csci 331 introduction to computer security...2019/09/04 · computer security is… attacks are...
TRANSCRIPT
Instructor: Prof. Daniel Barowy
CSCI 331 Introduction to Computer Security
Thinking… … not feeling.
First thing this course is about:
Second thing this course is about:
How security is designed and implemented.
Security is a broad topic!
We do not have enough time to cover everything!
“security” = four essential ingredients
confidentiality (privacy) integrity
authenticity availability
We analyze the security of assets
Some assets:
• Data (email, photos, documents, …)
• Software (operating system, mail daemon, …)
• Things (computer, power grid, e911, …)
We analyze the security of assets with respect to adversaries
Some adversaries:• National governments • Organized crime • Thrill-seekers • Graduate students • Journalists • “Friends”
• Business competitors • [H]activists • Potential employers • Professors!! • Students!!!
Class activity:
1. Pair up with the person next to you. 2. Take 5 minutes to Google me. 3. What do you learn? 4. What don’t you learn?
We analyze the security of assets with respect to adversaries
We analyze the security of assets with respect to adversaries
who aim to achieve certain goals.
We call these scenarios threats. We call these scenarios threats.
We analyze the security of assets with respect to adversaries
who aim to achieve certain goals.
There are a few ways to analyze threats without emotions getting in the way.
• Damage to assets (e.g., email deleted). • Source of the attack (e.g., the Internet). • By effect on 4 security essentials:
• Confidentiality (e.g., info leaked!) • Integrity (e.g., info changed!) • Authenticity (e.g., info forged!) • Availability (e.g., info unreachable!)
Weaknesses in security are called vulnerabilities.
• Bad policy: user has the password “password”. • Bad implementation: program leaks passwords. • Weak crypto: eavesdropping on conversations. • Bad physical security: someone steals laptop. • Numerous others…
For example:
Risk analysis is the systematic analysis of threats to assets.
Confident-iality
Integrity Authen-ticity
Availability
Docs
Photos
Music
“Should I connect to airport wifi?”
Sadly, the state of the art in computer security is…
Attacks are easy.
Defenses are hard.
It’s hard to know your vulnerabilities.
It helps to think holistically.
Sadly: there is no good “theory of security”
You will never feel like you’ve mastered security.
Anyone who says they have is mistaken (or lying).
Sadly: there is no good “theory of security”
But thinking systematically and carefully effectively reduce the risks!
About the course
Three kinds of homework:
1. Programming assignments (“labs”) • Due roughly every two weeks
2. Reading & written responses • Due every week.
3. Final project • Checkpoint due roughly every two weeks
Two kinds of readings
1. Reading for the written responses (as mentioned before)
2. Background reading to be prepared for class / assignments
Note: The Cuckoo’s Egg is reading type 1. An easy read, but can’t be done in a weekend.
About the course
Two kinds of readings
1. Reading for the written responses (as mentioned before)
2. Background reading to be prepared for class / assignments
Note: The Cuckoo’s Egg is reading type 1. An easy read, but can’t be done in a weekend.
About the course
How to turn in assignments
Short demo in a moment.
Have you filled in the Google Form yet?
About the course
All handed-in work must be code
1. Programming assignments • C code or • Java code
2. Writing responses • LaTeX code (+ PDF file)
3. Project checkpoints • LaTeX code • C or Java code • Other files
About the course
You will commit to the GitHub repository assigned to you.
Sometimes, this repository will include starter code or a LaTeX template.
Let’s look at a sample writing assignment.
About the course
Office Hours in TCL 307
Thursday: 3-5pm
Friday: 4-6pm
This is hopefully athlete-friendly.
and by appointment
Electives do not get TAs!
About the course
The right attitude for success
You are the intrepid explorer.
I am your elder guide.
You want the adventure.
I want to stay home and putter around my office.
The right attitude for success
I am always eager to help as long as you’re the one doing the driving.
The right attitude for success
There are “good guys” and “bad guys.”
Something to know about security
Please do not be a bad guy.
Good guys don’t pull their punches with bad guys.
Something to know about security
I won’t either.
Computer security is intellectually stimulating…
and can be incredibly exciting.I hope you learn a lot and have a great
semester!
Questions?