>> [Comp Sci Dept]
>> [R J Botting]
>> [CS488 Course Materials]
Sun Nov 23 08:37:50 PST 2003
Study pp189..219. Write & Hand in notes
Security is about establishing a boundary between a secure system
and the rest of the world. There are many such boundaries, and they
can be nested: USA --> CSUSB --> JBH3-1 --> My account.
Security is always inconvenient... by definition it is an attempt
to make it difficult to access or change something.
Recently Dr. Adi Shamir of RSA formulated
the three laws of security:
- Absolutely secure systems do not exist.
- To halve your vulnerability, you have to double your expenditure.
- Cryptography is typically bypassed, not penetrated.
On campus luncheon of the Information Systems Security Association
[ ISSA.html ]
California Security Breach Law
(SB1386): Security Breach Information Act (S.B. 1386).
[ 2100-1105-1022341.html ]
[ cc1798.291798.82.htm ]
[ sb_1386_bill_20020926_chaptered.html ]
[ web-calif-07-01-03.asp ]
- Vulnerabilities: web sites damages(or improved), Denial of service attacks, viruses, worms, Trojan horses, malware,...
- The idea of a worm or virus appeared in Science Fiction before the networks
existed in the 60s(Benford?) and 70s(Gerrold). The word Worm
was invented as a tape worm by John Bruner in his SF
fictional book "The Shockwave Rider". In the 80s
computer scientists found that this
idea of a program propagating across a network worked. They
even found uses for it (eg synchronizing clocks) on local networks.
It never became a common tool.
- First noted malware was the Merry Christma Email worm on the IBM
mainframe network in 1987.
A computer worm disguised as a benign holiday greeting spread rapidly via
email and clogged up networks worldwide. The story is all too common today,
but this happened to corporate and university mainframes in 1987, in the
infancy of the computer virus problem, even before the famous Internet, or
From the IEEE Security and Privacy magazine, Vol 1 No5:
[ j5cap.htm ]
- For the latest reliable information see
[ http://www.cert.org/ ]
the Computer Emergency Response Team.
- Cybercrime: that which must use computers and network technologies
- Software piracy: student computers shutdown. No Electronic Theft act 1997
- computer sabotage including logic bombs and DoS attacks.
- electronic break in
- Computer-related crime.
- Anti-Piracy Architecture: SSCA -- Security Standards and certification Act of ????.
- Trespass and Unauthorized Access. CFAA -- Computer Fraud and Abuse Act 1986 rev 1996 + state laws. web sites as property.
- Chattel Trespass: Compuserve vs the Spammer, EBay vs the spider, ... applies whenever damage can be shown.
- Security Measures:
- Perimeter: firewalls, intrusion detection, anti virus software, Email filters, ...
Also hide info about the network at the perimeter so attacks can't be targetted.
- Private transmission: encryption: symmetric vs public-key. DES, 56bits ..128bits. RSA. PGP. SSL. Authentication, signatures, ...
- Encryption: Privacy vs Security
- The Clipper Chip
- Clipper II
- KMI or Clipper III
- Policy Reversal
[ Patriot Act ]
- Encryption Source code and Free Speech: Can software be a weapon?
In the 18th century, France classified as a state secret a mathematician's
method of drawing 3-D objects on paper: Monge's Descriptive Geometry.
It had proved to be good at designing battlements!
It has since become the basis of all engineering drawing.
- Case Studies
- eBay vs Bidder's Edge: Spider trespasses
Reviewed by congress.
The Craig-Durbin act, dubbed Security and Freedom Ensured (SAFE), focuses
on four issues: wiretaps, access to library records, surveillance of
citizens and multi-jurisdictional warrants.
See original article
[ 102118.shtml ]
MORNING EDITION from NPR News November 19 2003.
Members of Congress remain divided about whether they need to revise the
USA Patriot Act. Civil liberties groups told a Senate committee yesterday
that the law already has stifled dissent by groups afraid they'll be
labeled as terrorists. But some lawmakers say it's the misleading
statements about the Patriot Act that are the real problem. NPR's Larry
- Sound Clip
[ segment.php?wfId=1512432 ]
- p215 1 Spam as Chattel Trespass
- p215 2 Web Site as Private Property
- p215 3 Privacy or Security?
- p217 1 Zimmerman's free distribution of PGP
- p217 2 Sell soft munitions abroad?
- p129 1 Bidder's Edge trespassing on eBay?
- p219 2 Work up an appeal
- p219 3 Ramifications of decisions for the Net?
To Be Announced
[ 10.html ]
Work for next time
Read all the notes on the class web site.
If you have questions check back in the book.
Hand in one or two questions at the start of class for credit.
I will accept bonus point presentations (5 minutes max) on any ethical/professional topic in the next session.
. . . . . . . . . ( end of section Security) <<Contents | Index>>
- p215::="Discussion questions on page 215 of text".
- p217::="Discussion questions on page 217 of text".
- p219::="Discussion questions on page 219 of text".
- RSA::="Rivest, Shamir, and Adleman", encryption algorithm,
Authors win the 2004 Turing prize
[ turingmultimedia.11-12-03.html ]
for contributions to Computer Science.
Formulae and Definitions in Alphabetical Order