1 / 13

Computer Security 1 [COMPGA01]

Computer Security 1 [COMPGA01]. Nicolas T. Courtois - U niversity C ollege L ondon. CompSec at UCL. COMPGA01 Computer Security 1 Dr. Nicolas Courtois optional modules *COMPGA02 Computer Security 2 *COMPGZ03 Distributed Systems * COMPM028 Language Based Security

lacy-reynolds
Download Presentation

Computer Security 1 [COMPGA01]

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Security 1[COMPGA01] Nicolas T. Courtois - University College London

  2. CompSec at UCL • COMPGA01 Computer Security 1Dr. Nicolas Courtois optional modules • *COMPGA02 Computer Security 2 • *COMPGZ03 Distributed Systems • *COMPM028Language Based Security • *COMPGA14 InfoSec Management • not covered: • database sec • critical infrastructures • hiding, covert channels, • flow control • distributed systems Nicolas T. Courtois, January 2009

  3. About GA01 • 30 hours. Nicolas T. Courtois, January 2009

  4. CompSec1 [COMPGA01] Summary page: http://www.cs.ucl.ac.uk/students/syllabus/mscisec/ga01_computer_security_1/ Nicolas T. Courtois, January 2009

  5. Slides *All slides marked with an asterisk can be omitted. Or are repeated elsewhere. **Two asterisks: even less important. Text in white: on purpose. You should consider it does not exist. It is almost like saying, this is marked as being out of scope. Nicolas T. Courtois, January 2009

  6. Assessment • 85 % = written exam (May exam session) • 2.5 hours. • “closed book”, • NO calculators allowed, • no mobile phones • 15 % = Coursework = Nicolas T. Courtois, January 2009

  7. Written Exam Content • multiple choice questions + • possibly also problems to solve, • either rather questions of understanding.. • or small “theory” exercises • your key weapons are: • common sense • real world connection, practice vs. theory, things in perspective • basic knowledge: vocabulary, definitions, key concepts • The exam CAN contain things about which YOU never heard. • YES there will be things you did a lot of revisions on and not on the exam… Too bad. Nicolas T. Courtois, January 2009

  8. Remark Part01 - all the “PRINCIPLES” we learn… • Exam is not a philosophy essay. • Part 01 is NOT the most important part of this course. • Abstract notions and principles should appear in reference to the clear real world context. • Focus on fundamental technical knowledge and understanding of it. Nicolas T. Courtois, January 2009

  9. References 1) *M. Bishop, Computer Security. • out of date, yet everything is there! • Computer Security: by Dieter Gollmann +Unix&Wndows alike +read in any order, +compact explanations-timid on recommendations • Ross Anderson Security Engineering [Cambridge] only some partshttp://www.cl.cam.ac.uk/~rja14/book.html Nicolas T. Courtois, January 2009

  10. Major Themes in CompSec 1 • Engineering principles, vocabulary, fancy acronyms like C.I.A. - 30 % • Access control, theory and practice - 30 % • Security helped by hardware - 10 % • Malware attacks and defences - 25% • Protocols and applied cryptography - 30 % • Security given the social and industrial context - 10 % The sum is much more than 100%? Yes, because these major points have lots of intersection. Nicolas T. Courtois, January 2009

  11. CompSec 1 – Learning Outcomes What’s Wrong? Threats Vulnerabilities • Fix It? • Defensive • Techniques What’s There? Industrial Standards Life Facts Attack Methods Hacking Techniques ..“ALL MAJOR AREAS”… Nicolas T. Courtois, January 2009

  12. Content • Intro 20s, • Principles, part01 70s • Sets, relations, Security policies, Ref. Monitor, part02a 60s • DAC, OS Access Control, Unix part04(a) 60 s • Unix/Windows in part04(b) +60 s, • Decidability: part02b 20s, revisions on Lattices, 02a/c • MAC, Confidentiality, BLP[Biba] part02c 70s, • Hardware and Low Level CompSec part03 100s • Integrity, business-oriented policies part02d 90s Nicolas T. Courtois, January 2009

  13. Content • Exploits against software and defenses part10, 60 s • Software - Malware, Attacks – Defences, part07 + 80 s • Basic Network Security and Firewalls 80s • Crypto, Authentication, Passwords, part05, Crypto Protocols, Key Est. Kerberos, SSL, PGP part06 Nicolas T. Courtois, January 2009

More Related