1OverviewCS161 Computer SecurityDawn [email protected] Information• 4 units• Prerequisites: – CS 61C (Machine Structures)– Math 55 or CS 70 (Discrete Mathematics). • Lecture:– MW 9-10:30am, 310 Soda– Berkeley time, class starts at 9:10am• Discussion sections3Course Staff• Professor:– Dawn Song: http://www.cs.berkeley.edu/~dawnsong• GSI:– Prateek Saxena4Textbooks• Required: Computer Security, 2nded.(Gollmann)– 1sted. is insufficient– Assigned readings will be posted• Security in Computing, 4thed. (Pfleeger & Pfleeger)– Optional• Security Engineering (Anderson)– Optional– Available in online form5Resources• Website:– http://inst.eecs.berkeley.edu/~cs161/fa08/• Mailing list:– [email protected]://lists.eecs.berkeley.edu/sympa/info/cs161-spring08– Used for announcements, especially urgent notices– If you haven’t subscribed, pls do asap!• Newsgroup:– Newsgroup: ucb.class.cs161Server: news.berkeley.edu (from campus), authnews.berkeley.edu(off campus)See http://www.net.berkeley.edu/usenet/. – For general class related questions, pls post on newsgroup instead of emailing the staff, so other students can benefit too6Course Load• 2 Exams: closed book– Midterm exam: covers the first half of the course– Final exam: covers the second half of the course• 5 Homeworks– Three homeworks for first half of semester– Two homeworks for second half of semester• 3 Projects– In groups of two7Grading• 20% Homeworks (4% each) • 40% Project (5% Proj 1, 15% Proj 2, 20% Proj 3)• 20% Midterm exam • 20% Final exam 8Class Participation• Showing up (on time) is the first step• Asking/answering questions is encouraged• Turn off your cell phone ring in class• Treat students and staff with respect9Collaborative Work• Projects will be in groups of two• Homeworks are done individually• You may use the following resources:– Instructors, TAs, assigned texts, posted notes• No “Googling for answers”– Consult with TAs over problem cases– Always cite references – plagiarism is not permitted10Academic Dishonesty Policy• Copying all or part of another person's work, or using reference material not specifically allowed, are forms of cheating and will not be tolerated. • http://www.eecs.berkeley.edu/Policies/acad.dis.shtml11Note on Security Vulnerabilities• From time to time, we may discuss vulnerabilities in widely-deployed computer systems. This is not intended as an invitation to go exploit those vulnerabilities. It is important that we be able to discuss real-world experience candidly; students are expected to behave responsibly. • Berkeley policy is very clear: you may not break into machines that are not your own; you may not attempt to attack or subvert system security. Breaking into other people's systems is inappropriate, and the existence of a security hole is no excuse. 12Typical Lecture Format• 2-Minute Review• 20-Minute Lecture• 5- Minute Administrative Matters• 3-Minute Break (stretch)• 20-Minute Lecture• 5-Minute Break (water, stretch)• 25-Minute Lecture• Instructors will come to class early & stay after to answer questionsAttentionTime20 min.Break “In Conclusion, ...”20 min. Break 25 min.13Computer Security is Important• Unpatched PC survives less than 16 min [SANS04]• $10billion annual financial loss [ComputerEconomics05]– Worms» CodeRed: Infected 500,000 servers, $2.6billion in damage [CNET03]» SQL Slammer: Internet lost connectivity, affected 911, ATM, etc.– Botnets» Over 6 million bot-infected computers in 3 months [Symantec06]– 61% U.S. computers infected with spyware [National Cyber Security Alliance06]14Trends• Attacks are increasing in scale, sophistication, & severity– Real financial incentives01000200030004000500060007000800090001995 1997 1999 2001 2003 2005CERT Vulnerabilities reported15Most-common attacks on systems• 2006 MITRE CVE stats:– 21.5 % of CVEs were XSS– 14 % SQL injection– 9.5 % php "includes“– 7.9 % buffer overflow. 2005 was the first year that XSS jumped ahead of buffer overflows …116A Thriving Underground Economy• Average bot costs– $0.04• Zero-day vulnerability for – $75K [SecurityFocus07]• Excerpt from Underground Economy IRC Network • With one IRC channel, 24-hr period, just a few samples– Accounts worth $1,599,335.80 have been stolen• “The Underground Economy: Priceless” [;login Dec06] 17Automatic Tools for Attacks (I)• anti-captcha.com“We work with tens of thousands of people from all over the world who are ready to work for a small payment to convert text pictures sent by you. You give the CAPTCHAs to our server, which hands it to the workers. In a few seconds, our server will receive the convertedCAPTCHA as text and relay it back to you. As a rule, this time does not exceed 20 seconds and [that's] quite fast enough for a successful registration everywhere there is CAPTCHA in use.”18Automatic Tools for Attacks (II)• Tools to automatically build your malware– Select from menu: anti-AV feature, spam, ddos, anti-VM feature, etc.• Tools to automatically distribute your malware:“Currently, loads.cc claims to have 264,552 hacked systems in more than a dozen countries that it can use as hosts for any malicious software that clients want to install. The latest details from the "statistics" page displayed for members says the service has gained some 1,679 new infectable nodes in the last two hours, and more than 33,000 over the past 24 hours.”19Load.cc20Security Spending Variance By IndustryJanuary 2007, Trends “2007 Security Budgets Increase: The Transition To Information Risk Management Begins”21This Class• How to build secure systems?• How to evaluate security of systems?• Topics in this class– Crypto, software security, OS security, Web security, Network security, other advanced topics22Steal cars with a laptop• In April ‘07, high-tech criminals made international headlines when they used a laptop and transmitter to open the locks and start the ignition of an armor-plated BMW X5 belonging to soccer player David Beckham, the second X5 stolen from him using this technology within six months.• … Beckham's BMW X5s were stolen by thieves who hacked into the codes for the vehicles' RFID chips …223Class Topics (I)• Part I: Introduction to Cryptography– Secret-key encryption– Public-key encryption– Hash functions,
View Full Document
Unlocking...