August 28, 2003Course ObjectiveCourse MaterialPrerequisitesCourse OutlineGradingContactCourse PoliciesSecurity Assured Information Systems Track (SAIS)Introduction to SecurityInformation Systems SecurityBasic Components of SecurityInterdependenciesInformation Security 20 years backInformation security todayTerminologyAttack Vs ThreatCommon security attacksClasses of ThreatsGoals of SecurityPolicies and MechanismsAssumptions and TrustTypes of MechanismsSlide 24Information AssuranceAssuranceOperational IssuesHuman IssuesTying all together: The Life CycleProtection SystemSlide 31Access Control Matrix ModelAccess Control MatrixSlide 34Access Controlled by HistorySlide 36Solution: Query Set Overlap Control (Dobkin, Jones & Lipton ’79)ACM of Database QueriesBut Query 2State TransitionsPrimitive commands (HRU)Create SubjectCreate ObjectAdd RightDelete RightDestroy SubjectDestroy ObjectSystem commands using primitive operationsConditional CommandsAttenuation of privilegeFundamental questionsWhat is a secure system?Safety Problem: formallyDecidability Results (Harrison, Ruzzo, Ullman)What is the implication?Take-Grant Protection ModelSlide 57Take-Grant Protection Model: SharingAny two subjects with tg-path of length 1 can share rightsSlide 60Other definitionsBridgeTheorem: Can_share(α,x,y,G0) (for subjects)What about objects? Initial, terminal spansTheorem: Can_share(α,x,y,G0)Courtesy of Professors Prasant Krisnamurthy, Chris Clifton & Matt BishopINFSCI 2935: Introduction of Computer Security1August 28, 2003August 28, 2003Introduction to Introduction to Computer SecurityComputer SecurityINFSCI 2935: Introduction to Computer Security 2Course ObjectiveCourse ObjectiveThe objective of the course is to cover the The objective of the course is to cover the fundamental issues of information system fundamental issues of information system security and assurance.security and assurance.INFSCI 2935: Introduction to Computer Security 3Course MaterialCourse MaterialTextbookTextbookComputer Security: Art and Science, Matt Bishop, Addison- Wesley, 2003Will follow the book mostlyWill be supplemented by other material (references and papers)Errata URL: http://nob.cs.ucdavis.edu/~bishop/Other ReferencesOther ReferencesSecurity in Computing, 2nd Edition, Charles P. Pfleeger, Prentice HallSecurity Engineering: A Guide to Building Dependable Distributed Systems, Ross Anderson, Wiley, John & Sons, Incorporated, 2001Building Secure Software: How to avoid the Security Problems the Right Way, John Viega, Gary McGraw, Addison-Wesley, 2002PapersPapersList will be provided as supplemental readings and review assignmentsINFSCI 2935: Introduction to Computer Security 4PrerequisitesPrerequisitesAssumes the following backgroundAssumes the following backgroundGood programming experienceWorking knowledge of Operating systems, algorithms and data structures, database systems, and networksMathematicsUndergraduate mathematicsSome knowledge of mathematical logicNot sure? Not sure? SEE MESEE MEINFSCI 2935: Introduction to Computer Security 5Course OutlineCourse OutlineSecurity Basics (1-8)Security Basics (1-8)General overview and definitionsSecurity models and policy issuesBasic Cryptography and Network security (9-12, 26)Basic Cryptography and Network security (9-12, 26)Introduction to cryptography and classical cryptosystemAuthentication protocols and Key ManagementSystems Design Issues and Information assurance (13-21, 24, ??)Systems Design Issues and Information assurance (13-21, 24, ??)Design principlesSecurity MechanismsAuditing SystemsRisk analysisSystem verification and evaluationIntrusion Detection and Response (23, 25, ??)Intrusion Detection and Response (23, 25, ??)Attack Classification and Vulnerability AnalysisDetection, Containment and Response/RecoveryMiscellaneous Issues (22, ??)Miscellaneous Issues (22, ??)Malicious code, Mobile codeDigital Rights Management, ForensicsEmerging issues: E/M-commerce security, Multidomain Security Issues etc.INFSCI 2935: Introduction to Computer Security 6GradingGradingLab + Homework/Quiz/Paper review 30%Lab + Homework/Quiz/Paper review 30%Midterm 20%Midterm 20%Paper/Project 15%Paper/Project 15%List of suggested topics will be posted; Encouraged to think of a project/topic of your interestComprehensive Final 35%Comprehensive Final 35%INFSCI 2935: Introduction to Computer Security 7ContactContactJames JoshiJames Joshi721, IS Building721, IS BuildingPhone: 412-624-9982 Phone: 412-624-9982 E-mail: E-mail: [email protected]@mail.sis.pitt.eduWeb: Web: www2.sis.pitt.edu/~jjoshi/INFSCI2935www2.sis.pitt.edu/~jjoshi/INFSCI2935Office Hours:Office Hours:Fridays: 2.00 – 4.00 p.m.By appointmentsGSA: will be announced laterGSA: will be announced laterINFSCI 2935: Introduction to Computer Security 8Course PoliciesCourse PoliciesYour work MUST be your ownYour work MUST be your ownNo copying from web or other books without understanding the materialZero tolerance for cheating You get an F for the course if you cheat in anything however small – NO DISCUSSIONHomeworkHomeworkThere will be penalty for late assignments (15% each day)Ensure clarity in your answers – no credit will be given for vague answersHomework is primarily the GSA’s responsibilitySolutions will be posted in the libraryCheck webpage for everything!Check webpage for everything!You are responsible for checking the webpage for updatesINFSCI 2935: Introduction to Computer Security 9Security Assured Information Security Assured Information Systems Track (SAIS)Systems Track (SAIS)INFSCI 2935 will likely be INFSCI 2935 will likely be TEL2810TEL2810INFSCI 2935 is the foundation INFSCI 2935 is the foundation course for the SAIS trackcourse for the SAIS trackSAIS CoursesSAIS CoursesProf. Krishnamurthy TELCOM 2820 – CryptographyTELCOM 2821 – Network Security(??)Several interesting electives (??)Several interesting electives (??)TELCOM 2825: Information System and Infrastructure ProtectionDr. Tipper – Fall 2003SAIS TrackCore(12 credits)SAIS TrackCore(12 credits)SAIS TrackElectives(3 credits)SAIS TrackElectives(3 credits)TEL-2810 IntroTo SecurityTEL-2820 CryptographyTEL-2821 NetworkSecurityTEL-2830 Capstone Course in SecurityTEL-2810 IntroTo SecurityTEL-2820 CryptographyTEL-2821
View Full Document