Class Introduction

​

CSC 481/681

Principles of Computer Security

​

Spring 2024

​

​

Welcome!!!

​

​

First, some introductions….

CSC 481/681

Principles of Computer Security

Class Introduction

Class Background and Context

(a couple of big points...)

Point 1: This class provides foundation for advanced security classes

• Security class organization:

​

​

• Covers basic principles, with most of the focus being on security for system builders (and not “operational security”)

A few initial comments and observations:

• Textbook: some good, some bad... supplemented with readings
• Hands-on exercises: Could be part or all of an assignment

“SEED Labs” optional textbook - doesn’t cover all of our exercises though

CSC 481/681: Principles

CSC 485/685: Cryptography

CSC 487/687: Network security

Topics? Software security, etc.

CSC 481/681

Principles of Computer Security

Class Introduction

Class Administration

(a couple of big points...)

Point 2: Things that are important to know

• I want you to succeed
• “Succeed” means “learn”, not (necessarily) “get a good grade” (that’s up to you!)
• I’ll work with you on learning
• Honesty, ethics, and professionalism are expected
• Academic integrity - being honest is easy - don’t give in to temptation
• Submit work you are proud of - don’t be sloppy!
• Treat all class members with respect (I will too!)
• Don’t “experiment” with unauthorized systems - UNCG Acceptable Use Policy!
• Explore, experiment, and be curious
• Hands-on activities use containers and virtual machines - you can’t do real damage!
• Think “I should see what happens if I…” rather than “I should ask about…”
• Again: Only on systems you are authorized to experiment with!

CSC 481/681

Principles of Computer Security

Class Introduction

Class Administration

(the boring details… syllabus review)

Availability, contacting me, response time, COVID issues/status, …

​

Class web page: Open web page vs Canvas

​

Pre-requisites: CSC 330 and CSC 362 - know:

• Programming experience - how programs can break - CSC 130-330
• Quantitative/analysis skills as related to computing - CSC 250
• Basics of how computers work (CPU, virtual memory, …) - CSC 261
• How programs interact with the OS and very basic networking and security - CSC 362

​

Student Learning Outcomes:

• Hint: Many assignment and test questions to evaluate SLOs!

​

Textbook: Required! Read before in-class discussion!

CSC 481/681

Principles of Computer Security

Class Introduction

Class Administration

(the boring details… syllabus review)

Hands-on exercises: “Labtainers” from Naval Postgraduate School

• https://nps.edu/web/c3o/labtainers - over 60 available - explore if you have time!
• Some based on “SEED Labs”: http://www.cis.syr.edu/~wedu/seed/labs.html
• Best: Your own computer with at least 8GB RAM - talk to me for an alternative

Classes:

• Goal: Lots of interaction, in-class work, etc.
• Hard to pass if you miss!
• If attendance becomes a problem, will include in grade!

Grading:

CSC 481/681

Principles of Computer Security

Class Introduction

Class Administration

(the boring details… syllabus review)

​

​

Other syllabus details…

• Academic Integrity
• Attendance policy
• Late policy
• In-class behavior
• ADA / accommodations
• COVID and health issues

​

Read the syllabus!

CSC 481/681

Principles of Computer Security

Class Introduction

Security Topics - Threats, Vulnerabilities, Controls

(The fun stuff! With stories!)

​

Much of this course focuses on

identifying threats (who attacks and why),

vulnerabilities (how to they get in),

and controls (how to design systems securely)

CSC 481/681

Principles of Computer Security

Class Introduction

Security Topics - Threats, Vulnerabilities, Controls

(The fun stuff! With stories!)

Threats - Can be kids being kids (still a serious crime!)

https://www.cpomagazine.com/cyber-security/twitter-hack-apparently-masterminded-by-group-of-kids-as-young-as-17/

CSC 481/681

Principles of Computer Security

Class Introduction

Security Topics - Threats, Vulnerabilities, Controls

(The fun stuff! With stories!)

Threats - Can be nation-state actors

https://www.wired.com/2007/08/ff-estonia/

https://www.nbcnews.com/politics/elections/russians-penetrated-u-s-voter-systems-says-top-u-s-n845721

CSC 481/681

Principles of Computer Security

Class Introduction

Security Topics - Threats, Vulnerabilities, Controls

(The fun stuff! With stories!)

Threats - Can be nation-state actors (we allegedly do it too….)

http://large.stanford.edu/courses/2015/ph241/holloway1/

CSC 481/681

Principles of Computer Security

Class Introduction

Security Topics - Threats, Vulnerabilities, Controls

(The fun stuff! With stories!)

Threats - Can be nation-state actors (we allegedly do it too….)

Threat can be an insider…

http://large.stanford.edu/courses/2015/ph241/holloway1/

CSC 481/681

Principles of Computer Security

Class Introduction

Security Topics - Threats, Vulnerabilities, Controls

(The fun stuff! With stories!)

Threats can be financially motivated

An increasing amount of critical infrastructure is now dependent on information/computer systems for basic delivery

https://www.cnbc.com/2021/06/08/colonial-pipeline-ceo-testifies-on-first-hours-of-ransomware-attack.html

CSC 481/681

Principles of Computer Security

Class Introduction

Security Topics - Threats, Vulnerabilities, Controls

(The fun stuff! With stories!)

Threat: Nation-state actor

Increasingly visible vulnerability: Software supply chain

https://www.gao.gov/blog/solarwinds-cyberattack-demands-significant-federal-and-private-sector-response-infographic

CSC 481/681

Principles of Computer Security

Class Introduction

Security Topics - Threats, Vulnerabilities, Controls

(The fun stuff! With stories!)

Vulnerabilities - Can come from bugs in software (design or implementation)

Used in first widespread Internet worm (the Morris worm in 1988) - and still the biggest problem today!

https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html

CSC 481/681

Principles of Computer Security

Class Introduction

Security Topics - Threats, Vulnerabilities, Controls

(The fun stuff! With stories!)

Vulnerabilities - Can come from bugs in software (design or implementation)

Used in first widespread Internet worm (the Morris worm in 1988) - and still the biggest problem today!

https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html

Grad student at Cornell said “I wonder what would happen if….” and it got out of control.

​

Don’t do this!

CSC 481/681

Principles of Computer Security

Class Introduction

Security Topics - Threats, Vulnerabilities, Controls

(The fun stuff! With stories!)

Vulnerabilities - Can come from bad configuration

This is a huge problem!

https://www.networkworld.com/article/2258131/hidden-threat-on-corporate-nets--misconfigured-gear.html

CSC 481/681

Principles of Computer Security

Class Introduction

Security Topics - Threats, Vulnerabilities, Controls

(The fun stuff! With stories!)

Vulnerabilities - Can come from poorly-trained people

https://www.wired.com/2011/06/the-dropped-drive-hack/

CSC 481/681

Principles of Computer Security

Class Introduction

Security Topics - Threats, Vulnerabilities, Controls

(The fun stuff! With stories!)

Controls - How to protect your systems/information

Controls we’ll learn about in this class:

• System security
• Cryptography
• Security-focused software development/testing
• Firewalls
• Authentication techniques
• Access control
• Physical security
• ...

CSC 481/681

Principles of Computer Security

Class Introduction

For Next Time...

​

Read sections 1.1 and 1.4 from the textbook

​

Start on Section 1.2 if you have time!

CSC 481/681

Principles of Computer Security

Class Introduction