Computer Security 1
[COMPGA01]
Nicolas T. Courtois
- University College London
CompSec COMPGA01
CompSec at UCL
•
COMPGA01 Computer Security 1
Dr. Nicolas Courtois
optional modules
•
*COMPGA02 Computer Security 2
•
*COMPGZ03 Distributed Systems
•
*COMPM028 Language Based Security
•
*COMPGA14 InfoSec Management
2
Nicolas T. Courtois, January 2009
not covered:
•database sec
•critical infrastructures
•hiding, covert channels,
•flow control
•distributed systems
CompSec COMPGA01
About GA01
• 30 hours.
3
Nicolas T. Courtois, January 2009
CompSec COMPGA01
CompSec1
Summary page:
[COMPGA01]
http://www.cs.ucl.ac.uk/students/syllabus/mscisec/ga01_computer_security_1/
4
Nicolas T. Courtois, January 2009
CompSec COMPGA01
Slides
*All slides marked with an asterisk can be omitted.
Or are repeated elsewhere.
**Two asterisks: even less important.
Text in white: on purpose.
You should consider it does not exist.
It is almost like saying, this is marked as being out of scope.
5
Nicolas T. Courtois, January 2009
CompSec COMPGA01
Assessment
•
85 % = written exam (May exam session)
– 2.5 hours.
– “closed book”,
– NO calculators allowed,
• no mobile phones
•
6
15 % = Coursework =
Nicolas T. Courtois, January 2009
CompSec COMPGA01
Written Exam Content
•
•
multiple choice questions +
possibly also problems to solve,
– either rather questions of understanding..
– or small “theory” exercises
•
your key weapons are:
– common sense
– real world connection, practice vs. theory, things in perspective
– basic knowledge: vocabulary, definitions, key concepts
• The exam CAN contain things about which YOU never heard.
• YES there will be things you did a lot of revisions on and not on the exam… Too
bad.
7
Nicolas T. Courtois, January 2009
CompSec COMPGA01
Remark
Part01 - all the “PRINCIPLES” we learn…
• Exam is not a philosophy essay.
– Part 01 is NOT the most important part of this course.
– Abstract notions and principles should appear in reference to the clear real world
context.
– Focus on fundamental technical knowledge and understanding of it.
8
Nicolas T. Courtois, January 2009
CompSec COMPGA01
References
1)
*M. Bishop, Computer Security.
–
2)
out of date, yet everything is there!
Computer Security:
by Dieter Gollmann
+Unix&Wndows alike
+read in any order,
+compact explanations
-timid on recommendations
2)
Ross Anderson Security Engineering
[Cambridge] only some parts
http://www.cl.cam.ac.uk/~rja14/book.html
9
Nicolas T. Courtois, January 2009
CompSec COMPGA01
Major Themes in CompSec 1
•
•
•
•
•
•
Engineering principles, vocabulary, fancy acronyms like C.I.A. - 30 %
Access control, theory and practice - 30 %
Security helped by hardware - 10 %
Malware attacks and defences - 25%
Protocols and applied cryptography - 30 %
Security given the social and industrial context - 10 %
The sum is much more than 100%?
Yes, because these major points
have lots of intersection.
10
Nicolas T. Courtois, January 2009
CompSec COMPGA01
CompSec 1 – Learning Outcomes
What’s There?
What’s Wrong?
Fix It?
Industrial Standards
Life Facts
Threats
Vulnerabilities
Defensive
Techniques
Attack Methods
Hacking Techniques
..“ALL MAJOR AREAS”…
11
Nicolas T. Courtois, January 2009
CompSec COMPGA01
Content
•
•
•
•
•
•
•
•
•
12
Intro 20s,
Principles, part01 70s
Sets, relations, Security policies, Ref. Monitor, part02a 60s
DAC, OS Access Control, Unix part04(a) 60 s
Unix/Windows in part04(b) +60 s,
Decidability: part02b 20s, revisions on Lattices, 02a/c
MAC, Confidentiality, BLP[Biba] part02c 70s,
Hardware and Low Level CompSec part03 100s
Integrity, business-oriented policies part02d 90s
Nicolas T. Courtois, January 2009
CompSec COMPGA01
Content
•
•
•
•
13
Exploits against software and defenses part10, 60 s
Software - Malware, Attacks – Defences, part07 + 80 s
Basic Network Security and Firewalls 80s
Crypto, Authentication, Passwords, part05,
Crypto Protocols, Key Est. Kerberos, SSL, PGP part06
Nicolas T. Courtois, January 2009