# HG changeset patch # User Christian Urban # Date 1410736750 -3600 # Node ID 77cf0362b87a048261e034da6bbf079ea7176a9a # Parent 702fea7754ebd119ffccbe55a483926d64eebcbc updated diff -r 702fea7754eb -r 77cf0362b87a handouts/ho01.pdf Binary file handouts/ho01.pdf has changed diff -r 702fea7754eb -r 77cf0362b87a handouts/ho01.tex --- a/handouts/ho01.tex Sat Sep 06 15:30:45 2014 +0100 +++ b/handouts/ho01.tex Mon Sep 15 00:19:10 2014 +0100 @@ -8,8 +8,10 @@ Much of the material and inspiration in this module is taken from the works of Bruce Schneier, Ross Anderson and Alex -Halderman. According to them, a security engineer requires -a certain mindset. Bruce Schneier for example writes: +Halderman. I think they are the world experts in the area of +security engineering. I especially like that they argue that a +security engineer requires a certain \emph{security mindset}. +Bruce Schneier for example writes: \begin{quote} \it ``Security engineers --- at least the good ones --- see @@ -32,44 +34,43 @@ and sideways. You have to think like an alien.'' \end{quote} -\noindent In this module I like to teach you this mindset. To -defend a system, you need to have this mindset and think like -an attacker. This will include understanding techniques that -can be used to compromise security and privacy of others. +\noindent In this module I like to teach you this security +mindset. This might be a mindset that you think is very +foreign to you (after all we are all good citizens). I beg to +differ: You have this mindset already when in school you were +thinking, at least hypothetically, in which ways you can cheat +in an exam (whether it is about hiding notes or looking over +the shoulders of your fellow pupils). Right? To defend a +system, you need to have this kind mindset and be able to +think like an attacker. This will include understanding +techniques that can be used to compromise security and privacy +in systems. This will many times result in insights where +well-intended security mechanism made a system actually less +secure.\smallskip -{\bf Warning!} However, don’t be evil! Using those techniques in the real -world may violate the law or the university’s rules, and it -may be unethical. Under some circumstances, even probing for -weaknesses may result in severe penalties, up to and including -expulsion, civil fines, and jail time. Acting lawfully and -ethically is your responsibility. - +{\Large\bf Warning!} However, don’t be evil! Using those +techniques in the real world may violate the law or King’s +rules, and it may be unethical. Under some circumstances, even +probing for weaknesses of a system may result in severe +penalties, up to and including expulsion, civil fines, and +jail time. Acting lawfully and ethically is your +responsibility. Ethics requires you to refrain from doing +harm. Always respect privacy and rights of others. Do not +tamper with any of King's systems. If you try out a technique, +always make doubly sure you are working in a safe environment +so that you cannot cause any harm, not even accidentically. +Don't be evil. Be an ethical hacker. -Don’t be evil! - Ethics requires you to refrain from doing harm - Always respect privacy and property rights - Otherwise you will fail the course - Federal and state laws criminalise computer intrusion and wiretapping - e.g. Computer Fraud and Abuse Act (CFAA) -- You can be sued or go to jail - University policies prohibit tampering with campus systems - You can be disciplined, even expelled - -To defend a system, you need to be able to think like an -attacker, and that includes understanding techniques that can -be used to compromise security. However, using those -techniques in the real world may violate the law or the -university’s rules, and it may be unethical. Under some -circumstances, even probing for weaknesses may result in -severe penalties, up to and including expulsion, civil fines, -and jail time. Our policy in EECS 588 is that you must respect -the privacy and property rights of others at all times, or -else you will fail the course. - -Acting lawfully and ethically is your responsibility. -Carefully read the Computer Fraud and Abuse Act (CFAA), a -federal statute that broadly criminalizes computer intrusion. -This is one of several laws that govern “hacking.” Understand -what the law prohibits — you don’t want to end up like this -guy. The EFF provides helpful advice on vulnerability -reporting and other legal matters. If in doubt, we can refer -you to an attorney. - - +In this lecture I want to make you familiar with the security +mindset and dispel the myth that encryption is the answer to +security (it certainly is one answer, but by no means a +sufficient one). This is actually an important thread going +through the whole course: We will assume that encryption works +perfectly, but still attack ``things''. By ``works perfectly'' +we mean that we will assume encryption is a black box and, for +example, will not look at the underlying +mathematics.\footnote{Though fascinating it might be.} \end{document} diff -r 702fea7754eb -r 77cf0362b87a slides/slides01.pdf Binary file slides/slides01.pdf has changed diff -r 702fea7754eb -r 77cf0362b87a slides/slides01.tex --- a/slides/slides01.tex Sat Sep 06 15:30:45 2014 +0100 +++ b/slides/slides01.tex Mon Sep 15 00:19:10 2014 +0100 @@ -37,7 +37,7 @@ \begin{document} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -\begin{frame}<1>[t] +\begin{frame}[t] \frametitle{% \begin{tabular}{@ {}c@ {}} \LARGE Access Control and \\[-3mm] @@ -53,7 +53,7 @@ \begin{tabular}{ll} Email: & christian.urban at kcl.ac.uk\\ Office: & S1.27 (1st floor Strand Building)\\ - Slides/HOs: & KEATS + Slides: & KEATS \end{tabular} \end{center} \end{frame} @@ -76,7 +76,7 @@ \includegraphics[scale=0.1]{pics/snowden.jpg} \end{center} -\begin{textblock}{1}(4.5,7.5) +\begin{textblock}{1}(3.5,7.5) \begin{tikzpicture}[scale=1.3] \draw[white] (0,0) node (X) {\includegraphics[scale=0.1]{pics/rman.png}}; \draw[white] (6,0) node (Y) {\includegraphics[scale=0.1]{pics/gman.png}}; @@ -113,7 +113,7 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame} -\frametitle{\begin{tabular}{@ {}c@ {}}Also Bad Guys\end{tabular}} +\frametitle{Also Bad Guys} \only<1->{ \begin{textblock}{1}(4,2.5) @@ -157,7 +157,7 @@ \includegraphics[scale=0.6]{pics/cryptographic-small.png} \end{center} -The NSA can probably not brute-force magically better than the ``public''. +Though, the NSA can probably not brute-force magically better than the ``public''. \end{frame}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%