Courses/Computer Science/CPSC 601.65.Cyberwar.F2012

From wiki.ucalgary.ca
Jump to: navigation, search

This page serves as the main course page for CPSC 601.65. It contains the course policies, syllabus (topics/sessions), and a list for background reading and viewing of material related to the study of cyberwar, cyberterror, and cyberprotest.

This course will examine cyberwar, cyberterrorism, and cyberprotest: are these credible threats? Is it meaningful to talk about them? What mechanisms are used to perpetrate and defend against them? Who are the actors involved and what are their motivations? Ethical and legal considerations will be introduced as necessary. Students are expected to complete assigned readings prior to class time and participate in discussion. This course is structured as half lecture / half debate; lectures provide introductory material to certain topics and debates offer the chance for participants to present and discuss their understanding of topic matter. This course is interdisciplinary in nature and focus, but emphasizes technical content; it specifically seeks understanding of how technical knowledge informs lay perspectives of the topics in the course title.

Course Description

Cyberwarfare is an ill-defined topic that cuts across the boundaries between cyber-espionage, criminal cyber attacks and activity, information security, economic espionage, "traditional" kinetic conflict, and kinetic war with electronic weapons and targeting systems.

The use of digital techniques to commit traditional crimes, undertake legally and morally murky activities, and engage in "the continuation of politics by another means" presents a fascinating lens with which to understand the contemporary geopolitical climate. From Estonia to Stuxnet to the Arab Spring, the recent impact of digital technology and information security on global affairs has been sharp and striking. Where are these trends leading our society?

People in Western societies fear the potential that cyber attacks have to wreak havoc on basic services like water, energy, sewer, food, transportation, and communication systems -- not to mention financial systems, entertainment systems, television and broadcast media, personal devices, cars, medical devices, health care, etc. Western governments and military are especially sensitive to the perceived vulnerabilities of a highly electronic logistics system and weapons systems and platforms. A great deal of risk seems to exist partly because the complete interface between ordered civil society and Internet and computer-based services has not been well--defined.

Yet all too often, discussion of this concept is based on supposition rather than knowledge. It invites panic rather than prudence. Is cyberwar hype? Do we need social, legal, diplomatic, technical, and military deterrents to it? Is anything really different from 10 years ago? Do we need treaties to govern cyberweapons? What is a cyberweapon, anyway?

Course Information

Web Tools and Discussion

The course blog is located at:

http://uofccyberwar.blogspot.ca/

The Piazza site is here:

https://piazza.com/ucalgary.ca/fall2012/cpsc60165/home

Meetings

Meetings take place most Tuesdays (see schedule below) from 4:00pm to 6:50pm Mountain Time in the University of Calgary's ICT 616 room.

Some sessions will also be available to a select number of external participants via a G+ hangout.

The course blog will limit authors to official course participants, but external participants may post comments to blog discussion threads if they authenticate with a Google account or other OpenID account.

We will also use Piazza for some internal discussions and items related to class logistics.

2014 Session List and Schedule

Your grade is determined by:

  • 3 essays (60% of your grade)
  • 3 commentaries (30% of your grade)
  • 2 in-class exercises (10% of your grade)

Essays and commentary will be submitted via Piazza. The two in-class exercises will use the EDURange framework.

Essays and commentaries are graded on a check, check minus, and check plus system. You are required to offer well-thought out criticism and commentary (not just opinion) on three essays (from other students) during the course of the semester. Essays will focus on the set of readings.

There is no final exam.

Sessions
Session Date Title / Topic Reading Supplemental Readings / Notes
0 12 Sept. No class no class (nien; Locasto is away for NSPW)
1 19 Sept. Introduction, Overview, Ethics, What is Cyberwar? (9) (2 3 4 5)
2 26 Sept. Two Viewpoints on Cyberwar: The Three Cyber-War Fallacies by Dave Aitel (slides) Gen. Keith Alexander's AEI talk (22) ()
3 3 Oct. Outline TOC for Book, Discuss (22) none, catch up on existing none, work on categorizations
4 10 Oct. Work on git repo, International Cyber video, SB & FX slides (26) none
5 17 Oct. Game Theory vid1 [stuxnet vid] vid3 (25) (n21, going bright hotsec Canada Cybersecurity Website )
6 24 Oct. S1: Exploit Sales, S2: Stuxnet n2 n3 n4 n5 n6 n7 [n8,n9,n10,n11,n12,n13,n14,n15,n16] (14, 16, opt:15)
7 31 Oct. Opening Pandora's Box, Automating War (Curbing) (;login:)
8 7 Nov. Regulation of Offensive Security Tools (drones, DOJ whitepaper) (LPR)
9 14 Nov. Rescheduled (21,20) none
10 21 Nov. Robots and Cyberweapons (cybersecurity treaties: a skeptical view) none
11 28 Nov. International Agreements and Cyber-treaties (yellowcake) n19
12 5 Dec. Whence cyberwar? none none

2012 Session List and Schedule

Class is held once per week for just shy of three hours; we will (usually) discuss two topics per session. Prof. Locasto will hand out any physical readings at the previous session. Blog authors must post essays for that week by that week's class period (for example, the blog essay authors indicated in the "2 Oct." row should have posted their essays by 2 October before class). Readings listed in Week W are for discussion the following week. For example, the readings listed in the "2 Oct." row will be discussed on 9 Oct. The exceptions are the 11 Sept readings; they will be discussed on 25 Sept.

Sessions
Session Date Title / Topic Notes Readings Essay Authors Scribes
1 11 Sept. Introduction and Overview 1 hour organizational meeting (2 3 4 5) x x
2 18 Sept. Two Viewpoints on Cyberwar: The Three Cyber-War Fallacies by Dave Aitel (slides) Gen. Keith Alexander's AEI talk videos and discussion; Prof. Locasto is away at NSPW (see above) x x
3 25 Sept. S1: Ethical Considerations, S2: Definitions x (6, 7, 8) Madison, Eraisuithon Gonzalez, Samba Shiva
4 2 Oct. S1: What is War?, S2: Discussing a definition of Cyberwar x none x Clark, Costa
5 9 Oct. S1: Essay Discussions, S2: The concept of "Cyberweapons" n0 (1,9: Ch1..4) Franklin, Caeser Dey, Kumari
6 16 Oct. S1: Essay Discussion / Libicki, S2: HBGary case study n1 (11,12,13) Publius, Adams Lindner, Robson
7 23 Oct. S1: Exploit Sales, S2: Stuxnet n2 n3 n4 n5 n6 n7 [n8,n9,n10,n11,n12,n13,n14,n15,n16] (14, 16, opt:15) Cicero, Lee Ranshaw, Matheron
8 30 Oct. S1: blog posts; mindset video, S2: sample debate cheating is fundamental (18,19,20) Dickens, Lincoln Sherlock, Sultana
9 6 Nov. S1: Cyberterrorism - Attribution - Irregular Forces, S2: Debate 1 v 2 n19 (24) (21,22,23,25) Washington, Smith Thompson, Trnavskis
10 13 Nov. Reading Week No class. (17, 9:Ch5..7) x x
11 20 Nov. S1: TBD, S2: Debate 3 v 4 x (9:Ch5..7) Jefferson, Paine Williams, Gonzalez
12 27 Nov. S1: TBD, S2: Debate 1 v 4 x () Hamilton, Jay Samba Shiva, Clark
13 4 Dec. S1: TBD, S2: Debate 2 v 3 guest speaker; Prof. Locasto will be at ACSAC tbd open Costa, Dey

References / Reading List

  1. Unmasked, Ars Technica editorial staff e-book: http://arstechnica.com/tech-policy/2011/03/hbgaryanonymous-special-report/ ($1.99 from BN.com)
  2. Civil Disobedience ebook, PDF, HTML (Project Gutenberg)
  3. UofC Statement of Intellectual Honesty
  4. ACM Code of Ethics
  5. Towards an Ethical Code for Information Security
  6. Epilogue to "War and the Rise of the State" by Bruce D. Porter
  7. Conclusion to "A History of Warfare" by John Keegan
  8. "Human Subjects, Agents, or Bots: Current Issues in Ethics and Computer Security Research" by John Aycock, Elizabeth Buchanan, Scott Dexter and David Dittrich
  9. Cyberdeterrence and Cyberwar, Martin C. Libicki, RAND Corporation links to ebooks and PDF
  10. The Tallinn Manual on the International Law Applicable to Cyber Warfare
  11. Daily Dave thread on "Neal Stephenson, the EFF and Exploit Sales", paying particular attention to the EFF article:
  12. "Zero-day exploit sales should be key point in cybersecurity debate"
  13. "The EFF is Losing Its Way on Internet Freedom" by Dave Aitel
  14. J. Aycock. Stux in a Rut: Why Stuxnet is Boring. Virus Bulletin, September 2011, pp. 14-17.
  15. W32.Stuxnet Dossier by Symantec
  16. "The (Almost) Complete History of Memory Corruption Attacks" http://prezi.com/iemlmzvpnk_d/the-almost-complete-history-of-memory-corruption-attacks/
  17. NDU Press: Book Review of Cyberdeterrence and Cyberwar http://www.ndu.edu/press/cyberdeterrence-and-cyberwar.html
  18. Obama Order Sped Up Wave of Cyberattacks Against Iran NYTimes Article by David Sanger
  19. Stuxnet: Leaks or Lies? by Steven Cherry (commentary on Sanger's NYTimes article)
  20. War 2.0: Cyberweapons and Ethics By Patrick Lin, Fritz Allhoff, Neil C. Rowe. Communications of the ACM, Vol. 55 No. 3, Pages 24-26
  21. A Comparative Study of Cyberattacks
  22. Cybermilitias and Political Hackers—Use of Irregular Forces in Cyberwarfare by Scott D. Applegate
  23. Ready Player One
  24. read/listen Massive Cyberattack: Act 1 Of Israeli Strike On Iran? by TOM GJELTEN (NPR)
  25. Cyberterrorism
  26. Would a Cyber Warrior Protect Us? Exploring Trade-offs Between Attack and Defense of Information Systems NSPW 2010. Tyler Moore et al.

PDF

Notes

  1. n0 example code injection countermeasures
  2. n1 http://dazzlepod.com/rootkit/?email=%40gmail.com
  3. n2 Langner TED talk on Stuxnet
  4. n3 Timeline of Memory Exploit Techniques
  5. n4 Why antivirus companies like mine failed to catch Flame and Stuxnet
  6. n5 Report: Stuxnet delivered to Iranian nuclear plant on thumb drive by Daniel Terdiman (CBSNews)
  7. n6 Stuxnet Will Come Back to Haunt Us
  8. n7 "The History of Cyber warfare" Infographic
  9. n8 Kaspersky: Cyberweapons Flame and Stuxnet share code
  10. n9 Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees)
  11. n10 Security firm exploits Chrome zero-day to hack browser, escape sandbox
  12. n11 Vupen Chrome Demo
  13. n12 Kaminsky's viewpoint "VUPEN vs. Google: They’re Both Right (Mostly)"
  14. n13 Secrecy surrounding ‘zero-day exploits’ industry spurs calls for government oversight
  15. n14 price list for zero days: "Shopping For Zero-Days: A Price List For Hackers' Secret Software Exploits"
  16. n15 From March 29: EFF Position on Exploit Sales: “Zero-day” exploit sales should be key point in cybersecurity debate
  17. n16 an opinion on selling zero day exploits
  18. n17 EFF clarification on n15
  19. n18 viewpoint on EFF position
  20. n19 CNN on Panetta's "cyber pearl harbor" speech
  21. n20 Anonymous Targets Israel
  22. n21 http://www.foxbusiness.com/economy-policy/2014/10/12/obama-said-to-warn-crippling-cyber-attack-potential/

Debates

1 v 2: Be it resolved: Hacker tools are cyberweapons and should be licensed or banned.

Affirmative: 2 Negative: 1

3 v 4: Be it resolved: People should be able to shed their national or sovereign allegiance or identification when participating in online conversations, information exchange, or transactions.

Affirmative: 3 Negative: 4

1 v 4: Be it resolved: Cyberwar can be effectively regulated through multilateral treaties.

Affirmative: 4 Negative: 1

2 v 3: Be it resolved: Cyberware is the new "yellow cake."

Affirmative: 3 Negative: 2

Debate Format:

This is a combination of Oxford and Mace styles.

  • Audience Vote: For, Against, Undecided
  • 7 minute opening for Affirmative
  • 7 minute opening for Negative
  • 7 minute follow up for Affirmative
  • 7 minute follow up for Negative
  • 10 minutes of audience questions
  • 4 minute closing by Affirmative
  • 4 minute closing by Negative
  • Audience Vote: For, Against, Undecided

Meeting Notes

Courses/Computer_Science/CPSC_601.65.Cyberwar.F2012/Lecture Notes

Policies

Goal and Structure

The overriding aim of this class is to help build an understanding of this complex topic so that participants can have a more effective and informed opinion when discussing technical or policy initiatives related to the topic. This seminar class will begin with a consideration of the definition of war and cyberwar and whether the cyberwar concept exists independently of traditional kinetic conflicts. It will then cover technical material dealing with actual offensive cyber operations techniques. The course will move to a debate-style seminar, where teams of students will debate a central question arising from the different aspects of this complex topic.

I have organized meeting sessions in three general groupings. The first provides background and overview material. The second offers a taste of various offensive cyber operations tools and techniques. The third is a collection of debate topics informed by the first two parts of the course. Many later class sessions will utilize a debate-style interaction to explore the topic and readings for that session.

Assessment

Students should emerge from the course with an appreciation for the ethical issues surrounding the use of digital techniques to engage in "armed" conflict along with an understanding of how our society should best steer a course forward in setting norms, international guidelines, and expected behavior in the use of digital weapons and cyber conflict.

The instructor will assess student proficiency through (1) student performance in debates, (2) students' skill in evaluating the arguments of others (both in debates and in blog comments), and (3) a series of brief written opinion pieces published via the course blog.

  • Team debate performances: 50%
  • Blog comments / Debate evaluations / Class participation: 10%
  • Blog essays: 40% of your grade

Peer review is an important skill to nurture in an academic and professional setting. Most of the evaluated skills in this course are purposefully on the "soft" side of the discipline: how to construct and write effective arguments, how to construct terse but convincing essays, and how to argue viewpoints based on technical merit of the ideas. This is not a course that asks participants to demonstrate skill in actual hacking techniques; CPSC has other graduate and undergraduate courses (601.29, 626, 627, 628) for that purpose.

Course Policies

  • Course communication and discussion should take place via the blog (blog posts and comments) and wiki talk page (if applicable). You are expected to be an active contributor to the blog forum both through your formal posts and the follow-up comments and discussion.
  • Pseudonyms in Piazza are not an option (for grading and attribution); psuedonyms will be used on the blog.
  • Late work is not accepted.
  • There will be no curve.
  • Please keep email traffic limited; use Piazza instead. Feel free to use email for personal or grade-related matters.
  • This course is a seminar and largely discussion-based (both in class and via the blog). Please treat your colleagues with respect and treat their opinions with the level of professionalism you expect your contributions to command. This course should provide a safe environment for expressing, exploring, and testing opinions, facts, arguments, and assertions related to many potentially controversial topics about which people get very passionate.
  • Prof. Locasto will be offline and unavailable Nov 10 through Nov 13. (Reading Days, Remembrance Day)
  • Prof. Locasto will be offline and unavailable from Nov 21 through Nov 25. (US Thanksgiving)

Discussion Topics / Syllabus

I list possible session topics here; we may not cover all of these depending on time, class interest, and the path various discussion take.

Unit 1: Introduction

  • What is security? This session will run as a lecture and consider various definitions of "security", particularly in two contexts: information security and global security. Basic terms like confidentiality, integrity, availability; basic concepts and principles of information security. The security mindset. We offer this session to help orient students (including undergraduates or CMSS students) who may not have a background in information security.
  • Ethical Considerations A discussion of what moral frameworks might apply to studying cyberwar; a discussion of what ethical principles should guide the studies in this course including the ACM Code of Conduct and the UofC Academic Honesty Policy (Statement of Intellectual Honesty). Additional readings for this session will come from Applying Moral Theories (C.E. Harris, Jr.) and Towards an Ethical Code for Information Security?
  • What is war? This session will involve an overview of and discussion of the emergence, evolution, and characteristics of war, particularly as experienced in Western society. This topic will likely take two sessions. See wiki for texts.
  • What is cyberwar? This session will focus on trying to reach a definition of cyberwar; nature and characteristics of cyberwar; comparison with cyberterrorism, cyber-espionage, and cyber-crime. A viewing of General Alexander's briefing "Cybersecurity and American Power" at the American Enterprise Institute.
  • The Three Fallacies of Cyberwar This session will center on viewing and discussing the video of Dave Aitel's talk from RSA or USENIX Security. Costs involved in information warfare and developing reliable, high-value cyberweapons.

Unit 2: Cyber Weapons

This unit aims to give students hands-on experience with actual infosec techniques and tools.

  • Cryptography as digital munitions One of the earliest mixtures (in recent history) of the concept of computer security technology and war was the designation of cryptograpy as a munitions by the US government. This session will discuss the history of legal control over the export of cryptographic software and algorithms.
  • Hacker Tools I (Network Analysis) A technical overview of various systems and network security tools and penetration testing techniques. Includes discussion of network mapping, tracing, sniffing, and injection.
  • Web Attacks A hands-on session for learning how to attack web servers, web services, etc. Students will be guided through two online learning sites: hack-test.com and Google's Gruyere web application.
  • Hacker Tools II (Host Analysis and Debuggers) A technical overview of various systems tools and penetration testing techniques. Includes discussion of shellcode, debuggers like OllyBone, OllyDbg, gdb, Immunity Debugger, Rasta debugger, Phrack , and IDAPro.
  • Anatomy of Polymorphic Shellcode A lecture on shellcode disassembly, polymorphic shellcode, English shellcode, shellcode disassembly. A self-guided exercise in disassembling and hand-executing a piece of polymorphic shellcode. Requires a working Linux environment.
  • Stuxnet Overview. A technical overview of Stuxnet, Duqu, and Flame (time permitting).
  • HBGary Case Study A discussion session based on Ars Technica's reporting about the Anonymous and HBGary Federal interaction from 2011.
  • Anonymity Systems An overview session on research in and technical systems for network-based anonymous communication, including overlay networks, onion routing, Tor, Freenet, Crowds, and similar technology. Include discussion of recent work in browser-based anonymous chat.
  • Design Exercise In this session, we will engage in a thought experiment based on targeting the University of Calgary's network and computer systems.
  • Guest Speaker We will have a guest speaker on the future zoning or fragmentation of the Internet due to cyber arms control, attempts to filter or censor Internet content, and attempts to provide and enforce attribution.

Unit 3: Debates

  • Estonia Be it resolved: Estonia was the first example of cyberwar. Support or refute with counterexamples.
  • Cyberweapons I Be it resolved: Hacker tools are cyberweapons and should be licensed or banned.
  • Stuxnet Be it resolved: Stuxnet is not a significant development in cyber weapon technology.
  • Protest Be it resolved: Distributed Denial of Service (DDoS) is a valid, morally permissible form of protest; it is the equivalent of a digital sit-in. Examples include LulzSec's attention to PayPal and Anonymous's attention to Visa and others.
  • Hacktivism and Lulz Be it resolved: LulzSec and Anonymous are not engaging in cyberwar. Debate positions should be backed up by an examination of last year's activities and current efforts as recorded on Twitter, pastebin, and other resources provided by the instructor or credible online sources.
  • Anonymity Be it resolved: People should be able to shed their national or sovereign allegiance or identification when participating in online conversations, information exchange, or transactions.
  • Tor Be it resolved: Tor is a cyberweapon.
  • Hype Be it resolved: Cyberwar is the new yellow cake. In this capstone session, the class will explore the position stated in the Wired article

Wired Opinion: Cyberwar Is the New Yellowcake by Brito and Watkins. A discussion of whether or not cyberwar is a black swan, a real technical possibility, or is a political diversion much like the ``yellow cake argument circa 2002. This session is a bookend to the session What is cyberwar?

Blog Post Topics

Below appears a list of possible topics for blog posts. You have the freedom to select one of these topics or a topic of your own choosing when writing your posts. Posts should be well-researched, include citations, and present a coherent and terse argument.

Social Networking and Social Movements. Twitter. Arab Spring. Quebec student protests. Unintended Consequences. Government responses. Legislation. Regulation. Effects on liberal democratic society. Open source projectile guidance and flight software. Cyberterror. Can a small group of non-state actors (e.g., students in this class) engage in cyberwar? Whistleblowing. Bradley Manning. Assange. Wikileaks. Industrial espionage.

Other Cyberwar Courses

Cyberwar is a hot topic, and other people teach courses about it. You may be interested in the material you find at those pages.

Related Work

Books

  • Stealing the Network: How to Own a Continent, various
  • Unmasked, Ars Technica editorial staff e-book: http://arstechnica.com/tech-policy/2011/03/hbgaryanonymous-special-report/
  • Inside Cyber Warfare: Mapping the Cyber Underworld, Jeffery Carr
  • Cyber War (The Next Threat to National Security and What to do About it), Richard Clarke
  • Wired for War, Peter Singer http://wiredforwar.pwsinger.com/
  • Civil Disobedience, Henry David Thoreau
  • A History of Warfare, John Keegan
  • War and the Rise of the State, Bruce D. Porter
  • Ride of the Second Horseman, Robert L. O'Connell

Talks and Videos

Related Work Topics / Categories

Policy and Law (Benedict)

CyberOperations and tactics (Casper)

Maybe?

Cybercrime (Danny)

The Big Picture: Timeline and Background (Sarah)

Techniques: Affecting the Real World / Cyberphysical Systems (Sarah)

Major Incidents: Stuxnet, Flame, and other "Cyberweapons" Incidents (Casper)

Minor Incidents: Malware and other Malicious Activities

Robots, Drones, and Automation (Danny)

Government Responsibility and Power (Michael)

Training Cyber-warriors (Benedict)

Selling Exploits and Regulating or Controlling Sale thereof (Michael)

The West vs. China, Iran, and ? (Chad)

Who are the combatants?

http://money.cnn.com/2013/02/19/technology/china-military-cybercrime/index.html?hpt=hp_t2

Cyberterrorism (Chad)

Miscellaneous

Uncategorized Links

When adding an uncategorized link, try to prefix it with a keyword or tag that might help future classification