Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intro to Computer Security For COP3502, Intro to Computer Science Lecture 1 1.

Published byCynthia Booth Modified over 9 years ago

Similar presentations

Presentation on theme: "Intro to Computer Security For COP3502, Intro to Computer Science Lecture 1 1."— Presentation transcript:

1 Intro to Computer Security For COP3502, Intro to Computer Science Lecture 1 1

2 8/26/2013 11:17:09 PM week01-general.ppt2 Internet and Its Usage

3 8/26/2013 11:17:09 PM week01-general.ppt3 Internet and Its Usage – cont. It created a lot of new opportunities and even became a critical factor for cultural revolutions –Our daily life activities rely on the computers and the Internet –Government and even critical infrastructures rely on the computers and Internet As revealed recently, governments often collect and save all the data they can in order to carry out tasks that are perceived important by government entities

4 8/26/2013 11:17:09 PM week01-general.ppt4 Internet and Its Usage – cont. The high connectivity, unfortunately, also provides new opportunities to new problems –Sony had to disconnect 77 million users due to a security breach –Pacific Northwest National Laboratory was hacked in July 2011

5 8/26/2013 11:17:08 PM week01-general.ppt5 Common Internet Problems What shall you do and why?

6 8/26/2013 11:17:08 PM week01-general.ppt6 Internet and Its Usage – cont. Critical infrastructure vulnerability and protection

7 8/26/2013 11:17:07 PM week01-general.ppt7 Security Bounty Programs

8 8/26/2013 11:17:07 PM week01-general.ppt8 Stuxnet This probably is the most sophisticated worm –It was created to compromise nuclear facilities

9 8/26/2013 11:17:06 PM week01-general.ppt9 Computer Security as an Industry It is a multi-billion industry that is expected to grow steadily –In addition, security has become a top priority of software development companies http://www.marketresearchmedia.com/2009/05/25/us-federal-cybersecurity-market-forecast-2010-2015 /

10 8/26/2013 11:17:04 PM week01-general.ppt10 Security Issues of mysecureonlinestore.com (MSOS) Suppose that you are the new owner of the MSOS store, –What are your security concerns? –How about your customers? –How about hackers?

11 8/26/2013 11:17:04 PM week01-general.ppt11 Security Issues of mysecureonlinestore.com (MSOS) What are your security concerns? –How about your customers? –How about hackers? How can you define your security precisely? –Then how can you prove that the system you have satisfy your security requirements? Note that your security depends on your computer systems as well as many other components (Internet and computers your customers use).

12 8/26/2013 11:17:03 PM week01-general.ppt12 The Cast of Characters Alice and Bob are the good guys Trudy is the bad guy Trudy is our generic “intruder” Note that they do not have to be real people

13 8/26/2013 11:17:03 PM week01-general.ppt13 CIA Confidentiality, Integrity, and Availability You must prevent Trudy from learning Bob’s account information Confidentiality: prevent unauthorized reading of information –More generally, prevent revealing information to unauthorized parties

14 8/26/2013 11:17:02 PM week01-general.ppt14 CIA Note that confidentiality potentially involves many aspects

15 8/26/2013 11:17:02 PM week01-general.ppt15 CIA Trudy must not be able to change Bob’s order information –Bob must not be able to improperly change his own account balance Integrity: prevent unauthorized writing of information

16 8/26/2013 11:17:02 PM week01-general.ppt16 CIA Your store information must be available when needed Alice must be able to make transactions –If not, she’ll take her business elsewhere Availability: Data is available in a timely manner when needed –Availability is a “new” security concern In response to denial of service (DoS) –We will discuss some methods to mitigate DoS attacks (for example, by using distributed servers)

17 8/26/2013 11:17:01 PM week01-general.ppt17 Beyond CIA How does Bob’s computer know that “Bob” is really Bob and not Trudy? Bob’s password must be verified –This requires some clever cryptography What are security concerns of passwords? Are there alternatives to passwords?

18 8/26/2013 11:17:01 PM week01-general.ppt18 Beyond CIA When Bob logs into MSOS, how does MSOS know that “Bob” is really Bob? –As before, Bob’s password is verified Unlike standalone computer case, network security issues arise –What are network security concerns? –Protocols are critically important Crypto are also important in protocols

19 8/26/2013 11:17:01 PM week01-general.ppt19 Beyond CIA Once Bob is authenticated by MSOS, then MSOS must restrict actions of Bob –Bob can’t view Charlie’s account info –Bob can’t install new software, etc. Enforcing these restrictions is known as authorization Access control includes both authentication and authorization

20 8/26/2013 11:17:01 PM week01-general.ppt20 Beyond CIA For military applications, one of the worst authorization problems is “insider” threat –A current or former employee, contractor, or business partner who has or had authorized access to an organization’s network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems –How to prevent insider threat is an active research topic

21 8/26/2013 11:17:00 PM week01-general.ppt21 Beyond CIA Cryptography, protocols, and access control are implemented in software What are security issues of software? –Most software is complex and buggy –Software flaws lead to security flaws –How to reduce flaws in software development?

22 8/26/2013 11:17:00 PM week01-general.ppt22 Beyond CIA Some software is intentionally evil –Malware: computer viruses, worms, etc. What can Alice and Bob do to protect themselves from malware? What can Trudy do to make malware more “effective”?

23 8/26/2013 11:17:00 PM week01-general.ppt23 Beyond CIA Operating systems enforce security –For example, authorization OS: large and complex software –Win XP has 40,000,000 lines of code! –Subject to bugs and flaws like any other software –Many security issues specific to operating systems Because kernel functions have many privileges that user programs do not have –Can you trust an OS?

24 8/26/2013 11:16:59 PM week01-general.ppt24 Beyond CIA Suppose that you are in charge of a top-secret government program, your group needs to purchase security products –How can you make sure the products satisfy your security requirements? How do you even approach the problem? –How do you make sure that the systems are configured correctly and always remain secure?

25 8/26/2013 11:16:59 PM week01-general.ppt25 Beyond CIA Note that security related jobs are often considered as “unnecessary” overheads –Unless bad things happen to the systems –Security can be expensive –Security in practice depends heavily on the risk management of users and managers and the society Such as laws to punish cyber crimes

26 8/26/2013 11:16:59 PM week01-general.ppt26 Think Like Trudy In the past, no respectable sources talked about “hacking” in detail It was argued that such info would help hackers Very recently, this has changed –Books on network hacking, how to write evil software, how to hack software, etc.

27 8/26/2013 11:16:58 PM week01-general.ppt27 Think Like Trudy Good guys must think like bad guys! A police detective –Must study and understand criminals In computer security –We want to understand Trudy’s motives –We must know Trudy’s methods –We’ll often pretend to be Trudy

28 8/26/2013 11:16:58 PM week01-general.ppt28 Think Like Trudy We must try to think like Trudy We must study Trudy’s methods We can admire Trudy’s cleverness Often, we can’t help but laugh at Alice and Bob’s naivety But, we cannot act like Trudy –We will cover ways to break systems that are being used; if you try them on others’ systems, you will be liable for all the consequences –If you do not have permission, do not do it

29 8/26/2013 11:16:58 PM week01-general.ppt29 Related Areas Computer Science –Network security –Secure programming –Artificial intelligence –Pattern recognition –Operating systems Mathematics –Number theory –Elliptic curve cryptography –Proofs of security theories

30 8/26/2013 11:16:57 PM week01-general.ppt30 Related Areas – cont. Electric engineering –Physical security and emanations security Statistics –Risk management –Statistical analysis Psychology –Human factors and social engineering Politics and economics

31 8/26/2013 11:16:57 PM week01-general.ppt31 Summary Computer security is ubiquitous –As computers are highly connected, computer security becomes relevant to every computer user and system –Additionally, as many government and essential services also rely on the Internet, computer security is vital for critical infrastructure protection

Download ppt "Intro to Computer Security For COP3502, Intro to Computer Science Lecture 1 1."

Similar presentations

CS5038 The Electronic Society

CS5038 The Electronic Society
Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 

Chapter 1  Introduction 1 Introduction Chapter 1  Introduction 2 The Cast of Characters  Alice and Bob are the good guys  Trudy is the bad guy 
Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.
Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”

Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Lecture 1: Information Security Overview SYCS 653 – Fall 2009 Wayne Patterson.

Lecture 1: Information Security Overview SYCS 653 – Fall 2009 Wayne Patterson.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:

Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Similar presentations

Ads by Google