Lecture 1: Introduction and Security Principles
Introduction and Course Logistics
Before ever using my 161 skills against a real system, I must get theof all those involved
What is security?
Reflection: Why are you interested in learning about security?
People and Money
(True/False) The primary way of securing a system is understanding how it works
Reflection: What type of attackers might target you? What type of resources do they have?
It All Comes Down to People
Reflection: Have you ever sacrificed your own personal security for the sake of usability?
Don’t Blame the Users
To make sure everyone is watching lectures, please click this link to fill out a form for extra credit.
Security is Economics
True or false: As long as the data on my computer is not worth enough money to an attacker, I don't need to worry about attackers stealing my data.
Detection, Defense in Depth
True or false: It is possible to create a detector with a 0% false negative rate.
In practice, do we prefer combining two independent detectors in parallel (either detector can alert) or in series (both detectors must alert)?
Two-factor authentication is often described as requiring a combination of something the user knows, something the user has, and something the user is. What are some examples of each factor?
Measuring Attacker Capabilities
What is rubber-hose cryptanalysis?
What are some examples of least privilege that the CS 161 staff might use?
Trusted Computing Base (TCB)
Ensuring Complete Mediation
More Security Principles
Suppose the TAs decide to use a secret page on the website, https://cs161.org/secret-solutions, to store assignment solutions. Which security principle does this violate?
Which security principle is violated by rubber-hose cryptanalysis?