1 / 18

Computer Security CS 426 Lecture 1

Computer Security CS 426 Lecture 1. Overview of the Course. In Recent (Last Week)’s News. Intel buys McAfee for $7.7B in push beyond PCs HP to Buy Vulnerability Specialist Fortify Software. The market for computer security knowledge will grow. More In the News.

harriet
Download Presentation

Computer Security CS 426 Lecture 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Security CS 426Lecture 1 Overview of the Course Fall 2010/Lecture1

  2. In Recent (Last Week)’s News • Intel buys McAfee for $7.7B in push beyond PCs • HP to Buy Vulnerability Specialist Fortify Software The market for computer security knowledge will grow. Fall 2010/Lecture1

  3. More In the News • Malware Call to Arms: Threat at All-Time High and Rising • Beware the Facebook "Dislike" Button Scam • Facebook Warns of Clickjacking Scam • Android Game Is a Spy App in Disguise • Cameron Diaz hot bait for online traps • Virus Fools People Into Uninstalling Their Antivirus Software What are some common themes of the attacks? Fall 2010/Lecture1

  4. Why Do Computer Attacks Occur? • Who are the attackers? • bored teenagers, criminals, organized crime organizations, rogue states, industrial espionage, angry employees, … • Why they do it? • fun, • fame, • profit, … • computer systems are where the moneys are Fall 2010/Lecture1

  5. Computer Security Issues • Computer viruses • Trojan horses • Computer worms • E.g., Morris worm (1988), Melissa worm (1999), etc. • Distributed denial of service attacks • Computer break-ins • Email spams • E.g., Nigerian scam, stock recommendations Fall 2010/Lecture1

  6. More Computer Security Issues • Identity theft • Zero-day attacks • Botnets • Serious security flaws in many important systems • electronic voting machines, ATM systems • Spywares • Driveby downloads • Social engineering attacks Fall 2010/Lecture1

  7. Why do these attacks happen? • Software/computer systems are buggy • Users make mistakes • Technological factors • Von Neumann architecture: stored programs • Unsafe program languages • Software are complex, dynamic, and increasingly so • Making things secure are hard • Security may make things harder to use Fall 2010/Lecture1

  8. Why does this happen? • Economical factors • Lack of incentives for secure software • Security is difficult, expensive and takes time • Human factors • Lack of security training for software engineers • Largely uneducated population Fall 2010/Lecture1

  9. Security is Secondary • What protection/security mechanisms one has in the physical world? • Why the need for security mechanisms arises? • Security is secondary to the interactions that make security necessary. Spring 2009/Lecture 3

  10. Security is not Absolute • Is your car secure? • What does “secure” mean? • Are you secure when you drive your car? • Security is relative • to the kinds of loss one consider • security objectives/properties need to be stated • to the threats/adversaries under consideration. • security is always under certain assumptions Spring 2009/Lecture 3

  11. Information Security is Interesting • The most interesting/challenging threats to security are posed by human adversaries • security is harder than reliability • Information security is a self-sustained field • Security is about benefit/cost tradeoff • thought often the tradeoff analysis is not explicit • Security is not all technological • humans are often the weakest link Spring 2009/Lecture 3

  12. Information Security is Challenging • Defense is almost always harder than attack. • In which ways information security is more difficult than physical security? • adversaries can come from anywhere • computers enable large-scale automation • adversaries can be difficult to identify • adversaries can be difficult to punish • potential payoff can be much higher • In which ways information security is easier than physical security? Spring 2009/Lecture 3

  13. What is This Course About? • Learn how to prevent attacks and/or limit their consequences. • No silver bullet; man-made complex systems will have errors; errors may be exploited • Large number of ways to attack • Large collection of specific methods for specific purposes • Learn to think about security when doing things • Learn to understand and apply security principles Fall 2010/Lecture1

  14. See the Course Homepage • http://www.cs.purdue.edu/homes/ninghui/courses/426_Fall10/index.html Fall 2010/Lecture1

  15. Course Outline • Introduction/review of cryptography • Operating system security • Software security • Access control models • Network security • Web security Fall 2010/Lecture1

  16. Ethical use of security information • We discuss vulnerabilities and attacks • Most vulnerabilities have been fixed • Some attacks may still cause harm • Do not try these at home Fall 2010/Lecture1

  17. Readings for This Lecture Required readings: • Information Security on Wikipedia Optional Readings: • Counter Hack Reloaded • Chapter 1: Introduction • Security in Computing • Chapter 1: Is There a Security Problem in Computing Fall 2010/Lecture1

  18. Coming Attractions … • Cryptography: terminology and classic ciphers. • Readings for next lecture: • Cryptography on wikipedia • Interesting reading • The Code Book by Simon Singh Fall 2010/Lecture1

More Related