ENEE 457: Computer Systems Security 8/27/18. Lecture 1 Introduction to Computer Systems Security

Similar documents
CSCD18: Computer Graphics. Instructor: Leonid Sigal

CS 361S - Network Security and Privacy Spring Homework #1

ECE573 Introduction to Compilers & Translators

1/11/11. o Syllabus o Assignments o News o Lecture notes (also on Blackboard)

AIT 682: Network and Systems Security. Instructor: Dr. Kun Sun

CS 241 Data Organization using C

Introduction to Cryptology ENEE 459E/CMSC 498R. Lecture 1 1/26/2017

Instructor: Eric Rettke Phone: (every few days)

CSCD 330 Network Programming Spring Lecture 1 - Course Details

Intro. to Computer Network

ENEE 457: Computer Systems Security. Lecture 16 Buffer Overflow Attacks

Network Security

CS 134: Elements of Cryptography and Computer + Network Security Winter sconce.ics.uci.edu/134-w16/ CS 134 Background

Syllabus CSCI 405 Operating Systems Fall 2018

Lecture 3: Symmetric Key Encryption

ENEE 457: Computer Systems Security 09/12/16. Lecture 4 Symmetric Key Encryption II: Security Definitions and Practical Constructions

Announcements. 1. Forms to return today after class:

CMSC 132: Object-Oriented Programming II. Administrivia

Lab 3. Getting Started with Outlook 2007 (Chapter 2) CS131 Software for Personal Computing Estimated Time: 1 2 hours

Central Washington University Department of Computer Science Course Syllabus

Syllabus COSC-051-x - Computer Science I Fall Office Hours: Daily hours will be entered on Course calendar (or by appointment)

CS 3030 Scripting Languages Syllabus

CS475 Network and Information Security

COMPUTER NETWORK SECURITY

CASPER COLLEGE COURSE SYLLABUS MSFT 1600 Managing Microsoft Exchange Server 2003 Semester/Year: Fall 2007

IT443 Network Security Administration Spring Gabriel Ghinita University of Massachusetts at Boston

Project 3: Network Security

VE281 Data Structures and Algorithms. Introduction and Asymptotic Algorithm Analysis

CMSC433 - Programming Language Technologies and Paradigms. Introduction

San José State University School/Department Computer Science 265: Cryptography and Computer Security, Fall 2017

Data Structures and OO Development II

Homework 1 CS161 Computer Security, Spring 2008 Assigned 2/4/08 Due 2/13/08

Advanced Distributed Algorithms and Data Structures. Christian Scheideler Institut für Informatik Universität Paderborn

Homework 5: Exam Review

I. PREREQUISITE For information regarding prerequisites for this course, please refer to the Academic Course Catalog.

HOLY ANGEL UNIVERSITY COLLEGE OF INFORMATION AND COMMUNICATIONS TECHNOLOGY CYBER SECURITY COURSE SYLLABUS

1-7 Attacks on Cryptosystems

CSE 484 / CSE M 584: Computer Security and Privacy. Web Security. Autumn Tadayoshi (Yoshi) Kohno

CS 0449 Intro to Systems Software Fall Term: 2181

Intro. to Computer Network

Oklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017

CS 170 Algorithms Fall 2014 David Wagner HW12. Due Dec. 5, 6:00pm

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

CS 241 Data Organization. August 21, 2018

Math 183 Statistical Methods

COMP251: Algorithms and Data Structures. Jérôme Waldispühl School of Computer Science McGill University

University of Maryland at College Park Department of Geographical Sciences GEOG 477/ GEOG777: Mobile GIS Development

San José State University Computer Science Department CS49J, Section 3, Programming in Java, Fall 2015

CS 111: Programming Fundamentals II

Data Structures and Algorithms

NOTE: This syllabus is subject to change during the semester. Please check this syllabus on a regular basis for any updates.

CSCI 680: Computer & Network Security

Announcements. More Announcements. Brief History of Networking. How does a computer send messages over the Internet? 12/7/11

Internet Web Technologies ITP 104 (2 Units)

Bank Infrastructure - Video - 1

Security and Authentication

CS682 Advanced Security Topics

CS 375 UNIX System Programming Spring 2014 Syllabus

Welcome to Solving Problems with Computers I

MORGAN STATE UNIVERSITY DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING COURSE SYLLABUS FALL, 2015

CSE 167: Introduction to Computer Graphics. Jürgen P. Schulze, Ph.D. University of California, San Diego Fall Quarter 2016

CS 520 Theory and Practice of Software Engineering Fall 2017

CMSC Introduction to Database Systems

ISA 564 SECURITY LAB. Introduction & Class Mechanics. Angelos Stavrou, George Mason University

Systems and Network Security (NETW-1002)

San José State University Computer Science CS 122 Advanced Python Programming Spring 2018

Define information security Define security as process, not point product.

San Jose State University - Department of Computer Science

BOSTON UNIVERSITY Metropolitan College MET CS342 Data Structures with Java Dr. V.Shtern (Fall 2011) Course Syllabus

CS 240 Fall 2015 Section 004. Alvin Chao, Professor

Data Structures and Algorithms

CS 3270 Mobile Development for Android Syllabus

CS 3813/718 Fall Python Programming. Professor Liang Huang.

CSci530 Final Exam. Fall 2011

CS535: Interactive Computer Graphics

CSC 443: Web Programming

CS342 Operating Systems

CSC 4992 Cyber Security Practice

Online Registration. CAPP courses are actual UW Oshkosh college courses!

Intro. to Computer Network. Course Reading. Class Resources. Important Info.

San José State University Department of Computer Science CS-174, Server-side Web Programming, Section 2, Spring 2018

Operating Systems, Spring 2015 Course Syllabus

Computer Science Department

CS380: Computer Graphics Introduction. Sung-Eui Yoon ( 윤성의 ) Course URL:

ECE 156A - Syllabus. Description

CSc 2310 Principles of Programming (Java) Jyoti Islam

CSC 256/456: Operating Systems. Introduction. John Criswell! University of Rochester

Outline. Intro. Week 1, Fri Jan 4. What is CG used for? What is Computer Graphics? University of British Columbia CPSC 314 Computer Graphics Jan 2013

Intro. Week 1, Fri Jan 4

Network Security - ISA 656 Review

ITSY Information Technology Security Course Syllabus Spring 2018

FIT3056 Secure and trusted software systems. Unit Guide. Semester 2, 2010

Computer Security Spring Assignment 4. The purpose of this assignment is to gain experience in network security and network attacks.

Spring 2018 El Camino College E. Ambrosio. Course Syllabus

Network Fundamentals and Design Fall Semester 2014

CSE 167: Introduction to Computer Graphics. Jürgen P. Schulze, Ph.D. University of California, San Diego Fall Quarter 2013

CS 525 Advanced Database Organization - Spring 2017 Mon + Wed 1:50-3:05 PM, Room: Stuart Building 111

Beijing Jiaotong University CS-23: C++ Programming Summer, 2019 Course Syllabus

CSci Introduction to Operating Systems. Administrivia, Intro

Lecture 4: Symmetric Key Encryption

Transcription:

ENEE 457: Computer Systems Security 8/27/18 Lecture 1 Introduction to Computer Systems Security Charalampos (Babis) Papamanthou Department of Electrical and Computer Engineering University of Maryland, College Park

Outline Definition of Computer Systems Security Common threats and defenses facing computer systems today Class logistics Some attacks that have taken place in the real world

What is Computer Systems Security? write software that is not only functional but

works even when malicious players interact with it

In the beginning What does this mean?

Now? What does this mean?

Threat #1: Eavesdropping of information The interception of information intended for someone else during its transmission over a communication channel DEFENSE? https://sela.io/pgp/ https://keybase.io/cpap/key.asc

Threat #2: Alteration of information Unauthorized modification of information Example: the man-in-the-middle attack, where a network stream is intercepted, modified, and retransmitted DEFENSE?

Threat #3: Software bugs Code has some bugs that do no affect functionality but can be exploited by an attacker Example: Some application code is mistakenly using an algorithm for encryption that has been broken Example: There is no checking of array bounds DEFENSE?

Threat # 4: Denial of service The interruption or degradation of a data service or information access Example: email spam, to the degree that it is meant to simply fill up a mail queue and slow down an email server DEFENSE?

Threat # 5: Breaking passwords Defenses?

Threat #6: Sensitive data in the cloud Storing files in the cloud. Cloud gets to access data. How do we make sure cloud does not get to see data (e.g., Gmail)? DEFENSE? We have 1,000 files and we encrypt them and then we store them in the cloud. While not the cloud cannot see the content, it can see the access patterns. How do we prevent that? E.g., Imagive we run the program: If secret = 1 access A[5], else access A[19]; Case study: Use a new protocol to access files (known as oblivious RAM). Read here

Organization Class webpage http://enee457.github.io Two lectures per week, MW 11am 12.15 pm Professor Charalampos (Babis) Papamanthou (cpap@umd.edu) Office hours: Mon 12:30pm-2pm, AVW 3409 www.ece.umd.edu/~cpap TAs Xinyu Zhou (xyzhou@terpmail.umd.edu) and Shravan Srinivasan (sshravan@cs.umd.edu) Office hours: TBD VERY IMPORTANT: GO TO THE TA SYSTEMATICALLY

Grading Final grade 5 homeworks (20%) 5 programming assignments (30%) 1 Build-it-Break-It project (10%) Midterm (10%): Wed Oct 17 in class Final (25%): Fri Dec 16 in class (from 8am to 10am) In class presentation of security vulnerabilities (5%) --- we need 10 groups Extra credit (research project) (up to 10%): Implement E2E plugin for Gmail. Pls email Tas. Lectures will be published on the webpage after class Homeworks and programming assignments will be published on the class webpage, but should be submitted through Canvas No late homework submissions will be accepted Discussions will be managed at Canvas

Grading Final grade >90% A-,A,A+ >80% B-,B,B+ >70% C-,C,C+ >60% D-,D,D+ Do not assume that there will be a curve

Prerequisites, CS classes and programming ENEE150 or CMSC132 IMPORTANT: If you have taken CMSC414 in the past, I STRONGLY RECOMMEND AGAINST TAKING THIS CLASS MORE IMPORTANT: If you are currently taking CMSC414, please drop one of either CMSC414 or ENEE457 The course will have a significant programming component Sample programming projects (FUN, FUN, FUN): Writing code to break an encryption algorithm that I am going to give you Writing code to log into a server (without credentials) which will be running a buggy version of Linux Inspecting buggy code that I will give you and try to exploit its vulnerabilities Writing code to crack passwords Knowledge of algorithms and data structures is desirable

Readings Most of the class will be based on the following textbooks (GT) and (KL): We are going to be using the board too, so it is advisable you keep notes as well The library has copies of the book

Other readings Other recommended readings are (WS) and (KPC)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback