CSE543 - Introduction To Computer And Network Security Module: Introduction
II3YSTEMS AND )NTERNET)NFRASTRUCTURE 3ECURITY.ETWORK AND 3ECURITY 2ESEARCH #ENTER EPARTMENT OF #OMPUTER 3CIENCE AND %NGINEERING0ENNSYLVANIA 3TATE 5NIVERSITY 5NIVERSITY 0ARK 0!CSE543 - Introduction toComputer and Network SecurityModule: IntroductionProfessor Trent JaegerCSE543 - Introduction to Computer and Network SecurityPage 11
Some bedtime stories CSE543 - Introduction to Computer and Network SecurityPage 22-1
Some bedtime stories CSE543 - Introduction to Computer and Network SecurityPage 22-2
Some bedtime stories CSE543 - Introduction to Computer and Network SecurityPage 22-3
to nightmares InfectionHeartPainObesity Mental HealthAcneReproductive Health1% ItemsAge8580757065605550454035302520150 0AgeHormones 85 nfection65Male Enhancement6055Pain504540Pain35Pain30Mental HealthMentalHealth25AcneMental Health20ObesityMale Pattern BaldnessMale Pattern BaldnessReproductive HealthAcne 15 AcneMale EnhancementHeartObesity % Items1(a) GlavMed10% Items012% Items(b) SpamItFigure 5: Items purchased separated into product category and customer age. The left half of each graph show orders from women,and the right half shows orders from men. Customers restricted to those who self-report age and sex.filiate programs with the U.S., Europe, Canada and Australia constituting 97% of all orders, consistent with thebreakdown previously observed in [9].135.2AffiliatesWhile customer purchasing drives the online pharmaceutical ecosystem, affiliates are the ones who attract anddeliver the customers—and their money—to the onlinepharmacies. Affiliates operate by commission, receivinga significant fraction (typically 30–40%) of each customer purchase that reflects the substantial risk they assume in their aggressive advertising activities. Next weanalyze the role affiliates play in making online pharmaceutical programs successful as a business.As discussed in Section 4.1.1, we merge separate accounts in the GlavMed and SpamIt databases that belongto the same affiliate. After account merging, during the2007–2010 measurement period 1,037 affiliates were active in GlavMed and 305 in SpamIt. Lacking detailed account profile information in RX-Promotion, we considereach account a separate affiliate. With this assumption,during the smaller one-year period for RX-Promotion415 affiliates were active.5.2.1Program RevenueGlavMed and RX-Promotion are open affiliate programs,and as such they actively advertise and recruit new affiliates Networkto join theirSecurityprograms (with the public advertisingCSE543 - Introduction to Computer andfocused on SEO-based advertising vectors). SpamIt, on13 This previous study also identified substantive differences in themake-up of drugs purchased in the U.S. vs. other Western countries(with U.S. customers driving a disproportionate fraction of demand fornon-ED meds). While we still observe this pattern in the SpamIt data(with the fraction of non-ED meds in U.S. customer orders being 3.8 Figure 6: Distribution of affiliate contributions to total programrevenue for each program.the other hand, is a closed program—focused specificallyon email spam—where affiliates join by invitation (Section 4.1). These models influence the kinds of affiliatesin a program, the impact they have on generating revenuefor a program, as well as the commissions they earn.Although the programs contain hundreds to thousandsof affiliates, most affiliates contribute little to the overall revenue of the programs. Figure 6 shows the CDFsof affiliate contributions to total program revenue for thethree affiliate programs. The x-axis is the percent of affiliates, sorted from highest to lowest revenue they generate for the program, and the y-axis is the percent oftotal program revenue. The graph shows that just 10% ofthe highest-revenue affiliates account for 75–90% of total3 revenue across the three affiliate programs; forprogramGlavMed and RX-Promotion in particular, the remaining90% of affiliates bring in just 10–15% of total revenue.In the end, the most important affiliates for a programPage 3
College of Engineering network disabled in response to sophisticated cyberattack Penn State University8/23/16, 4:06 PMto nightmares College of Engineeringnetwork disabled in responseto sophisticated cyberattackPlans in place to allow teaching, research in the college tocontinue as University moves to recoverMay 15, 2015UNIVERSITY PARK, Pa. – The Penn State College of Engineering has beenthe target of two sophisticated cyberattacks conducted by so-called“advanced persistent threat” actors, University officials announced today.The FireEye cybersecurity forensic unit Mandiant, which was hired by PennState after the breach was discovered, has confirmed that at least one ofthe two attacks was carried out by a threat actor based in China, usingadvanced malware to attack systems in the college.In a coordinated and deliberate response by Penn State, the College ofEngineering’s computer network has been disconnected from the Internetand a large-scale operation to securely recover all systems is underway.Contingency plans are in place to allow engineering faculty, staff andstudents to continue in as much of their work as possible while significantsteps are taken to upgrade affected computer hardware and fortify thenetwork against future attack. The outage is expected to last for severaldays, and the effects of the recovery will largely be limited to the Collegeof Engineering.To learn more about the incident, including information for affectedfaculty, staff and students, visit http://SecurePennState.psu.edu/.What has happened?On Nov.21, 2014, Penn State was alerted by the FBI to a cyberattack ofCSE543 - Introduction to Computer and NetworkSecurityunknown origin and scope on the College of Engineering network by an4 aware of the allegedoutside entity. As soon as the University becameattack, security experts from Penn State began working immediately toidentify the nature of the possible attack and to take appropriate action,including the enlistment of third-party experts, chief among themPage 4
This course We are going to explore why these events are notisolated, infrequent, or even unexpected. Why are we doing so poorly in computing systems atprotecting our users and data from inadvertent orintentional harm?CSE543 - Introduction to Computer and Network SecurityPage 55-1
This course We are going to explore why these events are notisolated, infrequent, or even unexpected. Why are we doing so poorly in computing systems atprotecting our users and data from inadvertent orintentional harm?The answer: stay tuned!CSE543 - Introduction to Computer and Network SecurityPage 55-2
This course . This course is a systems coursecovering general topics incomputer and network security,including:‣ network security, software security,OS security, web security,cryptography, authentication, securityprotocol design and analysis, keymanagement, intrusion detection,security policy, language-basedsecurity, cloud computing security,and other emerging topics (as timepermits)CSE543 - Introduction to Computer and Network SecurityPage 66
You need to understand . How a Computer System *Really* Works Program Toolchains (E.g., gcc, binutils) Modern Operating Systems IP Networks Discrete Mathematics Basics of systems theory and implementation‣ E.g., File systems, distributed systems, networking, operatingsystems, .CSE543 - Introduction to Computer and Network SecurityPage 77
Goals‣ My goal: to provide you with the tools to understand andevaluate research in computer security.‣ Basic technologies‣ Engineering/research trade-offs‣ How to read/understand security research papers This is going to be a hard course. The key to success issustained effort. Failure to keep up with readings andprojects will likely result in poor grades, and ultimately littleunderstanding of the course material. Pay-off: security competence is a rare, valuable skillCSE543 - Introduction to Computer and Network SecurityPage 88
Course Materials Website - I am maintaining the course website at‣ http://www.cse.psu.edu/ tjaeger/cse543-f18/ Course assignments, slides, and other artifacts will bemade available on the course website.‣ Assignment submissions and communications via Canvas Course textbook‣ Information Security: Principles and Practice Mark StampCSE543 - Introduction to Computer and Network SecurityPage 99
Course Calendar The course calendar as all therelevant readings, assignments andtest dates The calendar page containselectronic links to online papersassigned for course readings. Please check the website frequentlyfor announcements and changes tothe schedule. Students areresponsible for any change on theschedule.CSE543 - Introduction to Computer and Network SecurityPage 1010
Grading The course will be graded on exams, projects, paperreviews and class participation in the followingproportions:35% Projects20% Mid-term Exam35% Final Exam (comprehensive)10% Paper Reviews & Participation NOTE: Must do better than 50% average oneach of exams and programmingprojects to pass the courseCSE543 - Introduction to Computer and Network SecurityPage 1111
Exams Midterm and Final‣ Same Format‣ Short Answer Questions What is X?‣ Conceptual Questions Why is Y?‣ Constructions How is Z? Time can be an issue‣ Answer the questions you know Final is worth far more than midtermCSE543 - Introduction to Computer and Network SecurityPage 1212
Projects Goal: Learn security concepts Goal: Learn research skills Projects (Individual) Crypto Software Security Attack and DefenseCSE543 - Introduction to Computer and Network SecurityPage 1313
Readings There are a large amount of readings in this coursecovering various topics. These assignments areintended to:‣ Support the lectures in the course (provide clarity)‣ Augment the lectures and provide a broader exposure tosecurity topics. Students are required to do the reading! About 10-20% of questions on the tests will be off thereading on topics that were not covered in class. Youbetter do the reading or you are going to be in deeptrouble when it comes to grades.CSE543 - Introduction to Computer and Network SecurityPage 1414
Paper reviews Goal: Record key ideas and methods for later We will review one paper per weekCSE543 - Introduction to Computer and Network SecurityPage 1515
Ethics Statement This course considers topics involving personal and public privacy andsecurity. As part of this investigation we will cover technologieswhose abuse may infringe on the rights of others. As an instructor, Irely on the ethical use of these technologies. Unethical use mayinclude circumvention of existing security or privacy measurementsfor any purpose, or the dissemination, promotion, or exploitation ofvulnerabilities of these services. Exceptions to these guidelines mayoccur in the process of reporting vulnerabilities through public andauthoritative channels. Any activity outside the letter or spirit ofthese guidelines will be reported to the proper authorities and mayresult in dismissal from the class and or institution. When in doubt, please contact the instructor for advice. Do notundertake any action which could be perceived as technology misuseanywhere and/or under any circumstances unless you have receivedexplicit permission from Professor Jaeger.CSE543 - Introduction to Computer and Network SecurityPage 1616
Academic Integrity Policy See the EECS Department’s Academic Integrity Standardsfor CMPSC, CMPEN, and CSE Programming Courses E-Academic-Integrity.aspx You must follow this policyCSE543 - Introduction to Computer and Network SecurityPage 1717
Academic Integrity Policy The Department of Computer Science and Engineering expects all studentprogramming work assigned in a class to be completed independently bystudents (or by teams if permitted/required) and to consist of code designedand developed solely by the students. The use of any other code is notpermitted unless the course instructor explicitly allows it and such code isclearly identified as coming from an external source and that source is credited.Students will never be given credit for code which they did not construct. The department uses software tools to identify similarities in code submittedby students. These tools differentiate between insignificant cosmetic differences(names used in code, the order of certain code elements) and significantstructural similarities (algorithms, data organization). These tools give apercentage of common code between two submissions and identify thiscommon code. We do not set a single, fixed percentage above which weautomatically determine that an academic violation has occurred. Rather werely on the expertise of the instructor to determine when similarities riseabove what a reasonable person could expect two students workingindependently to construct.CSE543 - Introduction to Computer and Network SecurityPage 1818
Academic Integrity Policy For example, in an introductory course in which the programming assignmentsrequire relatively short solutions (i.e., less than 50 lines of code) we wouldexpect to see similarities in student solutions rising to a significant percentageof the code. But in an advanced course in which programming projects maycontain thousands of lines of code, only a small percentage may be similar butstill constitute an academic integrity violation if the code in question was asignificant/important aspect of the assignment and if the similarities found couldnot, in the opinion of the instructor, have been independently developed. Furthermore, in cases where student submissions have been found to containsignificant portions of code found in online sources (e.g., a common codehosting site is GitHub), the determination of an academic integrity violation isessentially automatic.CSE543 - Introduction to Computer and Network SecurityPage 1919
What is security? Garfinkel and Spafford (1991)‣ “A computer is secure if you can depend on it andits software to behave as expected.” Harrison, Ruzzo, Ullman (1978)‣ “Prevent access by unauthorized users” Not really satisfactory – does not truly capturethat security speaks to the behavior of others‣ Expected by whom?‣ Under what circumstances?‣ What are the risks?CSE543 - Introduction to Computer and Network SecurityPage 2020
Risk At-risk valued resources that can be misused‣ Monetary‣ Data (loss or integrity)‣ Time‣ Confidence‣ Trust What does being misused mean?‣ Confidentiality‣ Integrity‣ Availability‣ Privacy (personal) Q: What is at stake in your life?CSE543 - Introduction to Computer and Network SecurityPage 2121
Adversary An adversary is any entity trying tocircumvent the security infrastructure‣ The curious and otherwise generally clueless (e.g., script-kiddies)‣ Casual attackers seeking to understand systems‣ Venal people with an ax to grind‣ Malicious groups of largely sophisticated users (e.g, chaos clubs)‣ Competitors (industrial espionage)‣ Governments (seeking to monitor activities)CSE543 - Introduction to Computer and Network SecurityPage 2222
Threats A threat is a specific means by which an adversary can put asystem at risk‣ An ability/goal of an adversary (e.g., eavesdrop, fraud, access denial)‣ Independent of what can be compromised A threat model is a collection of threats that deemedimportant for a particular environment‣ A collection of adversary(ies) abilities‣ E.g., a powerful adversary can read and modify all communicationsand generate messages on a communication channel Q: What were risks/threats in the introductory examples?‣ Slammer‣ Yale/Princeton‣ EstoniaCSE543 - Introduction to Computer and Network SecurityPage 2323
Vulnerabilities (attack vectors) A vulnerability is a flaw that is accessible to anadversary who can exploit that flaw E.g., buffer overflow, file open w/ adversary name What is the source of a vulnerability?‣ Bad software (or hardware)‣ Bad design, requirements‣ Bad policy/configuration‣ System Misuse‣ Unintended purpose or environment E.g., student IDs for liquor storeCSE543 - Introduction to Computer and Network SecurityPage 2424
Attacks An attack occurs when an adversary attempts toexploit a vulnerability Kinds of attacks‣ Passive (e.g., eavesdropping)‣ Active (e.g., password guessing)‣ Denial of Service (DOS) Distributed DOS – using many endpoints A compromise occurs when an attack is successful‣ Typically associated with taking over/altering resourcesCSE543 - Introduction to Computer and Network SecurityPage 2525
Principals Principals are expected system subjects‣ Computers, agents, people, enterprises, ‣ Depending on context referred to as: servers, clients, users,entities, hosts, routers, - and some may be adversarial‣ Security is defined with respect to these subjects Implication: every principal may have unique view A trusted third party‣ Trusted by all principals for some set of actions‣ Often used as introducer or arbiterCSE543 - Introduction to Computer and Network SecurityPage 2626
Trust Trust refers to the degree to which a principal isexpected to behave‣ What the principal not expected to do? E.g., not expose password‣ What the principal is expected to do (obligations)? E.g., obtain permission, refresh A trust model describes, for a particular environment,who is trusted to do what? Note: you make trust decisions every day‣ Q: What are they?‣ Q: Whom do you trust?CSE543 - Introduction to Computer and Network SecurityPage 2727
Security Model A security model is the combination of a trust and threatmodels that address the set of perceived risks‣ The “security requirements” used to develop some cogent andcomprehensive design‣ Every design must have security model LAN network or global information system Java applet or operating system This class is going to talk a lot about security models‣ What are the security concerns (risks)?‣ Who are our adversaries?‣ What are the threats?‣ Who do we trust and to do what? Systems must be explicit to be secure.CSE543 - Introduction to Computer and Network SecurityPage 2828
A Security Model Example Assume we have a University website that hostscourses through the web (e.g., Canvas)‣ Syllabus, other course information‣ Assignments submissions‣ Online grading In class: elements of the security model‣ Principals (Trusted)‣ Adversaries‣ Risks‣ ThreatsCSE543 - Introduction to Computer and Network SecurityPage 2929
CSE543 - Introduction to Computer and Network Security Page Goals ‣ My goal: to provide you with the tools to understand and evaluate research in computer security. ‣ Basic technologies ‣ Engineering/research trade-offs ‣ How to read/understand security research papers This is going to be a hard course. The key to success is .
CSE543 - Introduction to Computer and Network Security Page Access Control Policy Access control policy determines what operations a particular subject can perform for a set of objects It answers the questions ‣ E.g., do you have the permission to read /etc/passwd ‣ Does Alice have the permission to view the CSE webs
CSE543 - Introduction to Computer and Network Security Page Security Concerns Various attacks were being launched against Windows systems, essentially compromising all Concerns that Linux could also be prone ‣ “Inevitability of Failure” paper Any system with network facing daemons (e.g., sshd, f
work/products (Beading, Candles, Carving, Food Products, Soap, Weaving, etc.) ⃝I understand that if my work contains Indigenous visual representation that it is a reflection of the Indigenous culture of my native region. ⃝To the best of my knowledge, my work/products fall within Craft Council standards and expectations with respect to
The single biggest mistake seen in use of security is the lack of a coherent security model ‣ It is very hard to retrofit security (design time) This class is going to talk a lot about security models ‣ What are the security concerns (risks)? ‣ What are the threats? ‣ Who are our adversaries? 23
1. Computer Fundamentals by P.K.Sinha _ Unit I: Introduction to Computers: Introduction, Definition, .Characteristics of computer, Evolution of Computer, Block Diagram Of a computer, Generations of Computer, Classification Of Computers, Applications of Computer, Capabilities and limitations of computer. Unit II: Basic Computer Organization:
What is Computer Architecture? “Computer Architecture is the science and art of selecting and interconnecting hardware components to create computers that meet functional, performance and cost goals.” - WWW Computer Architecture Page An analogy to architecture of File Size: 1MBPage Count: 12Explore further(PDF) Lecture Notes on Computer Architecturewww.researchgate.netComputer Architecture - an overview ScienceDirect Topicswww.sciencedirect.comWhat is Computer Architecture? - Definition from Techopediawww.techopedia.com1. An Introduction to Computer Architecture - Designing .www.oreilly.comWhat is Computer Architecture? - University of Washingtoncourses.cs.washington.eduRecommended to you b
Some common terms Desktop - a computer fitted on a work desk for personal use, not easily carried Laptop - an "all-in-one" (display, keyboard), fairly light and portable Personal computer (PC) - a computer for personal use Server computer - a computer that provides services Client computer - a computer that makes use of the services of a server .
Using this API you could probably also change the normal Apache behavior (e.g. invoking some hooks earlier than normal, or later), but before doing that you will probably need to spend some time reading through the Apache C code. That’s why some of the methods in this document, point you to the specific functions in the Apache source code. If you just try to use the methods from this module .
