Foundations of Computer SecurityLecture 1: IntroductionDr. Bill YoungDepartment of Computer SciencesUniversity of Texas at AustinLecture 1: 1 IntroductionCourse TopicsTopics we will cover include:What is computer security?Why is computer security important?Why is security difficult?Security policiesElementary information theoryElementary cryptographyCryptographic protocolsAvailabilitySystem evaluation and certification.Lecture 1: 2 IntroductionWhat Does Security Mean?The term security is used in a variety of contexts. What’s thecommon thread?Personal securityCorporate securityPersonnel securityEnergy securityHomeland securityOperational securityCommunications securityNetwork securitySystem securityLecture 1: 3 IntroductionWhat Does Security Mean?In the most general terms, security seems to mean something like“protection of assets against threats.”What assets?What kinds of threats?What does “protection” mean?Does the nature of protection vary depending on the threat?Lecture 1: 4 IntroductionSecurity on a Personal LevelSuppose you’re visiting an online retailer, and need to enterpersonal information. What protections do you want? From whatthreats?Authentication (protection from phishing)AuthorizationPrivacy of your dataIntegrity of your dataAvailabilityNon-repudiationWhat else?Lecture 1: 5 IntroductionSecurity on an Institutional LevelConsider the following scenarios:1A large corporation’s computer systems are penetrated anddata on thousands of customers is stolen.2A student hacks into university registrar’s system and changeshis grade in several classes he has taken.3An online retailer’s website is overwhelmed by malicioustraffic, making it unavailable for legitimate customerpurchases.Does this suggest why it’s hard to define “security” in the contextof digital systems?Lecture 1: 6 IntroductionWhy are Attacks Becoming More Prevalent?Increased connectivityMany valuable assets onlineLow threshhold to accessSophisticated attack tools and strategies availableOthers?Lecture 1: 7 IntroductionSome Sobering FactsThere were over 1 million new unique malware samplesdiscovered in each of the past two quarters. Unlike the wormsand mass-mailers of the past, many of these were extremelytargeted to particular industries, companies and even users.(www.insecureaboutsecurity.com, 10/19/2009)Once PCs are infected they tend to stay infected. The medianlength of infection is 300 days.(www.insecureaboutsecurity.com, 10/19/2009)Lecture 1: 8 IntroductionSome Sobering FactsA recent study of 32,000 Websites found that nearly 97% ofsites carry a severe vulnerability. –Web Application SecurityConsortium, Sept 2008“NSA found that inappropriate or incorrect software securityconfigurations (most often caused by configuration errors atthe local base level) were responsible for 80 percent of AirForce vulnerabilities.” –CSIS report on Securing Cyberspacefor the 44th Presidency, Dec. 2008, p. 55.Lecture 1: 9 IntroductionWhy Should We Care?A dozen determined computer programmers can, if theyfind a vulnerability to exploit, threaten the United States’global logistics network, steal its operational plans, blindits intelligence capabilities or hinder its ability to deliverweapons on target.– William J. Lynn, U.S. Deputy Secyof Defense, Foreign Affairs (2010)A top FBI official warned today that manycyber-adversaries of the U.S. have the ability to accessvirtually any computer system, posing a risk that’s sogreat it could “challenge our country’s very existence.”–Computerworld, March 24, 2010Lecture 1: 10 IntroductionEducate YourselfEducating yourself about computer security can:enhance your own protection;contribute to security in your workplace;enhance the quality and safety of interpersonal and businesstransactions;improve overall security in cyberspace.Next lecture: Why Security is Hard.Lecture 1: 11
View Full Document
Unlocking...