cis 4930/6930: systems security instructor: xinming “simon” ou ta: xiaolong “daniel” wang...
TRANSCRIPT
CIS 4930/6930:Systems Security
Instructor: Xinming “Simon” Ou
TA: Xiaolong “Daniel” Wang
Class time: MW 2-3:15
1
Logistics
• Course website: ???
where you can find– Lecture slides– Programming assignments and homework– Reading materials
2
Logistics - continued
• Communications– A facebook group will be created and you will
be invited to join. Feel free to post your questions/comments/ideas attendant to the course.
– Course announcements will be made through emails. Questions to instructor and TA must be sent through emails to guarantee a response.
3
What is this course about?
• Provide a comprehensive treatment of computer system security– Attackers do not play by any rules– How protection mechanisms in OS can help
mitigate attacks– Different types of OS protections– Utilizing special hardware for security
• Cover both defense and offense aspects• Cover both theory and practice
4
Topics
• Common attack techniques
• OS protection mechanisms
• Mandatory access control
• Capability systems
• Trusted computing
• Device security
• Cloud security
5
Tasks
• Lectures• Readings• Assignments (about one per week)
– Homework– Programming projects
• Exams– Midterm and Final
6
Grades
7
Homework and projects: 50%
Exams: 40%
Class participation: 10%
CIS4930 and CIS6930 graded separately
Collaboration Policy
• Exams: no collaboration
• Homework and programming assignments: discussion with other students OK, but must indicate who you discussed with in your submission
8
Class Participation (CIS 6930)
• Everyone must present one reading assignment (5 pts).– Order will be sent through email– One week to finish reading and prepare for a
20-min presentation in class
• Students not presenting participate in the discussion (e.g., asking questions) (5 pts).– We will also ask you questions during the
presentation9
Class Participation (CIS 4930)
• Participate in the class discussion (e.g., asking questions during lectures and paper presentations) (10 pts).– We will also ask you questions
10
What is Security?
• Classical definition:– Confidentiality– Integrity– Availability
• Security is the prevention of threats from causing undesired effects– Threat model is important: who are your
adversaries? What is at stake?
11
Can we have absolute security?
• Security is always a trade off between cost and risks
• Threat model:– Who are the adversaries?– What are their motivations?– How capable are they?– How much risk can they afford?
• Effectiveness of countermeasures:– How much risk is reduced for users?– How much inconvenience is incurred on users?– How much risk is increased for adversaries?
12
Example1: Spam Emails
• Which one of C,I,A does this problem fall into?
• What is the threat model?
• What are possible counter measures?
13
Example 2
14
It is a Human Problem
• Security is as much a social, organizational, and economic problem as it is a technical problem– Incentives for good behaviors vs. bad
behaviors– Technologies contribute to/help address the
problem
15
What do you mean by “System Security”
• “System” is a platform on which various applications function.– In most cases you can think of it as OS
• A system provides various protection mechanisms for the applications within it.– Protection is closely related to security,
although not the same.
16