160 likes | 170 Views
Covering OS protection mechanisms, attack techniques, mandatory access control, device security, and more. Emphasizes both theory and practice with lectures, readings, assignments, and exams.
E N D
CIS 4930/6930:Systems Security Instructor: Xinming “Simon” Ou TA: Xiaolong “Daniel” Wang Class time: MW 2-3:15
Logistics • Course website: ??? where you can find • Lecture slides • Programming assignments and homework • Reading materials
Logistics - continued • Communications • A facebook group will be created and you will be invited to join. Feel free to post your questions/comments/ideas attendant to the course. • Course announcements will be made through emails. Questions to instructor and TA must be sent through emails to guarantee a response.
What is this course about? • Provide a comprehensive treatment of computer system security • Attackers do not play by any rules • How protection mechanisms in OS can help mitigate attacks • Different types of OS protections • Utilizing special hardware for security • Cover both defense and offense aspects • Cover both theory and practice
Topics • Common attack techniques • OS protection mechanisms • Mandatory access control • Capability systems • Trusted computing • Device security • Cloud security
Tasks • Lectures • Readings • Assignments (about one per week) • Homework • Programming projects • Exams • Midterm and Final
Grades Homework and projects: 30% Exams: 60% Class participation: 10% CIS4930 and CIS6930 graded separately
Collaboration Policy • Exams: no collaboration • Homework and programming assignments: discussion with other students OK, but must indicate who you discussed with in your submission
Class Participation • Everyone must present one reading assignment (5 pts). • Order will be sent through email • One week to finish reading and prepare for a 20-min presentation in class • Students not presenting participate in the discussion (e.g., asking questions) (5 pts). • We will also ask you questions during the presentation
What is Security? • Classical definition: • Confidentiality • Integrity • Availability • Security is the prevention of threats from causing undesired effects • Threat model is important: who are your adversaries? What is at stake?
Can we have absolute security? • Security is always a trade off between cost and risks • Threat model: • Who are the adversaries? • What are their motivations? • How capable are they? • How much risk can they afford? • Effectiveness of countermeasures: • How much risk is reduced for users? • How much inconvenience is incurred on users? • How much risk is increased for adversaries?
Example1: Spam Emails • Which one of C,I,A does this problem fall into? • What is the threat model? • What are possible counter measures?
It is a Human Problem • Security is as much a social, organizational, and economic problem as it is a technical problem • Incentives for good behaviors vs. bad behaviors • Technologies contribute to/help address the problem
What do you mean by “System Security” • “System” is a platform on which various applications function. • In most cases you can think of it as OS • A system provides various protection mechanisms for the applications within it. • Protection is closely related to security, although not the same.