CS682 Advanced Security Topics
|
|
- Derek Norman
- 6 years ago
- Views:
Transcription
1 CS682 Advanced Security Topics Lecture 1 Introduction Elias Athanasopoulos eliasathan@cs.ucy.ac.cy
2 Course Structure Phase 1 4 weeks crash course in applied cryptography, system security, network security and other security/privacy related topics Delivered by me Phase 2 10 weeks of paper presentations Delivered by you 2
3 You role in the course Each student presents 2-3 papers Depending on the audience scale Papers are really tough Once the presentation is done, you have two weeks to deliver a report The report should convey the core concepts of the presented papers Students should be able to use the report for studying All papers are part of the final! 3
4 Course Logistics 50% Final 30% Midterm 20% Presentation/Report Success Final written exam is at least 4,5 Final score is at least 5 4
5 Course Communication Piazza Lectures/slides 5
6 What is this course all about? Understand the fundamental concepts of security in software, systems, and the network Broad range of security topics Study publications 6
7 Why computer security is important? 7
8 8
9 9
10 10
11 11
12 It s a mess 12
13 13
14 It can only get worse 14
15 Why it so complicated? Systems have different building layers Hardware, Software, Network, Protocols Heavy interraction and interconnection Internet of Things People 15
16 Our topics Applied Crypto Software Security Network Security Web Security Mobile Security Anonymity and Privacy Concepts of different topics interract with each other! 16
17 Resources Papers Some suggested (free) material: Handbook of Applied Cryptography, Security Engineering, Some suggested (non free) material: Introduction to Computer Security, by Michael T. Goodrich and Roberto Tamassia (ISBN-13: , ISBN-10: ) 17
18 Let s go! 18
19 What is computer security? Computer security, also known as cyber security or IT security, is the protection of computer systems from the theft or damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide. Gasser, Morrie (1988). Building a Secure Computer System (PDF). Van Nostrand Reinhold. p. 3. ISBN , E458/building-secure-systems.pdf) 19
20 What is computer security? A property that affects systems Hardware, software, network Degrading this property leads to bad things Theft, damage, disruption, misdirection Degrading this property is deliberate An attacker degrades the security of a system on purpose Suggested read 20
21 Example 1 An application needs to transmit sensitive data Submitting a password Sending a personal message Just reading sensitive data is enough to break security Leak the password, or the personal message 21
22 Example 2 An application needs to transmit sensitive data Submit the details of a financial transaction Submit the casting of a vote Modifying the sensitive data can break the security Modify the financial transaction, or the vote 22
23 Security Requirements From Example 1 and 2, we can see that security can imply several different subproperties Different applications have different security requirements, which can be grouped Confidentiality, Integrity, Availability, Authentication, Non-repudiation, Accounting, Privacy Suggested reference: 23
24 Confidentiality The property that information is not made available or disclosed to unauthorized individuals, entities, or processes (i.e., to any unauthorized system entity) 24
25 Integrity Data integrity: The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system 25
26 Availability The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system; i.e., a system is available if it provides services according to the system design whenever users request them 26
27 CIA Confidentiality The property that information is not made available or disclosed to unauthorized individuals, entities, or processes (i.e., to any unauthorized system entity) Integrity Data integrity: The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system Availability The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system; i.e., a system is available if it provides services according to the system design whenever users request them 27
28 An Example Confidentiality: Bad guys cannot see messages Availability: The system is operational Communication System/Service Integrity: Bad guys cannot change messages 28
29 Example 1 Confidentiality An application needs to transmit sensitive data Submitting a password Sending a personal message Just reading sensitive data is enough to break security Leak the password, or the personal message 29
30 Example 2 Integrity An application needs to transmit sensitive data Submit the details of a financial transaction Submit the casting of a vote Modifying the sensitive data can break the security Modify the financial transaction, or the vote 30
31 Additional Requirements Non-repudiation One party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction 31
32 Additional Requirements Access Control Identification I claim I am John Smith (i.e., by submitting a username) Authentication System verifies that I am John Smith (e.g., through password) Authorization As John Smith I am authorized to perform a particular action (i.e., post a message) 32
33 Privacy The right of an entity (normally a person), acting in its own behalf, to determine the degree to which it will interact with its environment, including the degree to which the entity is willing to share information about itself with others 33
34 Security Context Threat Model List the attacker s capabilities List the attacker s goal Often, list the defenses that are in place Often, list the affected risks of the target system using security requirements (CIA) Security isn t a scalar. It doesn t make sense to ask Is device X secure? without a context: secure against whom and in what environment? 34
35 Example Threat Model Passive Man-in-the-Middle An attacker that can passively monitor network packets exchanged between two parties Attacker wants to reveal the conversation Conversation is encrypted using the cryptosystem X Confidentiality can be affected if attacker can break cryptosystem X Integrity, and Availability cannot be affected 35
CS475 Network and Information Security
CS475 Network and Information Security Lecture 1 Introduction Elias Athanasopoulos eliasathan@cs.ucy.ac.cy What is this course all about? Understand the fundamental concepts of security in software, systems,
More informationCS 134: Elements of Cryptography and Computer + Network Security Winter sconce.ics.uci.edu/134-w16/ CS 134 Background
CS 134: Elements of Cryptography and Computer + Network Security Winter 2016 sconce.ics.uci.edu/134-w16/ 1 CS 134 Background 11:00-12:20 @ SSL 290 Discussions section as needed (must register!) Senior-level
More informationCUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE
Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard
More informationCS 134 Elements of Cryptography and Computer & Network Security WINTER 2018 Instructor: Gene Tsudik
CS 134 Elements of Cryptography and Computer & Network Security WINTER 2018 Instructor: Gene Tsudik http://sconce.ics.uci.edu/134-w18/ 1 Today Administrative Stuff Course Organization Course Topics Gentle
More informationModule: Introduction. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Introduction Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 2 Some bedtime stories 2 Some bedtime stories
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationAuthentication Part IV NOTE: Part IV includes all of Part III!
Authentication Part IV NOTE: Part IV includes all of Part III! ECE 3894 Hardware-Oriented Security and Trust Spring 2018 Assoc. Prof. Vincent John Mooney III Georgia Institute of Technology NOTE: THE FOLLOWING
More informationAIT 682: Network and Systems Security. Instructor: Dr. Kun Sun
AIT 682: Network and Systems Security Instructor: Dr. Kun Sun About Instructor Dr. Kun Sun, Associate Professor of Information Sciences and Technology http://csis.gmu.edu/ksun/ Phone: (703) 993-1715 Email:
More informationInformation Security. How to be GDPR compliant? 08/06/2017
Information Security How to be GDPR compliant? CREOBIS 08/06/2017 1 Alain Cieslik What Is the Difference Between Security and Privacy? Security: The primary goal of InfoSec is to protect confidentiality,
More informationCryptography and Network Security
Security Sixth Edition Chapter 1 Introduction Dr. Ahmed Y. Mahmoud Background Information Security requirements have changed in recent times traditionally provided by physical and administrative mechanisms
More informationOverview of Information Security
Overview of Information Security Lecture By Dr Richard Boateng, UGBS, Ghana Email: richard@pearlrichards.org Original Slides by Elisa Bertino CERIAS and CS &ECE Departments, Pag. 1 and UGBS Outline Information
More informationE-guide Getting your CISSP Certification
Getting your CISSP Certification Intro to the 10 CISSP domains of the Common Body of Knowledge : The Security Professional (CISSP) is an information security certification that was developed by the International
More informationCSCI 4250/6250 Fall 2013 Computer and Network Security. Instructor: Prof. Roberto Perdisci
CSCI 4250/6250 Fall 2013 Computer and Network Security Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu CSCI 4250/6250 What is the purpose of this course? Combined Undergrad/Graduate Intro to Computer
More informationInformation Security
Information Security Dr. Rabie A. Ramadan GUC, Cairo Rabie.ramadan@guc.edu.eg Room C7-310 Lecture 1 Class Organization One class Weekly One Tutorial Weekly Most probably taught by myself 3-4 theoretical
More informationCryptography and Network Security Chapter 1
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 1 Introduction The art of war teaches us to rely not on the likelihood of the enemy's
More informationITSY Information Technology Security Course Syllabus Spring 2018
ITSY 1342 - Information Technology Security Course Syllabus Spring 2018 Instructor Course Reference Number (CRN) Course Description: Name: Fidelis Ngang Tel: 713-718-5552 Office: Spring Branch, Room 900L
More informationInstructions 1 Elevation of Privilege Instructions
Instructions 1 Elevation of Privilege Instructions Draw a diagram of the system you want to threat model before you deal the cards. Deal the deck to 3-6 players. Play starts with the 3 of Tampering. Play
More informationSan José State University Department of Computer Science CS166, Information Security, Section 1, Fall, 2018
Course and Contact Information Instructor: Office Location: San José State University Department of Computer Science CS166, Information Security, Section 1, Fall, 2018 Fabio Di Troia DH282 Telephone: 408-924-7171
More informationCPSC 4600 Biometrics and Cryptography Fall 2013, Section 0
CPSC 4600 Biometrics and Cryptography Fall 2013, Section 0 Course: CPSC4600, Section 0, CRN 42532 Title: Biometrics and Cryptography Class Schedule: EMCS302, MW 2:00 pm-3:15 pm Credit: 3 Faculty: Dr. Li
More informationIT443 Network Security Administration Spring Gabriel Ghinita University of Massachusetts at Boston
IT443 Network Security Administration Spring 2018 Gabriel Ghinita University of Massachusetts at Boston Contact Information Instructor: Dr. Gabriel Ghinita Email: Gabriel.Ghinita@umb.edu (preferred contact)
More informationASC Chairman. Best Practice In Data Security In The Cloud. Speaker Name Dr. Eng. Bahaa Hasan
Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Best Practice In Data Security
More informationInstructions 1. Elevation of Privilege Instructions. Draw a diagram of the system you want to threat model before you deal the cards.
Instructions 1 Elevation of Privilege Instructions Draw a diagram of the system you want to threat model before you deal the cards. Deal the deck to 3 6 players. Play starts with the 3 of Tampering. Play
More informationISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :
ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a
More informationFull file at https://fratstock.eu
Solutions Manual Introduction to Computer Security Version 1.1 M. T. Goodrich and R. Tamassia December 20, 2010 1 Terms of Use This manual contains solutions for selected exercises in the book Introduction
More informationCryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 0 Reader s s Guide The art of war teaches us to rely
More informationCIS 4360 Secure Computer Systems Applied Cryptography
CIS 4360 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2017 Symmetric vs. Asymmetric Cryptography Symmetric cipher is much faster With asymmetric ciphers, you can post your Public
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More informationcs642 /introduction computer security adam everspaugh
cs642 computer security /introduction adam everspaugh ace@cs.wisc.edu definition Computer Security := understanding and improving the behavior of computing systems in the presence of adversaries adversaries
More informationCyber Security Issues
RHC Summit 6/9/2017 Cyber Security Issues Dennis E. Leber CISO CHFS Why is it Important? Required by Law Good Business Strategy Right Thing to Do Why is it Important? According to Bitglass' 2017 Healthcare
More informationENEE 457: Computer Systems Security 8/27/18. Lecture 1 Introduction to Computer Systems Security
ENEE 457: Computer Systems Security 8/27/18 Lecture 1 Introduction to Computer Systems Security Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland,
More information2.1 Basic Cryptography Concepts
ENEE739B Fall 2005 Part 2 Secure Media Communications 2.1 Basic Cryptography Concepts Min Wu Electrical and Computer Engineering University of Maryland, College Park Outline: Basic Security/Crypto Concepts
More informationApplication Layer Security
Application Layer Security General overview Ma. Angel Marquez Andrade Benefits of web Applications: No need to distribute separate client software Changes to the interface take effect immediately Client-side
More informationCS 161: Computer Security
CS 161: Computer Security http://inst.eecs.berkeley.edu/~cs161/ January 16, 2017 ROOM FIRE CODE Prof. Raluca Ada Popa And a team of a talented TAs Head TAs: Keyhan and Won and talented readers Jianan Lu
More informationMORGAN STATE UNIVERSITY DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING COURSE SYLLABUS FALL, 2015
MORGAN STATE UNIVERSITY DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING COURSE SYLLABUS FALL, 2015 CATALOG DESCRIPTION ONLINE EEGR.483 INTRODUCTION TO SECURITY MANAGEMENT CREDITS: 3 THIS COURSE IS A
More informationInstructor: Eric Rettke Phone: (every few days)
Instructor: Eric Rettke Phone: 818 364-7775 email: rettkeeg@lamission.edu (every few days) Fall 2016 Computer Science 411 - Principles of Cyber Security 1 Please keep a copy of the syllabus handy for the
More informationSE420 Software Quality Assurance
SE420 Software Quality Assurance Encryption Backgrounder September 5, 2014 Sam Siewert Encryption - Substitution Re-map Alphabet, 1-to-1 and On-to (function) A B C D E F G H I J K L M N O P Q R S T U V
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 1 Introduction
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 1 Introduction Questions Who is studying? Bachelor Informatics? / Information Sciences
More informationEXAMINATION [The sum of points equals to 100]
Student name and surname: Student ID: EXAMINATION [The sum of points equals to 100] PART I: Meeting Scheduling example Description: Electronic meeting Scheduling system helps meeting initiator to schedule
More informationThreat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017
Threat analysis Tuomas Aura CS-C3130 Information security Aalto University, autumn 2017 Outline What is security Threat analysis Threat modeling example Systematic threat modeling 2 WHAT IS SECURITY 3
More informationSecurity issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
More informationWeb Tap Payment Authentication and Encryption With Zero Customer Effort
Web Tap Payment Authentication and Encryption With Zero Customer Effort Henry Ng Tap-Card-Pay Systems Corporation, Vancouver BC V5X3Y3, Canada henryng@tapcardpay.com Abstract. We propose a public-key authentication
More informationMeeting the Meaningful Use Security and Privacy Measure
Meeting the Meaningful Use Security and Privacy Measure Meeting the MU Security Measure a risk analysis Complete a risk management assessment Implement an Employee Training Program and Employee Sanction
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 1 Introduction to Network Security Questions Who is studying? Bachelor Informatics?
More informationDepartment of Computer & Information Sciences. CSCI-342: Introduction to Information Security Syllabus
Department of Computer & Information Sciences CSCI-342: Introduction to Information Security Syllabus Course Description This course provides an introduction to the various basic technical and administrative
More informationOnion Routing. Submitted By, Harikrishnan S Ramji Nagariya Sai Sambhu J
Onion Routing Submitted By, Harikrishnan S Ramji Nagariya Sai Sambhu J Motivation Public Network Encryption does not hide Routing Information Traffic Analysis Who is Talking to Whom? by analyzing the traffic
More informationCompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals
CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals This course contains copyrighted material used by permission of Logical Operations, Inc. Slide 1 Course 01: Security Fundamentals The Information
More informationHIPAA Enforcement Training for State Attorneys General
: HIPAA Security Fundamentals HIPAA Enforcement Training for State Attorneys General Module Introduction : Introduction This module discusses: The three objectives of health information security confidentiality
More informationNETWORK SECURITY & CRYPTOGRAPHY
Assignment for IT Applications in Management Project On NETWORK SECURITY & CRYPTOGRAPHY Course Instructor Submitted By: Mr. ANIL KUMAR ROHIT BARVE 2013240 Section E PGDM 2013-15 Table of Contents Chapter
More informationCSE 127: Computer Security. Security Concepts. Kirill Levchenko
CSE 127: Computer Security Security Concepts Kirill Levchenko October 3, 2014 Computer Security Protection of systems against an adversary Secrecy: Can t view protected information Integrity: Can t modify
More informationHOLY ANGEL UNIVERSITY COLLEGE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY CYBER SECURITY COURSE SYLLABUS
HOLY ANGEL UNIVERSITY LLEGE OF INFORMATION AND MMUNICATIONS TECHNOLOGY CYBER SECURITY URSE SYLLABUS Course Code : 6CSEC Prerequisite : 6MPRO2L Course Credit : 3 Units (2 hours LEC,3 hours LAB) Year Level:
More informationCT30A8800 Secured communications
CT30A8800 Secured communications Pekka Jäppinen September 11, 2007 Pekka Jäppinen, Lappeenranta University of Technology: September 11, 2007 General Ti5318800 Secured Communications Lecturer: Pekka Jäppinen
More informationModule Certification and Testing
Module 20 Certification and Testing Certification and Testing Certification requirements The certification exam Online Timed Instant scoring Score required for certification Taking the exam Receiving your
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (1 st Week) Outline Course Information and Policies Course Syllabus 1. Overview Course Information Instructor: Prof. Dr. Hasan H. BALIK, balik@yildiz.edu.tr,
More informationCSE 3482 Introduction to Computer Security. Introduction to Information/Computer Security
CSE 3482 Introduction to Computer Security Introduction to Information/Computer Security Instructor: N. Vlajic, Winter 2017 Learning Objectives Upon completion of this material, you should be able to:
More informationCloud Security, Mobility and Current Threats. Tristan Watkins, Head of Research and Innovation
Cloud Security, Mobility and Current Threats Tristan Watkins, Head of Research and Innovation Threat Landscape Verizon Data Breach Investigations Report Verizon DBIR: Threat actors and actions Verizon
More informationIntroduction to Security
CS 166: Information Security Introduction to Security Prof. Tom Austin San José State University Why should we learn about information security? Computer Security in the News Computer Crime for Fun & Profit
More informationHomework 5: Exam Review
CIS 331 April 18, 2017 Introduction to Networks & Security Homework 5: Exam Review Homework 5: Exam Review This homework is due Wednesday, April 26 at 10 p.m.. You will have a budget of five late days
More informationSecurity and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models
CS 645 Security and Privacy in Computer Systems Lecture 7 The Kerberos authentication system Last Week Security policy, security models, trust Access control models The Bell-La Padula (BLP) model The Biba
More information18-642: Security Pitfalls
18-642: Security Pitfalls 4/18/2018 "On two occasions I have been asked [by members of Parliament]: 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am
More information1/11/11. o Syllabus o Assignments o News o Lecture notes (also on Blackboard)
Dr. Jelena Mirkovic (Y-Ellen-a) University of Southern California Information Sciences Institute If you wish to enroll and do not have D clearance yet, send an email to CSci530@usc.edu with: o Your name
More informationLecture 3 - Passwords and Authentication
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 3 - Passwords and Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor
More informationUses of Cryptography
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Page 1 Cryptography and Secrecy Pretty obvious Only those knowing the proper keys can
More informationNätverkssäkerhet DD2495
F1 - Introduction Nätverkssäkerhet DD2495 Lärare Kursmoment Introduktion Föreläsningsplan Lärare Johan Karlander Karl Palmskog, labb och gästföreläsning Oleksandr Bodriagov, labb Siavash Soleimanifard
More informationExperiences with practice-focused undergraduate security education
Experiences with practice-focused undergraduate security education Robert L. Fanelli and Terrence J. O Connor Department Electrical Engineering and Computer Science United States Military Academy, West
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationISO/IEC Common Criteria. Threat Categories
ISO/IEC 15408 Common Criteria Threat Categories 2005 Bar Biszick-Lockwood / QualityIT Redmond, WA 2003 Purpose This presentation introduces you to the threat categories contained in ISO/IEC 15408, used
More informationInformation Security for Mail Processing/Mail Handling Equipment
Information Security for Mail Processing/Mail Handling Equipment Handbook AS-805-G March 2004 Transmittal Letter Explanation Increasing security across all forms of technology is an integral part of the
More informationAdvisory: Students should have already taken MICROCOMPUTER APPLICATIONS II - 431
Cyber Security I - CoSci 411 Los Angeles Mission College - Spring 2018 Instructor: Javier Rios E-mail: rios.javier@gmail.com E-mail communications will be will receive a response within 24 hours. Advisory:
More informationSecurity: Focus of Control
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationIs your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner
Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial
More informationIssues. Separation of. Distributed system security. Security services. Security policies. Security mechanism
Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system
More informationSecurity Fundamentals
COMP 150-IDS: Internet Scale Distributed Systems (Spring 2015) Security Fundamentals Noah Mendelsohn Tufts University Email: noah@cs.tufts.edu Web: http://www.cs.tufts.edu/~noah Copyright 2012 & 2015 Noah
More informationCSE Computer Security (Fall 2007)
CSE 543 - Computer Security (Fall 2007) Lecture 1 - Introduction Professor: Trent Jaeger URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ Some bedtime stories This course We are going to explore why these
More informationSecurity Threats and Defense Models in EPON
Security Threats and Defense Models in EPON Olli-Pekka Hiironen and Antti Pietiläinen, kia Ali Abaye, Centillium Onn Haran, Passave 1 P2MP_threat_model Two cases Fiber to the home (FTTH) It is assumed
More informationSSAC Public Meeting Paris. 24 June 2008
SSAC Public Meeting Paris 1 in Phishing Attacks 2 What is? A phishing attack The attacker impersonates a registrar The phish emails are sent to The registrar's customers (bulk) A particular, targeted customer
More informationLecture 3 - Passwords and Authentication
Lecture 3 - Passwords and Authentication CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 What is authentication? Reliably verifying
More informationSMart esolutions Information Security
Information Security Agenda What are SMart esolutions? What is Information Security? Definitions SMart esolutions Security Features Frequently Asked Questions 12/6/2004 2 What are SMart esolutions? SMart
More informationCS Final Exam
CS 600.443 Final Exam Name: This exam is closed book and closed notes. You are required to do this completely on your own without any help from anybody else. Feel free to write on the back of any page
More informationInformation Security CS 526
Information Security CS 526 Topic 7: User Authentication CS526 Topic 7: User Authentication 1 Readings for This Lecture Wikipedia Password Password strength Salt_(cryptography) Password cracking Trusted
More informationCS 425 / ECE 428 Distributed Systems Fall 2017
CS 425 / ECE 428 Distributed Systems Fall 2017 Indranil Gupta (Indy) Dec 5, 2017 Lecture 27: Security All slides IG Security Threats Leakage Unauthorized access to service or data E.g., Someone knows your
More informationITT Technical Institute. CS420 Application Security Onsite Course SYLLABUS
ITT Technical Institute CS420 Application Security Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites:
More informationHUMAN FACTORS IN INDUSTRIAL CYBER SECURITY
HUMAN FACTORS IN INDUSTRIAL CYBER SECURITY by Paul Baybutt, Primatech Inc. Presented at the ISA Industrial Network and Systems Security Symposium, Houston, October, 2004 paulb@primatech.com www.primatech.com
More informationT Salausjärjestelmät (Cryptosystems) Introduction to the second part of the course. Outline. What we'll cover. Requirements and design issues
T-110.470 Salausjärjestelmät (Cryptosystems) Requirements and design issues Introduction to the second part of the course 25.10.2004 1 3 Outline What we'll cover Introduction to the second part of the
More informationDigital Forensics ITP 375 (3 Units)
Digital Forensics ITP 375 (3 Units) Description In 2007, the FBI reported that over 200 major companies reported a loss of over 60 million dollars due to computer crime. Computers are becoming more of
More informationThreat Assessment Summary. e-voting, Admin, and pvoting TOE s
Threat Assessment Summary e-voting, Admin, and pvoting TOE s, 2011 Page 1 of 22 Source Code, High Level Architecture Documentation and Common Criteria Documentation Copyright (C) 2010-2011 and ownership
More informationCSE484 Final Study Guide
CSE484 Final Study Guide Winter 2013 NOTE: This study guide presents a list of ideas and topics that the TAs find useful to know, and may not represent all the topics that could appear on the final exam.
More informationLecture Note 6 KEY MANAGEMENT. Sourav Mukhopadhyay
Lecture Note 6 KEY MANAGEMENT Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Key Management There are actually two distinct aspects to the use of public-key encryption in this regard:
More informationAuthentication CS 4720 Mobile Application Development
Authentication Mobile Application Development System Security Human: social engineering attacks Physical: steal the server itself Network: treat your server like a 2 year old Operating System: the war
More informationCryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols
More informationData locations. For our hosted(saas) solution the servers are located in Dallas(USA), London(UK), Sydney(Australia) and Frankfurt(Germany).
Privacy Policy This privacy policy explains how EyeQuestion Software (Logic8 BV) handles your personal information and data. This policy applies to all the products, services and websites offered by EyeQuestion
More informationCyber Challenges and Acquisition One Corporate View
Sentar Inc 315 Wynn Dr Huntsville, AL 35805 256-430-0860 www.sentar.com Cyber Challenges and Acquisition One Corporate View Defense Acquisition University Conference Huntsville, AL February 22-23, 2011
More informationIntroduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?
Introduction Controlling Information Systems When computer systems fail to work as required, firms that depend heavily on them experience a serious loss of business function. M7011 Peter Lo 2005 1 M7011
More informationNetwork Security Issues and Cryptography
Network Security Issues and Cryptography PriyaTrivedi 1, Sanya Harneja 2 1 Information Technology, Maharishi Dayanand University Farrukhnagar, Gurgaon, Haryana, India 2 Information Technology, Maharishi
More informationSecure Programming. Course material Introduction. 3 Course material. 4 Contents
2 Course material 1 Secure Programming Introduction Ahmet Burak Can Hacettepe University Counter Hack Reloaded:A Step-by- Step Guide to Computer Attacks and Effective Defenses, Edward Skoudis, Tom Liston,
More informationSecure Programming. Introduction. Ahmet Burak Can Hacettepe University
Secure Programming Introduction 1 Ahmet Burak Can Hacettepe University 2 Course material Counter Hack Reloaded:A Step-by- Step Guide to Computer Attacks and Effective Defenses, Edward Skoudis, Tom Liston,
More informationTest Conditions. Closed book, closed notes, no calculator, no laptop just brains 75 minutes. Steven M. Bellovin October 19,
Test Conditions Closed book, closed notes, no calculator, no laptop just brains 75 minutes Steven M. Bellovin October 19, 2005 1 Form 8 questions I m not asking you to write programs or even pseudo-code
More informationAuthentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1
Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 CIA Triad Confidentiality Prevent disclosure of information to unauthorized parties Integrity Detect data tampering Availability
More information5-899 / Usable Privacy and Security Text Passwords Lecture by Sasha Romanosky Scribe notes by Ponnurangam K March 30, 2006
5-899 / 17-500 Usable Privacy and Security Text Passwords Lecture by Sasha Romanosky Scribe notes by Ponnurangam K March 30, 2006 1 Topics covered Authentication and authorization Pass-sentences, pass-phrases
More informationIntroduction Privacy, Security and Risk Management. What Healthcare Organizations Need to Know
Introduction Privacy, Security and Risk Management What Healthcare Organizations Need to Know Agenda I. Privacy, Security and Confidentiality Definitions in a Healthcare Context Patient Privacy concerns
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More information