1 / 59

CS363

Computer Security. CS363. Who am I? (for those of you who don’t know me already). Dr. Barry Wittman Not Dr. Barry Whitman Education: PhD and MS in Computer Science, Purdue University BS in Computer Science, Morehouse College Hobbies: Reading, writing Enjoying ethnic cuisine DJing

Download Presentation

CS363

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Computer Security CS363

  2. Who am I? (for those of you who don’t know me already) • Dr. Barry Wittman • Not Dr. Barry Whitman • Education: • PhD and MS in Computer Science, Purdue University • BS in Computer Science, Morehouse College • Hobbies: • Reading, writing • Enjoying ethnic cuisine • DJing • Lockpicking

  3. How can you reach me? • E-mail:wittmanb@etown.edu • Office: Esbenshade 284B • Phone: (717) 361-4761 • Office hours: MWF 11:00am – 12:00pm M3:30 – 4:20pm W 3:30 – 5:30pm And by appointment • Website: http://users.etown.edu/w/wittmanb/

  4. Who are you?

  5. Why are we here? • What’s the purpose of this class? • What do you want to get out of it? • Do you want to be here?

  6. Course Overview

  7. Textbook • Charles P. Pfleeger and Shari Lawrence Pfleeger • Security in Computing • Fourth Edition, 2006, Prentice Hall • ISBN-10: 0132390779 • ISBN-13: 978-0132390774

  8. You have to read the book • You are expected to read the material before class • If you're not prepared, you will be asked to leave • You will forfeit the education you have paid around $100 per class meeting to get

  9. This is a class about computer security • It’s more theory than practice • This is not a class that will teach you how to hack a webserver (at least not directly) • Hacking systems depends on knowing about very specific vulnerabilities • Those vulnerabilities are constantly changing • Teaching the principles behind security is a much better investment

  10. Cost • Real security often boils down to cost: • How much does it cost to secure a system? • What is the value of the data or services to be secured? • Is it more cost effective to hire a computer security expert to break into a system or to bribe someone to give you their password?

  11. Topics to be covered • Security basics • Cryptography • Classical ciphers • Modern ciphers • Public key cryptography • Cryptographic hash functions • Program security • OS security • Designing trusted systems • Database security • Network security • Administering security • Economics of security • Privacy • Legal and ethical issues

  12. More information • For more information, visit the webpage: http://users.etown.edu/w/wittmanb/cs363 • The webpage will contain: • The most current schedule • Notes available for download • Reminders about exams and homework • Syllabus (you can request a printed copy if you like) • Detailed policies and guidelines • Piazza will allow for discussion and questions about the assignments and projects: https://piazza.com/etown/spring2014/cs363/

  13. Projects

  14. Three projects • 30% of your grade will be three equally weighted projects • Each will focus on a hands on element of computer security • Cracking encryption • Doing public key cryptography • Designing a secure system • You will work on each project in two-person teams

  15. Teams • All projects are done in teams of two • The team will stay the same for the whole semester • One member of the team is the leader • The leader must send me an e-mail by Friday, January 17, 2014 saying who is in the team • I will copy assignments from the leader’s class folder (J:\SP2013-2014\CS363A)

  16. Turning in projects • Projects must be turned in by saving them in your team leader’s class folder (J:\SP2013-2014\CS363A) before the deadline • Do not put projects in your public directories • Late projects will not be accepted • Exception: Each team will have 2 grace days • You can use the two grace days together or separately as extensions for your projects • You must inform me before the deadline that you are going to use grace days

  17. Homework

  18. Five homework assignments • 15% of your grade will be five equally weighted homework assignments • Each will focus on a different set of topics from the course • All homework is to be done individually • I am (nearly always) available for assistance

  19. Turning in homework • Homework assignments must be turned in by saving them in your class folder (J:\SP2013-2014\CS363A) before the deadline • Do not put assignments in your public directories • Late homework will not be accepted • Paper copies of homework will not be accepted • Each homework done in LaTeX will earn 0.5% extra credit toward the final semester grade • Doing every homework in LaTeX will raise your final grade by 2.5% (one quarter of a letter grade)

  20. Presentations

  21. Presentations • 5% of your grade will be based around two individual presentations given during the semester • These presentations can be about anything related to computer security or privacy • Choose topics you find interesting • Part of your grade will be determined by your involvement in discussions of other students’ presentations • Sign up on Friday for the date of your presentations

  22. Grading presentations • Quality of content Material is relevant to some aspect of computer security and is of interest to a classroom of CS and IS majors; content has not been covered in class and reflects current trends • Factual accuracy Material presented is free from major errors or inconsistencies • Clear and concise communication of content Talk has a defined beginning, middle, and end; a clear thesis statement emerges from the presentation; level of discussion is appropriate to the audience • Polished presentation Visually appealing presentation; use of images or animations when appropriate; spelling and grammatical mistakes are avoided

  23. Quizzes

  24. Pop Quizzes • 5% of your grade will be pop quizzes • These quizzes will be based on material covered in the previous one or two lectures • They will be graded leniently • They are useful for these reasons: • Informing me of your understanding • Feedback to you about your understanding • Easy points for you • Attendance

  25. Exams

  26. Exams • There will be two equally weighted in-class exams totaling 30% of your final grade • Exam 1:2/17/2014 • Exam 2: 3/31/2014 • The final exam will be worth 15% of your grade • Final: 2:30 – 5:30pm 5/05/2014

  27. Exam format • Objective portion • Multiple choice, short answer, and/or matching questions • Essays • Short essay questions about the philosophies or theories behind computer security

  28. Course Schedule

  29. Tentative schedule

  30. Project schedule • Project 1:10% Tentatively due 2/07/2014 • Project 2: 10% Tentatively due 3/21/2014 • Project 3: 10% • Phase 1: Tentatively due 4/17/2014 • Phase 2: Tentatively due 5/02/2014

  31. Policies

  32. Grading breakdown

  33. Grading scale

  34. Attendance • You are expected to attend class • You are expected to have read the material we are going to cover before class • Missed quizzes cannot be made up • Exams must be made up before the scheduled time, for excused absences

  35. R-E-S-P-E-C-T • I hate having a slide like this • I ask for respect for your classmates and for me • You are smart enough to figure out what that means • A few specific points: • Silence communication devices • Don’t use the computers in class unless specifically told to • No food or drink in the lab

  36. Computer usage • We won't be doing much work on the computers together • Nevertheless, when we do, students are always tempted to surf the Internet, etc. • Research shows that it is nearly impossible to do two things at the same time (e.g. use Facebook and listen to a lecture) • For your own good, I will enforce this by taking 1% of your final grade every time I catch you using your computer for anything other than course exercises

  37. Academic dishonesty • Don’t cheat • First offense: • I will give you a zero for the assignment, then lower your final letter grade for the course by one full grade • Second offense: • I will fail you for the course and try to kick you out of Elizabethtown College • Refer to the Student Handbook for the official policy • Ask me if you have questions or concerns

  38. Programming projects • Must compile • If your program does not compile, it will score zero points • Must be handed in on time • If your program is late (and grace days are not available), it will score zero points • Must be done within the team • If I can ascertain that code from one team’s project appears in another team’s project, both projects will score zero points • All students will also have a full letter grade reduction at the end of the semester

  39. Disability Elizabethtown College welcomes otherwise qualified students with disabilities to participate in all of its courses, programs, services, and activities. If you have a documented disability and would like to request accommodations in order to access course material, activities, or requirements, please contact the Director of Disability Services, Lynne Davies, by phone (361-1227) or e-mail daviesl@etown.edu. If your documentation meets the college’s documentation guidelines, you will be given a letter from Disability Services for each of your professors. Students experiencing certain documented temporary conditions, such as post-concussive symptoms, may also qualify for temporary academic accommodations and adjustments. As early as possible in the semester, set up an appointment to meet with me, the instructor, to discuss the academic adjustments specified in your accommodations letter as they pertain to my class.

  40. What does security mean?

  41. Computer systems

  42. Computer systems • We will be specifically discussing the security of computer systems • Hardware • Software • Data • Attacks can focus on the theft, alteration, or disruption of any one of the three • The Principle of Easiest Penetration states that an attacker can try anything and will gravitate toward the easiest option

  43. Terminology • A vulnerability is a weakness in a security system • A threat is a set of circumstances that can cause loss or harm • Performing an attack is exploiting a vulnerability • A control is a protection against an attack by reducing a vulnerability “A threat is blocked by control of a vulnerability.”

  44. Threats

  45. Method, opportunity, motive • As with traditional crime, an attacker must have these three things:

  46. CIA

  47. The basics of computer security:

  48. Confidentiality • You don’t want other people to be able to read your stuff • Some of your stuff, anyway • Cryptography, the art of encoding information so that it is only readable by those knowing a secret (key or password), is a principle tool used here • Confidentiality is also called secrecy or privacy

  49. Integrity • You don’t want people to mess up your stuff • You want to know: • That your important data cannot be easily changed • That outside data you consider trustworthy cannot be easily changed either • There are many different ways that data can be messed up, and every application has different priorities

  50. Availability • You want to be able to use your stuff • Many attacks are based on denial of service, simply stopping a system from functioning correctly • Availability can mean any of the following: • The service is present in usable form • There is enough capacity for authorized users • The service is making reasonable progress • The service completes in an acceptable period of time

More Related