sen-material: handouts/ho01.tex@702fea7754eb (annotated)

158 702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1	\documentclass{article}
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	2	\usepackage{../style}
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	3
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	4
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	5	\begin{document}
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	6
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	7	\section*{Handout 1 (Security Engeneering)}
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	8
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	9	Much of the material and inspiration in this module is taken
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	10	from the works of Bruce Schneier, Ross Anderson and Alex
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	11	Halderman. According to them, a security engineer requires
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	12	a certain mindset. Bruce Schneier for example writes:
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	13
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	14	\begin{quote}
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	15	\it ``Security engineers --- at least the good ones --- see
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	16	the world differently. They can't walk into a store without
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	17	noticing how they might shoplift. They can't use a computer
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	18	without wondering about the security vulnerabilities. They
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	19	can't vote without trying to figure out how to vote twice.
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	20	They just can't help it.''
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	21	\end{quote}
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	22
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	23	\begin{quote}
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	24	\it ``Security engineering\ldots requires you to think
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	25	differently. You need to figure out not how something works,
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	26	but how something can be made to not work. You have to imagine
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	27	an intelligent and malicious adversary inside your system
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	28	\ldots, constantly trying new ways to
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	29	subvert it. You have to consider all the ways your system can
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	30	fail, most of them having nothing to do with the design
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	31	itself. You have to look at everything backwards, upside down,
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	32	and sideways. You have to think like an alien.''
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	33	\end{quote}
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	34
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	35	\noindent In this module I like to teach you this mindset. To
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	36	defend a system, you need to have this mindset and think like
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	37	an attacker. This will include understanding techniques that
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	38	can be used to compromise security and privacy of others.
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	39
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	40	{\bf Warning!} However, don’t be evil! Using those techniques in the real
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	41	world may violate the law or the university’s rules, and it
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	42	may be unethical. Under some circumstances, even probing for
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	43	weaknesses may result in severe penalties, up to and including
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	44	expulsion, civil fines, and jail time. Acting lawfully and
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	45	ethically is your responsibility.
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	46
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	47
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	48
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	49	Don’t be evil! - Ethics requires you to refrain from doing harm - Always respect privacy and property rights - Otherwise you will fail the course - Federal and state laws criminalise computer intrusion and wiretapping - e.g. Computer Fraud and Abuse Act (CFAA)
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	50	- You can be sued or go to jail - University policies prohibit tampering with campus systems - You can be disciplined, even expelled
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	51
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	52	To defend a system, you need to be able to think like an
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	53	attacker, and that includes understanding techniques that can
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	54	be used to compromise security. However, using those
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	55	techniques in the real world may violate the law or the
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	56	university’s rules, and it may be unethical. Under some
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	57	circumstances, even probing for weaknesses may result in
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	58	severe penalties, up to and including expulsion, civil fines,
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	59	and jail time. Our policy in EECS 588 is that you must respect
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	60	the privacy and property rights of others at all times, or
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	61	else you will fail the course.
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	62
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	63	Acting lawfully and ethically is your responsibility.
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	64	Carefully read the Computer Fraud and Abuse Act (CFAA), a
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	65	federal statute that broadly criminalizes computer intrusion.
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	66	This is one of several laws that govern “hacking.” Understand
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	67	what the law prohibits — you don’t want to end up like this
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	68	guy. The EFF provides helpful advice on vulnerability
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	69	reporting and other legal matters. If in doubt, we can refer
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	70	you to an attorney.
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	71
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	72
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	73
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	74	\end{document}
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	75
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	76	%%% Local Variables:
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	77	%%% mode: latex
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	78	%%% TeX-master: t
702fea7754eb added handouts Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	79	%%% End:

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Sat, 06 Sep 2014 15:30:45 +0100
changeset 158	702fea7754eb
child 159	77cf0362b87a
permissions	-rw-r--r--