Slide 1Who gets inClass home pageLabPaper ReportsQuizzesAdministrationAdministrationDENClass ParticipationAcademic IntegritySlide 12What Does Security Mean? … In Real LifeWhat Does Security Mean? … wrt Computers and NetsComputer vs. Network SecurityWhat Are the Threats?What Are the Threats?What Are the Threats?What Are the Threats?What Are the Threats?What Are the Threats?What Are the Threats?What Are the Threats?What Are the Threats?The Three Aspects of SecurityWhat Does Security Mean? … wrt Computers and NetsOrthogonal AspectsWhat Are the Challenges?What Are the Challenges?What Are the Challenges?Practical ConsiderationsIn The Shoes of an AttackerWhy We Aren’t SecureThe Role Of PolicySome Security MechanismsToday’s Security DeploymentA More Difficult ProblemLoosely Managed SystemsSlide 39What Is Cryptography?Cryptography Is Also Useful For …Cryptography Is Also Useful For …So, How Do We Scramble Messages?Sample Crypto Scheme: Ceasar’s CipherSample Crypto Scheme: Ceasar’s CipherTypes Of Cryptographic FunctionsUSC CSci530Computer Security Systems Lecture notes – Spring 2012Dr. Jelena MirkovicUniversity of Southern CaliforniaInformation Sciences InstituteIf you wish to enroll and do not have D clearance yet, send an email to [email protected] with:oYour nameoWhich prerequisites you have completedoA phone number oRequest to receive a D clearanceI will let you know within a day or twoWho gets inhttp://ccss.usc.edu/530 oSyllabusoAssignmentsoNewsoLecture notes (also on DEN)Keep checking it!Class home pagehttp://ccss.usc.edu/530Lo1 of the 4 unitsoInstructor is David MorganoInstruction 4 – 4:50 Fridays in RTH105WebCast via DENHands on work in the lab – exercising the theoretical knowledge from class Some labs will be done remotely using DETER testbedLabFour reports, due as noted onlineEach discusses a paper of your choice from a few top security conferences/journalsoSummary of the paper and its critiqueoYour ideas on the topico2-4 pages, submitted via DENoYou can submit reports early if you likeOne report from each student will be chosen for presentation in classTotal 20% of your grade, 4% eachPaper Reports4 quizzesoDone before each DETER exerciseoRepeated after the exerciseoYou MUST take each quizTotal 5% of your gradeQuizzesClass e-mail: [email protected] (TA and inst)InstructoroDr. Jelena MirkovicoOffice hours Fri 12:30-1:30pm or by appt in SAL 234oContact via email (on class web page)TAoMelina Demertzi oOffice hours Tu and We 10-11 am oContact via email (on class web page)AdministrationGrading:oPaper reports/presentations: 20%oLab: C20%oQuizzes: 5%oParticipation: C5%oMidterm Exam: 20%oFinal Exam: 30%Grades assigned using an absolute curve:AdministrationA A- B+ B B- C+ C C- D+ D D93 90 86 83 80 76 73 70 66 63 60DEN system will host the class discussion boardoTo gain access and log inhttps://mapp.usc.edu/oContact [email protected] if you have difficulty with the systemoI will check the discussion board once daily but if you want a reliable response from me email me directlyDENClass participation is importantoAsk and answer questions in classoAsk, answer, participate on-lineClass participation carries 5% of your gradeoIf I don’t remember you from class, I look in the web discussion forum to check participationDid you ask good questionsDid you provide good answersDid you make good points in discussionsoFor DEN students, discussion board is the primary means of class participationYou can also call into the class if you likeClass ParticipationWhat is and is not OKoI encourage you to work with others to learn the material but everyone must DO their work ALONEoDo not to turn in the work of othersoDo not give others your work to use as their ownoDo not plagiarize from others (published or not)oDo not try to deceive the instructorsSee the Web siteoMore guidelines on academic integrityoLinks to university resourcesoDon’t just assume you know what is acceptable. Academic IntegrityWhat Does Security Mean?No one should be able to: oBreak into my houseoAttack meoSteal my TVoUse my house to throw water balloons on peopleoDamage my furnitureoPretend to be my friend Bob and fool me oWaste my time with irrelevant thingsoPrevent me from going to my favorite restaurantoDestroy my road, bridge, city ..What Does Security Mean?… In Real LifeNo one should be able to:oBreak into my computeroAttack my computeroSteal my information oUse my computer to attack othersoDamage my computer or dataoUse my resources without my permissionoMess with my physical worldI want to talk to AliceoPretend to be Alice or myself or our computersoPrevent me from communicating with AliceWhat Does Security Mean?… wrt Computers and NetsAn isolated computer has a security risk?oComputer security aims to protect a single, connected, machine Networking = communication at all times and in all scenarios!!!oNetwork security aims to protect the communication and all its participantsSecurity = robustness or fault tolerance?Computer vs. Network SecurityComputer securityNetwork securityBreaking into my computeroHackers Break a password or sniff it off the network Exploit a vulnerability Use social engineeringImpersonate someone I trustoViruses and worms What Are the Threats?A vulnerability is a bug in the software that createsunexpected computer behavior when exploited, suchas enabling access without login, running unauthorizedcode or crashing the computer. An exploit is an input to the buggy program that makesuse of the existing vulnerability.Attacking my computeroDenial-of-service attacksoViruses and some wormsWhat Are the Threats?A virus is a self-replicating program that requiresuser action to activate such as clicking on E-mail,downloading an infected file or inserting an infectedfloppy, CD, etc ..A worm is a self-replicating program that does notrequire user action to activate. It propagates itselfover the network, infects any vulnerable machine itfinds and then spreads from it further.A DOS attack aims to disrupt a service by either exploiting a vulnerability or by sending a lot ofbogus messages to a computer offering a serviceStealing my information oFrom my computer or from communicationoI will use cryptography!There are many ways to break ciphersThere are many ways to divulge partial information (e.g. who do you talk to)oI would also like to hide who I talk to and whenI
View Full Document
Unlocking...