Courses/Computer Science/CPSC 203/CPSC 203 2007Fall L04/CPSC 203 2007Fall L04 Lectures/Lecture 17
From wiki.ucalgary.ca
< Courses | Computer Science | CPSC 203 | CPSC 203 2007Fall L04 | CPSC 203 2007Fall L04 Lectures
Contents
Lecture 17
Today we look at computer security from two perspectives: (a) a high level conceptual perspective focussed on key issues in security and privacy and (b) in analogy to biological systems and their security. The text-book chapter 7 provides a more IT oriented perspective on security.
The objectives of today's class are:
- House Keeping
- Assignment 1 submission -- Technical Glitches -- contact your TA directly -- FINAL NOTICE
- Group Projects
- Should have project argument set out, and switch to filling out the web presentation (by Nov 16th)
- Group Project Presentations begin the week of Nov 26th. Will be by lab/tutorial sections. Schedule posted next week.
- Group Projects
- We'll quickly review mid-term answers today.
- We'll quickly review some of the CS designs from last class
- Reminders:
- Final Exam Date and Time has been set: Monday Dec 17, 12-2p.m. (room unknown).
- Reminders:
- Topics
- Security and Privacy Concepts
- Biological Security and Computer Security
Glossary (Answers in Chapter 7 of TEXT)
- Networks
- Peer-To-Peer
- Client/Server
- Computer Virus
- Trojan Horse Attacks
- Denial of Service Attacks
- SQL Injection Attacks
- Buffer Overflow Attack
- Computer Worm
- Firewalls
- Packet filtering
- Packet blocking
- Encryption and Security
- Privacy and Security
... we will review these definitions on Thursday
Security and Privacy Concepts
We introduce high a high-level approach to thinking about security and privacy in terms of:
- Tension between technology and human concerns
- Violations of Privacy and Security
- Fundamental Security Needs
- Security Vulenrabilities
- Attack Methodology
- Attack Trees
- And/Or Statements in Attack Trees
- Possible/Impossible classifications in Attack Trees
- 'Dots and Arrows' perspective on Attack Trees
- Some security and Privacy Questions
Final Question: "Does Security == Privacy"?????
Biological Security and Computer Security
- Opening Example -- how Lyme Disease Avoids Detection
- Notice Biological Terminology used in Computer Security
- viruses and information
- worms and bacteria
- Two Biological Approaches to Security
- Vertical Resistance -- the 'anti-virus' approach
- Horizontal Resistance -- the 'fault-tolerant' approach
- Network Security as Epidemiology
- How far can a virus spread through a network
- How fast can a virus spread through a network
TEXT READINGS
TIA 4th Edn: Chapter 7 pp 302-339
TIA 3rd Edn: Chapter 7 pp 290 - 325
Resources
Secrets and Lies. Digital Security in a Networked World. By Bruce Schneier
The Structure and Dynamics of Networks. Editted by Newman, Barbasi and Watts