SlideShare a Scribd company logo
Cybersecurity
Defending our Nation’s Infrastructure in the 21st
Century
Paul Martin and Michael Rushanan
April 15, 2012
Who am I?
Background


Education


Previous Internships


Current Research


Interests
Who Are You?
        Survey says…


        1.  How many of you own a personal computer?
        2.  How many of you own a smartphone (Android,
           Blackberry, iPhone)?
        3.  How many of you play video games?
        4.  How many of you have programmed before?
        5.  How many of you use [Windows, Mac OS X, Linux]?
Who Are You?
Now you’re on the spot…


Tell us a little about yourself:
        •  What are your Interests?
        •  Have you thought about future goals, and if so – what?
        •  What do you hope to learn from this?
Background Context
What is a Computer?
Can you list some of the computing devices that you use on a daily basis?
What is a Computer?
What separates a computer from other electronic/mechanical devices?
What is a Computer?
What sorts of computers are researchers concerned with?
What is a Computer?
What sorts of computers require security?




Trick Question:   ALL OF THEM!
What is a Program?
Computational processes/algorithms that are purposely built to do something.


                 e.g. Chrome Web Browser


                 •  Where does the browser run?

                 •  Does the browser take input?

            •  What does the browser output?

      •  Does your chrome browser notice that iTunes is currently running
         (ignoring possible extension ideas)?
What is a Program?
What are some of the programs that use on a daily basis?
Cybersecurity
What is Cybersecurity?
What do you think of when you hear the term “cybersecurity”?
What is Cybersecurity?
What have you heard about cybersecurity in the news?
What is Cybersecurity?
Why do you think cybersecurity is important? Do you think it’s important?
Computer Security
Computer Security
The most annoying thing you will see repeatedly in your life…



                                confidentiality




                                   Security
                                    Model


                   integrity                      availability



                                                  A is also for: authentication, authorization.
Computer Security
•  Information security applied to computers
    •  Controlling who or what has access to certain information and under
       what conditions they may access or modify this information
    •  Very broad – some examples:
         •  Cell phones, game consoles, ebook readers
         •  Medical records
         •  Corporate email
         •  Banking
• Two broad areas (that overlap)
    •  Security
    •  Privacy
Computer Security Tool Belt
•  Hacking/Pen Testing


•  Building Secure Systems


•  Enforcing Access Control Policies


•  All of these overlap with privacy issues, but ignore that for now
Hacking
Hacking
The Hacker Manifesto

by
+++The Mentor+++
Written January 8, 1986
Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal",
"Hacker Arrested after Bank Tampering"...

Damn kids. They're all alike.

But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of
the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded
him?

I am a hacker, enter my world...

Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us
bores me...

Damn underachiever. They're all alike.

you can't stop us all... after all, we're all alike.
Hacking
I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a
fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."

Damn kid. Probably copied it. They're all alike.

I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes
a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or
thinks I'm a smart ass.. Or doesn't like teaching and shouldn't be here...

Damn kid. All he does is play games. They're all alike.

And then it happened... a door opened to a world... rushing through the phone line like heroin through an
addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a
board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them,
never talked to them, may never hear from them again... I know you all...

Damn kid. Tying up the phone line again. They're all alike…
Hacking
You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak...
the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by
sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those
few are like drops of water in the desert.

This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a
service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons,
and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call
us criminals. We exist without skin color, without nationality, without religious bias... and you call us
criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us
believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and
think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me
for.

I am a hacker, and this is my manifesto. You may stop this individual, but you can’t stop us all…after all,
we’re all alike.
Hacking
•  What is hacking and what is a hacker?


•  What can we hack?


•  Is hacking always bad?
WikiLeaks
•  Discuss.
Exercise #[1,2]
The Hat System
•  Traditionally “hats” are used to refer to hackers affiliation


•  White hat = good, black hat = bad


•  But is it really so black and white?
Exercise #1
•  In groups of 3-4, take 10-15 minutes to go online and find something
interesting that has been hacked.


Define: Interesting – Take your interests mentioned earlier, and see if anything has been
done in that specific domain!


•  Describe to the class:
      •  What was being protected?          •  Was this white or black hat hacking?
      •  What was hacked?
      •  How was it hacked (if applicable)?
      •  What was the result?
      •  How does this effect society?
Exercise #2
•  Remaining in the same group, we hope you played nice, you will be appointed
an interesting hacking topic for 10-15 minutes (the topic is interesting because I say
it is).



•  Describe to the class
          •  What was being protected?
          •  What was hacked?
          •  How was it hacked (if applicable)?
          •  What was the result?
          •  How does this effect society?
How are Things Hacked?
How are Things Hacked?
•  What do you think the goal of hacking is?
How are Programs Hacked?
•  How do you own a box?
    •  You hack a program and take it over, gaining it’s privileges.


•  You want it to execute instructions that you provide rather than what it’s
programmed to do. How do you go about doing this?
    •  The program execution flow can be modeled by a digraph if that helps.
         •  (Functions, loops, conditionals).


•  This is pretty standard, no matter what you are hacking, though it is not
necessarily the only way that things are hacked.


•  Do we want examples of how this happens (I won’t be offended if you say no)?
How Do Security Holes Happen?
•  Programmer error
    •  Anywhere input comes from an external source, it needs to be modified
       to fit specific preconditions.
    •  This usually doesn’t happen and that’s how computers get hacked.
So We Hacked a Program, Now What?
•  To hack a computer you hack a program to gain control of its process
    •  Then you hack the computer again to run as a superuser with full control
       over the system.
    •  This is short circuited if you can just hack a program running as a
       superuser to begin with.
         •  These are less common because of this security risk.


    •  To hack a program you typically see what programs are listening for
       network connections and you focus your attention here.
         •  Most (lazy or unpaid) people just run a scanner and determine the
           program/version running on a server and then look up known
           security holes in these programs online.
So We Hacked a Program, Now What?

•  Nowadays exploits (the way to hack a specific version of a specific program)
typically come prepackaged.


•  (Almost) every program has unknown vulnerabilities that can be found by
experts with time (and money).


(especially money)
Privacy
Privacy
•  What does it mean for something to be private?


•  How private is private?
Privacy
Real world application time…


In the health domain, privacy is a major concern! For instance, let us imagine that we are
a team of developers that have just been contracted by the CDC, Centers for Disease
Control and Prevention, to develop a web application specific to the recent outbreak of
Share-And-Chew. This new viral outbreak has has been linked to sharing a piece of gum
(yes, pre-chewed), and has a wide spread of health complications, including death. The
problem with this outbreak, specifically, is that people are generally to embarrassed to
seek help and contact those they have shared gum with to seek treatment. The CDC
would like us to build an anonymous notification and treatment application to solve this
complex social hurdle.
Privacy
Design Requirements:
1)  Considering this is a web application, should the site be accessible over HTTP or
   HTTPS? If the users identity was leaked, how would it make him/her feel? What if
   you used an anonymous service like this; how would you feel if your identity leaked?
2)  What about a site cookie, why is this a good/bad idea?
3)  We were asked to write geolocation, from derived IP location, to the sites database for
   population and location spread. What is the implication of gathering such data, and
   should we also write the IP to the database?
4)  We are also to offer an opt out feature in which someone who received an email can
   choose not to receive any more. Doing so requires writing the email to the database.
   Should we hash this email?

More Related Content

Similar to Special Topics Day for Engineering Innovation Lecture on Cybersecurity

Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
Vibrant Event
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
Vibrant Event
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer SecurityEthical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
Vibrant Technologies & Computers
 
Information security Presentation
Information security Presentation  Information security Presentation
Information security Presentation
dhirujapla
 
An Introduction To IT Security And Privacy In Libraries
 An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries
Blake Carver
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and Concerns
PINT Inc
 
5G and the Invisible Interface
5G and the Invisible Interface5G and the Invisible Interface
5G and the Invisible Interface
Experience UX
 
Information security consciousness
Information security consciousnessInformation security consciousness
Information security consciousness
Ciarán Mc Mahon
 
hacking
hackinghacking
hacking
mayank1293
 
Computer Security
Computer SecurityComputer Security
Lesson 2
Lesson 2Lesson 2
Lesson 2
Rexly Lasaca
 
Computer security and awareness
Computer security and awarenessComputer security and awareness
Computer security and awareness
Richard Bartlett
 
Technology Report By Noah Coffman
Technology Report By Noah CoffmanTechnology Report By Noah Coffman
Technology Report By Noah Coffman
Marq2014
 
So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester   ctsc2017So, you wanna be a pen tester   ctsc2017
So, you wanna be a pen tester ctsc2017
Adrien de Beaupre
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
Dinesh582831
 
Privacy and libraries
Privacy and librariesPrivacy and libraries
Privacy and libraries
Dorothea Salo
 
Phish training final
Phish training finalPhish training final
Phish training final
Jen Ruhman
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)
Marta Barrio Marcos
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Muzaffar Ahmad
 
Dec2018 istanbul-2
Dec2018 istanbul-2Dec2018 istanbul-2
Dec2018 istanbul-2
Chris Roberts
 

Similar to Special Topics Day for Engineering Innovation Lecture on Cybersecurity (20)

Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer SecurityEthical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Information security Presentation
Information security Presentation  Information security Presentation
Information security Presentation
 
An Introduction To IT Security And Privacy In Libraries
 An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and Concerns
 
5G and the Invisible Interface
5G and the Invisible Interface5G and the Invisible Interface
5G and the Invisible Interface
 
Information security consciousness
Information security consciousnessInformation security consciousness
Information security consciousness
 
hacking
hackinghacking
hacking
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Computer security and awareness
Computer security and awarenessComputer security and awareness
Computer security and awareness
 
Technology Report By Noah Coffman
Technology Report By Noah CoffmanTechnology Report By Noah Coffman
Technology Report By Noah Coffman
 
So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester   ctsc2017So, you wanna be a pen tester   ctsc2017
So, you wanna be a pen tester ctsc2017
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
 
Privacy and libraries
Privacy and librariesPrivacy and libraries
Privacy and libraries
 
Phish training final
Phish training finalPhish training final
Phish training final
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Dec2018 istanbul-2
Dec2018 istanbul-2Dec2018 istanbul-2
Dec2018 istanbul-2
 

More from Michael Rushanan

Security and Privacy in Implantable Medical Devices
Security and Privacy in Implantable Medical DevicesSecurity and Privacy in Implantable Medical Devices
Security and Privacy in Implantable Medical Devices
Michael Rushanan
 
Versatile Low Power Media Access for Wireless Sensor Networks
Versatile Low Power Media Access for Wireless Sensor NetworksVersatile Low Power Media Access for Wireless Sensor Networks
Versatile Low Power Media Access for Wireless Sensor Networks
Michael Rushanan
 
Reading Group Presentation: Web Attacks on Host-Proof Encrypted Storage
Reading Group Presentation: Web Attacks on Host-Proof Encrypted StorageReading Group Presentation: Web Attacks on Host-Proof Encrypted Storage
Reading Group Presentation: Web Attacks on Host-Proof Encrypted Storage
Michael Rushanan
 
Reading Group Presentation: The Power of Procrastination
Reading Group Presentation: The Power of ProcrastinationReading Group Presentation: The Power of Procrastination
Reading Group Presentation: The Power of Procrastination
Michael Rushanan
 
600.250 UI Cross Platform Development and the Android Security Model
600.250 UI Cross Platform Development and the Android Security Model600.250 UI Cross Platform Development and the Android Security Model
600.250 UI Cross Platform Development and the Android Security Model
Michael Rushanan
 
Reading Group Presentation: Why Eve and Mallory Love Android
Reading Group Presentation: Why Eve and Mallory Love AndroidReading Group Presentation: Why Eve and Mallory Love Android
Reading Group Presentation: Why Eve and Mallory Love Android
Michael Rushanan
 

More from Michael Rushanan (6)

Security and Privacy in Implantable Medical Devices
Security and Privacy in Implantable Medical DevicesSecurity and Privacy in Implantable Medical Devices
Security and Privacy in Implantable Medical Devices
 
Versatile Low Power Media Access for Wireless Sensor Networks
Versatile Low Power Media Access for Wireless Sensor NetworksVersatile Low Power Media Access for Wireless Sensor Networks
Versatile Low Power Media Access for Wireless Sensor Networks
 
Reading Group Presentation: Web Attacks on Host-Proof Encrypted Storage
Reading Group Presentation: Web Attacks on Host-Proof Encrypted StorageReading Group Presentation: Web Attacks on Host-Proof Encrypted Storage
Reading Group Presentation: Web Attacks on Host-Proof Encrypted Storage
 
Reading Group Presentation: The Power of Procrastination
Reading Group Presentation: The Power of ProcrastinationReading Group Presentation: The Power of Procrastination
Reading Group Presentation: The Power of Procrastination
 
600.250 UI Cross Platform Development and the Android Security Model
600.250 UI Cross Platform Development and the Android Security Model600.250 UI Cross Platform Development and the Android Security Model
600.250 UI Cross Platform Development and the Android Security Model
 
Reading Group Presentation: Why Eve and Mallory Love Android
Reading Group Presentation: Why Eve and Mallory Love AndroidReading Group Presentation: Why Eve and Mallory Love Android
Reading Group Presentation: Why Eve and Mallory Love Android
 

Recently uploaded

ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
Priyankaranawat4
 
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
GeorgeMilliken2
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
Nguyen Thanh Tu Collection
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
Celine George
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
Nguyen Thanh Tu Collection
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint  Presentations.pptxHow to deliver Powerpoint  Presentations.pptx
How to deliver Powerpoint Presentations.pptx
HajraNaeem15
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Fajar Baskoro
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Excellence Foundation for South Sudan
 
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
imrankhan141184
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
Nguyen Thanh Tu Collection
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
History of Stoke Newington
 
How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17
Celine George
 
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptxChapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Denish Jangid
 
How to Create a More Engaging and Human Online Learning Experience
How to Create a More Engaging and Human Online Learning Experience How to Create a More Engaging and Human Online Learning Experience
How to Create a More Engaging and Human Online Learning Experience
Wahiba Chair Training & Consulting
 
Leveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit InnovationLeveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit Innovation
TechSoup
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
iammrhaywood
 
Walmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdfWalmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdf
TechSoup
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
heathfieldcps1
 
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxBeyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
EduSkills OECD
 
math operations ued in python and all used
math operations ued in python and all usedmath operations ued in python and all used
math operations ued in python and all used
ssuser13ffe4
 

Recently uploaded (20)

ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
 
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint  Presentations.pptxHow to deliver Powerpoint  Presentations.pptx
How to deliver Powerpoint Presentations.pptx
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
 
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
 
How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17
 
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptxChapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptx
 
How to Create a More Engaging and Human Online Learning Experience
How to Create a More Engaging and Human Online Learning Experience How to Create a More Engaging and Human Online Learning Experience
How to Create a More Engaging and Human Online Learning Experience
 
Leveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit InnovationLeveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit Innovation
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
 
Walmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdfWalmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdf
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
 
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxBeyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
 
math operations ued in python and all used
math operations ued in python and all usedmath operations ued in python and all used
math operations ued in python and all used
 

Special Topics Day for Engineering Innovation Lecture on Cybersecurity

  • 1. Cybersecurity Defending our Nation’s Infrastructure in the 21st Century Paul Martin and Michael Rushanan April 15, 2012
  • 2. Who am I? Background Education Previous Internships Current Research Interests
  • 3. Who Are You? Survey says… 1.  How many of you own a personal computer? 2.  How many of you own a smartphone (Android, Blackberry, iPhone)? 3.  How many of you play video games? 4.  How many of you have programmed before? 5.  How many of you use [Windows, Mac OS X, Linux]?
  • 4. Who Are You? Now you’re on the spot… Tell us a little about yourself: •  What are your Interests? •  Have you thought about future goals, and if so – what? •  What do you hope to learn from this?
  • 6. What is a Computer? Can you list some of the computing devices that you use on a daily basis?
  • 7. What is a Computer? What separates a computer from other electronic/mechanical devices?
  • 8. What is a Computer? What sorts of computers are researchers concerned with?
  • 9. What is a Computer? What sorts of computers require security? Trick Question: ALL OF THEM!
  • 10. What is a Program? Computational processes/algorithms that are purposely built to do something. e.g. Chrome Web Browser •  Where does the browser run? •  Does the browser take input? •  What does the browser output? •  Does your chrome browser notice that iTunes is currently running (ignoring possible extension ideas)?
  • 11. What is a Program? What are some of the programs that use on a daily basis?
  • 13. What is Cybersecurity? What do you think of when you hear the term “cybersecurity”?
  • 14. What is Cybersecurity? What have you heard about cybersecurity in the news?
  • 15. What is Cybersecurity? Why do you think cybersecurity is important? Do you think it’s important?
  • 17. Computer Security The most annoying thing you will see repeatedly in your life… confidentiality Security Model integrity availability A is also for: authentication, authorization.
  • 18. Computer Security •  Information security applied to computers •  Controlling who or what has access to certain information and under what conditions they may access or modify this information •  Very broad – some examples: •  Cell phones, game consoles, ebook readers •  Medical records •  Corporate email •  Banking • Two broad areas (that overlap) •  Security •  Privacy
  • 19. Computer Security Tool Belt •  Hacking/Pen Testing •  Building Secure Systems •  Enforcing Access Control Policies •  All of these overlap with privacy issues, but ignore that for now
  • 21. Hacking The Hacker Manifesto by +++The Mentor+++ Written January 8, 1986 Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"... Damn kids. They're all alike. But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world... Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me... Damn underachiever. They're all alike. you can't stop us all... after all, we're all alike.
  • 22. Hacking I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..." Damn kid. Probably copied it. They're all alike. I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or doesn't like teaching and shouldn't be here... Damn kid. All he does is play games. They're all alike. And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all... Damn kid. Tying up the phone line again. They're all alike…
  • 23. Hacking You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert. This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can’t stop us all…after all, we’re all alike.
  • 24. Hacking •  What is hacking and what is a hacker? •  What can we hack? •  Is hacking always bad?
  • 27. The Hat System •  Traditionally “hats” are used to refer to hackers affiliation •  White hat = good, black hat = bad •  But is it really so black and white?
  • 28. Exercise #1 •  In groups of 3-4, take 10-15 minutes to go online and find something interesting that has been hacked. Define: Interesting – Take your interests mentioned earlier, and see if anything has been done in that specific domain! •  Describe to the class: •  What was being protected? •  Was this white or black hat hacking? •  What was hacked? •  How was it hacked (if applicable)? •  What was the result? •  How does this effect society?
  • 29. Exercise #2 •  Remaining in the same group, we hope you played nice, you will be appointed an interesting hacking topic for 10-15 minutes (the topic is interesting because I say it is). •  Describe to the class •  What was being protected? •  What was hacked? •  How was it hacked (if applicable)? •  What was the result? •  How does this effect society?
  • 30. How are Things Hacked?
  • 31. How are Things Hacked? •  What do you think the goal of hacking is?
  • 32. How are Programs Hacked? •  How do you own a box? •  You hack a program and take it over, gaining it’s privileges. •  You want it to execute instructions that you provide rather than what it’s programmed to do. How do you go about doing this? •  The program execution flow can be modeled by a digraph if that helps. •  (Functions, loops, conditionals). •  This is pretty standard, no matter what you are hacking, though it is not necessarily the only way that things are hacked. •  Do we want examples of how this happens (I won’t be offended if you say no)?
  • 33. How Do Security Holes Happen? •  Programmer error •  Anywhere input comes from an external source, it needs to be modified to fit specific preconditions. •  This usually doesn’t happen and that’s how computers get hacked.
  • 34. So We Hacked a Program, Now What? •  To hack a computer you hack a program to gain control of its process •  Then you hack the computer again to run as a superuser with full control over the system. •  This is short circuited if you can just hack a program running as a superuser to begin with. •  These are less common because of this security risk. •  To hack a program you typically see what programs are listening for network connections and you focus your attention here. •  Most (lazy or unpaid) people just run a scanner and determine the program/version running on a server and then look up known security holes in these programs online.
  • 35. So We Hacked a Program, Now What? •  Nowadays exploits (the way to hack a specific version of a specific program) typically come prepackaged. •  (Almost) every program has unknown vulnerabilities that can be found by experts with time (and money). (especially money)
  • 37. Privacy •  What does it mean for something to be private? •  How private is private?
  • 38. Privacy Real world application time… In the health domain, privacy is a major concern! For instance, let us imagine that we are a team of developers that have just been contracted by the CDC, Centers for Disease Control and Prevention, to develop a web application specific to the recent outbreak of Share-And-Chew. This new viral outbreak has has been linked to sharing a piece of gum (yes, pre-chewed), and has a wide spread of health complications, including death. The problem with this outbreak, specifically, is that people are generally to embarrassed to seek help and contact those they have shared gum with to seek treatment. The CDC would like us to build an anonymous notification and treatment application to solve this complex social hurdle.
  • 39. Privacy Design Requirements: 1)  Considering this is a web application, should the site be accessible over HTTP or HTTPS? If the users identity was leaked, how would it make him/her feel? What if you used an anonymous service like this; how would you feel if your identity leaked? 2)  What about a site cookie, why is this a good/bad idea? 3)  We were asked to write geolocation, from derived IP location, to the sites database for population and location spread. What is the implication of gathering such data, and should we also write the IP to the database? 4)  We are also to offer an opt out feature in which someone who received an email can choose not to receive any more. Doing so requires writing the email to the database. Should we hash this email?