DOC PREVIEW
Berkeley COMPSCI 161 - Lecture Notes

This preview shows page 1-2-3-4-5-6 out of 17 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 17 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

1CS 161: Computer SecurityProfs. Vern Paxson & David WagnerTAs: John Bethencourt, Erika Chin, MatthewFinifter, Cynthia Sturton, Joel Weinbergerhttp://inst.eecs.berkeley.edu/~cs161/January 20, 2010What Is This Class?• Computer security = how to keep computing systemsfunctioning as intended & free of abuse …– … and keep data we care about accessed only as desired …– … in the presence of an adversary• We will look at:– Attacks and defenses for• Programs• Networks• Systems (OS, Web)– Securing data and communications– Enabling/thwarting privacy and anonymity• How these notions have played out in the Real World• Issues span a very large range of CS– Programming, systems, hardware, networking, theory2What Will You Learn?• How to think adversarially• How to assess threats for their significance• How to build programs & systems that haverobust security properties• How to gauge the protections and limitationsprovided by today’s technology– How to balance the costs of security mechanisms vs.the benefits they offer• How today’s attacks work in practice• How security issues have played out “for real”(case studies)How Expensive is the Learning?• Absorb material presented in lectures andsection• 3 course projects (10% each, 30% total)– Done individually, perhaps some in small groups• ~4 homeworks (20% total)– Done individually• Two midterms (10% each, 20% total)– 80 minutes long: Fri Feb 26 / Wed Apr 7 (tentative)• A comprehensive final exam (30%)– Fri May 14 11:30AM-2:30PM– Alternate 3-6PM, only for CS160/CS164 conflicts• Sign up on the web by Jan 293What’s Required?• Prerequisites:– Math 55 or CS 70, CS 61B and 61C (= Java + C)– Familiarity with Unix• Engage!– In lectures, in section• Note: Prof. Paxson is hearing-impaired, so be prepared torepeat questions– Feedback to us is highly valuable; anonymous is fine• Participate in the newsgroup (ucb.class.cs161)– Send course-related questions/comments here, orask in Prof/TA office hours• For private matters, contact Profs via emailWhat’s Required?, con’t• Get class accounts– forms handed out at end of lecture• Textbook: Security in Computing,Pfleeger & Pfleeger, 4th ed.• Optional: Security Engineering,Anderson, 1st or 2nd ed. http://www.cl.cam.ac.uk/~rja14/book.html4Class Policies• Late homework: no credit• Late project: -10% if < 24 hrs, -20% < 48 hrs,-40% < 72 hrs, no credit >= 72 hrs• Working in teams: see web page• Original work, citing sources: see web page• If lecture materials are made available prior tolecture, don’t use them to answer questionsasked during classEthics & Legality• We will be discussing (and launching!) attacks -many quite nasty - and powerful eavesdroppingtechnology• None of this is in any way an invitation toundertake these in any fashion other than withinformed consent of all involved parties– The existence of a security hole is no excuse• These concerns regard not only ethics but UCBpolicy and California/United States law• If in some context there’s any question in yourmind, come talk with instructors first5Course Overview• Software issues– exploits, defenses, design principles• Web security– browsers, servers, authentication• Networking– protocols, imposing control, denial-of-service• Large-scale automated attacks– worms & botnets• Securing communication & data viacryptography– confidentiality, integrity, signatures, keys, e-cashCourse Overview, con’t• Operating systems–access control, isolation, virtual machines,viruses & rootkits• The pervasive problem of Usability• Privacy– anonymity, releasing data, remanence• Detecting/blocking attacks in “real time”• Landscape of modern attacks– spam, phishing, underground economy• Case studies6Some Broad Perspectives• A vital, easily overlooked facet of security ispolicy (and accompanying it: operating withinconstraints)• High-level goal is risk management, notbulletproof protection.– Much of the effort concerns “raising the bar” andtrading off resources• How to prudently spend your time & money?• Key notion of threat model: what you aredefending against– This can differ from what you’d expect– Consider the Department of Energy …Modern Threats• An energetic arms race betweenattackers and defenders fuels rapidinnovation in “malcode” …• … including powerful automatedtools …• … and defenders likewise devisenovel tactics …7Modern Threats• An energetic arms race betweenattackers and defenders fuels rapidinnovation in “malcode” …• … including powerful automatedtools …• … and defenders likewise devisenovel tactics …8Modern Threats• An energetic arms race betweenattackers and defenders fuels rapidinnovation in “malcode” …• … including powerful automatedtools …• … and defenders likewise devisenovel tactics …9Modern Threats, con’t• Most cyber attacks aim for profit and arefacilitated by a well-developed“underground economy …• … but recent times have seen the rise ofnation-state issues, including:– Censorship / network control– Espionage– … and war101112Modern Threats, con’t• Most cyber attacks aim for profit and arefacilitated by a well-developed“underground economy …• … there are also extensive threats toprivacy including identity theft• … but recent times have seen the rise ofnation-state issues, including:– Censorship / network control– Espionage– … and war13Modern Threats, con’t• Most cyber attacks aim for profit and arefacilitated by a well-developed“underground economy …• … there are also extensive threats toprivacy including identity theft• … and recent times have seen the rise ofnation-state issues, including:– Censorship / network control– Espionage– … and war14Modern Threats, con’t• Most cyber attacks aim for profit and arefacilitated by a well-developed“underground economy …• … there are also extensive threats toprivacy including identity theft• … and recent times have seen the rise ofnation-state issues, including:– Censorship / network control– Espionage– … and war15Modern Threats, con’t• Most cyber attacks aim for profit and arefacilitated by a well-developed“underground economy …• … there are also extensive threats toprivacy including identity theft• … but recent times have seen the rise ofnation-state


View Full Document

Berkeley COMPSCI 161 - Lecture Notes

Documents in this Course
Rootkits

Rootkits

11 pages

Load more
Download Lecture Notes
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Lecture Notes and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Lecture Notes 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?