introduction cs 136 computer security peter reiher
play

Introduction CS 136 Computer Security Peter Reiher January 10, - PowerPoint PPT Presentation

Jul 08, 2023 •29 likes •599 views

Introduction CS 136 Computer Security Peter Reiher January 10, 2017 Lecture 1 Page 1 CS 136, Winter 2017 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

  1. Introduction CS 136 Computer Security Peter Reiher January 10, 2017 Lecture 1 Page 1 CS 136, Winter 2017

  2. Purpose of Class • To introduce students to computer security issues • To familiarize students with secure software development • To learn to handle security in today’s installations and systems Lecture 1 Page 2 CS 136, Winter 2017

  3. Description of Class • Topics to be covered • Prerequisites • Grading • Reading materials • Homework • Office hours • Web page Lecture 1 Page 3 CS 136, Winter 2017

  4. Topics to Be Covered • Cryptography and authentication – Use, not design and analysis • Access control and security models • Secure software design and programming • Secure protocols • Network security – threats and countermeasures • Operating systems security • Security analysis and forensics • Malware, common attacks, and important defenses • Privacy • Practical computer security defenses Lecture 1 Page 4 CS 136, Winter 2017

  5. Prerequisites • CS111 (Operating Systems) • CS118 (Computer Networks) • Or equivalent classes elsewhere • If you aren’t familiar with this material, you’ll be at a disadvantage – People have had serious problems with this unfamiliarity recently Lecture 1 Page 5 CS 136, Winter 2017

  6. Teaching Assistant • Joshua Joy – jjoy@CS.UCLA.EDU • Weekly recitation sections Fridays – Section 1A: 2-4, Kinsey 1240B – Section 1B: 12-2 Haines A2 – Won’t cover new material – May help with problems with lectures • Will also handle all homework issues • Office hours: TBA Lecture 1 Page 6 CS 136, Winter 2017

  7. Grading • Midterm – 25% • Exercises – 35% • Final – 40% Lecture 1 Page 7 CS 136, Winter 2017

  8. Class Format • A lecture class • Questions and discussions always welcomed Lecture 1 Page 8 CS 136, Winter 2017

  9. Reading Materials • Textbook • Non-required supplemental text • Optional papers and web pages Lecture 1 Page 9 CS 136, Winter 2017

  10. Textbook • Computer Security: Art and Science – By Matt Bishop • Available in UCLA bookstore • Bishop has a shorter version – That’s not the one we’re using • First reading assignment: Chapter 1 Lecture 1 Page 10 CS 136, Winter 2017

  11. Supplemental Text • Secrets and Lies – By Bruce Schneier • Not a textbook at all • A philosophy of computer security • Great for appreciating the field and problems • Not great for depth of technical details • Not required – No readings will be assigned from this book – But if you plan to work in this field, read it Lecture 1 Page 11 CS 136, Winter 2017

  12. Papers and Web Pages • Non-required reading material • Might or might not be assigned each week • Usually made available electronically – Through class web page • Generally relevant news stories or discussion of security topics Lecture 1 Page 12 CS 136, Winter 2017

  13. Exercises • Five assignments • Requiring practical work • Performed on the Deter testbed – Accessible via the web from any connected location • Individual, not group, assignments Lecture 1 Page 13 CS 136, Winter 2017

  14. Exercise Topics 1. Access control and permissions • Week 3 2. Exploits • Week 4 3. Analysis of attacks and forensics • Week 5 4. Man in the middle attacks • Week 7 5. DDoS • Week 9 Lecture 1 Page 14 CS 136, Winter 2017

  15. More on Exercises • Each exercise has an associated web page – With full instructions and pointers to necessary tools • Due by midnight on Thursday of indicated week • Class TA will provide advise and assistance on exercises Lecture 1 Page 15 CS 136, Winter 2017

  16. The Deter Testbed • A set of machines devoted to security research and education • Located at ISI and SRI • Accessible remotely • Special accounts set up for this class • First discussion section will provide instructions on using Deter – With further assistance from TA – Key: CS136KEY Lecture 1 Page 16 CS 136, Winter 2017

  17. Tests • Midterm – Tuesday, February 14 in class • Final – Monday, March 20, 3 – 6 PM • Closed book/notes tests Lecture 1 Page 17 CS 136, Winter 2017

  18. Office Hours • TTh 2-3 • Held in 3532F Boelter Hall • Other times possible by appointment Lecture 1 Page 18 CS 136, Winter 2017

  19. Class Web Page http://www.lasr.cs.ucla.edu/classes/136_winter17 • Slides for classes will be posted there – By 5 PM the previous afternoon – In Powerpoint • Readings will be posted there – With links to web pages Lecture 1 Page 19 CS 136, Winter 2017

  20. Introduction to Computer Security • Why do we need computer security? • What are our goals and what threatens them? Lecture 1 Page 20 CS 136, Winter 2017

  21. Why Is Security Necessary? • Because people aren’t always nice • Because a lot of money is handled by computers • Because a lot of important information is handled by computers • Because our society is increasingly dependent on correct operation of computers Lecture 1 Page 21 CS 136, Winter 2017

  22. History of the Security Problem • In the beginning, there was no computer security problem • Later, there was a problem, but nobody cared • Now, there’s a big problem and people care – Only a matter of time before a real disaster – At least one company went out of business due to a DDoS attack – Identity theft and phishing claim vast number of victims – Stuxnet seriously damaged Iran’s nuclear capability – Video showed cyberattack causing an electric transformer to fail – There’s an underground business in cyber thievery – Increased industry spending on cybersecurity Lecture 1 Page 22 CS 136, Winter 2017

  23. Some Examples of Large Scale Security Problems • Malicious code attacks • Distributed denial of service attacks • Vulnerabilities in commonly used systems Lecture 1 Page 23 CS 136, Winter 2017

  24. Malicious Code Attacks • Multiple new viruses, worms, botnets, and Trojan horses appear every week • Recent estimate of $10 billion annual damages from botnets • Stuxnet worm targeted at nuclear facilities – Unspecified amounts of damage done to Iran’s nuclear program • IM and smartphone attacks are popular Lecture 1 Page 24 CS 136, Winter 2017

  25. Distributed Denial of Service Attacks • Use large number of compromised machines to attack one target – By exploiting vulnerabilities – Or just generating lots of traffic • Very common today • A favored tool for those wishing to damage someone on the Internet – E.g., recent attack on Krebs • In general form, an extremely hard problem Lecture 1 Page 25 CS 136, Winter 2017

  26. Vulnerabilities in Commonly Used Systems • Recently, critical vulnerabilities in Android, Windows, Linux kernel, BSD libc, VMWare • Many popular applications and middleware have vulnerabilities – Recent vulnerabilities in Ruby on Rails, Internet Explorer,, Adobe Flash, etc. • Many security systems have vulnerabilities – Cisco Adaptive Security Appliance, McAfee Virus Scan, OpenSSL recently • Many problems with IoT software – Grandstream cameras, Siemans CCTV cameras Lecture 1 Page 26 CS 136, Winter 2017

  27. Electronic Commerce Attacks • As Willie Sutton said when asked why he robbed banks, – “Because that’s where the money is” • Increasingly, the money is on the Internet • Criminals have followed • Common problems: – Credit card number theft (often via phishing) – Identity theft (phishing, again, is a common method) – Loss of valuable data from laptop theft – Manipulation of e-commerce sites – Extortion via DDoS attacks or threatened release of confidential data • 2010’s Sony data breach estimated to cost the company $170 million Lecture 1 Page 27 CS 136, Winter 2017

  28. Some Recent Statistics • 2015 Verizon report found over 2000 data breaches from just 70 organizations – In 60% of cases, attackers broke in within minutes – And only 20% of the organizations found the breach within a few days • FBI Cybercrime report for 2014 showed 260,000 reports – And losses of over $800,000,000 • Ponemon Institute 2014 survey showed 94% of healthcare organizations lost data in past two years Lecture 1 Page 28 CS 136, Winter 2017

  29. Cyberwarfare • Nation states have developed capabilities to use computer networks for such purposes • DDoS attacks on Estonia and Georgia – Probably just hackers • Some regard Stuxnet as real cyberwarfare – Pretty clear it was done by US • Attacks on Ukrainian power grid • Continuous cyberspying by many nations • Vulnerabilities of critical infrastructure – The smart grid increases the danger • Russian election hacking in 2016 Lecture 1 Page 29 CS 136, Winter 2017

  30. Something Else to Worry About • Are some of the attempts to deal with cybersecurity damaging liberty? • Does data mining for terrorists and criminals pose a threat to ordinary people? – The NSA is looking at a lot of stuff . . . – And they aren’t the only ones • Can I trust Facebook/Google/MySpace/Twitter/ whoever with my private information? • Are we in danger of losing all privacy? Lecture 1 Page 30 CS 136, Winter 2017

Recommend

Introduction CS 136 Computer Security Peter Reiher January 8, 2008 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher January 8, 2008 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher January 8, 2008 Lecture 1 Page 1 CS 136, Winter 2008 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

1.19k views • 72 slides
Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136, Spring 2014 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

1.18k views • 72 slides
Introduction to Cryptography CS 136 Computer Security Peter Reiher January 17, 2017 Lecture 3

Introduction to Cryptography CS 136 Computer Security Peter Reiher January 17, 2017 Lecture 3

Introduction to Cryptography CS 136 Computer Security Peter Reiher January 17, 2017 Lecture 3 Page 1 CS 136, Winter 2017 Outline What is data encryption? Cryptanalysis Basic encryption methods Substitution ciphers

1.16k views • 66 slides
More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS 136, Winter 2008 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Some

701 views • 53 slides
Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136,

Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136,

Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136, Fall 2014 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Malware

838 views • 67 slides
Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136,

Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136,

Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136, Fall 2014 Outline Network security characteristics and threats Denial of service attacks Traffic control mechanisms Firewalls

797 views • 67 slides
Introduction CS 236 Advanced Computer Security Peter Reiher April 1, 2008 Lecture 1 Page 1

Introduction CS 236 Advanced Computer Security Peter Reiher April 1, 2008 Lecture 1 Page 1

Introduction CS 236 Advanced Computer Security Peter Reiher April 1, 2008 Lecture 1 Page 1 CS 236, Spring 2008 Outline Subject of class Class topics and organization Reading material Class web page Grading Projects

838 views • 50 slides
Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall

Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall

Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall 2014 Web Security Lots of Internet traffic is related to the web Much of it is financial in nature Also lots of private information flow

859 views • 70 slides
Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher Lecture 18 CS 118 Page 1 Winter 2016 Another type of layer deficiency Some layers of protocol do not provide any security or privacy What if

708 views • 59 slides
Introduction CS 118 Computer Network Fundamentals Peter Reiher Lecture 1 CS 118 Page 1

Introduction CS 118 Computer Network Fundamentals Peter Reiher Lecture 1 CS 118 Page 1

Introduction CS 118 Computer Network Fundamentals Peter Reiher Lecture 1 CS 118 Page 1 Winter 2016 Purpose of the class To familiarize you with the basic concepts of computer networking Computer networks are increasingly key to

1.13k views • 66 slides
Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1 CS 136, Winter 2008 Outline Basics of network security Definitions Sample attacks Defense mechanisms Lecture 11 Page 2 CS 136,

613 views • 50 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

844 views • 56 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

1.15k views • 64 slides
Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L.

Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L.

Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L. Reiher {pahp, reiher}@cs.ucla.edu Laboratory for Advanced Systems Research (LASR) University of California Los Angeles The 3 rd Workshop on Cyber

314 views • 28 slides
Intrusion Detection Computer Security Peter Reiher November 18, 2014 Lecture 11 Page 1 CS

Intrusion Detection Computer Security Peter Reiher November 18, 2014 Lecture 11 Page 1 CS

Intrusion Detection Computer Security Peter Reiher November 18, 2014 Lecture 11 Page 1 CS 136, Fall 2014 Outline Introduction Characteristics of intrusion detection systems Some sample intrusion detection systems Lecture 11

737 views • 63 slides
Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 19 Page 1 CS 236 Online Putting It All Together Weve talked a lot about security principles And about security problems And

209 views • 17 slides
Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 15 Page 1 CS 236 Online Evaluating Program Security What if your task isnt writing secure code? Its determining if someone

423 views • 16 slides
Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture

Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture

Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 9 Page 1 CS 236 Online Some Important Network Characteristics for Security Degree of locality Media used Protocols used Lecture 9

156 views • 11 slides
Cryptographic Keys CS 136 Computer Security Peter Reiher October 16, 2014 Lecture 5 Page 1

Cryptographic Keys CS 136 Computer Security Peter Reiher October 16, 2014 Lecture 5 Page 1

Cryptographic Keys CS 136 Computer Security Peter Reiher October 16, 2014 Lecture 5 Page 1 CS 136, Fall 2014 Outline Properties of keys Key management Key servers Certificates Lecture 5 Page 2 CS 136, Fall 2014

1.02k views • 68 slides
More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 4 Page 1 CS 236 Online Outline Desirable characteristics of ciphers Stream and block ciphers Cryptographic modes Uses of

475 views • 29 slides
Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 3 Page 1 CS 236 Online Mandatory Access Control and the Real World For a long time, things like Bell-La Padula were hard to run

220 views • 6 slides
Communications Channels CS 118 Computer Network Fundamentals Peter Reiher Lecture 3 CS 118

Communications Channels CS 118 Computer Network Fundamentals Peter Reiher Lecture 3 CS 118

Communications Channels CS 118 Computer Network Fundamentals Peter Reiher Lecture 3 CS 118 Page 1 Winter 2016 Review: Comm. as shared state Communication is less than most think Just syntax not semantics or intent Information

795 views • 76 slides
Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 7

Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 7

Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 7 Page 1 CS 236 Online Outline Introduction Basic authentication mechanisms Lecture 7 Page 2 CS 236 Online Introduction Much of

799 views • 30 slides
Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 4 Page 1 CS 236 Online Brute Force Attacks, the iPhone, and the FBI Recently lots of news about the FBI needing to crack an iPhone It

85 views • 8 slides

More recommend