Class notes
College aantekeningen Security (NWI-IPC021)
- Course
- Institution
Aantekeningen en samenvatting van de lessen Security van de Radboud Universiteit.
[Show more]
Seller
Follow
chantalbanga
Reviews received
Content preview
SecurityChantal Banga, s4545176
December 2020
Lecture 1 - Intro
Security
Freedom from, or resilience against, potential harm or unwanted coercive (ged-
wongen) change caused by others.
Beneficiaries of security
• Individual persons
• Social groups
• Objects and institutions
• Ecosystems
Security vs. Safety
• Safety: against (unintentional) accidents or disasters
– Anticipate what can go wrong
– Also the unexpected
– Forces of nature: tsunamis, fire, biohazard, flood, polar bears, etc.
– Bad things happening: nuclear accidents, panic, power outage, traf-
fic, etc.
– Providing safety is hard
• Security: against malicious activities by people
– Anticipate war, terrorism, fraud, theft, abuse, etc.
– Also the unexpected
– Providing security is harder
– Because the harm is intentional
1
,Computer security
The protection of computer systems from theft or damage to their hardware,
software of electronic data, as well as from disruption or misdirection of the
services they provide
• Computer security: Security involving (modern) information technol-
ogy (IT)
• It’s about access
– Preventing unauthorized access to:
∗ Accounts
∗ Personal data
∗ Computing resources
∗ Media content
∗ Communication resources
– Ensuring authorized access:
∗ Protection against denial of service
• It’s also about harmful use of IT
– Stealing:
∗ Vehicles, exploiting car key weaknesses
∗ Burglary, using collected info, key weaknesses
∗ Cryptocurrency mining on other people’s bill
– Identity theft: for harassment, stalking, etc.
– Blackmail, using:
∗ Ransomware: keeping data hostage
∗ Threats to take away resources/services
– Misinformation
∗ Website defacement
∗ Fake news to manipulate public opining, ...
• IT makes eavesdropping easier
– Hackers can exploit protocol weaknesses to get cleartext
– Numerous other examples: WIFI’s WPA2, TLS, ...
• Systematic eavesdropping on all: mass surveillance
By organizations that claim to be legitimate
– For profit: Google, Facebook, device vendors, etc.
– For law enforcement: governments
2
, – Using smartphone, TV, smart speakers
• IT leading to very powerful weapons
– Botnets: army of malware-infected computers
∗ For denial of service: terrorism, blackmail
∗ For cryptocurrency mining: theft
∗ For selling CPU power
∗ For password guessing
∗ Etc.
– In cyberterrorism and cyberwarfare
∗ We’re at war ethics
∗ Mass manipulation with propaganda, fake news, etc.
∗ Sabotage of enemy (IT) infrastructure
∗ Destabilization by fake news, election manipulation, etc.
– Computer viuses, worms, trojans, ...
3
, Lecture 2 - Intro
Problems implementing security
• Products are often not designed with security in mind
– Many products are quickly thrown together and shipped
∗ Especially web pages, apps, IoT, ...
∗ Using code that is mostly found and googled together
∗ Very minimal testing
∗ Security only as an after-thought (if any)
– For some the security was good initially ...
∗ The Internet in the 1980’s
∗ Linux OS - developed in the 1970’s
1. Discretionary access control (DAC) that allows the users to
decide on the access of their files
2. SeLinux, Qubes - attempts at OSs built to be secure
• Products evolve very fast
– Their usage expands or changes
∗ Virtualization of servers, the cloud ...
∗ Mobile phones becoming our banking devices
– New challenges for security
• Products have high complexity
– Moore’s Law:
– Software products have high complexity too
∗ Windows 10: estimates 50M lines of code (LOC)
∗ Linux kernel: 10K in 1991, 311K in 1995, 20M in 2015
– Security: understanding possible attack paths, vulnerabilities
∗ Complexity introduces vulnerabilities, well after deployment
· Example: side-channel attacks, speculative execution
∗ Security becomes a break and patch game
– Security assurance: closed vs. open source
∗ ”Public scrutiny (onderzoek) makes open source high-assurance”
∗ In theory yes, but only if small code base
∗ High assurance: smart cards with tiny cpu and 20K LOC
• Business is not focused on security
– Business landscape in IT is very competitive
4
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller chantalbanga. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.60. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
64438 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now