Course Overview - PowerPoint PPT Presentation

course overview n.
Skip this Video
Loading SlideShow in 5 Seconds..
Course Overview PowerPoint Presentation
Download Presentation
Course Overview

play fullscreen
1 / 36
Course Overview
Download Presentation
Download Presentation

Course Overview

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. 18739A: Foundations of Security and Privacy Course Overview Anupam Datta CMU Fall 2009

  2. Course Staff • Instructor: Anupam Datta • Office: CIC 2118 • Email: • Office hours: Tue 4-5PM, Thur 5-6PM • TA: Arunesh Sinha • Office: CIC 2127C • Email: • Office hours: MF 1-2PM

  3. A Real-World Interaction (Protocol) • Depositing a check at a bank • Alice receives check from Bob • Alice hands over check to teller Tyra • Tyra sends check to Bob’s bank • Bob’s bank verifies Bob’s signature • Money transferred from Bob’s account to Alice’s account

  4. Questions for the class • What are the desired security properties? • Authentication : Bob must have written out the check for Alice • Integrity: The check has not been modified by anyone other than Bob • Non-repudiation: Bob cannot deny that he wrote a check if in fact he did • Authorization: Is Bob authorized to withdraw $X in funds? • Privacy: Bob’s bank should not share Bob’s financial information with other companies • What can an adversary do to try to break the protocol? • Forge check, steal an empty check, forge signature, edit check • What mechanisms are used to achieve these properties? • Unforgeable signatures, uniqueness of handwriting, indelible ink, tamper evident paper (unauthenticated modification in body of check is detectable) Now throw the internet and software systems into the mix!

  5. Functional Correctness vs. Security • Program or System Functional Correctness • Program satisfies specification • For reasonable input, get reasonable output • Program or System Security • Program properties preserved in face of attack • For unreasonable input, output is not completely disastrous • Main difference • Active interference from adversary

  6. Plan for Today • Course logistics • Overview of topics and learning outcomes • A quick tour of cryptographic primitives

  7. Logistics (1) • Lectures: Tuesday & Thursday, 10:30-11:50AM, in SH 208 • Recitation: Friday, 4-4:50PM, in SH 208 • Web page: • Course blackboard (linked from web page) • Course work and grading: • Homework (40%) – 4 x 10% • Midterm exam(10%) – take home • End term exam (10%) – take home • Course project (30%) • Class participation (10%)

  8. Logistics (2) • Recitation: • Friday, 4-4:50PM, in SH 208 • Supplements topics discussed in class • TA will discuss and demo various security analysis tools • TA will also elaborate on examples and proof techniques discussed in class • Should be useful for projects and homeworks • First recitation this Friday

  9. Logistics (3) • Course Project: • Teams of 2 (form team by end of week) • Project proposal: 1-2 pages (Due: Oct 8) • Models/code (Due: Dec 1) • Written report: 5-10 pages (Due: Dec 1) • Final presentation in class (Dec 1,3) • Project suggestions later in the lecture or pick your own

  10. Logistics (4) Collaboration policy on homeworks and exams: • You are allowed to discuss solutions to written homework problems with other students in the class, but are required to write out solutions independently and to acknowledge any collaboration or other source. For programming/tools homeworks, you can work in groups of 2. • You are required to work on the take home exams on your own. No collaboration is allowed. CMU Computing Policy CMU Policy on Cheating

  11. Prerequisites • An introductory course in computer security such as 18-487, 18-630, or18-730 is recommended, but not required. • If in doubt, please talk to me after class • Quick class poll

  12. 10,000-foot View

  13. Four Broad Topics • Security Protocols • Access Control • Privacy • Software Security

  14. Motivation: Web Purchase

  15. Secure communicationusing SSL/TLS SSL uses cryptography to protect data confidentiality and integrity, and guarantee entity authentication

  16. Many Protocols • Authentication • Kerberos • Key Exchange • SSL/TLS handshake, IKE, JFK, IKEv2, • Wireless and mobile computing • Mobile IP, WEP, 802.11i • Electronic commerce • Contract signing, SET, electronic cash • Anonymous communication • Dining cryptographers, mixnets, crowds, onion routing Huge practical impact, well-developed theory! Protocol Repositories:,

  17. Learning Outcomes (1) • Security properties • What does confidentiality, integrity, authentication, denial of service, fairness, anonymity mean? • Adversary model • What are the adversary’s capabilities – snoop on the network, inject traffic, do complicated math, jam network, observe timing effects,…? • Protocol design • How can cryptographic primitives be combined to achieve security in the presence of such adversaries? • What kind of mistakes do protocol designers make? • Protocol analysis • How can we automatically find attacks on protocols? • How can we prove security properties of protocols?

  18. Possible Project Topics (1) • Analysis of protocols using existing methods/tools • Electronic voting protocols • Anonymous communication protocols • Protocols for the emerging smart electric grid • Mobility protocols, e.g. Mobile IPv6 • “Next generation” internet protocols (accountability) • Develop/extend a protocol analysis method/tool • Automated prover for PCL (discussed later in class) • Extended the ASPIER tool for protocol implementation verification • Sample projects from protocols course at Stanford •

  19. Before we look at other topics • A quick (de)tour of cryptography

  20. Topic 2: Access Control

  21. Access Control • Goal: Control which principals have access to which objects using a reference monitor that mediates access • Examples: File systems, memory protection in OS, virtual machines, access to physical spaces, digital libraries, web browsers CMU

  22. Distributed Access Control • Goal: Flexible and scalable access control in large-scale, open, distributed systems • Challenges: • No central administration, each service makes its own access control decision • Access control policy is distributed

  23. Distributed Access Control Example EPub Alice Grants access to university students Trusts universities to certify students Trusts ABU to certify universities Alice is a student StateU is a university StateU ABU

  24. Learning Outcomes (2) • Access control concepts and foundations • Principals, resources, reference monitor • Policy expressed using access control matrix or logic • Centralized and distributed policies • Access control in practice • Mechanisms in current OS, hypervisors • Mechanisms based on checking proofs in an authorization logic (centralized and distributed) • Case studies of the Grey system (used in CIC for access to physical spaces) and the Taos OS (original application for the seminal work on the Lampson et al authorization logic)

  25. Possible Project Topics (2) • Access control in web browsers • Formal study of access control policies and mechanisms in modern web browsers • Access control in hypervisors • Formal analysis of the TrustVisor system being developed at CMU, or of Xen’s protection mechanisms • Adding flexible access control to svn

  26. Topic 3: Privacy

  27. Data Privacy • Huge amount of personal information available to various organizations • Hospitals, financial institutions, websites, universities, census bureau, social networks • Information shared within and across organizational boundaries to enable useful tasks to be completed • Personal health information has to be shared to enable diagnosis, treatment, billing • Census bureau releases aggregate statistics

  28. Learning Outcomes (3) • What is privacy? • Philosophical studies (Gavison, Contextual Integrity) • Database privacy definitions (differential privacy) • Policy expression in languages (P3P, Logic of Privacy) • Privacy regulations in the US, e.g., HIPAA, GLBA • How is privacy compromised? • Attacks on AOL & Netflix data sets, cases of HIPAA violation, end-user understanding of privacy promises • How can we enforce privacy? • Achieving differential privacy • Enforcing policies in the logic of privacy (the need for auditing)

  29. Possible Project Topics (3) • Formalize a privacy regulation in a policy language • Example: GLBA in the logic of privacy • Develop a system for enforcing privacy policies • Example: For the logic of privacy

  30. Topic 4: Software Security

  31. Software Insecurity Root causes of security vulnerabilities in software • Language does not protect the abstractions it provides • Example: buffer overflow attacks are possible because C does not protect the array abstraction; not possible in Java • Language does not provide high-level abstractions for developing security applications • Example: Java does not provide abstractions for writing applications that enforce access or information flow control; similar issue for Javascript and web applications insecurity

  32. Learning outcomes (4) • Understanding of how type systems can be used to improve software security • Protecting language abstractions • Cyclone: Memory safe dialect of C, i.e. no buffer overflow attacks • Providing language abstractions • Information flow control and the Volpano-Smith-Irvine type system

  33. Possible Project Topic (4) • Develop a language for secure web programming • Not recommended unless you have significant experience with typed programming languages

  34. From “what” to “why”?

  35. Why study Foundations of Security? Our discipline of computer science seems to be one in which theory and practice are more intimately related than in any other can’t get very far in practical work without abstract theories that permit you to think at a higher level, and at the same time theoretical work becomes dead if it doesn’t receive fresh inspiration from practical problems in the “real world”. Don Knuth, Professor Emeritus of The Art of Computer Programming at Stanford University

  36. 5 Turing Award winning ideas! • Rivest-Shamir-Adleman: RSA public key cryptosystem • Lampson: Foundations of access control • Clarke-Emerson-Sistla: Model-checking systems • Hoare: Axiomatic reasoning about programs • Milner: Theory of concurrency