1Lecture 1Page 1CS 239, Winter 2005IntroductionCS 239Computer Security Peter ReiherJanuary 10, 2005Lecture 1Page 2CS 239, Winter 2005Description of Class• Topics to be covered• Prerequisites• Grading• Reading materials• Projects• Office hours• Web pageLecture 1Page 3CS 239, Winter 2005Topics to Be Covered• Cryptography and authentication• Design of secure protocols• Network security – threats and countermeasures• Secure operating systems design• Practical application of security principles• If time permits, other neat stuffLecture 1Page 4CS 239, Winter 2005Prerequisites• Must have taken CS111 and CS118, or equivalents• Desirable to have taken an advanced OS course and advanced networking courseLecture 1Page 5CS 239, Winter 2005Grading• Midterm – 25%• Project – 50%• Final – 25%Lecture 1Page 6CS 239, Winter 2005Class Format• Typically we’ll start each session with a discussion of material from last session• Followed by lecture on new material• Always feel free to stop me for questions or interesting discussions2Lecture 1Page 7CS 239, Winter 2005Reading Materials• Textbook• Non-required supplemental texts• Papers and web pagesLecture 1Page 8CS 239, Winter 2005Textbook• Computer Security: Art and Science–By Matt Bishop• Should be available in UCLA bookstore• First reading assignment: Chapter 1Lecture 1Page 9CS 239, Winter 2005Supplemental Text 1• Applied Cryptography– By Bruce Schneier• Only covers what its title implies– And, as Schneier himself argues, there’s a lot more to security• But an excellent book on its subject• Not required– No reading assignments from this bookLecture 1Page 10CS 239, Winter 2005Supplemental Text 2• Secrets and Lies– Also by Bruce Schneier• Not a textbook at all• A philosophy of computer security• Great for appreciating the field and problems• Not great for depth of technical details• Not required– No readings will be assigned from this book– But if you plan to work in this field, read itLecture 1Page 11CS 239, Winter 2005Papers and Web Pages• Usually one paper per week and a couple of web pages• Usually made available electronically–Through class web page• Material in papers might or might not be lectured on–But it can appear on tests, regardlessLecture 1Page 12CS 239, Winter 2005Projects• Either individual or small group–Depending on size of class• Usually requiring program development• Related to some topic covered in class• Must be approved by instructor3Lecture 1Page 13CS 239, Winter 2005Choosing a Project Topic• Submit a 1 page proposal – By end of 3dweek of classes (January 28)– Email submissions OK• I will approve them and offer suggestions• Must be submitted, but not part of gradeLecture 1Page 14CS 239, Winter 2005What Makes a Good Project?• Something new• Something you’re interested in• Maybe it can turn into a paper for you• Feasible to demonstrate something interesting within the quarter–Running code or other practical demonstration, not just a paperLecture 1Page 15CS 239, Winter 2005Possible Project Topics• Security for Internet infrastructure • Security for ad hoc wireless networks• Security for peer systems• Intrusion and insider threat detection• DDoS and worm defense mechanisms• Handling botnets• Defenses against spam and phishing• Security for sensor networks• Security evaluations of local labsLecture 1Page 16CS 239, Winter 2005Project Updates• Due at the end of the 7thweek of class–February 25th• 1 page report on your group’s progress on its project–Email submission OK• Not graded, but required–And should describe actual progressLecture 1Page 17CS 239, Winter 2005Project Reports• Written report on the project• Should:– Describe project– Discuss how project was performed– Cover difficulties and interesting points– Describe the implementation• Expected to be around 15 pagesLecture 1Page 18CS 239, Winter 2005Project Demos• Must show working version of project to instructor• Schedule time individually for this• Must be done by middle of finals week4Lecture 1Page 19CS 239, Winter 2005Project Deadlines• Submit project proposal – January 28th• Submit project update – February 25th• Demonstration of project to instructor and project reports – March 24thLecture 1Page 20CS 239, Winter 2005Tests• Midterm – February 9• Final – March 22 (8-11 PM)• Both tests will be open book–Essay questions concentrating on applying knowledgeLecture 1Page 21CS 239, Winter 2005Office Hours•MW 2-3• Held in 3732J Boelter Hall• Other times available by prior arrangementLecture 1Page 22CS 239, Winter 2005Class Web Pagewww.lasr.cs.ucla.edu/classes/239_1.winter05• Slides for classes will be posted there– By 5 PM the previous afternoon– In 6-up PDF form• Readings will be posted there– With links to papers• Also links to other interesting infoLecture 1Page 23CS 239, Winter 2005Introduction to Computer Security• Why do we need computer security?• What are our goals and what threatens them? Lecture 1Page 24CS 239, Winter 2005Why Is Security Necessary?• Because people aren’t always nice• Because a lot of money is handled by computers• Because a lot of important information is handled by computers• Because our society is increasingly dependent on correct operation of computers5Lecture 1Page 25CS 239, Winter 2005History of the Security Problem• In the beginning, there was no computer security problem• Later, there was a problem, but nobody cared• Now, there’s a big problem and people care– Only a matter of time before a real disaster– A company recently went out of business due to a DDoS attack– Many individuals have been harmed by phishing and identity theftLecture 1Page 26CS 239, Winter 2005Some Examples of Large Scale Security Problems• The Internet Worm• New malicious code attacks• Distributed denial of service attacks• Vulnerabilities in commonly used systemsLecture 1Page 27CS 239, Winter 2005The Internet Worm• Launched in 1988• A program that spread over the Internet to many sites• Around 6,000 sites were shut down to get rid of it• And (apparently) its damage was largely unintentional• The holes it used have been closed– But the basic idea still worksLecture 1Page 28CS 239, Winter 2005Malicious Code Attacks• Multiple new viruses and worms appear every week• The Skulls.B Trojan horse