Adversaries, threat models, security goals

Security in Computing (3rd Edition)

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner Notes 1 1 The scope of this class Our goal in this class is to teach you the some of the most important and useful ideas in computer security. By the end of this course, we hope you will have learned: How to build secure systems. You’ll learn techniques for designing, implementing, and maintaining secure systems. How to evaluate the security of systems. Suppose someone hands you a system they built. How do you tell whether their system is any good? We’ll teach you how systems have failed in the past, how attackers break into systems in real life, and how to tell whether a given system is likely to be secure. How to communicate securely. We’ll teach you some selections from the science of cryptogra- phy, which studies how several parties can communicate securely over an insecure communications medium. Computer security is a broad Feld, that touches on almost every aspect of computer science. We hope you’ll enjoy the scenery along the way. What is computer security? Computer security is about computing in the presence of an adversary. One might say that the deFning characteristic of the Feld, the lead character in the play, is the adversary. Re- liability, robustness, and fault tolerance are about how to deal with Mother Nature, with random failures; in contrast, security is about dealing with actions instigated by a knowledgeable attacker who is dedicated to causing you harm. Security is about surviving malice, and not just mischance. Whereever there is an adversary, there is a computer security problem. Adversaries are all around us. The Code Red worm infected a quarter of a million computers in less than a week, and contained a time-bomb set to try to take down the White House web server on a speciFc date. ±ortunately, the attack on the White House was diverted—but one research company is estimating the worm cost $2 billion in lost productivity and in cleaning up the mess caused by infected machines. One company estimated that viruses cost businesses over $50 billion in 2003. Hackers armed with zombie networks of tens of thousands of compromised machines sell their services brazenly, promising to take down a competitor’s website for a few thousand dollars. It’s been estimated that, as of 2005, at least a million computers worldwide have been penetrated and “owned” by malicious parties; many are used to send massive amounts of spam or make money through phishing and identity fraud. Studies suggest that something like half of all spam is sent by such zombie networks. It’s a racket, and it pays well—the perpetrators are raking in money fast enough that they don’t need a day job. How are we supposed to secure our machines when there are folks like this out there? That’s the subject of this class.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 6

Adversaries, threat models, security goals - CS 161 Fall...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online