Courses/Computer Science/CPSC 203/CPSC 203 2007Fall L04/CPSC 203 2007Fall L04 Lectures/Lecture 17

Lecture 17
Today we look at computer security from two perspectives: (a) a high level conceptual perspective focussed on key issues in security and privacy and (b) in analogy to biological systems and their security. The text-book chapter 7 provides a more IT oriented perspective on security.

The objectives of today's class are:


 * House Keeping
 * Assignment 1 submission -- Technical Glitches -- contact your TA directly -- FINAL NOTICE


 * Group Projects
 * Should have project argument set out, and switch to filling out the web presentation (by Nov 16th)
 * Group Project Presentations begin the week of Nov 26th. Will be by lab/tutorial sections. Schedule posted next week.


 * We'll quickly review mid-term answers today.
 * We'll quickly review some of the CS designs from last class


 * Reminders:
 * Final Exam Date and Time has been set: Monday Dec 17, 12-2p.m. (room unknown).


 * Topics
 * Security and Privacy Concepts
 * Biological Security and Computer Security

Glossary (Answers in Chapter 7 of TEXT)

 * Networks
 * Peer-To-Peer
 * Client/Server
 * Computer Virus
 * Trojan Horse Attacks
 * Denial of Service Attacks
 * SQL Injection Attacks
 * Buffer Overflow Attack
 * Computer Worm
 * Firewalls
 * Packet filtering
 * Packet blocking
 * Encryption and Security
 * Privacy and Security

... we will review these definitions on Thursday

Security and Privacy Concepts
We introduce high a high-level approach to thinking about security and privacy in terms of:
 * 1) Tension between technology and human concerns
 * 2) Violations of Privacy and Security
 * 3) Fundamental Security Needs
 * 4) Security Vulenrabilities
 * 5) Attack Methodology
 * 6) Attack Trees
 * 7) And/Or Statements in Attack Trees
 * 8) Possible/Impossible classifications in Attack Trees
 * 9) 'Dots and Arrows' perspective on Attack Trees
 * 10) Some security and Privacy Questions

Final Question: "Does Security == Privacy"?????

Biological Security and Computer Security

 * 1) Opening Example -- how Lyme Disease Avoids Detection
 * 2) Notice Biological Terminology used in Computer Security
 * viruses and information
 * worms and bacteria
 * 1) Two Biological Approaches to Security
 * 2) Vertical Resistance -- the 'anti-virus' approach
 * 3) Horizontal Resistance -- the 'fault-tolerant' approach
 * 4) Network Security as Epidemiology
 * 5) How far can a virus spread through a network
 * 6) How fast can a virus spread through a network

TEXT READINGS
TIA 4th Edn: Chapter 7 pp 302-339

TIA 3rd Edn: Chapter 7 pp 290 - 325

Resources
Secrets and Lies. Digital Security in a Networked World. By Bruce Schneier

The Structure and Dynamics of Networks. Editted by Newman, Barbasi and Watts