1August 29, 2005 © Doug Tygar, 2005 (cs161.org)CS 194-1 (CS 161) Class IntroductionDoug Tygar ([email protected])August 29, 2005cs161.orgAugust 29, 2005 © Doug Tygar, 2005 (cs161.org)CS 161 (194-1) basic facts• This is a class about computer security• 4 units• This is an experimental class – if successful, it will become CS 161• To take this class, you need patience, an open mind, and willingness to work hardAugust 29, 2005 © Doug Tygar, 2005 (cs161.org)Adding this class• If you are an upper division declared major and currently on the waiting list you have a good chance of getting in work with Michael-David Sasson• If you want to add and aren’t in already get on the waiting list asap!August 29, 2005 © Doug Tygar, 2005 (cs161.org)Berkeley – leader in security research• TRUST (Berkeley leads consortium)• DETER (Berkeley leads consortium)• ACCURATE• NEST• Crypto research• Security and HCI• Security for NSF, DoD, DHS, USPS, DOE, etcAugust 29, 2005 © Doug Tygar, 2005 (cs161.org)Instructors• Anthony Joseph (adj@cs) 675 Soda• Doug Tygar (tygar@cs) 531 Soda and 307B South• Umesh Vazirani (vazirani@cs) 671 Soda• David Wagner (daw@cs) 629 SodaAugust 29, 2005 © Doug Tygar, 2005 (cs161.org)TAs (so far …)• Jeff Kalvass jmkalvass@berkeley Sandia “red teaming”, Google Adwords fraud detector “PrivacyLink”, “NetState”• Rusty Sears sears@cs LeadScope, Microsoft Research security, knowledge representation, programming languages, AI• Ivan Tam ivan@sims Information architecture, security & HCI, and MMPRGs2August 29, 2005 © Doug Tygar, 2005 (cs161.org)Sections• No section this week• We are likely to add a fourth section (details coming soon)August 29, 2005 © Doug Tygar, 2005 (cs161.org)Grading• Academic grade Project (35%) Two parts, three grace days Exams (40%) Midterm 1 (tentatively October 5, 10%) Midterm 2 (tentatively November 9, 10%) Final (20%) Homework (15%) 5-6 homeworks – lowest score dropped Class participation (10%)August 29, 2005 © Doug Tygar, 2005 (cs161.org)Final grade• Final grade = (ethics grade) * (academic grade)• Ethics grade will normally be 1• Ways to get a 0 ethics grade: Violate campus computing policy Violate privacy of other people without permission Tamper with data of other people without permission Fail to report a vulnerability or an observation of unethical behavior Unethical behavior may be referred for additional disciplinary actionAugust 29, 2005 © Doug Tygar, 2005 (cs161.org)Class participation• Showing up is the first step• Asking (or answering) questions is good (but don’t filibuster)• Having your cell phone ring in class is bad Taking the cell phone call in class is worse• Treat students and staff with dignityAugust 29, 2005 © Doug Tygar, 2005 (cs161.org)Collaborative work• Projects will be in groups of four all must be in the same section• Homeworks are done individually• You may use the following resources: Instructors, TAs, assigned texts, posted notes• No consulting others; No “Googling for the answer” Consult with TAs over problem cases Always cite references – plagiarism is not permittedAugust 29, 2005 © Doug Tygar, 2005 (cs161.org)Textbooks• Security in Computing, 3rded(Pfleeger)• Security Engineering (Anderson)3August 29, 2005 © Doug Tygar, 2005 (cs161.org)Other class resources• cs161.org lecture notes, pointers to some readings, and assignments are posted here• Newsgroup: ucb.class.cs161 (read daily!)August 29, 2005 © Doug Tygar, 2005 (cs161.org)Lectures (tentative)• Aug 29 Overview; intro to computer security• Aug 31 Adversaries, threat models, security goals• Sept 2 Access control, authorization• Sept 5 No class! Labor Day Holiday.• Sept 7 Network security intro• Sept 9 Networking background• Sept 12 Firewalls• Sept 14 Intrusion detectionAugust 29, 2005 © Doug Tygar, 2005 (cs161.org)Lectures (tentative)• Sept 16 Symmetric-key cryptography• Sept 19 Modular arithmetic background• Sept 21 Public-key encryption• Sept 23 Message authentication, public-key sigs• Sept 26 Secure channels• Sept 28 Software security: principles• Sept 30 Software security: defensive programmingAugust 29, 2005 © Doug Tygar, 2005 (cs161.org)Lectures (tentative)• Oct 3 Implementation flaws, buffer overruns• Oct 5 Midterm 1• Oct 7 Secret sharing• Oct 10 Cryptographic protocols, zero knowledge• Oct 12 Zero knowledge protocols• Oct 14 Authentication protocols• Oct 17 Random number generationAugust 29, 2005 © Doug Tygar, 2005 (cs161.org)Lectures (tentative)• Oct 19 Electronic cash protocols• Oct 21 Electronic commerce systems• Oct 24 Database security, inference control• Oct 26 Worms and viruses• Oct 28 Distributed denial of service• Oct 31 Web security• Nov 2 Web services, a case studyAugust 29, 2005 © Doug Tygar, 2005 (cs161.org)Lectures (tentative)• Nov 4 OS security, memory protection• Nov 7 Multi-level security, mandatory access ctl• Nov 9 Midterm 2• Nov 11 No class! Veterans Day Holiday.• Nov 14 Language-based security• Nov 16 Sandboxing• Nov 18 Hardware security, tamper resistance4August 29, 2005 © Doug Tygar, 2005 (cs161.org)Lectures (tentative)• Nov 21 Side-channel attacks, fault attacks• Nov 23 No class! Thanksgiving Holiday.• Nov 25 No class! Thanksgiving Holiday.• Remaining classes: review, overflow, & special topics• Possible special topics: Security & Law, digital rights management, e-voting, quantum cryptography, penetration testing, privacy• Post your requests!August 29, 2005 © Doug Tygar, 2005 (cs161.org)Why is security such a problem?• Monoculture computing environment• Web, e-commerce, & collaborative applications• Internet spans national boundaries• Poor programming practicesAugust 29, 2005 © Doug Tygar, 2005 (cs161.org)Two security nightmares• The transparent society• “Electronic Pearl Harbor”August 29, 2005 © Doug Tygar, 2005 (cs161.org)Electronic pearl harbor• Is this just scare-mongering?• Slammer worm took down Bank of America’s ATM network, Seattle 911 service• Nachi worm invaded Diebold ATMs?• Real worries about e-voting validity• Millions of CC #s, SS #s leaked• Case study: Attacks over the Taiwan straitsAugust 29, 2005 © Doug Tygar, 2005 (cs161.org)Goals of this class• Solid foundation
View Full Document
Unlocking...