# HG changeset patch # User Christian Urban # Date 1410013845 -3600 # Node ID 702fea7754ebd119ffccbe55a483926d64eebcbc # Parent 3a8fff66d62bc59287bf9737a2c9f869981995d1 added handouts diff -r 3a8fff66d62b -r 702fea7754eb handouts/ho01.pdf Binary file handouts/ho01.pdf has changed diff -r 3a8fff66d62b -r 702fea7754eb handouts/ho01.tex --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/handouts/ho01.tex Sat Sep 06 15:30:45 2014 +0100 @@ -0,0 +1,79 @@ +\documentclass{article} +\usepackage{../style} + + +\begin{document} + +\section*{Handout 1 (Security Engeneering)} + +Much of the material and inspiration in this module is taken +from the works of Bruce Schneier, Ross Anderson and Alex +Halderman. According to them, a security engineer requires +a certain mindset. Bruce Schneier for example writes: + +\begin{quote} +\it ``Security engineers --- at least the good ones --- see +the world differently. They can't walk into a store without +noticing how they might shoplift. They can't use a computer +without wondering about the security vulnerabilities. They +can't vote without trying to figure out how to vote twice. +They just can't help it.'' +\end{quote} + +\begin{quote} +\it ``Security engineering\ldots requires you to think +differently. You need to figure out not how something works, +but how something can be made to not work. You have to imagine +an intelligent and malicious adversary inside your system +\ldots, constantly trying new ways to +subvert it. You have to consider all the ways your system can +fail, most of them having nothing to do with the design +itself. You have to look at everything backwards, upside down, +and sideways. You have to think like an alien.'' +\end{quote} + +\noindent In this module I like to teach you this mindset. To +defend a system, you need to have this mindset and think like +an attacker. This will include understanding techniques that +can be used to compromise security and privacy of others. + +{\bf Warning!} However, don’t be evil! Using those techniques in the real +world may violate the law or the university’s rules, and it +may be unethical. Under some circumstances, even probing for +weaknesses may result in severe penalties, up to and including +expulsion, civil fines, and jail time. Acting lawfully and +ethically is your responsibility. + + + +Don’t be evil! - Ethics requires you to refrain from doing harm - Always respect privacy and property rights - Otherwise you will fail the course - Federal and state laws criminalise computer intrusion and wiretapping - e.g. Computer Fraud and Abuse Act (CFAA) +- You can be sued or go to jail - University policies prohibit tampering with campus systems - You can be disciplined, even expelled + +To defend a system, you need to be able to think like an +attacker, and that includes understanding techniques that can +be used to compromise security. However, using those +techniques in the real world may violate the law or the +university’s rules, and it may be unethical. Under some +circumstances, even probing for weaknesses may result in +severe penalties, up to and including expulsion, civil fines, +and jail time. Our policy in EECS 588 is that you must respect +the privacy and property rights of others at all times, or +else you will fail the course. + +Acting lawfully and ethically is your responsibility. +Carefully read the Computer Fraud and Abuse Act (CFAA), a +federal statute that broadly criminalizes computer intrusion. +This is one of several laws that govern “hacking.” Understand +what the law prohibits — you don’t want to end up like this +guy. The EFF provides helpful advice on vulnerability +reporting and other legal matters. If in doubt, we can refer +you to an attorney. + + + +\end{document} + +%%% Local Variables: +%%% mode: latex +%%% TeX-master: t +%%% End: diff -r 3a8fff66d62b -r 702fea7754eb handouts/ho02.pdf Binary file handouts/ho02.pdf has changed diff -r 3a8fff66d62b -r 702fea7754eb handouts/ho03.pdf Binary file handouts/ho03.pdf has changed