introduction cs 136 computer security peter reiher april
play

Introduction CS 136 Computer Security Peter Reiher April 1, 2014 - PowerPoint PPT Presentation

Jan 05, 2023 •442 likes •1.18k views

Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136, Spring 2014 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

  1. Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136, Spring 2014

  2. Purpose of Class • To introduce students to computer security issues • To familiarize students with secure software development • To learn to handle security in today’s installations and systems Lecture 1 Page 2 CS 136, Spring 2014

  3. Description of Class • Topics to be covered • Prerequisites • Grading • Reading materials • Homework • Office hours • Web page Lecture 1 Page 3 CS 136, Spring 2014

  4. Topics to Be Covered • Cryptography and authentication – Use, not design and analysis • Access control and security models • Secure software design and programming • Secure protocols • Network security – threats and countermeasures • Operating systems security • Security analysis and forensics • Malware, common attacks, and important defenses • Privacy • Practical computer security defenses Lecture 1 Page 4 CS 136, Spring 2014

  5. Prerequisites • CS111 (Operating Systems) • CS118 (Computer Networks) • Or equivalent classes elsewhere • If you aren’t familiar with this material, you’ll be at a disadvantage – People have had serious problems with this unfamiliarity recently Lecture 1 Page 5 CS 136, Spring 2014

  6. Teaching Assistant • Joshua Joy – jjoy@CS.UCLA.EDU • Weekly recitation sections Fridays – Section 1A: 8-10, BH 5280 – Section 1B: 4-6, BH 5272 – Won’t cover new material – May help with problems with lectures • Will also handle all homework issues • Office hours: TBA Lecture 1 Page 6 CS 136, Spring 2014

  7. Grading • Midterm – 25% • Exercises – 35% • Final – 40% Lecture 1 Page 7 CS 136, Spring 2014

  8. Class Format • A lecture class • Questions and discussions always welcomed Lecture 1 Page 8 CS 136, Spring 2014

  9. Reading Materials • Textbook • Non-required supplemental text • Optional papers and web pages Lecture 1 Page 9 CS 136, Spring 2014

  10. Textbook • Computer Security: Art and Science – By Matt Bishop • Available in UCLA bookstore • Bishop has a shorter version – That’s not the one we’re using • First reading assignment: Chapter 1 Lecture 1 Page 10 CS 136, Spring 2014

  11. Supplemental Text • Secrets and Lies – By Bruce Schneier • Not a textbook at all • A philosophy of computer security • Great for appreciating the field and problems • Not great for depth of technical details • Not required – No readings will be assigned from this book – But if you plan to work in this field, read it Lecture 1 Page 11 CS 136, Spring 2014

  12. Papers and Web Pages • Non-required reading material • Might or might not be assigned each week • Usually made available electronically – Through class web page • Generally relevant news stories or discussion of security topics Lecture 1 Page 12 CS 136, Spring 2014

  13. Exercises • Five assignments • Requiring practical work • Performed on the Deter testbed – Accessible via the web from any connected location • Individual, not group, assignments Lecture 1 Page 13 CS 136, Spring 2014

  14. Exercise Topics 1. Access control and permissions • Week 3 2. Exploits • Week 4 3. Analysis of attacks and forensics • Week 6 4. Man in the middle attacks • Week 7 5. Intrusion detection • Week 8 Lecture 1 Page 14 CS 136, Spring 2014

  15. More on Exercises • Each exercise has an associated web page – With full instructions and pointers to necessary tools • Due by midnight on Thursday of indicated week • Class TA will provide advise and assistance on exercises Lecture 1 Page 15 CS 136, Spring 2014

  16. The Deter Testbed • A set of machines devoted to security research and education • Located at ISI and SRI • Accessible remotely • Special accounts set up for this class • First discussion section will provide instructions on using Deter – With further assistance from TA – Key: CS136KEY Lecture 1 Page 16 CS 136, Spring 2014

  17. Tests • Midterm – Thursday, May 8 in class • Final – Monday, June 9, 6:30PM – 9:30 PM • Closed book/notes tests Lecture 1 Page 17 CS 136, Spring 2014

  18. Office Hours • TTh 1-2 • Held in 3532F Boelter Hall • Other times possible by appointment Lecture 1 Page 18 CS 136, Spring 2014

  19. Class Web Page http://www.lasr.cs.ucla.edu/classes/136_spring14 • Slides for classes will be posted there – By 5 PM the previous afternoon – In Powerpoint • Readings will be posted there – With links to web pages Lecture 1 Page 19 CS 136, Spring 2014

  20. Introduction to Computer Security • Why do we need computer security? • What are our goals and what threatens them? Lecture 1 Page 20 CS 136, Spring 2014

  21. Why Is Security Necessary? • Because people aren’t always nice • Because a lot of money is handled by computers • Because a lot of important information is handled by computers • Because our society is increasingly dependent on correct operation of computers Lecture 1 Page 21 CS 136, Spring 2014

  22. History of the Security Problem • In the beginning, there was no computer security problem • Later, there was a problem, but nobody cared • Now, there’s a big problem and people care – Only a matter of time before a real disaster – At least one company went out of business due to a DDoS attack – Identity theft and phishing claim vast number of victims – Stuxnet seriously damaged Iran’s nuclear capability – Video showed cyberattack causing an electric transformer to fail – There’s an underground business in cyber thievery – Increased industry spending on cybersecurity Lecture 1 Page 22 CS 136, Spring 2014

  23. Some Examples of Large Scale Security Problems • Malicious code attacks • Distributed denial of service attacks • Vulnerabilities in commonly used systems Lecture 1 Page 23 CS 136, Spring 2014

  24. Malicious Code Attacks • Multiple new viruses, worms, botnets, and Trojan horses appear every week • Recent estimate of $10 billion annual damages from botnets • Stuxnet worm targeted at nuclear facilities – Unspecified amounts of damage done to Iran’s nuclear program • IM and smartphone attacks are popular Lecture 1 Page 24 CS 136, Spring 2014

  25. Distributed Denial of Service Attacks • Use large number of compromised machines to attack one target – By exploiting vulnerabilities – Or just generating lots of traffic • Very common today • A favored tool for hacktivists – Recent large DDoS attacks on China and others • In general form, an extremely hard problem Lecture 1 Page 25 CS 136, Spring 2014

  26. Vulnerabilities in Commonly Used Systems • 802.11 WEP is fatally flawed • Recently, critical vulnerabilities in Intel processor microcode, Linksys routers • Many popular applications have vulnerabilities – Recent vulnerabilities in Android WebView, Android OS, Internet Explorer, HP backup software, Microsoft Office, Adobe Flash, Apache Tomcat, etc. • Many security systems have vulnerabilities – Gnu TLS, Apple iOS SSL, and Symantec Endpoint Protection recently Lecture 1 Page 26 CS 136, Spring 2014

  27. Electronic Commerce Attacks • As Willie Sutton said when asked why he robbed banks, – “Because that’s where the money is” • Increasingly, the money is on the Internet • Criminals have followed • Common problems: – Credit card number theft (often via phishing) – Identity theft (phishing, again, is a common method) – Loss of valuable data from laptop theft – Manipulation of e-commerce sites – Extortion via DDoS attacks or threatened release of confidential data • 2010’s Sony data breach estimated to cost the company $170 million Lecture 1 Page 27 CS 136, Spring 2014

  28. Some Recent Statistics • Bit9 survey in 2013 reports 47% of surveyed organizations knew they’d suffered a cyberattack – But 52% doubted their ability to detect attacks – 13% didn’t even know if they’d been attacked • 2013 Verizon report said that 66% of breaches took months to years to discover – And 69% of breaches were not discovered by the compromised organization itself • Ponemon Institute 2014 survey showed 94% of healthcare organizations lost data in past two years Lecture 1 Page 28 CS 136, Spring 2014

  29. Cyberwarfare • Nation states have developed capabilities to use computer networks for such purposes • DDoS attacks on Estonia and Georgia – Probably just hackers • Some regard Stuxnet as real cyberwarfare – Pretty clear it was done by US • Continuous cyberspying by many nations • Vulnerabilities of critical infrastructure – The smart grid will only increase the danger Lecture 1 Page 29 CS 136, Spring 2014

  30. Something Else to Worry About • Are some of the attempts to deal with cybersecurity damaging liberty? • Does data mining for terrorists and criminals pose a threat to ordinary people? – The NSA is looking at a lot of stuff . . . – And they aren’t the only ones • Can I trust Facebook/Google/MySpace/Twitter/ whoever with my private information? • Are we in danger of losing all privacy? Lecture 1 Page 30 CS 136, Spring 2014

Recommend

Introduction CS 236 Advanced Computer Security Peter Reiher April 1, 2008 Lecture 1 Page 1

Introduction CS 236 Advanced Computer Security Peter Reiher April 1, 2008 Lecture 1 Page 1

Introduction CS 236 Advanced Computer Security Peter Reiher April 1, 2008 Lecture 1 Page 1 CS 236, Spring 2008 Outline Subject of class Class topics and organization Reading material Class web page Grading Projects

838 views • 50 slides
Introduction CS 136 Computer Security Peter Reiher January 10, 2017 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher January 10, 2017 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher January 10, 2017 Lecture 1 Page 1 CS 136, Winter 2017 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

599 views • 57 slides
Introduction CS 136 Computer Security Peter Reiher January 8, 2008 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher January 8, 2008 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher January 8, 2008 Lecture 1 Page 1 CS 136, Winter 2008 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

1.19k views • 72 slides
Introduction to Cryptography CS 136 Computer Security Peter Reiher January 17, 2017 Lecture 3

Introduction to Cryptography CS 136 Computer Security Peter Reiher January 17, 2017 Lecture 3

Introduction to Cryptography CS 136 Computer Security Peter Reiher January 17, 2017 Lecture 3 Page 1 CS 136, Winter 2017 Outline What is data encryption? Cryptanalysis Basic encryption methods Substitution ciphers

1.16k views • 66 slides
More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS 136, Winter 2008 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Some

701 views • 53 slides
Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136,

Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136,

Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136, Fall 2014 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Malware

838 views • 67 slides
Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136,

Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136,

Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136, Fall 2014 Outline Network security characteristics and threats Denial of service attacks Traffic control mechanisms Firewalls

797 views • 67 slides
Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall

Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall

Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall 2014 Web Security Lots of Internet traffic is related to the web Much of it is financial in nature Also lots of private information flow

859 views • 70 slides
Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher Lecture 18 CS 118 Page 1 Winter 2016 Another type of layer deficiency Some layers of protocol do not provide any security or privacy What if

708 views • 59 slides
Introduction CS 118 Computer Network Fundamentals Peter Reiher Lecture 1 CS 118 Page 1

Introduction CS 118 Computer Network Fundamentals Peter Reiher Lecture 1 CS 118 Page 1

Introduction CS 118 Computer Network Fundamentals Peter Reiher Lecture 1 CS 118 Page 1 Winter 2016 Purpose of the class To familiarize you with the basic concepts of computer networking Computer networks are increasingly key to

1.13k views • 66 slides
Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1 CS 136, Winter 2008 Outline Basics of network security Definitions Sample attacks Defense mechanisms Lecture 11 Page 2 CS 136,

613 views • 50 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

1.15k views • 64 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

844 views • 56 slides
Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L.

Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L.

Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L. Reiher {pahp, reiher}@cs.ucla.edu Laboratory for Advanced Systems Research (LASR) University of California Los Angeles The 3 rd Workshop on Cyber

314 views • 28 slides
Intrusion Detection Computer Security Peter Reiher November 18, 2014 Lecture 11 Page 1 CS

Intrusion Detection Computer Security Peter Reiher November 18, 2014 Lecture 11 Page 1 CS

Intrusion Detection Computer Security Peter Reiher November 18, 2014 Lecture 11 Page 1 CS 136, Fall 2014 Outline Introduction Characteristics of intrusion detection systems Some sample intrusion detection systems Lecture 11

737 views • 63 slides
Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 19 Page 1 CS 236 Online Putting It All Together Weve talked a lot about security principles And about security problems And

209 views • 17 slides
Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 15 Page 1 CS 236 Online Evaluating Program Security What if your task isnt writing secure code? Its determining if someone

423 views • 16 slides
Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture

Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture

Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 9 Page 1 CS 236 Online Some Important Network Characteristics for Security Degree of locality Media used Protocols used Lecture 9

156 views • 11 slides
Cryptographic Keys CS 136 Computer Security Peter Reiher October 16, 2014 Lecture 5 Page 1

Cryptographic Keys CS 136 Computer Security Peter Reiher October 16, 2014 Lecture 5 Page 1

Cryptographic Keys CS 136 Computer Security Peter Reiher October 16, 2014 Lecture 5 Page 1 CS 136, Fall 2014 Outline Properties of keys Key management Key servers Certificates Lecture 5 Page 2 CS 136, Fall 2014

1.02k views • 68 slides
More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 4 Page 1 CS 236 Online Outline Desirable characteristics of ciphers Stream and block ciphers Cryptographic modes Uses of

475 views • 29 slides
Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 3 Page 1 CS 236 Online Mandatory Access Control and the Real World For a long time, things like Bell-La Padula were hard to run

220 views • 6 slides
Communications Channels CS 118 Computer Network Fundamentals Peter Reiher Lecture 3 CS 118

Communications Channels CS 118 Computer Network Fundamentals Peter Reiher Lecture 3 CS 118

Communications Channels CS 118 Computer Network Fundamentals Peter Reiher Lecture 3 CS 118 Page 1 Winter 2016 Review: Comm. as shared state Communication is less than most think Just syntax not semantics or intent Information

795 views • 76 slides
Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 7

Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 7

Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 7 Page 1 CS 236 Online Outline Introduction Basic authentication mechanisms Lecture 7 Page 2 CS 236 Online Introduction Much of

799 views • 30 slides
Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 4 Page 1 CS 236 Online Brute Force Attacks, the iPhone, and the FBI Recently lots of news about the FBI needing to crack an iPhone It

85 views • 8 slides

More recommend