CS682 Advanced Security Topics

Size: px
Start display at page:

Download "CS682 Advanced Security Topics"

Transcription

1 CS682 Advanced Security Topics Lecture 1 Introduction Elias Athanasopoulos eliasathan@cs.ucy.ac.cy

2 Course Structure Phase 1 4 weeks crash course in applied cryptography, system security, network security and other security/privacy related topics Delivered by me Phase 2 10 weeks of paper presentations Delivered by you 2

3 You role in the course Each student presents 2-3 papers Depending on the audience scale Papers are really tough Once the presentation is done, you have two weeks to deliver a report The report should convey the core concepts of the presented papers Students should be able to use the report for studying All papers are part of the final! 3

4 Course Logistics 50% Final 30% Midterm 20% Presentation/Report Success Final written exam is at least 4,5 Final score is at least 5 4

5 Course Communication Piazza Lectures/slides 5

6 What is this course all about? Understand the fundamental concepts of security in software, systems, and the network Broad range of security topics Study publications 6

7 Why computer security is important? 7

8 8

9 9

10 10

11 11

12 It s a mess 12

13 13

14 It can only get worse 14

15 Why it so complicated? Systems have different building layers Hardware, Software, Network, Protocols Heavy interraction and interconnection Internet of Things People 15

16 Our topics Applied Crypto Software Security Network Security Web Security Mobile Security Anonymity and Privacy Concepts of different topics interract with each other! 16

17 Resources Papers Some suggested (free) material: Handbook of Applied Cryptography, Security Engineering, Some suggested (non free) material: Introduction to Computer Security, by Michael T. Goodrich and Roberto Tamassia (ISBN-13: , ISBN-10: ) 17

18 Let s go! 18

19 What is computer security? Computer security, also known as cyber security or IT security, is the protection of computer systems from the theft or damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide. Gasser, Morrie (1988). Building a Secure Computer System (PDF). Van Nostrand Reinhold. p. 3. ISBN , E458/building-secure-systems.pdf) 19

20 What is computer security? A property that affects systems Hardware, software, network Degrading this property leads to bad things Theft, damage, disruption, misdirection Degrading this property is deliberate An attacker degrades the security of a system on purpose Suggested read 20

21 Example 1 An application needs to transmit sensitive data Submitting a password Sending a personal message Just reading sensitive data is enough to break security Leak the password, or the personal message 21

22 Example 2 An application needs to transmit sensitive data Submit the details of a financial transaction Submit the casting of a vote Modifying the sensitive data can break the security Modify the financial transaction, or the vote 22

23 Security Requirements From Example 1 and 2, we can see that security can imply several different subproperties Different applications have different security requirements, which can be grouped Confidentiality, Integrity, Availability, Authentication, Non-repudiation, Accounting, Privacy Suggested reference: 23

24 Confidentiality The property that information is not made available or disclosed to unauthorized individuals, entities, or processes (i.e., to any unauthorized system entity) 24

25 Integrity Data integrity: The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system 25

26 Availability The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system; i.e., a system is available if it provides services according to the system design whenever users request them 26

27 CIA Confidentiality The property that information is not made available or disclosed to unauthorized individuals, entities, or processes (i.e., to any unauthorized system entity) Integrity Data integrity: The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system Availability The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system; i.e., a system is available if it provides services according to the system design whenever users request them 27

28 An Example Confidentiality: Bad guys cannot see messages Availability: The system is operational Communication System/Service Integrity: Bad guys cannot change messages 28

29 Example 1 Confidentiality An application needs to transmit sensitive data Submitting a password Sending a personal message Just reading sensitive data is enough to break security Leak the password, or the personal message 29

30 Example 2 Integrity An application needs to transmit sensitive data Submit the details of a financial transaction Submit the casting of a vote Modifying the sensitive data can break the security Modify the financial transaction, or the vote 30

31 Additional Requirements Non-repudiation One party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction 31

32 Additional Requirements Access Control Identification I claim I am John Smith (i.e., by submitting a username) Authentication System verifies that I am John Smith (e.g., through password) Authorization As John Smith I am authorized to perform a particular action (i.e., post a message) 32

33 Privacy The right of an entity (normally a person), acting in its own behalf, to determine the degree to which it will interact with its environment, including the degree to which the entity is willing to share information about itself with others 33

34 Security Context Threat Model List the attacker s capabilities List the attacker s goal Often, list the defenses that are in place Often, list the affected risks of the target system using security requirements (CIA) Security isn t a scalar. It doesn t make sense to ask Is device X secure? without a context: secure against whom and in what environment? 34

35 Example Threat Model Passive Man-in-the-Middle An attacker that can passively monitor network packets exchanged between two parties Attacker wants to reveal the conversation Conversation is encrypted using the cryptosystem X Confidentiality can be affected if attacker can break cryptosystem X Integrity, and Availability cannot be affected 35

CS475 Network and Information Security

CS475 Network and Information Security CS475 Network and Information Security Lecture 1 Introduction Elias Athanasopoulos eliasathan@cs.ucy.ac.cy What is this course all about? Understand the fundamental concepts of security in software, systems,

More information

CS 134: Elements of Cryptography and Computer + Network Security Winter sconce.ics.uci.edu/134-w16/ CS 134 Background

CS 134: Elements of Cryptography and Computer + Network Security Winter sconce.ics.uci.edu/134-w16/ CS 134 Background CS 134: Elements of Cryptography and Computer + Network Security Winter 2016 sconce.ics.uci.edu/134-w16/ 1 CS 134 Background 11:00-12:20 @ SSL 290 Discussions section as needed (must register!) Senior-level

More information

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard

More information

CS 134 Elements of Cryptography and Computer & Network Security WINTER 2018 Instructor: Gene Tsudik

CS 134 Elements of Cryptography and Computer & Network Security WINTER 2018 Instructor: Gene Tsudik CS 134 Elements of Cryptography and Computer & Network Security WINTER 2018 Instructor: Gene Tsudik http://sconce.ics.uci.edu/134-w18/ 1 Today Administrative Stuff Course Organization Course Topics Gentle

More information

Module: Introduction. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Module: Introduction. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security CSE543 - Introduction to Computer and Network Security Module: Introduction Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 2 Some bedtime stories 2 Some bedtime stories

More information

Lecture 1 Applied Cryptography (Part 1)

Lecture 1 Applied Cryptography (Part 1) Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication

More information

Authentication Part IV NOTE: Part IV includes all of Part III!

Authentication Part IV NOTE: Part IV includes all of Part III! Authentication Part IV NOTE: Part IV includes all of Part III! ECE 3894 Hardware-Oriented Security and Trust Spring 2018 Assoc. Prof. Vincent John Mooney III Georgia Institute of Technology NOTE: THE FOLLOWING

More information

AIT 682: Network and Systems Security. Instructor: Dr. Kun Sun

AIT 682: Network and Systems Security. Instructor: Dr. Kun Sun AIT 682: Network and Systems Security Instructor: Dr. Kun Sun About Instructor Dr. Kun Sun, Associate Professor of Information Sciences and Technology http://csis.gmu.edu/ksun/ Phone: (703) 993-1715 Email:

More information

Information Security. How to be GDPR compliant? 08/06/2017

Information Security. How to be GDPR compliant? 08/06/2017 Information Security How to be GDPR compliant? CREOBIS 08/06/2017 1 Alain Cieslik What Is the Difference Between Security and Privacy? Security: The primary goal of InfoSec is to protect confidentiality,

More information

Cryptography and Network Security

Cryptography and Network Security Security Sixth Edition Chapter 1 Introduction Dr. Ahmed Y. Mahmoud Background Information Security requirements have changed in recent times traditionally provided by physical and administrative mechanisms

More information

Overview of Information Security

Overview of Information Security Overview of Information Security Lecture By Dr Richard Boateng, UGBS, Ghana Email: richard@pearlrichards.org Original Slides by Elisa Bertino CERIAS and CS &ECE Departments, Pag. 1 and UGBS Outline Information

More information

E-guide Getting your CISSP Certification

E-guide Getting your CISSP Certification Getting your CISSP Certification Intro to the 10 CISSP domains of the Common Body of Knowledge : The Security Professional (CISSP) is an information security certification that was developed by the International

More information

CSCI 4250/6250 Fall 2013 Computer and Network Security. Instructor: Prof. Roberto Perdisci

CSCI 4250/6250 Fall 2013 Computer and Network Security. Instructor: Prof. Roberto Perdisci CSCI 4250/6250 Fall 2013 Computer and Network Security Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu CSCI 4250/6250 What is the purpose of this course? Combined Undergrad/Graduate Intro to Computer

More information

Information Security

Information Security Information Security Dr. Rabie A. Ramadan GUC, Cairo Rabie.ramadan@guc.edu.eg Room C7-310 Lecture 1 Class Organization One class Weekly One Tutorial Weekly Most probably taught by myself 3-4 theoretical

More information

Cryptography and Network Security Chapter 1

Cryptography and Network Security Chapter 1 Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 1 Introduction The art of war teaches us to rely not on the likelihood of the enemy's

More information

ITSY Information Technology Security Course Syllabus Spring 2018

ITSY Information Technology Security Course Syllabus Spring 2018 ITSY 1342 - Information Technology Security Course Syllabus Spring 2018 Instructor Course Reference Number (CRN) Course Description: Name: Fidelis Ngang Tel: 713-718-5552 Office: Spring Branch, Room 900L

More information

Instructions 1 Elevation of Privilege Instructions

Instructions 1 Elevation of Privilege Instructions Instructions 1 Elevation of Privilege Instructions Draw a diagram of the system you want to threat model before you deal the cards. Deal the deck to 3-6 players. Play starts with the 3 of Tampering. Play

More information

San José State University Department of Computer Science CS166, Information Security, Section 1, Fall, 2018

San José State University Department of Computer Science CS166, Information Security, Section 1, Fall, 2018 Course and Contact Information Instructor: Office Location: San José State University Department of Computer Science CS166, Information Security, Section 1, Fall, 2018 Fabio Di Troia DH282 Telephone: 408-924-7171

More information

CPSC 4600 Biometrics and Cryptography Fall 2013, Section 0

CPSC 4600 Biometrics and Cryptography Fall 2013, Section 0 CPSC 4600 Biometrics and Cryptography Fall 2013, Section 0 Course: CPSC4600, Section 0, CRN 42532 Title: Biometrics and Cryptography Class Schedule: EMCS302, MW 2:00 pm-3:15 pm Credit: 3 Faculty: Dr. Li

More information

IT443 Network Security Administration Spring Gabriel Ghinita University of Massachusetts at Boston

IT443 Network Security Administration Spring Gabriel Ghinita University of Massachusetts at Boston IT443 Network Security Administration Spring 2018 Gabriel Ghinita University of Massachusetts at Boston Contact Information Instructor: Dr. Gabriel Ghinita Email: Gabriel.Ghinita@umb.edu (preferred contact)

More information

ASC Chairman. Best Practice In Data Security In The Cloud. Speaker Name Dr. Eng. Bahaa Hasan

ASC Chairman. Best Practice In Data Security In The Cloud. Speaker Name Dr. Eng. Bahaa Hasan Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Best Practice In Data Security

More information

Instructions 1. Elevation of Privilege Instructions. Draw a diagram of the system you want to threat model before you deal the cards.

Instructions 1. Elevation of Privilege Instructions. Draw a diagram of the system you want to threat model before you deal the cards. Instructions 1 Elevation of Privilege Instructions Draw a diagram of the system you want to threat model before you deal the cards. Deal the deck to 3 6 players. Play starts with the 3 of Tampering. Play

More information

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a

More information

Full file at https://fratstock.eu

Full file at https://fratstock.eu Solutions Manual Introduction to Computer Security Version 1.1 M. T. Goodrich and R. Tamassia December 20, 2010 1 Terms of Use This manual contains solutions for selected exercises in the book Introduction

More information

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations. Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 0 Reader s s Guide The art of war teaches us to rely

More information

CIS 4360 Secure Computer Systems Applied Cryptography

CIS 4360 Secure Computer Systems Applied Cryptography CIS 4360 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2017 Symmetric vs. Asymmetric Cryptography Symmetric cipher is much faster With asymmetric ciphers, you can post your Public

More information

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Threat Modeling. Bart De Win Secure Application Development Course, Credits to Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,

More information

cs642 /introduction computer security adam everspaugh

cs642 /introduction computer security adam everspaugh cs642 computer security /introduction adam everspaugh ace@cs.wisc.edu definition Computer Security := understanding and improving the behavior of computing systems in the presence of adversaries adversaries

More information

Cyber Security Issues

Cyber Security Issues RHC Summit 6/9/2017 Cyber Security Issues Dennis E. Leber CISO CHFS Why is it Important? Required by Law Good Business Strategy Right Thing to Do Why is it Important? According to Bitglass' 2017 Healthcare

More information

ENEE 457: Computer Systems Security 8/27/18. Lecture 1 Introduction to Computer Systems Security

ENEE 457: Computer Systems Security 8/27/18. Lecture 1 Introduction to Computer Systems Security ENEE 457: Computer Systems Security 8/27/18 Lecture 1 Introduction to Computer Systems Security Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland,

More information

2.1 Basic Cryptography Concepts

2.1 Basic Cryptography Concepts ENEE739B Fall 2005 Part 2 Secure Media Communications 2.1 Basic Cryptography Concepts Min Wu Electrical and Computer Engineering University of Maryland, College Park Outline: Basic Security/Crypto Concepts

More information

Application Layer Security

Application Layer Security Application Layer Security General overview Ma. Angel Marquez Andrade Benefits of web Applications: No need to distribute separate client software Changes to the interface take effect immediately Client-side

More information

CS 161: Computer Security

CS 161: Computer Security CS 161: Computer Security http://inst.eecs.berkeley.edu/~cs161/ January 16, 2017 ROOM FIRE CODE Prof. Raluca Ada Popa And a team of a talented TAs Head TAs: Keyhan and Won and talented readers Jianan Lu

More information

MORGAN STATE UNIVERSITY DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING COURSE SYLLABUS FALL, 2015

MORGAN STATE UNIVERSITY DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING COURSE SYLLABUS FALL, 2015 MORGAN STATE UNIVERSITY DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING COURSE SYLLABUS FALL, 2015 CATALOG DESCRIPTION ONLINE EEGR.483 INTRODUCTION TO SECURITY MANAGEMENT CREDITS: 3 THIS COURSE IS A

More information

Instructor: Eric Rettke Phone: (every few days)

Instructor: Eric Rettke Phone: (every few days) Instructor: Eric Rettke Phone: 818 364-7775 email: rettkeeg@lamission.edu (every few days) Fall 2016 Computer Science 411 - Principles of Cyber Security 1 Please keep a copy of the syllabus handy for the

More information

SE420 Software Quality Assurance

SE420 Software Quality Assurance SE420 Software Quality Assurance Encryption Backgrounder September 5, 2014 Sam Siewert Encryption - Substitution Re-map Alphabet, 1-to-1 and On-to (function) A B C D E F G H I J K L M N O P Q R S T U V

More information

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 1 Introduction

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 1 Introduction Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 1 Introduction Questions Who is studying? Bachelor Informatics? / Information Sciences

More information

EXAMINATION [The sum of points equals to 100]

EXAMINATION [The sum of points equals to 100] Student name and surname: Student ID: EXAMINATION [The sum of points equals to 100] PART I: Meeting Scheduling example Description: Electronic meeting Scheduling system helps meeting initiator to schedule

More information

Threat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017

Threat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017 Threat analysis Tuomas Aura CS-C3130 Information security Aalto University, autumn 2017 Outline What is security Threat analysis Threat modeling example Systematic threat modeling 2 WHAT IS SECURITY 3

More information

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS. Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed

More information

Web Tap Payment Authentication and Encryption With Zero Customer Effort

Web Tap Payment Authentication and Encryption With Zero Customer Effort Web Tap Payment Authentication and Encryption With Zero Customer Effort Henry Ng Tap-Card-Pay Systems Corporation, Vancouver BC V5X3Y3, Canada henryng@tapcardpay.com Abstract. We propose a public-key authentication

More information

Meeting the Meaningful Use Security and Privacy Measure

Meeting the Meaningful Use Security and Privacy Measure Meeting the Meaningful Use Security and Privacy Measure Meeting the MU Security Measure a risk analysis Complete a risk management assessment Implement an Employee Training Program and Employee Sanction

More information

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 1 Introduction to Network Security Questions Who is studying? Bachelor Informatics?

More information

Department of Computer & Information Sciences. CSCI-342: Introduction to Information Security Syllabus

Department of Computer & Information Sciences. CSCI-342: Introduction to Information Security Syllabus Department of Computer & Information Sciences CSCI-342: Introduction to Information Security Syllabus Course Description This course provides an introduction to the various basic technical and administrative

More information

Onion Routing. Submitted By, Harikrishnan S Ramji Nagariya Sai Sambhu J

Onion Routing. Submitted By, Harikrishnan S Ramji Nagariya Sai Sambhu J Onion Routing Submitted By, Harikrishnan S Ramji Nagariya Sai Sambhu J Motivation Public Network Encryption does not hide Routing Information Traffic Analysis Who is Talking to Whom? by analyzing the traffic

More information

CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals

CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals This course contains copyrighted material used by permission of Logical Operations, Inc. Slide 1 Course 01: Security Fundamentals The Information

More information

HIPAA Enforcement Training for State Attorneys General

HIPAA Enforcement Training for State Attorneys General : HIPAA Security Fundamentals HIPAA Enforcement Training for State Attorneys General Module Introduction : Introduction This module discusses: The three objectives of health information security confidentiality

More information

NETWORK SECURITY & CRYPTOGRAPHY

NETWORK SECURITY & CRYPTOGRAPHY Assignment for IT Applications in Management Project On NETWORK SECURITY & CRYPTOGRAPHY Course Instructor Submitted By: Mr. ANIL KUMAR ROHIT BARVE 2013240 Section E PGDM 2013-15 Table of Contents Chapter

More information

CSE 127: Computer Security. Security Concepts. Kirill Levchenko

CSE 127: Computer Security. Security Concepts. Kirill Levchenko CSE 127: Computer Security Security Concepts Kirill Levchenko October 3, 2014 Computer Security Protection of systems against an adversary Secrecy: Can t view protected information Integrity: Can t modify

More information

HOLY ANGEL UNIVERSITY COLLEGE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY CYBER SECURITY COURSE SYLLABUS

HOLY ANGEL UNIVERSITY COLLEGE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY CYBER SECURITY COURSE SYLLABUS HOLY ANGEL UNIVERSITY LLEGE OF INFORMATION AND MMUNICATIONS TECHNOLOGY CYBER SECURITY URSE SYLLABUS Course Code : 6CSEC Prerequisite : 6MPRO2L Course Credit : 3 Units (2 hours LEC,3 hours LAB) Year Level:

More information

CT30A8800 Secured communications

CT30A8800 Secured communications CT30A8800 Secured communications Pekka Jäppinen September 11, 2007 Pekka Jäppinen, Lappeenranta University of Technology: September 11, 2007 General Ti5318800 Secured Communications Lecturer: Pekka Jäppinen

More information

Module Certification and Testing

Module Certification and Testing Module 20 Certification and Testing Certification and Testing Certification requirements The certification exam Online Timed Instant scoring Score required for certification Taking the exam Receiving your

More information

COMPUTER NETWORK SECURITY

COMPUTER NETWORK SECURITY COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (1 st Week) Outline Course Information and Policies Course Syllabus 1. Overview Course Information Instructor: Prof. Dr. Hasan H. BALIK, balik@yildiz.edu.tr,

More information

CSE 3482 Introduction to Computer Security. Introduction to Information/Computer Security

CSE 3482 Introduction to Computer Security. Introduction to Information/Computer Security CSE 3482 Introduction to Computer Security Introduction to Information/Computer Security Instructor: N. Vlajic, Winter 2017 Learning Objectives Upon completion of this material, you should be able to:

More information

Cloud Security, Mobility and Current Threats. Tristan Watkins, Head of Research and Innovation

Cloud Security, Mobility and Current Threats. Tristan Watkins, Head of Research and Innovation Cloud Security, Mobility and Current Threats Tristan Watkins, Head of Research and Innovation Threat Landscape Verizon Data Breach Investigations Report Verizon DBIR: Threat actors and actions Verizon

More information

Introduction to Security

Introduction to Security CS 166: Information Security Introduction to Security Prof. Tom Austin San José State University Why should we learn about information security? Computer Security in the News Computer Crime for Fun & Profit

More information

Homework 5: Exam Review

Homework 5: Exam Review CIS 331 April 18, 2017 Introduction to Networks & Security Homework 5: Exam Review Homework 5: Exam Review This homework is due Wednesday, April 26 at 10 p.m.. You will have a budget of five late days

More information

Security and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models

Security and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models CS 645 Security and Privacy in Computer Systems Lecture 7 The Kerberos authentication system Last Week Security policy, security models, trust Access control models The Bell-La Padula (BLP) model The Biba

More information

18-642: Security Pitfalls

18-642: Security Pitfalls 18-642: Security Pitfalls 4/18/2018 "On two occasions I have been asked [by members of Parliament]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am

More information

1/11/11. o Syllabus o Assignments o News o Lecture notes (also on Blackboard)

1/11/11. o Syllabus o Assignments o News o Lecture notes (also on Blackboard) Dr. Jelena Mirkovic (Y-Ellen-a) University of Southern California Information Sciences Institute If you wish to enroll and do not have D clearance yet, send an email to CSci530@usc.edu with: o Your name

More information

Lecture 3 - Passwords and Authentication

Lecture 3 - Passwords and Authentication CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 3 - Passwords and Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor

More information

Uses of Cryptography

Uses of Cryptography Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Page 1 Cryptography and Secrecy Pretty obvious Only those knowing the proper keys can

More information

Nätverkssäkerhet DD2495

Nätverkssäkerhet DD2495 F1 - Introduction Nätverkssäkerhet DD2495 Lärare Kursmoment Introduktion Föreläsningsplan Lärare Johan Karlander Karl Palmskog, labb och gästföreläsning Oleksandr Bodriagov, labb Siavash Soleimanifard

More information

Experiences with practice-focused undergraduate security education

Experiences with practice-focused undergraduate security education Experiences with practice-focused undergraduate security education Robert L. Fanelli and Terrence J. O Connor Department Electrical Engineering and Computer Science United States Military Academy, West

More information

CS Computer Networks 1: Authentication

CS Computer Networks 1: Authentication CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores

More information

ISO/IEC Common Criteria. Threat Categories

ISO/IEC Common Criteria. Threat Categories ISO/IEC 15408 Common Criteria Threat Categories 2005 Bar Biszick-Lockwood / QualityIT Redmond, WA 2003 Purpose This presentation introduces you to the threat categories contained in ISO/IEC 15408, used

More information

Information Security for Mail Processing/Mail Handling Equipment

Information Security for Mail Processing/Mail Handling Equipment Information Security for Mail Processing/Mail Handling Equipment Handbook AS-805-G March 2004 Transmittal Letter Explanation Increasing security across all forms of technology is an integral part of the

More information

Advisory: Students should have already taken MICROCOMPUTER APPLICATIONS II - 431

Advisory: Students should have already taken MICROCOMPUTER APPLICATIONS II - 431 Cyber Security I - CoSci 411 Los Angeles Mission College - Spring 2018 Instructor: Javier Rios E-mail: rios.javier@gmail.com E-mail communications will be will receive a response within 24 hours. Advisory:

More information

Security: Focus of Control

Security: Focus of Control Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized

More information

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial

More information

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system

More information

Security Fundamentals

Security Fundamentals COMP 150-IDS: Internet Scale Distributed Systems (Spring 2015) Security Fundamentals Noah Mendelsohn Tufts University Email: noah@cs.tufts.edu Web: http://www.cs.tufts.edu/~noah Copyright 2012 & 2015 Noah

More information

CSE Computer Security (Fall 2007)

CSE Computer Security (Fall 2007) CSE 543 - Computer Security (Fall 2007) Lecture 1 - Introduction Professor: Trent Jaeger URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ Some bedtime stories This course We are going to explore why these

More information

Security Threats and Defense Models in EPON

Security Threats and Defense Models in EPON Security Threats and Defense Models in EPON Olli-Pekka Hiironen and Antti Pietiläinen, kia Ali Abaye, Centillium Onn Haran, Passave 1 P2MP_threat_model Two cases Fiber to the home (FTTH) It is assumed

More information

SSAC Public Meeting Paris. 24 June 2008

SSAC Public Meeting Paris. 24 June 2008 SSAC Public Meeting Paris 1 in Phishing Attacks 2 What is? A phishing attack The attacker impersonates a registrar The phish emails are sent to The registrar's customers (bulk) A particular, targeted customer

More information

Lecture 3 - Passwords and Authentication

Lecture 3 - Passwords and Authentication Lecture 3 - Passwords and Authentication CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 What is authentication? Reliably verifying

More information

SMart esolutions Information Security

SMart esolutions Information Security Information Security Agenda What are SMart esolutions? What is Information Security? Definitions SMart esolutions Security Features Frequently Asked Questions 12/6/2004 2 What are SMart esolutions? SMart

More information

CS Final Exam

CS Final Exam CS 600.443 Final Exam Name: This exam is closed book and closed notes. You are required to do this completely on your own without any help from anybody else. Feel free to write on the back of any page

More information

Information Security CS 526

Information Security CS 526 Information Security CS 526 Topic 7: User Authentication CS526 Topic 7: User Authentication 1 Readings for This Lecture Wikipedia Password Password strength Salt_(cryptography) Password cracking Trusted

More information

CS 425 / ECE 428 Distributed Systems Fall 2017

CS 425 / ECE 428 Distributed Systems Fall 2017 CS 425 / ECE 428 Distributed Systems Fall 2017 Indranil Gupta (Indy) Dec 5, 2017 Lecture 27: Security All slides IG Security Threats Leakage Unauthorized access to service or data E.g., Someone knows your

More information

ITT Technical Institute. CS420 Application Security Onsite Course SYLLABUS

ITT Technical Institute. CS420 Application Security Onsite Course SYLLABUS ITT Technical Institute CS420 Application Security Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites:

More information

HUMAN FACTORS IN INDUSTRIAL CYBER SECURITY

HUMAN FACTORS IN INDUSTRIAL CYBER SECURITY HUMAN FACTORS IN INDUSTRIAL CYBER SECURITY by Paul Baybutt, Primatech Inc. Presented at the ISA Industrial Network and Systems Security Symposium, Houston, October, 2004 paulb@primatech.com www.primatech.com

More information

T Salausjärjestelmät (Cryptosystems) Introduction to the second part of the course. Outline. What we'll cover. Requirements and design issues

T Salausjärjestelmät (Cryptosystems) Introduction to the second part of the course. Outline. What we'll cover. Requirements and design issues T-110.470 Salausjärjestelmät (Cryptosystems) Requirements and design issues Introduction to the second part of the course 25.10.2004 1 3 Outline What we'll cover Introduction to the second part of the

More information

Digital Forensics ITP 375 (3 Units)

Digital Forensics ITP 375 (3 Units) Digital Forensics ITP 375 (3 Units) Description In 2007, the FBI reported that over 200 major companies reported a loss of over 60 million dollars due to computer crime. Computers are becoming more of

More information

Threat Assessment Summary. e-voting, Admin, and pvoting TOE s

Threat Assessment Summary. e-voting, Admin, and pvoting TOE s Threat Assessment Summary e-voting, Admin, and pvoting TOE s, 2011 Page 1 of 22 Source Code, High Level Architecture Documentation and Common Criteria Documentation Copyright (C) 2010-2011 and ownership

More information

CSE484 Final Study Guide

CSE484 Final Study Guide CSE484 Final Study Guide Winter 2013 NOTE: This study guide presents a list of ideas and topics that the TAs find useful to know, and may not represent all the topics that could appear on the final exam.

More information

Lecture Note 6 KEY MANAGEMENT. Sourav Mukhopadhyay

Lecture Note 6 KEY MANAGEMENT. Sourav Mukhopadhyay Lecture Note 6 KEY MANAGEMENT Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Key Management There are actually two distinct aspects to the use of public-key encryption in this regard:

More information

Authentication CS 4720 Mobile Application Development

Authentication CS 4720 Mobile Application Development Authentication Mobile Application Development System Security Human: social engineering attacks Physical: steal the server itself Network: treat your server like a 2 year old Operating System: the war

More information

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols

More information

Data locations. For our hosted(saas) solution the servers are located in Dallas(USA), London(UK), Sydney(Australia) and Frankfurt(Germany).

Data locations. For our hosted(saas) solution the servers are located in Dallas(USA), London(UK), Sydney(Australia) and Frankfurt(Germany). Privacy Policy This privacy policy explains how EyeQuestion Software (Logic8 BV) handles your personal information and data. This policy applies to all the products, services and websites offered by EyeQuestion

More information

Cyber Challenges and Acquisition One Corporate View

Cyber Challenges and Acquisition One Corporate View Sentar Inc 315 Wynn Dr Huntsville, AL 35805 256-430-0860 www.sentar.com Cyber Challenges and Acquisition One Corporate View Defense Acquisition University Conference Huntsville, AL February 22-23, 2011

More information

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable? Introduction Controlling Information Systems When computer systems fail to work as required, firms that depend heavily on them experience a serious loss of business function. M7011 Peter Lo 2005 1 M7011

More information

Network Security Issues and Cryptography

Network Security Issues and Cryptography Network Security Issues and Cryptography PriyaTrivedi 1, Sanya Harneja 2 1 Information Technology, Maharishi Dayanand University Farrukhnagar, Gurgaon, Haryana, India 2 Information Technology, Maharishi

More information

Secure Programming. Course material Introduction. 3 Course material. 4 Contents

Secure Programming. Course material Introduction. 3 Course material. 4 Contents 2 Course material 1 Secure Programming Introduction Ahmet Burak Can Hacettepe University Counter Hack Reloaded:A Step-by- Step Guide to Computer Attacks and Effective Defenses, Edward Skoudis, Tom Liston,

More information

Secure Programming. Introduction. Ahmet Burak Can Hacettepe University

Secure Programming. Introduction. Ahmet Burak Can Hacettepe University Secure Programming Introduction 1 Ahmet Burak Can Hacettepe University 2 Course material Counter Hack Reloaded:A Step-by- Step Guide to Computer Attacks and Effective Defenses, Edward Skoudis, Tom Liston,

More information

Test Conditions. Closed book, closed notes, no calculator, no laptop just brains 75 minutes. Steven M. Bellovin October 19,

Test Conditions. Closed book, closed notes, no calculator, no laptop just brains 75 minutes. Steven M. Bellovin October 19, Test Conditions Closed book, closed notes, no calculator, no laptop just brains 75 minutes Steven M. Bellovin October 19, 2005 1 Form 8 questions I m not asking you to write programs or even pseudo-code

More information

Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1

Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 CIA Triad Confidentiality Prevent disclosure of information to unauthorized parties Integrity Detect data tampering Availability

More information

5-899 / Usable Privacy and Security Text Passwords Lecture by Sasha Romanosky Scribe notes by Ponnurangam K March 30, 2006

5-899 / Usable Privacy and Security Text Passwords Lecture by Sasha Romanosky Scribe notes by Ponnurangam K March 30, 2006 5-899 / 17-500 Usable Privacy and Security Text Passwords Lecture by Sasha Romanosky Scribe notes by Ponnurangam K March 30, 2006 1 Topics covered Authentication and authorization Pass-sentences, pass-phrases

More information

Introduction Privacy, Security and Risk Management. What Healthcare Organizations Need to Know

Introduction Privacy, Security and Risk Management. What Healthcare Organizations Need to Know Introduction Privacy, Security and Risk Management What Healthcare Organizations Need to Know Agenda I. Privacy, Security and Confidentiality Definitions in a Healthcare Context Patient Privacy concerns

More information

Copyright

Copyright 1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?

More information