Lecture 1 Page 1 CS 239, Fall 2010 Introduction CS 239 Advanced Topics in Computer Security Peter...
-
Upload
osborne-morton -
Category
Documents
-
view
214 -
download
1
Transcript of Lecture 1 Page 1 CS 239, Fall 2010 Introduction CS 239 Advanced Topics in Computer Security Peter...
Lecture 1Page 1CS 239, Fall 2010
IntroductionCS 239
Advanced Topics in Computer Security
Peter ReiherSeptember 23, 2010
Lecture 1Page 2CS 239, Fall 2010
Outline
• Subject of class
• Class topics and organization
• Reading material
• Class web page
• Grading
• Projects
• Office hours
Lecture 1Page 3CS 239, Fall 2010
Subject of Class
• Problems and solutions in computer security• Concentrating on unsolved problems and
recent research• Covering networks, systems, other aspects
of computer security– Including privacy
• Intended for students with serious research interest in security
Lecture 1Page 4CS 239, Fall 2010
Class Organization
• Graduate level seminar class
• Concerning topics of ongoing research in security
• Based around group discussions
– Not formal lectures
Lecture 1Page 5CS 239, Fall 2010
A Typical Class
• Someone (usually one of you) will spend 15-20 minutes outlining a topic
• Remainder of class will be spent discussing it
• Whoever presented it should lead discussion
• Generally, everyone will lead a discussion at some point
Lecture 1Page 6CS 239, Fall 2010
Topics to Be Covered
• Many of the following:– Taint tracking– Distributed denial of service attacks– Privacy and social networking– TPM and related technologies– Malware for portable devices– Botnets– Security for ubiquitous computing– Security versus usability
Lecture 1Page 7CS 239, Fall 2010
More Topics
– BGP security– DNS security– Cyberwarfare and cyber-deterrence– Novel hardware attacks (e.g., cold boot, firmware
attacks)– Privacy and data mining– Security education– Web security– Internet tools for privacy
Lecture 1Page 8CS 239, Fall 2010
Yet More Topics– Measuring security– Data provenance tracking– Attack attribution– Insider threat detection– Trust– Novel access control mechanisms– Biometric authentication– Security for vehicular networks– Analyzing malware
Lecture 1Page 9CS 239, Fall 2010
And a Few More Topics
– Virtual machine approaches to security– Security for cloud computing– Preventing information leaks– Social engineering and defenses against it– Computer forensics
• Not intended as an exhaustive list
– Your favorite topic might be added
Lecture 1Page 10CS 239, Fall 2010
Assigning Topics• Nineteen total classes, counting today• I’ll take the next two classes• One day for midterm• Two days for project presentations• That leaves 13 more classes• 2 students lead discussion on some topic• To be decided by the end of second class• First come, first served
Lecture 1Page 11CS 239, Fall 2010
Reading Material
• No textbook• 2-4 papers for each class
– Some selected by me– Some by class leader
• Papers will be made available on class web page
• In some cases, web pages may be used instead of papers
Lecture 1Page 12CS 239, Fall 2010
Class Web Page
• http://www.lasr.cs.ucla.edu/classes/239_1.fall10
• Will show class schedule
• And list papers for each class
– With links to them
• Other useful information also there
Lecture 1Page 13CS 239, Fall 2010
Grading
• 20% midterm
• 40% class participation
• 40% project
• No final exam
Lecture 1Page 14CS 239, Fall 2010
Midterm Exam
• Essay questions based on material in first half of class
• Probably three questions
• Open notes
– Including papers
Lecture 1Page 15CS 239, Fall 2010
Class Participation
• Covers both class you lead (15%) and participation in other classes (25%)
• Not graded on brilliance• But on involvement and ability to
contribute to discussion• If you can’t regularly attend this class,
you won’t do well in it
Lecture 1Page 16CS 239, Fall 2010
Leading a Class Discussion
• Should focus on:– Analysis of the problem– Critiques of existing solutions– Suggested improvements to those
• Or new solution approaches• Think of it as being part of a research team
looking at this problem• Goal is to spark a discussion
– Not to spend two hours reviewing the papers that were assigned
Lecture 1Page 17CS 239, Fall 2010
Slides for Presentations
• Not required, but a good idea
• If possible, send them to me ahead of time
– So I can post them on the web page
• I’ll bring a projector to every class
Lecture 1Page 18CS 239, Fall 2010
Class Projects
• Half of your grade
• Group projects (2-4 people)
• On some topic involving network security
• Must be a research topic
– Not just implementing known stuff
Lecture 1Page 19CS 239, Fall 2010
Project Proposals
• Project proposals due at end of 4th week of class (October 15)
• 1-page summary of what you want to do
• Can be submitted as hard copy or email• Not graded, but required
Lecture 1Page 20CS 239, Fall 2010
Project Status Reports
• Due at end of 7th week of classes (November 5)
• 1-3 page summaries of the progress you’ve made to that date– Hint: there should be some
• Hard copy or email OK• Not graded, but required
Lecture 1Page 21CS 239, Fall 2010
Project Presentation
• Last two class days reserved for project presentations
• In-class presentation of your project
– Demo, if feasible
• Graded as part of project itself
Lecture 1Page 22CS 239, Fall 2010
Project Demonstration
• If not feasible to demo in class, arrange a separate demo with me
• Projects should (usually) produce something demonstrable
• Important that demo shows off something interesting about project
• Graded as part of project
Lecture 1Page 23CS 239, Fall 2010
Project Reports• Written reports on project• Due Monday of finals week (December 10)• 15 pages is typical length• Should:
– Describe problem and approach– Cover difficulties and interesting points– Describe implementation– Show that you’ve learned something from it!
Lecture 1Page 24CS 239, Fall 2010
What Makes a Good Project?
• Probably requires coding– Hardware OK, if you can do it– Theoretical work acceptable, but you’ll need
real results• Probably requires testing and/or measurement• Should be research
– Original work no one else has already done– Based on a promising idea– Ideally, this should be capable of being
converted to a publishable research paper
Lecture 1Page 25CS 239, Fall 2010
Office Hours
• MW 2-3
• In 3532F Boelter Hall
• I’m around a lot, so other times can be arranged by appointment
Lecture 1Page 26CS 239, Fall 2010
Prerequisites
• Should have taken an operating system and a networking class
• Should have taken my CS 136 on Computer Security– Or similar class elsewhere
• I’m not going to check on this• But I’ll assume you know this material
– I won’t be presenting reviews of this material
Lecture 1Page 27CS 239, Fall 2010
Kinds of Security Things You Should Know About
• IPsec and SSL• Key exchange protocols, certificates, certification
hierarchies• Common attack classes (e.g., man in the middle,
replay, buffer overflows)• Basics of security threats and mechanisms• Use of cryptography for authentication, privacy, and
other purposes• Basics of firewalls and virus protection systems• Basics of viruses and worms
Lecture 1Page 28CS 239, Fall 2010
Kinds of Operating System Things You Should Know
• Operating system structure and organization
• Memory management
• File system architecture
• Booting and hardware interactions
• Virtual machine technology
• Process management and scheduling
Lecture 1Page 29CS 239, Fall 2010
Kinds of Networking Things You Should Know About
• TCP/IP
• Routing protocols
• How DNS works
• Basics of wireless networks
• Basic design and architecture of the Internet
• Basics of application-layer protocols (e.g., HTTP)