introduction cs 136 computer security peter reiher
play

Introduction CS 136 Computer Security Peter Reiher January 8, - PowerPoint PPT Presentation

Feb 17, 2024 •461 likes •1.19k views

Introduction CS 136 Computer Security Peter Reiher January 8, 2008 Lecture 1 Page 1 CS 136, Winter 2008 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

  1. Introduction CS 136 Computer Security Peter Reiher January 8, 2008 Lecture 1 Page 1 CS 136, Winter 2008

  2. Purpose of Class • To introduce students to computer security issues • To familiarize students with secure software development • To learn to handle security in today’s installations and systems Lecture 1 Page 2 CS 136, Winter 2008

  3. Description of Class • Topics to be covered • Prerequisites • Grading • Reading materials • Homework • Office hours • Web page Lecture 1 Page 3 CS 136, Winter 2008

  4. Topics to Be Covered • Cryptography and authentication – Use, not design and analysis – Crypto classes cover more deeply • Access control and security models • Secure software design and programming • Secure protocols • Network security – threats and countermeasures • Operating systems security • Security analysis and forensics • Malware, common attacks, and important defenses Lecture 1 Page 4 CS 136, Winter 2008

  5. Prerequisites • CS111 (Operating Systems) • CS118 (Computer Networks) • Or equivalent classes elsewhere • If you aren’t familiar with this material, you’ll be at a disadvantage –Talk to me if you want to take this class, anyway Lecture 1 Page 5 CS 136, Winter 2008

  6. Teaching Assistant • Peter Petersen – pahp@cs.ucla.edu • Weekly recitation sections on Fridays at 2-4 – Rolfe 3126 – Won’t cover new material – But likely to be helpful with problems with lectures • Will also handle all homework issues • Office hours: TBA Lecture 1 Page 6 CS 136, Winter 2008

  7. Grading • Midterm – 25% • Homeworks – 25% • Final – 50% Lecture 1 Page 7 CS 136, Winter 2008

  8. Class Format • A lecture class • Usually discussion of recently covered material at start of the class • Then lecture on new material • Questions and discussions always welcomed Lecture 1 Page 8 CS 136, Winter 2008

  9. Reading Materials • Textbook • Non-required supplemental text • Optional papers and web pages Lecture 1 Page 9 CS 136, Winter 2008

  10. Textbook • Computer Security: Art and Science –By Matt Bishop • Available in UCLA bookstore • Bishop has a shorter version –That’s not the one we’re using • First reading assignment: Chapter 1 Lecture 1 Page 10 CS 136, Winter 2008

  11. Supplemental Text • Secrets and Lies – By Bruce Schneier • Not a textbook at all • A philosophy of computer security • Great for appreciating the field and problems • Not great for depth of technical details • Not required – No readings will be assigned from this book – But if you plan to work in this field, read it Lecture 1 Page 11 CS 136, Winter 2008

  12. Papers and Web Pages • Non-required reading material • Might or might not be assigned each week • Usually made available electronically –Through class web page • Generally relevant news stories or discussion of security topics Lecture 1 Page 12 CS 136, Winter 2008

  13. Homeworks • Five assignments • Requiring practical work • Performed on the Deter testbed –Can be done from any connected location • Individual, not group, assignments Lecture 1 Page 13 CS 136, Winter 2008

  14. Homework Topics 1. Access control and permissions • Week 3 2. Exploits • Week 4 3. Analysis of attacks and forensics • Week 6 4. Man in the middle attacks • Week 7 5. Intrusion detection • Week 8 Lecture 1 Page 14 CS 136, Winter 2008

  15. More on Homeworks • Each homework has an associated web page – With full instructions and pointers to necessary tools • Due by midnight on Thursday of indicated week • Class TA will provide advise and assistance on homeworks Lecture 1 Page 15 CS 136, Winter 2008

  16. The Deter Testbed • A set of machines devoted to security research and education • Located at ISI and SRI • Accessible remotely • Special accounts set up for this class • Second lecture will provide instructions on using Deter – With further assistance from TA Lecture 1 Page 16 CS 136, Winter 2008

  17. Tests • Midterm – February 12 in class • Final – Friday, March 21, 3:00-6:00 PM • Closed book/notes tests Lecture 1 Page 17 CS 136, Winter 2008

  18. Office Hours • MW 2-3 • Held in 3532F Boelter Hall • Other times available by prior arrangement Lecture 1 Page 18 CS 136, Winter 2008

  19. Class Web Page http://www.lasr.cs.ucla.edu/classes/136_winter08 • Slides for classes will be posted there –By 5 PM the previous afternoon –In 6-up PDF form or Powerpoint • Readings will be posted there –With links to web pages Lecture 1 Page 19 CS 136, Winter 2008

  20. Introduction to Computer Security • Why do we need computer security? • What are our goals and what threatens them? Lecture 1 Page 20 CS 136, Winter 2008

  21. Why Is Security Necessary? • Because people aren’t always nice • Because a lot of money is handled by computers • Because a lot of important information is handled by computers • Because our society is increasingly dependent on correct operation of computers Lecture 1 Page 21 CS 136, Winter 2008

  22. History of the Security Problem • In the beginning, there was no computer security problem • Later, there was a problem, but nobody cared • Now, there’s a big problem and people care – Only a matter of time before a real disaster – At least one company went out of business due to a DDoS attack – Identity theft and phishing claim vast number of victims – A cyberattack released a large quantity of sewage in Australia – Recent video showed cyberattack causing an electric transformer to fail – Increased industry spending on cybersecurity Lecture 1 Page 22 CS 136, Winter 2008

  23. Some Examples of Large Scale Security Problems • The Internet Worm • Modern malicious code attacks • Distributed denial of service attacks • Vulnerabilities in commonly used systems Lecture 1 Page 23 CS 136, Winter 2008

  24. The Internet Worm • Launched in 1988 • A program that spread over the Internet to many sites • Around 6,000 sites were shut down to get rid of it • And (apparently) its damage was largely unintentional • The holes it used have been closed – But the basic idea still works Lecture 1 Page 24 CS 136, Winter 2008

  25. Malicious Code Attacks • Multiple new viruses, worms, and Trojan horses appear every week • Storm worm continues to compromise large numbers of computers • IM attacks becoming increasingly popular –And cell phone attacks appearing Lecture 1 Page 25 CS 136, Winter 2008

  26. Distributed Denial of Service Attacks • Use large number of compromised machines to attack one target – By exploiting vulnerabilities – Or just generating lots of traffic • Very common today • Attacks are increasing in sophistication • In general form, an extremely hard problem Lecture 1 Page 26 CS 136, Winter 2008

  27. The (first) DNS DDoS Attack • Attack on the 13 root servers of the DNS system • Ping flood on all servers • Interrupted service from 9 of the 13 • But did not interrupt DNS service in any noticeable way • A smaller attack on DNS more recently – Even less successful Lecture 1 Page 27 CS 136, Winter 2008

  28. Vulnerabilities in Commonly Used Systems • 802.11 WEP is fatally flawed • Vulnerabilities pop up regularly in Windows, Linux, and Apple systems – Today, Microsoft will release patches for two Windows vulnerabilities, one critical • Many popular applications have vulnerabilities – Recent vulnerabilities in Adobe Flash and RealPlayer • Many security systems have vulnerabilities – Recent buffer overflow in Cisco Security Agent Lecture 1 Page 28 CS 136, Winter 2008

  29. Electronic Commerce Attacks • As Willie Sutton said when asked why he robbed banks, – “Because that’s where the money is” • Increasingly, the money is on the Internet • Criminals have followed • Common problems: – Credit card number theft (often via phishing) – Identity theft (phishing, again, is a common method) – Loss of valuable data from laptop theft – Manipulation of e-commerce sites – Extortion via DDoS attacks or threatened release of confidential data Lecture 1 Page 29 CS 136, Winter 2008

  30. Another New Form of Cyberattack • Click fraud • Based on popular pay-per-click model of Internet advertising • Two common forms: – Rivals make you pay for “false clicks” – Profit sharers “steal” or generator bogus clicks to drive up profits Lecture 1 Page 30 CS 136, Winter 2008

  31. Some Recent Statistics • From Computer Security Institute Computer Crime and Security Survey, 2007 1 • 46% of respondents reported a security incident in last year • Total estimated losses by respondents: $66 million – 1/3 from financial fraud – Also big losses from worms, spyware, outsider penetration 1 http://www.gocsi.com/forms/csi_survey.jhtml Lecture 1 Page 31 CS 136, Winter 2008

  32. How Much Attack Activity Is There? • Blackhole monitoring on a small (8 node) network 1 • Detected 640 billion attack attempts over four month period • At peak of Nimda worm’s attack, 2000 worm probes per second 1 Unpublished research numbers from Farnham Jahanian, U. of Michigan, DARPA FTN PI meeting, January 2002. Lecture 1 Page 32 CS 136, Winter 2008

Recommend

Introduction CS 136 Computer Security Peter Reiher January 10, 2017 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher January 10, 2017 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher January 10, 2017 Lecture 1 Page 1 CS 136, Winter 2017 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

599 views • 57 slides
Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136,

Introduction CS 136 Computer Security Peter Reiher April 1, 2014 Lecture 1 Page 1 CS 136, Spring 2014 Purpose of Class To introduce students to computer security issues To familiarize students with secure software development

1.18k views • 72 slides
Introduction to Cryptography CS 136 Computer Security Peter Reiher January 17, 2017 Lecture 3

Introduction to Cryptography CS 136 Computer Security Peter Reiher January 17, 2017 Lecture 3

Introduction to Cryptography CS 136 Computer Security Peter Reiher January 17, 2017 Lecture 3 Page 1 CS 136, Winter 2017 Outline What is data encryption? Cryptanalysis Basic encryption methods Substitution ciphers

1.16k views • 66 slides
More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS

More on Malware CS 136 Computer Security Peter Reiher March 4, 2008 Lecture 14 Page 1 CS 136, Winter 2008 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Some

701 views • 53 slides
Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136,

Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136,

Malicious Software Computer Security Peter Reiher November 25, 2014 Lecture 12 Page 1 CS 136, Fall 2014 Outline Introduction Viruses Trojan horses Trap doors Logic bombs Worms Botnets Spyware Malware

838 views • 67 slides
Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136,

Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136,

Network Security Computer Security Peter Reiher November 4, 2014 Lecture 9 Page 1 CS 136, Fall 2014 Outline Network security characteristics and threats Denial of service attacks Traffic control mechanisms Firewalls

797 views • 67 slides
Introduction CS 236 Advanced Computer Security Peter Reiher April 1, 2008 Lecture 1 Page 1

Introduction CS 236 Advanced Computer Security Peter Reiher April 1, 2008 Lecture 1 Page 1

Introduction CS 236 Advanced Computer Security Peter Reiher April 1, 2008 Lecture 1 Page 1 CS 236, Spring 2008 Outline Subject of class Class topics and organization Reading material Class web page Grading Projects

838 views • 50 slides
Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall

Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall

Web Security Computer Security Peter Reiher December 9, 2014 Lecture 15 Page 1 CS 136, Fall 2014 Web Security Lots of Internet traffic is related to the web Much of it is financial in nature Also lots of private information flow

859 views • 70 slides
Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher

Layer Optimization: Security and Privacy CS 118 Computer Network Fundamentals Peter Reiher Lecture 18 CS 118 Page 1 Winter 2016 Another type of layer deficiency Some layers of protocol do not provide any security or privacy What if

708 views • 59 slides
Introduction CS 118 Computer Network Fundamentals Peter Reiher Lecture 1 CS 118 Page 1

Introduction CS 118 Computer Network Fundamentals Peter Reiher Lecture 1 CS 118 Page 1

Introduction CS 118 Computer Network Fundamentals Peter Reiher Lecture 1 CS 118 Page 1 Winter 2016 Purpose of the class To familiarize you with the basic concepts of computer networking Computer networks are increasingly key to

1.13k views • 66 slides
Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1

Network Security CS 136 Computer Security Peter Reiher February 21, 2008 Lecture 11 Page 1 CS 136, Winter 2008 Outline Basics of network security Definitions Sample attacks Defense mechanisms Lecture 11 Page 2 CS 136,

613 views • 50 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Spring 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

844 views • 56 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

1.15k views • 64 slides
Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L.

Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L.

Security Exercises for the Online Classroom with DETER Peter A. H. Peterson and Dr. Peter L. Reiher {pahp, reiher}@cs.ucla.edu Laboratory for Advanced Systems Research (LASR) University of California Los Angeles The 3 rd Workshop on Cyber

314 views • 28 slides
Intrusion Detection Computer Security Peter Reiher November 18, 2014 Lecture 11 Page 1 CS

Intrusion Detection Computer Security Peter Reiher November 18, 2014 Lecture 11 Page 1 CS

Intrusion Detection Computer Security Peter Reiher November 18, 2014 Lecture 11 Page 1 CS 136, Fall 2014 Outline Introduction Characteristics of intrusion detection systems Some sample intrusion detection systems Lecture 11

737 views • 63 slides
Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 19 Page 1 CS 236 Online Putting It All Together Weve talked a lot about security principles And about security problems And

209 views • 17 slides
Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 15 Page 1 CS 236 Online Evaluating Program Security What if your task isnt writing secure code? Its determining if someone

423 views • 16 slides
Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture

Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture

Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 9 Page 1 CS 236 Online Some Important Network Characteristics for Security Degree of locality Media used Protocols used Lecture 9

156 views • 11 slides
Cryptographic Keys CS 136 Computer Security Peter Reiher October 16, 2014 Lecture 5 Page 1

Cryptographic Keys CS 136 Computer Security Peter Reiher October 16, 2014 Lecture 5 Page 1

Cryptographic Keys CS 136 Computer Security Peter Reiher October 16, 2014 Lecture 5 Page 1 CS 136, Fall 2014 Outline Properties of keys Key management Key servers Certificates Lecture 5 Page 2 CS 136, Fall 2014

1.02k views • 68 slides
More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 4 Page 1 CS 236 Online Outline Desirable characteristics of ciphers Stream and block ciphers Cryptographic modes Uses of

475 views • 29 slides
Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 3 Page 1 CS 236 Online Mandatory Access Control and the Real World For a long time, things like Bell-La Padula were hard to run

220 views • 6 slides
Communications Channels CS 118 Computer Network Fundamentals Peter Reiher Lecture 3 CS 118

Communications Channels CS 118 Computer Network Fundamentals Peter Reiher Lecture 3 CS 118

Communications Channels CS 118 Computer Network Fundamentals Peter Reiher Lecture 3 CS 118 Page 1 Winter 2016 Review: Comm. as shared state Communication is less than most think Just syntax not semantics or intent Information

795 views • 76 slides
Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 7

Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 7

Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 7 Page 1 CS 236 Online Outline Introduction Basic authentication mechanisms Lecture 7 Page 2 CS 236 Online Introduction Much of

799 views • 30 slides
Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 4 Page 1 CS 236 Online Brute Force Attacks, the iPhone, and the FBI Recently lots of news about the FBI needing to crack an iPhone It

85 views • 8 slides

More recommend