Courses/Computer Science/CPSC 203/CPSC 203 2007Fall L04/CPSC 203 2007Fall L04 Lectures/Lecture 18

Lecture 18
Today we continue our look at computer security and look at what principles from the biological sciences we can apply to computer security.The text-book chapter 7 provides a more IT oriented perspective on security which will provide our glossary for this and the previous lecture.

We will also begin looking at Problem Solving -- to prepare for a Problem Solving exercise next lecture.

The objectives of today's class are:


 * House Keeping
 * A Quick view of "A" quality for Assignment 2.


 * Group Projects
 * Should have project argument set out, and switch to filling out the web presentation (by Nov 16th)
 * Group Project Presentations begin the week of Nov 26th. Will be by lab/tutorial sections. Schedule posted next week.


 * Reminders:
 * Final Exam Date and Time has been set: Monday Dec 17, 12-2p.m. (room unknown).


 * Topics
 * Security Glossary
 * Attack Trees as Boolean Logic
 * Biological Lessons for Computer Security
 * Problem Solving Glossary (introduction).
 * Counting, Causes, Effects.

Security Glossary (Most Answers in Chapter 7 of TEXT)

 * Networks
 * Client/Server -- client makes a request, Server fullfills request. E.g. Firefox is the browser client. Apache is the web server.
 * Peer-to-Peer -- program can act as both a client and a server.
 * Computer Virus -- a piece of malicious software that attaches to a host-program and attempts to spread itself.
 * Trojan Horse Attacks -- a program that appears desireable, but with a secret malicious payload.
 * Denial of Service Attacks -- overloading a system, so it can not serve legitimate requests.
 * SQL Injection Attacks -- 'Taking over' the DB Query engine by inserting SQL into text, to obtain access to data and computer resources.
 * Buffer Overflow Attack -- Overflowing the buffer in a program, which often gives access to system internals at a higher priviledge level than authorized.
 * Computer Worm -- independently running programs that run through a network, causing damage.
 * Spam -- Email you don't want.
 * Firewalls -- Software or Hardware that prevents access to networks and the computers on it
 * Packet filtering -- filtering packets sent to specific logical ports.
 * Packet blocking -- making certain logical ports inaccessible
 * Encryption and Security -- Encryption makes data unreadable except by authorized users (who have a key) and thus provides security in transmission between Alice and Bob from a middle-man Fred reading their transimission.
 * Privacy and Security -- An ongoing debate is the relationship between privacy and security. So these terms are under development.

Biological Security and Computer Security

 * 1) Opening Example -- how Lyme Disease Avoids Detection
 * 2) Notice Biological Terminology used in Computer Security
 * viruses and information
 * worms and bacteria
 * 1) Two Biological Approaches to Security
 * 2) Vertical Resistance -- the 'anti-virus' approach
 * 3) Horizontal Resistance -- the 'fault-tolerant' approach
 * 4) Network Security as Epidemiology
 * 5) How far can a virus spread through a network
 * 6) How fast can a virus spread through a network

Problem Solving Glossary

 * Cause/Effect
 * Conditional probability (in terms of cause/effect)
 * Heuristics
 * Algorithm
 * Prototype
 * Top Down Design
 * Object Oriented Design
 * Modularity
 * Interface

TEXT READINGS
TIA 4th Edn: Chapter 7 pp 302-339

TIA 3rd Edn: Chapter 7 pp 290 - 325

Resources
Secrets and Lies. Digital Security in a Networked World. By Bruce Schneier

The Structure and Dynamics of Networks. Editted by Newman, Barbasi and Watts

Biological References
Chaconas and Bankhead. 20007. The role of VIsE antigenic variation in the Lyme disease spiorchete: persistence through a mechanism that differs from other pathogens. Molecular Microbiology.

Ulanowicz, B. 1999. Life after newton: an ecological metaphysic. BioSystems 50. 127-142