class 30 security and privacy l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Class 30: Security and Privacy PowerPoint Presentation
Download Presentation
Class 30: Security and Privacy

Loading in 2 Seconds...

play fullscreen
1 / 19

Class 30: Security and Privacy - PowerPoint PPT Presentation


  • 354 Views
  • Uploaded on

Class 30: Security and Privacy CSCI 101 Fall 2010 Daniel Scharstein Today Security Social Issues Reliance on computers DRM Privacy Computer Security Physical security : protect from theft, keep data backups, control access with passwords What makes a good password? Why?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Class 30: Security and Privacy' - Jims


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
class 30 security and privacy

Class 30:Security and Privacy

CSCI 101

Fall 2010

Daniel Scharstein

today
Today
  • Security
  • Social Issues
  • Reliance on computers
  • DRM
  • Privacy
computer security
Computer Security
  • Physical security: protect from theft, keep data backups, control access with passwords
    • What makes a good password? Why?
    • Alternative: biometrics
    • Stolen laptops & identity theft
    • Remedy: chip to encrypt/decrypt hard drive “on the fly”
  • Access Privileges
    • Normal user vs. administrator / superuser
    • File protection
    • Memory access, memory protection
modern day needs
Modern Day Needs
  • Privacy/Confidentiality
  • Authentication (digital signatures)
  • Non-repudiation (should not be able to later deny having sent a message)
  • Data Integrity (accidental changes versus malicious ones - how to know if a packet or message is the same as the one sent)
  • Intrusion detection
some issues
Some issues:
  • How does the CS Server bj know you are as claimed?
  • How do you know you are logging on to the “real” server rather than an impostor?
  • How hard is it to be an impostor?
  • Wireless networks (which everyone wants) are a security nightmare
  • Access to tape backups can be both a blessing and a liability (every email you have ever written on a tape somewhere?)
  • Even when you think you have erased something from a hard drive, the data can still be recovered (in some cases)
  • There can be a “person-in-the-middle”
  • Who can you trust over the Internet?
computer security6
Computer Security
  • Secure connections
    • Protect from malicious software (Malware)
    • Types of attack:
      • Virus
      • Worm
      • Trojan horse
      • Spyware
      • Phishing
      • Denial of service
      • Spam
computer security7
Computer Security
  • Protecting security
    • Firewalls
    • Antivirus software
    • CERT
  • Encryption
    • HTTPS for secure web communication uses Secure Sockets Layer (SSL) protocol
    • Public-Key Cryptology (PKC)
    • Digital signatures
societal impact of computing
Societal Impact of Computing

Technological advances ripple through society and raise new ethical and legal issues

Dealing with these issues requires understanding of new technologies and their impact

Examples:

1. Relying on computers for life-critical systems

2. Ownership and usage of intellectual property

3. Personal privacy

reliance on computers
Reliance on Computers

Therac-25 radiation machine (1985–1987)

At least 5 patients died from receiving radiation overdoses

Patriot Missile System (1991)

Roundoff error that accumulated over time rendered system unable to target incoming scuds

Windows 2000 operating system

63,000 bugs in 35,000,000 lines of code

Bugs not considered “critical”

some questions
Some Questions

What tasks should we entrust to a computer? Should a computer…

Control a nuclear reactor?

Fly an airplane? (e.g., Boeing vs. Airbus)

Perform surgery?

Be a psychologist?

Who should be responsible for software mishaps?

Should there be a licensing procedure for software engineers?

digital rights management
Digital Rights Management

Technologies used by publishers or copyright owners to control access to and usage of digital data or hardware

drm continued
DRM continued

How can we protect the rights of both the producers and consumers of intellectual property?

mining user info
Mining User Info

Data mining is the automated extraction of hidden, predictive information from large databases

Data mining using artificial intelligence and other methods, such as decision trees, neural networks, k-means clustering, and rule induction

common applications
Common Applications

Web site personalization

Credit card fraud detection

Market basket analysis

Beer and diapers story

privacy issues
Privacy Issues

How much info about you is stored on computers?

Who has access to it? Who should?

Should companies be allowed to sell the data they collect about you to other companies?

Should companies be allowed to profile you?

e.g., deciding whether to approve a mortgage application

What if they get inaccurate information about you?

Are you worried about identity theft?

privacy threats
Privacy Threats
  • Individual data online
  • Spyware
  • Profiling, cookies
  • Presence technology: where you are, what you are doing
  • Employer monitoring
  • Health care information
  • Do you have privacy online? Do you / should you care?
security vs privacy
Security vs. Privacy
  • Should encryption methods be published?
    • Rivest, Shamir, and Adleman (RSA, 1977)
    • Phillip Zimmermann: Pretty Good Privacy (PGP, 1991)
  • USA PATRIOT Act
    • Carnivore tool was used by FBI at ISPs until early 2000s
    • Magic Lantern: keystroke logging software developed by FBI
    • Should ISPs provide access to government monitoring? Should anti-virus software detect FBI tools?
discussion questions
Discussion questions
  • Should government be allowed to use technology to monitor online activities?
  • Does the use of these technologies conflict with the right to privacy guaranteed by the Fourth Amendment to the US Constitution?
  • Are these technologies a necessary evil in today’s world?
  • Should children have a right to privacy while surfing the Internet?
  • Should parents check the browser history on the family computer? Install a keystroke monitoring program?