Courses/Computer Science/CPSC 203/CPSC 203 2007Fall L04/CPSC 203 2007Fall L04 Lectures/Lecture 17

Jump to: navigation, search

Lecture 17

Today we look at computer security from two perspectives: (a) a high level conceptual perspective focussed on key issues in security and privacy and (b) in analogy to biological systems and their security. The text-book chapter 7 provides a more IT oriented perspective on security.

The objectives of today's class are:

  • House Keeping
    • Assignment 1 submission -- Technical Glitches -- contact your TA directly -- FINAL NOTICE
    • Group Projects
      • Should have project argument set out, and switch to filling out the web presentation (by Nov 16th)
      • Group Project Presentations begin the week of Nov 26th. Will be by lab/tutorial sections. Schedule posted next week.
    • We'll quickly review mid-term answers today.
    • We'll quickly review some of the CS designs from last class
    • Reminders:
      • Final Exam Date and Time has been set: Monday Dec 17, 12-2p.m. (room unknown).

  • Topics
    • Security and Privacy Concepts
    • Biological Security and Computer Security

Glossary (Answers in Chapter 7 of TEXT)

  • Networks
    • Peer-To-Peer
    • Client/Server
  • Computer Virus
  • Trojan Horse Attacks
  • Denial of Service Attacks
  • SQL Injection Attacks
  • Buffer Overflow Attack
  • Computer Worm
  • Firewalls
    • Packet filtering
    • Packet blocking
  • Encryption and Security
  • Privacy and Security

... we will review these definitions on Thursday

Security and Privacy Concepts

We introduce high a high-level approach to thinking about security and privacy in terms of:

  1. Tension between technology and human concerns
  2. Violations of Privacy and Security
  3. Fundamental Security Needs
  4. Security Vulenrabilities
  5. Attack Methodology
  6. Attack Trees
    1. And/Or Statements in Attack Trees
    2. Possible/Impossible classifications in Attack Trees
    3. 'Dots and Arrows' perspective on Attack Trees
  7. Some security and Privacy Questions

Final Question: "Does Security == Privacy"?????

Biological Security and Computer Security

  1. Opening Example -- how Lyme Disease Avoids Detection
  2. Notice Biological Terminology used in Computer Security
  • viruses and information
  • worms and bacteria
  1. Two Biological Approaches to Security
    1. Vertical Resistance -- the 'anti-virus' approach
    2. Horizontal Resistance -- the 'fault-tolerant' approach
  2. Network Security as Epidemiology
    1. How far can a virus spread through a network
    2. How fast can a virus spread through a network


TIA 4th Edn: Chapter 7 pp 302-339

TIA 3rd Edn: Chapter 7 pp 290 - 325


Secrets and Lies. Digital Security in a Networked World. By Bruce Schneier

The Structure and Dynamics of Networks. Editted by Newman, Barbasi and Watts