lecture1-intro

Introduction to Secure Computer Systems

• Instructor: Boel Nelson

• Email: boel.nelson@it.uu.se

• Course code: 1DTO72

Today's Lecture Overview

1. Intro to security

2. Course organization

Instructor Background

• Position: Tenure-track assistant professor in cybersecurity

• Research Background:

  • Postdoctoral research focused on algorithms and formal methods

  • PhD in computer science and engineering with a focus on data privacy

• Research Interests:

  • Anonymous communication

  • Censorship resilience

  • Privacy-preserving data analytics (differential privacy)

  • Side-channel detection and mitigation

  • Privacy law and usable privacy

• Contract Breakdown:

  • 40% teaching, 60% research

  • Expect some delay in email responses due to varied duties

Importance of Security

• Current Context: Issues such as the 30-year-old internet, global outages, and major incidents impacting Fortune 500 companies and industries like banking and healthcare are raising awareness about cybersecurity.

• Financial Impact: Estimated costs of attacks and outages can reach billions, highlighting the severity and consequences of security breaches.

Reflection Points

• Have you encountered or heard of any recent attacks?

• How does security personally affect you?

• Are all cybersecurity attacks equally severe?

Understanding Attacks in Security

• Research Importance: Security research benefits from sharing knowledge about attacks on information systems for improved defenses.

• Conclusion on Security Incidents: As the digital and physical realms converge, the frequency and impact of attacks will likely grow.

• Most incidents may gain media attention but may not always have research implications.

Why Security Isn't Resolved

• Systems-Level Thinking Necessity:

  • Security issues often require understanding multiple layers of an ICT system rather than examining a single layer in isolation.

  • Important to recognize that vulnerabilities can arise from cross-layer issues (e.g., source code, compiler, operating system).

Key Takeaways

1. Defenses must be principled.

2. Security poses a full-stack challenge, neglecting any point creates vulnerabilities.

Defining Security

• Basic Definition: Security is achieved when a system meets determined desirable properties.

• Notable Quote: "Security is a relocation of trust" — Fred B Schneider

Security Properties: The C-I-A Triad

Key Components:

• Confidentiality: Information is kept secret.

• Integrity: Information is safeguarded against unauthorized modifications.

• Availability: Access to data is ensured.

• Additional Elements (ISO 7498-2):

  • Authentication

  • Non-repudiation/accountability

Elements of Security

• Three Aspects (Butler Lampson):

  • Specification/Policy: System requirements

  • Implementation/Mechanism: Methods of operation

  • Correctness/Assurance: Verification of functionality

Reasoning about Security

• Questions to Consider:

  • When can a system be deemed secure?

  • Essential inquiry: "Secure against whom?"

  • Threat Models: Define potential capabilities of attackers.

Key Security Design Principles (Saltzer & Schroeder 1975)

• a) Economy of mechanism

• b) Fail-safe defaults

• c) Complete mediation

• d) Open design

• e) Separation of privilege

• f) Least privilege

• g) Least common mechanism

• h) Psychological acceptability

Course Structure

• Resources: Lectures, labs, and assessments.

• Assessment:

  • Three group-written assignments (labs 1-3)

  • Mandatory peer reviews

  • One oral assessment in groups

  • One written exam

Learning Outcomes

Upon course completion, students should be able to:

• Explain basic concepts and principles of security in computer systems.

• Discuss attack principles and protective measures across various systems.

• Identify security weaknesses and strengths.

• Discuss ethical considerations regarding computer systems security.

• Present content proficiency both orally and in writing.

Labs and Assessments

• Introduction lab sessions with optional TA assistance.

• All lab sessions are optional but beneficial for clarification on assignments.

Next Steps

• Intro lab sessions on November 6th and November 8th.

• Preliminary quiz to form effective groups.

Bloom's Taxonomy Overview

• Levels: Creating, Evaluating, Analyzing, Applying, Understanding, Remembering

• Each level includes specific action verbs related to cognitive skills.