about threats and risks • How to balance security costs and benefits • Technical skills • How to protect yourself • How to manage and defend systems • How to design and implement secure systems

  10. Course Goals • Critical thinking • How to think like an attacker • How to reason about threats and risks • How to balance security costs and benefits • Technical skills • How to protect yourself • How to manage and defend systems • How to design and implement secure systems • Learn to be a security-conscious citizen

  11. Course Goals • Critical thinking • How to think like an attacker • How to reason about threats and risks • How to balance security costs and benefits • Technical skills • How to protect yourself • How to manage and defend systems • How to design and implement secure systems • Learn to be a security-conscious citizen • Learn to be a leet h4x0r

  12. Course Goals • Critical thinking • How to think like an attacker • How to reason about threats and risks • How to balance security costs and benefits • Technical skills • How to protect yourself • How to manage and defend systems • How to design and implement secure systems • Learn to be a security-conscious citizen • Learn to be a leet h4x0r , but an ethical one!

  13. Course Mechanics 80% Eight projects • Own programming and writeup • General discussion OK (even encouraged!)

  14. Course Mechanics 80% Eight projects • Own programming and writeup • General discussion OK (even encouraged!) 15% Final • Thu, Dec 17 00:00-23:59 • No collaboration • Open notes, open piazza

  15. Course Mechanics 80% Eight projects • Own programming and writeup • General discussion OK (even encouraged!) 15% Final • Thu, Dec 17 00:00-23:59 • No collaboration • Open notes, open piazza 5% Participation • Ask/answer questions, make comments, generate discussion!

  16. Course Mechanics 80% Eight projects • Own programming and writeup • General discussion OK (even encouraged!) 15% Final • Thu, Dec 17 00:00-23:59 • No collaboration • Open notes, open piazza 5% Participation • Ask/answer questions, make comments, generate discussion! ≤ 10 % Lecture notes • Work in groups • Our goal: use notes in future classes!

  17. Course Policies Early policy: • Can turn in assigments 3 days early to get 10% of your grade extra credit • No late days

  18. Course Policies Early policy: • Can turn in assigments 3 days early to get 10% of your grade extra credit • No late days Regrade policy: • Regrades should be the exception not the norm • Incorrect regrade request = ⇒ negative points

  19. Course Policies Early policy: • Can turn in assigments 3 days early to get 10% of your grade extra credit • No late days Regrade policy: • Regrades should be the exception not the norm • Incorrect regrade request = ⇒ negative points Academic integrity: • UC San Diego policy: https://academicintegrity.ucsd.edu • We have to report suspected cases, don’t make it weird • If you are not sure if something is cheating, ask

  20. Talk to us, it’s a weird time

  21. Course Resources • No official textbook. Optional books: • Security Engineering by Ross Anderson • Hacking: The Art of Exploitation by Jon Erikon

  22. Course Resources • No official textbook. Optional books: • Security Engineering by Ross Anderson • Hacking: The Art of Exploitation by Jon Erikon • Assignments and readings on course site: https://cse127.programming.systems

  23. Course Resources • No official textbook. Optional books: • Security Engineering by Ross Anderson • Hacking: The Art of Exploitation by Jon Erikon • Assignments and readings on course site: https://cse127.programming.systems • Questions? Post to Piazza. https://piazza.com/ucsd/fall2020/cse127

  24. Course Resources • No official textbook. Optional books: • Security Engineering by Ross Anderson • Hacking: The Art of Exploitation by Jon Erikon • Assignments and readings on course site: https://cse127.programming.systems • Questions? Post to Piazza. https://piazza.com/ucsd/fall2020/cse127 • Lectures, section, office hours: • On this Zoom • Everything will be recorded and posted online

  25. Ethics We will be discussing and implementing real-world attacks. Using some of these these techniques in the real world may be unethical, a violation of university policies, or a violation of federal law. This includes the course assignment infrastructure (e.g., grading system).

  26. Ethics We will be discussing and implementing real-world attacks. Using some of these these techniques in the real world may be unethical, a violation of university policies, or a violation of federal law. This includes the course assignment infrastructure (e.g., grading system). Be an ethical hacker • Ethics requires you to refrain from doing harm • Always respect human, privacy, property rights • There are many legitimate hacking capture-the-flags

  27. 18 U.S. CODE § 1030 - FRAUD AND RELATED ACTIVITY IN CONNECTION WITH COMPUTERS Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer...

  28. 18 U.S. CODE § 1030 - FRAUD AND RELATED ACTIVITY IN CONNECTION WITH COMPUTERS Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer... The punishment for an offense... - a fine under this title or imprisonment for not more than one year, or both..., - a fine under this title or imprisonment for not more than 5 years, or both... if— (i) the offense was committed for purposes of commercial advantage or private financial gain; (ii) the offense was committed in furtherance of any criminal or tortious act...; or (iii) the value of the information obtained exceeds $5,000

  29. The Good, the Bad, and the Ugly Good In 2012, FBI prosecuted weev for exposing data of 114K iPad users Bad In 2011, Sony sued George Hotz for jailbreaking PlayStation 3 Ugly In 2011, FBI prosecuted Aaron Swartz for downloading academic articles on MIT network from JSTOR

  30. What is security?

  31. Robustness vs. Security

  32. Robustness vs. Security “Computer security studies how systems behave in the presence of an adversary .” *Actively tries to cause the system to misbehave.

  33. The Security Mindset • Thinking like an attacker • Understand techniques for circumventing security • Look for ways security can break, not why it won’t

  34. The Security Mindset • Thinking like an attacker • Understand techniques for circumventing security • Look for ways security can break, not why it won’t • Thinking like a defender • Know what you’re defending, and against whom. • Weigh benefits vs. costs: No system is ever completely secure. • Rational paranoia Don’t build bridges to sustain bombings

  35. Thinking like an Attacker • Look for weakest links • Identify assumptions that security depends on Are they false?

  36. Thinking like an Attacker • Look for weakest links • Identify assumptions that security depends on Are they false? • Think outside the box

  37. Thinking like an Attacker • Look for weakest links • Identify assumptions that security depends on Are they false? • Think outside the box Not constrained by system designer’s worldview!

Recommend

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT

ADVANCED COMPUTER SECURITY INTRODUCTION cf. Schneider, Chapter 1 INTRODUCTION THEY ARE OUT TO GET YOU INTRODUCTION WHAT IS SECURITY? A systems security policies describe What the system is supposed to do Store and provide access

479 views • 16 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Practices and Charter Research Branch Security Council Affairs Division Department of Political Affairs United Nations August

490 views • 28 slides
Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn

ITS335 Intro. to Security Concepts Threats, Attacks, Assets Introduction to Security Comm. Security Strategy Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2

965 views • 34 slides
Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security

Introduction to the Introduction to the Work of the Security Council Work of the Security Council Security Council Affairs Division Department of Political Affairs United Nations August 2013 Outline What is the Security Council?

189 views • 16 slides
Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic

Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic algorithms 7.4 Digital signatures 7.5 Cryptography pragmatics 7.1. Introduction Why need security mechanisms in DS? Share of resources

364 views • 24 slides
Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to

Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to

Confidentiality and disclosure Mohamed Sayed Saidngar@yahoo.com Introduction - Introduction to data security. - Security requirements. - Types of security threats. - Security risks. - Technologies and security solutions. Introduction

411 views • 37 slides
Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics WWW HTTP: Hyper Text Transfer Protocol HTTP Security HTML Protocol HTML Security

1.09k views • 74 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security

Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security

Preparing for the Unthinkable Cyber Security Chicago 2018 Agenda Introduction Security Landscape Meraki Security Demo Security Landscape The Growing Importance of Security MALWARE HAS RISEN BY MORE THAN 10X IN THE LAST YEAR 70% M ALW AR E

604 views • 35 slides
Com puter Security Last tim e Introduction Threat analysis Threats Introduction

Com puter Security Last tim e Introduction Threat analysis Threats Introduction

Com puter Security Last tim e Introduction Threat analysis Threats Introduction to access control Policy matrix Specification Design Implementation Operation and Maintenance Security in the Course Lectures

784 views • 40 slides
Software Defjned Networking Security Outline Introduction What is SDN? SDN attack

Software Defjned Networking Security Outline Introduction What is SDN? SDN attack

Software Defjned Networking Security Outline Introduction What is SDN? SDN attack surface Recent vulnerabilities Security response Defensive technologies Next steps Introduction Security nerd, recovering

790 views • 39 slides
Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography

CSS441 Introduction Concepts Architecture Introduction to Security Attacks Services Mechanisms CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20

678 views • 23 slides
INTRODUCTION COMPUTER & NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is

INTRODUCTION COMPUTER & NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is

INTRODUCTION COMPUTER & NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is security? Why is it so hard to achieve? Administrative The security mindset Analyzing a systems security 1. Summarize the system 2.

801 views • 43 slides
1 Multilevel Security Different security levels for resources Important systems A

1 Multilevel Security Different security levels for resources Important systems A

Last time Threats Introduction Threat analysis Policy Introduction to access Specification control matrix Design Implementation Operation and Maintenance 7/10 - 05 Distributed systems - Jonny Pettersson, UmU 1 Security in the

444 views • 13 slides
DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security Information Assessment Brand Operation Consultancy & Security Protection Penetration Awareness Centre Testing External Networks

474 views • 44 slides
Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL

Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL

Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL injection Web security, part 1 Announcements intermission Stephen McCamant University of Minnesota, Computer Science & Engineering Web

522 views • 5 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics TCP Layer Responsible for reliable end-to-end transfer of application data.

632 views • 32 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 24: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science & Engineering

219 views • 5 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 25: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science & Engineering

419 views • 4 slides

More recommend