CIS 4930/6930:
Systems Security
Instructor: Xinming “Simon” Ou
TAs:
Xiaolong “Daniel” Wang
Fengguo Wei
Class time: MW 2-3:15
1
Logistics
• Course website:
http://www.cse.usf.edu/~xou/sec/
where you can find
– Lecture slides
– Programming assignments and homework
– Reading materials
2
What is this course about?
• Provide a comprehensive treatment of
computer system security
– Attackers do not play by any rules
– How protection mechanisms in OS can help
mitigate attacks
– Different types of OS protections
– Utilizing special hardware for security
• Cover both defense and offense aspects
• Cover both theory and practice
3
Topics
•
•
•
•
•
•
•
Common attack techniques
OS protection mechanisms
Mandatory access control
Capability systems
Trusted computing
Device security
Cloud security
4
Tasks
• Lectures
• Readings
• Assignments (about one every two weeks)
– Homework
– Programming projects
• Everyone in 6930 needs to submit an in-depth report on a topic
within systems security and make a 30min presentation in class
– Topic to be mutually determined between student and instructor
• Exam
– Midterm
– Quizzes
5
Grades
Homework, projects, and report: 60%
Exam and quizzes: 30%
Class participation: 10%
CIS4930 and CIS6930 graded separately
6
Collaboration Policy
• Exams: no collaboration
• Homework and programming
assignments: Do You Own Work. If you
discuss with other students, you must
indicate who you discussed with in your
submission.
• Copying of any sort is prohibited
7
Class Participation
• Everyone in 6930 must make a 30min
presentation in class.
– Towards the end of the semester
• Students not presenting participate in the
discussion (e.g., asking questions).
– We will also ask you questions during the
presentation
8
What is Security?
• Classical definition:
– Confidentiality
– Integrity
– Availability
• Security is the prevention of threats
from causing undesired effects
– Threat model is important: who are your
adversaries? What is at stake?
9
Can we have absolute security?
• Security is always a trade off between cost and
risks
• Threat model:
–
–
–
–
Who are the adversaries?
What are their motivations?
How capable are they?
How much risk can they afford?
• Effectiveness of countermeasures:
– How much risk is reduced for users?
– How much inconvenience is incurred on users?
– How much risk is increased for adversaries?
10
Example1: Spam Emails
• Which one of C,I,A does this problem fall
into?
• What is the threat model?
• What are possible counter measures?
11
Example 2
12
It is a Human Problem
• Security is as much a social,
organizational, and economic problem as
it is a technical problem
– Incentives for good behaviors vs. bad
behaviors
– Technologies contribute to/help address the
problem
13
What do you mean by
“System Security”
• “System” is a platform on which various
applications function.
– In most cases you can think of it as OS
• A system provides various protection
mechanisms for the applications within it.
– Protection is closely related to security,
although not the same.
14