[CSUSB] >> [CNS] >> [Comp Sci Dept] >> [R J Botting] >> [CS488 Course Materials] >> 09
[Index] || [Schedule] || [Syllabus] || [Definitions] || [News] || [Grades]
Notes: [01] || [02] || [03] || [04] || [05] || [06] || [07] || [08] || [09] || [10]
Sun Nov 23 08:37:50 PST 2003

Contents


    Security

    Home work

    Study pp189..219. Write & Hand in notes

    Introduction

    Security is about establishing a boundary between a secure system and the rest of the world. There are many such boundaries, and they can be nested: USA --> CSUSB --> JBH3-1 --> My account.

    Security is always inconvenient... by definition it is an attempt to make it difficult to access or change something.

    Recently Dr. Adi Shamir of RSA formulated the three laws of security:

    1. Absolutely secure systems do not exist.
    2. To halve your vulnerability, you have to double your expenditure.
    3. Cryptography is typically bypassed, not penetrated.

    News

    On campus luncheon of the Information Systems Security Association [ ISSA.html ] (TANSTAAFL).

    California Security Breach Law


    (SB1386): Security Breach Information Act (S.B. 1386). [ 2100-1105-1022341.html ] [ cc1798.291798.82.htm ] [ sb_1386_bill_20020926_chaptered.html ] [ web-calif-07-01-03.asp ]

    Reading


    1. Vulnerabilities: web sites damages(or improved), Denial of service attacks, viruses, worms, Trojan horses, malware,...
    2. The idea of a worm or virus appeared in Science Fiction before the networks existed in the 60s(Benford?) and 70s(Gerrold). The word Worm was invented as a tape worm by John Bruner in his SF fictional book "The Shockwave Rider". In the 80s computer scientists found that this idea of a program propagating across a network worked. They even found uses for it (eg synchronizing clocks) on local networks. It never became a common tool.
    3. First noted malware was the Merry Christma Email worm on the IBM mainframe network in 1987.
        A computer worm disguised as a benign holiday greeting spread rapidly via email and clogged up networks worldwide. The story is all too common today, but this happened to corporate and university mainframes in 1987, in the infancy of the computer virus problem, even before the famous Internet, or Morris, worm.

        From the IEEE Security and Privacy magazine, Vol 1 No5: [ j5cap.htm ] for details


    4. For the latest reliable information see [ http://www.cert.org/ ] the Computer Emergency Response Team.
    5. Cybercrime: that which must use computers and network technologies
      1. Software piracy: student computers shutdown. No Electronic Theft act 1997
      2. computer sabotage including logic bombs and DoS attacks.
      3. electronic break in

    6. Computer-related crime.
    7. Anti-Piracy Architecture: SSCA -- Security Standards and certification Act of ????.
    8. Trespass and Unauthorized Access. CFAA -- Computer Fraud and Abuse Act 1986 rev 1996 + state laws. web sites as property.
    9. Chattel Trespass: Compuserve vs the Spammer, EBay vs the spider, ... applies whenever damage can be shown.
    10. Security Measures:
      1. Perimeter: firewalls, intrusion detection, anti virus software, Email filters, ... Also hide info about the network at the perimeter so attacks can't be targetted.
      2. Private transmission: encryption: symmetric vs public-key. DES, 56bits ..128bits. RSA. PGP. SSL. Authentication, signatures, ...

    11. Encryption: Privacy vs Security
      1. The Clipper Chip
      2. Clipper II
      3. KMI or Clipper III
      4. Policy Reversal
      5. 9/11 [ Patriot Act ]

    12. Encryption Source code and Free Speech: Can software be a weapon?
        In the 18th century, France classified as a state secret a mathematician's method of drawing 3-D objects on paper: Monge's Descriptive Geometry. It had proved to be good at designing battlements! It has since become the basis of all engineering drawing.

    13. Case Studies
      1. PGP
      2. eBay vs Bidder's Edge: Spider trespasses


    Patriot Act

    Reviewed by congress.

    From Newsmax.com


      The Craig-Durbin act, dubbed Security and Freedom Ensured (SAFE), focuses on four issues: wiretaps, access to library records, surveillance of citizens and multi-jurisdictional warrants.

      See original article [ 102118.shtml ] on www.newsmax.com.


    MORNING EDITION from NPR News November 19 2003.


      Members of Congress remain divided about whether they need to revise the USA Patriot Act. Civil liberties groups told a Senate committee yesterday that the law already has stifled dissent by groups afraid they'll be labeled as terrorists. But some lawmakers say it's the misleading statements about the Patriot Act that are the real problem. NPR's Larry Abramson reports.

    1. Sound Clip [ segment.php?wfId=1512432 ]

    Exercises


    1. p215 1 Spam as Chattel Trespass
    2. p215 2 Web Site as Private Property
    3. p215 3 Privacy or Security?
    4. p217 1 Zimmerman's free distribution of PGP
    5. p217 2 Sell soft munitions abroad?
    6. p129 1 Bidder's Edge trespassing on eBay?
    7. p219 2 Work up an appeal
    8. p219 3 Ramifications of decisions for the Net?

    Question

    To Be Announced

    Next

    Review Course: [ 10.html ]

    Work for next time

    Read all the notes on the class web site. If you have questions check back in the book. Hand in one or two questions at the start of class for credit.

    I will accept bonus point presentations (5 minutes max) on any ethical/professional topic in the next session.

    . . . . . . . . . ( end of section Security) <<Contents | Index>>

  1. p215::="Discussion questions on page 215 of text".
  2. p217::="Discussion questions on page 217 of text".
  3. p219::="Discussion questions on page 219 of text".
  4. RSA::="Rivest, Shamir, and Adleman", encryption algorithm, Authors win the 2004 Turing prize [ turingmultimedia.11-12-03.html ] for contributions to Computer Science.


Formulae and Definitions in Alphabetical Order