Introduction

Tom Kelliher, CS 325

Jan. 29, 2010

Administrivia

Announcements

Assignment

Read Chapter 1.

From Last Time

Outline

  1. Syllabus.

  2. Introduction.

  3. Discussion.

Coming Up

Introduction

What is a secure system? Take a few minutes and write a paragraph.

  1. Relationship between vulnerability, threat, and control:

    \begin{figure}\centering\includegraphics[]{Figures/vulThrtCntrl.eps}\end{figure}

  2. Threat types:
    1. Interception.

    2. Interruption.

    3. Modification.

    4. Fabrication.

    Recent ``Real world'' examples?

  3. Attacker must have:
    1. Method.

    2. Opportunity.

    3. Motive.

  4. Security goals:
    1. Confidentiality.

    2. Integrity.

    3. Availability.

  5. Principles:
    1. Easiest penetration.

    2. Adequate protection.

  6. Vulnerabilities
    1. Hardware: Interruption (DoS, theft), interception, modification, fabrication.

    2. Software: Interruption (deletion), interception, modification, fabrication.

    3. Data: Interruption (loss), interception, modification, fabrication.

Discussion

  1. Consider a ``hit counter'' on a Web page. Who might want to attack this? What types of harm might they want to cause? What kind of vulnerabilities might they want to exploit?

  2. Consider an online database of, say, student grades. Who might want to attack this? What types of harm might they want to cause? What kind of vulnerabilities might they want to exploit?

  3. What types of damage could a company suffer if the integrity of its software or data were compromised?


Thomas P. Kelliher 2010-01-28
Tom Kelliher