Unformatted text preview:

CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page CSE 543 - Computer Security(Fall 2007)Lecture 1 - IntroductionProfessor: Trent JaegerURL: http://www.cse.psu.edu/~tjaeger/cse543-f07/CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Some bedtime stories …CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page This course …•We are going to explore why these events are not isolated, infrequent, or even unexpected.–Why are we doing so poorly in computing systems at protecting our users and data from inadvertent or intentional harm?The answer: stay tuned!CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page This course …•This course is a systems course covering general topics in computer and network security. We will investigate the tools and problems of contemporary security. Topics will include:–network security, authentication, security protocol design and analysis, key management, program safety, intrusion detection, DDOS detection and mitigation, architecture/operating systems security, security policy, group systems, biometrics, web security, language-based security, and other emerging topics (as time permits)CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page You need a basic understanding of …•IP Networks•Modern Operating Systems•Discrete Mathematics •Basics of systems theory and implementation–E.g., File systems, distributed systems, networking, operating systems, ....CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Why are we here? -- Goals•My goal: to provide you with the tools to understand and evaluate research in computer security.–Basic technologies–Engineering/research trade-offs–How to read/write/present security research papers•This is going to be a hard course. The key to success is sustained effort. Failure to keep up with readings and project will likely result in poor grades, and ultimately little understanding of the course material.•Pay-off: security competence is a rare, valuable skillCSE543 Computer (and Network) Security - Fall 2007 - Professor JaegerCourse Materials•Website - I am maintaining the course website athttp://www.cse.psu.edu/~tjaeger/cse543-f07/•Course assignments, slides, and other artifacts will be made available on the course website.•Course textbook–Kaufman, C., Perlman, R. and Speciner, M., Network Security (Private Communication in a Public World), 2nd edition, Prentice Hall 2002.7CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Course Calendar•The course calendar as all the relevant readings, assignments and test dates•The calendar page contains electronic links to online papers assigned for course readings. •Please check the website frequently for announcements and changes to the schedule. Students are responsible for any change on the schedule (I will try to make announcements in class).CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Grades•Grading policy–20% Mid-term Exam (11/1, 6:30-7:45, 160 Willard)–15% Quizzes and Assignments (including Crypto Mini-Exam)–10% Class Participation and Reviews–25% Final Exam (end of semester)–30% Course Project•Lateness policy - Assignments and project milestones are assessed a 10% per-day late penalty, up to a maximum of 4 days. Unless the problem is apocalyptic, don't give me excuses. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Assignments, Quizzes, Reviews•Assignments: Practice Exam Questions–Conceptual Questions (Basic and Complex)–Constructions–Precise Answers•Quizzes (small exams on last paper)–Reserve right to assign these (1 week notice)•Review of Papers (for each class)–Define Concepts–Comparison with Other Approaches–Details of Approach•Written and Oral Reviewing Are ImportantCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Project•End Result: Research Paper–Motivation for an Experiment–Background–Related Work–Experimental Approach–Experimental Evaluation•I Will Provide Topic Areas–General Areas•Start with an Existing System/Approach–Break It–Improve It•Aim for a Research-Quality ResultCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page Ethics Statement This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class. When in doubt, please contact the instructor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from Professor Jaeger.CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page And the rest of this course …1. Introductiona. Security, Threats, and Vulnerabilitiesb. Security Modelsc. Cryptography and Cryptanalysis2. Secure Communicationa. Authenticationb. Authentication Protocolsc. Protocol Analysis3. Computer Securitya. Access Controlb. OS Security4. Network Securitya. IP Securityb. Firewallsc. IPsec/VPNsd. Wormse. DDOS5. Special Topicsa. Language-Based Securityb. Virtual Machine Securityc. Linux SecurityCSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger Page What is computer (information) security?•Garfinkel and Spafford (1991)–“A computer is secure if you can depend on it and its software to behave as expected.”•Harrison, Ruzzo, Ullman (1978)–“Prevent access by unauthorized users”•Not really satisfactory – does not truly capture that security speaks to the behavior of others–Expected by whom?–Under what


View Full Document

PSU CSE 543 - LECTURE NOTES

Documents in this Course
Agenda

Agenda

14 pages

HYDRA

HYDRA

11 pages

PRIMA

PRIMA

15 pages

CLIMATE

CLIMATE

15 pages

Load more
Download LECTURE NOTES
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view LECTURE NOTES and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view LECTURE NOTES 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?