m u h j g ¾ Þ ó b x ¾ Þ ó b ¾ Þ ó b Ä ¾ Þ ó b · 2020-04-15 · •w # • Ü { Ñ v...

of 42 /42
Information Security Engineering 2017.09.13 Huiping Sun(ణଘ) [email protected] 课程简介

Upload: others

Post on 19-May-2020

8 views

Category:

Documents


0 download

TRANSCRIPT

Information Security Engineering

2017.09.13

Huiping Sun( )[email protected]

课程简介

••••••

课程内容

•••• CAPTCHA

[email protected]

• sunhp.org

• 1 1530E

教师信息Course Overview

•✴ 8 11

✴ 3305

✴ 01712720

✴ sunhp.org/ise2017

•✴ 60

✴ 40

课程信息Course Overview

Ross Anderson.

Security Engineering

Second Edition

Wiley. 2008

课程教材

http://www.cl.cam.ac.uk/~rja14/book.html

Course Overview

安全是什么?

http://en.wikipedia.org/wiki/Security

• “ ” “ ” “

• “ ”

• vs.

Course Overview

• Security engineering is about building system to remain dependable in the face of malice, error, or mischance. As a discipline, it focus on the tools, process, and methods needed to design, implement, and test complete systems, and to adapt existing systems as their environment evolves.

• Security engineering requires cross-disciplinary expertise, ranging from cryptography and computer security through hardware tamper-resistance and formal methods to knowledge of economics, applied psychology, organisations and the law.

信息安全工程Course Overview

经济学 >>>> 信息安全

•••••• … …

信息安全:技术视角 vs 经济学视角

••• /

• … …

InfoSecEcon

•• (adverse selection) (moral

hazard) (bad money drives out good)

信息不对称

• 2001

• 1970

InfoSecEcon

柠檬市场

• (peach) (lemon)

• peach lemon

>> << >> <<

peach lemon

peach lemon

peach lemon

peach

lemon lemon

InfoSecEcon

信息安全柠檬市场

••

>> << >> <<

InfoSecEcon

Metcalfe法则

3Com

InfoSecEcon

•••

两个例子InfoSecEcon

•••••

什么时间考虑信息安全

••••

InfoSecEcon

心理学 >>>> 信息安全

信息安全中

人 是最弱的一环!

社会工程学Weakest Link

2002 2010

网络钓鱼

Bank A

Fake Site

pwdA pwdA

• 2003

• 2006 2

Weakest Link

人际交流改变

•✴

•✴

IM

Weakest Link

人的能力是有限的!

人是会犯错误的!

人与人是不同的!

手机解锁Weakest Link

心理学基础

• Recall

• Recognition

• Cured Recall

Dual Coding Theory

Recognition is an easier memory task than recall

With the aid of a retrieval cue, more information can be retrieved

Weakest Link

社会学 >>>> 信息安全

信任是社会交互的 润滑剂

World type

High

LowEarthHell Paradise

Trust importance

信誉、信任、互利Reputation

Reputation

Trust Reciprocity Net Benefit

••

Be nice to others who are nice to

youTit-for-tat

Google ScholarReputation

eBayOnline Reputation

主要应用Online Reputation

• Mooc

• … …

人工智能 >>>> 信息安全

图灵测试 vs 反向图灵测试AISec

1950Computing Machinery and Intelligence

http://en.wikipedia.org/wiki/Turing_test

Luis von Ahn

• Carnegie Mellon University

✴Luis von Ahn

✴Manuel Blum

✴Nicholas J.Hoper

✴John Langford

duolingo.com

http://vonahn.blogspot.com/

http://video.google.com/videoplay?docid=-8246463980976635143

2000

2005

HumanComputing

2007

2006

2011

2008

capture

AISec

ReCAPTCHA

http://www.google.com/recaptcha

OCR

AISec

NoCAPTCHAAISec

Amazon Mechanical Turk

Mechanical Turk 18

AISec

Amazon

Mechanical Turk

大数据 >>>> 信息安全

数字技术威胁BigData

•✴✴✴✴

•✴

•✴

1965

>

25T 450 IPod10 20

设备指纹

Identification

http://browserspy.dk/

http://noc.to/

BigData

窃听风暴

• 1984

• 2004

• 1800 600

• 28 6 9 1 175

http://en.wikipedia.org/wiki/Stasihttp://en.wikipedia.org/wiki/The_Lives_of_Others

BigData

课程内容

AI