College aantekeningen
College aantekeningen Security (NWI-IPC021)
- Instelling
- Radboud Universiteit Nijmegen (RU)
Aantekeningen en samenvatting van de lessen Security van de Radboud Universiteit.
[Meer zien]Voorbeeld 4 van de 128 pagina's
Voorbeeld 4 van de 128 pagina's
In winkelwagengesponsord bericht van onze partner
Voorbeeld van de inhoud
SecurityChantal Banga, s4545176
December 2020
Lecture 1 - Intro
Security
Freedom from, or resilience against, potential harm or unwanted coercive (ged-
wongen) change caused by others.
Beneficiaries of security
• Individual persons
• Social groups
• Objects and institutions
• Ecosystems
Security vs. Safety
• Safety: against (unintentional) accidents or disasters
– Anticipate what can go wrong
– Also the unexpected
– Forces of nature: tsunamis, fire, biohazard, flood, polar bears, etc.
– Bad things happening: nuclear accidents, panic, power outage, traf-
fic, etc.
– Providing safety is hard
• Security: against malicious activities by people
– Anticipate war, terrorism, fraud, theft, abuse, etc.
– Also the unexpected
– Providing security is harder
– Because the harm is intentional
1
,Computer security
The protection of computer systems from theft or damage to their hardware,
software of electronic data, as well as from disruption or misdirection of the
services they provide
• Computer security: Security involving (modern) information technol-
ogy (IT)
• It’s about access
– Preventing unauthorized access to:
∗ Accounts
∗ Personal data
∗ Computing resources
∗ Media content
∗ Communication resources
– Ensuring authorized access:
∗ Protection against denial of service
• It’s also about harmful use of IT
– Stealing:
∗ Vehicles, exploiting car key weaknesses
∗ Burglary, using collected info, key weaknesses
∗ Cryptocurrency mining on other people’s bill
– Identity theft: for harassment, stalking, etc.
– Blackmail, using:
∗ Ransomware: keeping data hostage
∗ Threats to take away resources/services
– Misinformation
∗ Website defacement
∗ Fake news to manipulate public opining, ...
• IT makes eavesdropping easier
– Hackers can exploit protocol weaknesses to get cleartext
– Numerous other examples: WIFI’s WPA2, TLS, ...
• Systematic eavesdropping on all: mass surveillance
By organizations that claim to be legitimate
– For profit: Google, Facebook, device vendors, etc.
– For law enforcement: governments
2
, – Using smartphone, TV, smart speakers
• IT leading to very powerful weapons
– Botnets: army of malware-infected computers
∗ For denial of service: terrorism, blackmail
∗ For cryptocurrency mining: theft
∗ For selling CPU power
∗ For password guessing
∗ Etc.
– In cyberterrorism and cyberwarfare
∗ We’re at war ethics
∗ Mass manipulation with propaganda, fake news, etc.
∗ Sabotage of enemy (IT) infrastructure
∗ Destabilization by fake news, election manipulation, etc.
– Computer viuses, worms, trojans, ...
3
, Lecture 2 - Intro
Problems implementing security
• Products are often not designed with security in mind
– Many products are quickly thrown together and shipped
∗ Especially web pages, apps, IoT, ...
∗ Using code that is mostly found and googled together
∗ Very minimal testing
∗ Security only as an after-thought (if any)
– For some the security was good initially ...
∗ The Internet in the 1980’s
∗ Linux OS - developed in the 1970’s
1. Discretionary access control (DAC) that allows the users to
decide on the access of their files
2. SeLinux, Qubes - attempts at OSs built to be secure
• Products evolve very fast
– Their usage expands or changes
∗ Virtualization of servers, the cloud ...
∗ Mobile phones becoming our banking devices
– New challenges for security
• Products have high complexity
– Moore’s Law:
– Software products have high complexity too
∗ Windows 10: estimates 50M lines of code (LOC)
∗ Linux kernel: 10K in 1991, 311K in 1995, 20M in 2015
– Security: understanding possible attack paths, vulnerabilities
∗ Complexity introduces vulnerabilities, well after deployment
· Example: side-channel attacks, speculative execution
∗ Security becomes a break and patch game
– Security assurance: closed vs. open source
∗ ”Public scrutiny (onderzoek) makes open source high-assurance”
∗ In theory yes, but only if small code base
∗ High assurance: smart cards with tiny cpu and 20K LOC
• Business is not focused on security
– Business landscape in IT is very competitive
4
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper chantalbanga. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €6,99. Je zit daarna nergens aan vast.
Is Stuvia te vertrouwen?
4,6 sterren op Google & Trustpilot (+1000 reviews)
Afgelopen 30 dagen zijn er 64438 samenvattingen verkocht
Opgericht in 2010, al 14 jaar dé plek om samenvattingen te kopen