Upload File

cse 564: computer security and privacy winter 2015 franzi roesner...

Download CSE 564: Computer Security and Privacy Winter 2015 Franzi Roesner (franzi@cs.washington.edu)franzi@cs.washington.edu

If you can't read please download the document

Upload: sheryl-carson

Post on 24-Dec-2015

221 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

  • Slide 1
  • CSE 564: Computer Security and Privacy Winter 2015 Franzi Roesner ([email protected])[email protected]
  • Slide 2
  • Today Introductions Course Overview Security/Privacy Teaser Security Mindset 1/6/2015CSE 564 - Winter 20152
  • Slide 3
  • Course Staff Instructor: Franzi ([email protected])[email protected] Office hours: Mondays 1:30-2:30pm (and by appointment) Location: CSE 654 TA: Paul Vines ([email protected])[email protected] Graduate student in the security lab Office hours: TBD 1/6/2015CSE 564 - Winter 20153
  • Slide 4
  • Course Goals Teach or sharpen a security mindset (challenge assumptions, think critically) Introduce a broad range of security & privacy topics, and bring you to the forefront of research on those topics Ultimately design better systems Provide background and perspective for your research in security or otherwise! 1/6/2015CSE 564 - Winter 20154
  • Slide 5
  • Course Non-Goals Learn any specific security/privacy technologies Cryptography Yoshi is teaching a crypto course next quarter Dan Boneh (Stanford) has a good Coursera crypto course: https://www.coursera.org/course/cryptohttps://www.coursera.org/course/crypto 1/6/2015CSE 564 - Winter 20155
  • Slide 6
  • Class Format Two meetings per week: T/Th 10:30am Research-focused course Mainly discussions of papers (2 per class) 3-4 people to lead the discussion for each class (2x per quarter), but everyone should come prepared to discuss the assigned papers Participation counts for a non-negligible portion of your grade One guest lecture: Xi Wang (2/5/2015) 1/6/2015CSE 564 - Winter 20156
  • Slide 7
  • Class Resources Webpage: http://courses.cs.washington.edu/courses/cse564/15wi/ http://courses.cs.washington.edu/courses/cse564/15wi/ Reading schedule and deadlines Links to everything Catalyst discussion board Mainly for reading writeups Catalyst dropbox For assignments, including project checkpoints 1/6/2015CSE 564 - Winter 20157
  • Slide 8
  • Evaluation 45%: Project 5%: Proposal 5%: Checkpoint 5%: Draft 15%: Oral presentation 15%: Final report 45%: Assignments 20%: Security reviews (2) 10%: Attack lab 15%: Reading discussion board posts 10%: Class participation 1/6/2015CSE 564 - Winter 20158
  • Slide 9
  • Class Participation An important part of your grade Because: We would like you to read and think about papers throughout the quarter Important to learn to discuss papers Expectations Ask questions, raise issues, think critically Learn to express your opinion Respect and invite other peoples opinions 1/6/2015CSE 564 - Winter 20159
  • Slide 10
  • Paper Writeups Due at 8 am before every class You have 4 freebies (but remember that there are 2 per class) Short: one paragraph per paper (2 paragraphs total) Say something original! For example: Paper summary, key points Evaluation, opinions, response to others opinions Questions for discussion, responses to others questions Open research questions Broader implications, relationships with previous papers Graded on scale of 0-2 1/6/2015CSE 564 - Winter 201510
  • Slide 11
  • Security Reviews Goal: learn to evaluate potential security and/or privacy issues with new technologies For example, something you see in the news, on social media, in stores, etc. 2-3 pages, submit to Catalyst dropbox You may work individually or in groups of 2 Follow specific format on website (more details later today) 1/6/2015CSE 564 - Winter 201511
  • Slide 12
  • Attack Lab Goals: Teach you some practical security-related skills. Show you how easy it is to break a system! Help you remember not to make those mistakes in the systems you build yourselves You may work individually or in groups of 2 Details TBD 1/6/2015CSE 564 - Winter 201512
  • Slide 13
  • Project Groups of 2-3 people (talk to me for exceptions). Topic: Choose from a list of topics, or come up with your own. Can be related to your ongoing research. Can be related to a project in another course. Must be related to computer security and/or privacy. I encourage you to come talk to me about ideas. Types of projects: Design/Build, Analyze, Measure, HCI 1/6/2015CSE 564 - Winter 201513
  • Slide 14
  • Project Final deliverables: Conference-style report (at most 12 pages) and presentation. Milestones (see course website for deadlines) Group formation Project proposal Checkpoint Draft Presentation Final report Summary of contributions 1/6/2015CSE 564 - Winter 201514 Project presentations: March 16, 2015 between 8:30am-12:20pm
  • Slide 15
  • Lets Get Started What is computer security? What is privacy? Why havent we solved this? Game: spot the fake! (with thanks/apologies to Avi Rubin) 1/6/2015CSE 564 - Winter 201515
  • Slide 16
  • Gyroscope Eavesdropping 1/6/2015CSE 564 - Winter 201516
  • Slide 17
  • Accelerometer Eavesdropping 1/6/2015CSE 564 - Winter 201517
  • Slide 18
  • Keyboard Eavesdropping 1/6/2015CSE 564 - Winter 201518
  • Slide 19
  • Audio from Video 1/6/2015CSE 564 - Winter 201519
  • Slide 20
  • Key Extraction 1/6/2015CSE 564 - Winter 201520
  • Slide 21
  • Exploding Devices 1/6/2015CSE 564 - Winter 201521
  • Slide 22
  • Fingerprints from Photos 1/6/2015CSE 564 - Winter 201522
  • Slide 23
  • Hacking Defibrillators 1/6/2015CSE 564 - Winter 201523
  • Slide 24
  • Spot the Fake 1/6/2015CSE 564 - Winter 201524 gyroscope key extraction keyboards fingerprint explosions defibrillator video->audio accelerometer
  • Slide 25
  • Computer Security & Privacy Why I love it: Critical lens Breadth and flexibility Problems that really matter for people Fun! (Lets you be a little sneaky) Variety of approaches: system design/building, attacks, measurements, human factors 1/6/2015CSE 564 - Winter 201525
  • Slide 26
  • Security Mindset Thinking critically about designs, challenging assumptions Being curious, thinking like an attacker That new product X sounds awesome, I cant wait to use it! versus That new product X sounds cool, but I wonder what would happen if someone did Y with it Why its important Technology changes, so learning to think like a security person is more important than learning specifics of today Will help you design better systems/solutions Interactions with broader context: law, policy, ethics, etc. 1/6/2015CSE 564 - Winter 201526
  • Slide 27
  • Example 1/6/2015CSE 564 - Winter 201527
  • Slide 28
  • Security Reviews Assets (what should be protected) Adversaries (possible attackers) Threats (actions by adversaries to exploit system) Vulnerabilities (weaknesses of system) Risk (how important are assets, how likely is exploit) Defenses 1/6/2015CSE 564 - Winter 201528
  • Slide 29
  • Example Security Review 1/6/2015CSE 564 - Winter 201529 Assets, Adversaries, Threats, Vulnerabilities, Risk, Defenses?
  • Slide 30
  • Spot the Fake 1/6/2015CSE 564 - Winter 201530 gyroscope key extraction keyboards fingerprint explosions defibrillator video->audio accelerometer
  • Slide 31
  • Reminders Fill out the pre-course survey Sign up to lead discussions (2 slots) Reading writeups due at 8am Thursday Come see me after class if youre not yet registered for the course but want to be 1/6/2015CSE 564 - Winter 201531

Practical Improvements to User Privacy in Cloud Applications · 2019-12-31 · like to thank Franzi Roesner, Yoshi Kohno, Xi Wang, Hank Levy, Dan Ports, and all the students in the

CSE$484$/$CSE$M584 Computer$Security:$ Cryptography$€¦ · CSE$484$/$CSE$M584 $ Computer$Security:$ Cryptography$ TA:$Franzi$Roesner$ [email protected]$ [Examples/Images$thanks$to$Wikipedia.]$

Exploring E-Commerce opportunities in China-Ben Franzi

Franzi Vest - Make · 2015. 3. 7. · Franzi Vest Burda Style . Title: untitled Created Date: 3/20/2007 8:40:32 PM

DEUTSCH MIT FELIX UND FRANZI - Goethe- · PDF file2 DEUTSCH MIT FELIX UND FRANZI Fun Materials for Learning German at Primary Level Introduction: These exciting new materials and ideas

Participaci ó i POUM Marc Parés i Franzi marc.pares@uabt

Pain Management Dr. J.M. Roesner, DVM, DABVP Dr. Vanessa Lee, DVM

Section 6 Crypto + Ethics, XSS (Lab 2)...Section 6 Crypto + Ethics, XSS (Lab 2) November 5th, 2020 Eric Zeng, Keanu Vestil Including content by Amanda Lam, James Wang, and Franzi Roesner

Intermediate Unix Presented July 29 th, 2001 by: “Robin” R. Battey ([email protected]) Evgeny Roubinchtein ([email protected]) with tips,

DEUTSCH MIT FELIX UND FRANZI - Goethe-Institut2 DEUTSCH MIT FELIX UND FRANZI Fun Materials for Learning German at Primary Level Introduction: These exciting new materials and ideas

Eine kurze Geschichte unseres Universums J. Roesner 2009

Project 1: Impressionist Help Session Jonathan Su [email protected]

Professional Master's Program Orientation Spring 2015 cs.washington.edu/students/pmp

katalog Franzi 2015 finQ 25. februar 2015 17:11:08

Software Security: Buffer Overflow Attacks · 2020. 4. 6. · Buffer Overflow Attacks (continued) Spring 2020 Franziska (Franzi) Roesner [email protected] Thanks to Dan Boneh,

DEUTSCH MIT FELIX UND FRANZI

Operating Systems for Modern Applications · Operating Systems for Modern Applications Irene Zhang Adriana Szekeres, Franzi Roesner, Dan Ports, Hank Levy, Arvind Krishnamurthy 1

CSE 484 / CSE M 584: Computer Security and Privacy XSS …XSS attacks Fall 2016 Ada (Adam) Lerner [email protected] Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan

Community Service Based Marketing Dr. JoAnne M. Roesner, DVM DAVBP

Sybil Sharvelle Larry A. Roesner CSU Urban Water Center January 16, 2014

Professional Master's Program Orientation Winter 2016 cs.washington.edu/students/pmp

Burda Style 9302 - Colete Franzi

»Das klingt aber gut!«, sagte Kim. Franzi nickte. »Lesen ......»Das klingt aber gut!«, sagte Kim. Franzi nickte. »Lesen ist zwar nicht so mein Ding, aber die Location ist super

Web$Security: Web$Application$Security...CSE$484$/$CSE$M$584:$Computer$Security$and$Privacy$ $ Web$Security: Web$Application$Security $ Spring2015 ’ Franziska’(Franzi)Roesner’’

Mobile Platform Security - courses.cs.washington.edu · Mobile Platform Security Spring 2020 Franziska (Franzi) Roesner [email protected] Thanks to Dan Boneh, Dieter Gollmann,

Computer Security: Clickjacking - University of Washington · CSE 484 / CSE M 584 Computer Security: Clickjacking Jared Moore [email protected] Thanks to Franzi Roesner,

Measuring Query Complexity in SQLShare Workload · Measuring Query Complexity in SQLShare Workload Aditya Vashistha [email protected] Shrainik Jain [email protected]

CSE 451: Operating Systems Winter 2015 Module 1 Course Introduction Gary Kimura [email protected] Mark Zbikowski [email protected] © 2013

Software Security: Buffer Overflow Attacks · Buffer Overflow Attacks (continued) Autumn 2020 Franziska (Franzi) Roesner [email protected] Thanks to Dan Boneh, Dieter Gollmann,

CSE 461: Bits and Bandwidth Jeremy Elson ([email protected])[email protected] Microsoft Research Ben Greenstein ([email protected])[email protected]

Ben Franzi

Machine Learning Jesse Davis [email protected]

waltzdream - sfsma.org · 49 so (action) (action) (a 'don) niki eats cake can' niki stands up after writing letter franzi in palace hall—sees niki niki kisses franzi

Roesner, S., Blair, D. J. , & Aggarwal, V. K. (2015 ... · Stefan Roesner, Daniel J. Blair and Varinder K. Aggarwal* 1,2-Diaryl ethanes bearing 1,2-stereogenic centres show interesting

Mobile!OS!Security · Mobile!OS!Security! CSE$451$–November$30,2015$ $ Franziska$(Franzi)Roesner$$ [email protected]$