CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics &...
Transcript of CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics &...
![Page 1: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/1.jpg)
CS 334: Computer Security
Prof. Doug Szajda
http://www.richmond.edu/~dszajdaFall 2014
![Page 2: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/2.jpg)
What Is This Class?• Computer security = how to keep computing systems
functioning as intended & free of abuse …– … and keep data we care about accessed only as desired …– … in the presence of an adversary
• We will look at:– Attacks and defenses for
• Programs• Networks• Systems (OS, Web)
– Securing data and communications– Enabling/thwarting privacy and anonymity
• How these notions have played out in the Real World• Issues span a very large range of CS
– Programming, systems, hardware, networking, theory
![Page 3: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/3.jpg)
What Will You Learn?• How to think adversarially• How to assess threats for their significance• How to build programs & systems that have
robust security properties• How to gauge the protections and limitations
provided by today’s technology– How to balance the costs of security mechanisms vs.
the benefits they offer• How today’s attacks work in practice• How security issues have played out “for
real” (case studies)
![Page 4: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/4.jpg)
Ethics & Legality• We will be discussing (and launching!) attacks -
many quite nasty - and powerful eavesdropping technology
• None of this is in any way an invitation to undertake these in any fashion other than with informed consent of all involved parties– The existence of a security hole is no excuse
• These concerns regard not only ethics but UR policy and Virginia/United States law
• If in some context there’s any question in your mind, come talk with me first
![Page 5: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/5.jpg)
Course Overview• Software issues
– exploits, defenses, design principles• Web security
– browsers, servers, authentication• Networking
– protocols, imposing control, denial-of-service• Large-scale automated attacks
– worms & botnets• Securing communication & data via
cryptography– confidentiality, integrity, signatures, keys, e-cash
![Page 6: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/6.jpg)
Course Overview, con’t
• Operating systems–access control, isolation, virtual machines,
viruses & rootkits• The pervasive problem of Usability• Privacy
– anonymity, releasing data, remanence• Detecting/blocking attacks in “real time”• Landscape of modern attacks
– spam, phishing, underground economy• Case studies
![Page 7: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/7.jpg)
Some Broad Perspectives• A vital, easily overlooked facet of security is
policy (and accompanying it: operating within constraints)
• High-level goal is risk management, not bulletproof protection.– Much of the effort concerns “raising the bar” and
trading off resources• How to prudently spend your time & money?
• Key notion of threat model: what you are defending against– This can differ from what you’d expect– Consider the Department of Energy …
![Page 8: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/8.jpg)
![Page 9: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/9.jpg)
![Page 10: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/10.jpg)
![Page 11: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/11.jpg)
Modern Threats• An energetic arms race between
attackers and defenders fuels rapid innovation in “malcode” …
• … including powerful automated tools …
• … and defenders likewise devise novel tactics …
![Page 12: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/12.jpg)
![Page 13: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/13.jpg)
13
![Page 14: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/14.jpg)
Modern Threats• An energetic arms race between
attackers and defenders fuels rapid innovation in “malcode” …
• … including powerful automated tools …
• … and defenders likewise devise novel tactics …
![Page 15: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/15.jpg)
![Page 16: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/16.jpg)
Modern Threats• An energetic arms race between
attackers and defenders fuels rapid innovation in “malcode” …
• … including powerful automated tools …
• … and defenders likewise devise novel tactics …
![Page 17: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/17.jpg)
![Page 18: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/18.jpg)
Modern Threats, con’t• Most cyber attacks aim for profit and are
facilitated by a well-developed “underground economy …
• … but recent times have seen the rise of nation-state issues, including:– Censorship / network control– Espionage–… and war
![Page 19: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/19.jpg)
![Page 20: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/20.jpg)
![Page 21: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/21.jpg)
![Page 22: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/22.jpg)
![Page 23: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/23.jpg)
23
![Page 24: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/24.jpg)
24
![Page 25: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/25.jpg)
Modern Threats, con’t• Most cyber attacks aim for profit and are
facilitated by a well-developed “underground economy …
• … there are also extensive threats to privacy including identity theft
• … but recent times have seen the rise of nation-state issues, including:– Censorship / network control– Espionage–… and war
![Page 26: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/26.jpg)
![Page 27: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/27.jpg)
27
![Page 28: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/28.jpg)
Modern Threats, con’t• Most cyber attacks aim for profit and are
facilitated by a well-developed “underground economy …
• … there are also extensive threats to privacy including identity theft
• … and recent times have seen the rise of nation-state issues, including:– Censorship / network control– Espionage–… and war
![Page 29: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/29.jpg)
![Page 30: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/30.jpg)
30Source: http://www.usatoday.com/story/news/world/2014/02/05/top-ten-internet-censors/5222385/
![Page 31: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/31.jpg)
31
![Page 32: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/32.jpg)
32
![Page 33: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/33.jpg)
33
![Page 34: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/34.jpg)
34
![Page 35: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/35.jpg)
Modern Threats, con’t• Most cyber attacks aim for profit and are
facilitated by a well-developed “underground economy …
• … there are also extensive threats to privacy including identity theft
• … and recent times have seen the rise of nation-state issues, including:– Censorship / network control– Espionage–… and war
![Page 36: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/36.jpg)
![Page 37: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/37.jpg)
37
![Page 38: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/38.jpg)
38
(August 19, 2014)
![Page 39: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/39.jpg)
Modern Threats, con’t• Most cyber attacks aim for profit and are
facilitated by a well-developed “underground economy …
• … there are also extensive threats to privacy including identity theft
• … but recent times have seen the rise of nation-state issues, including:– Censorship / network control– Espionage–… and war
![Page 40: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/40.jpg)
![Page 41: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/41.jpg)
![Page 42: CS 334: Computer Security - University of Richmonddszajda/classes/cs334/Fall_2014/... · Ethics & Legality • We will be discussing (and launching!) attacks - many quite nasty -](https://reader034.fdocuments.us/reader034/viewer/2022042403/5f14de175de157053203f723/html5/thumbnails/42.jpg)
42