SlideShare une entreprise Scribd logo

Special Topics Day for Engineering Innovation Lecture on Cybersecurity

Michael Rushanan
Michael Rushanan

This particular presentation covers, at a high level, our national cybersecurity initiative. The content targets prospective high school students and delves into areas of computer science, information systems, and policy.

Formation
1  sur  39
Cybersecurity Defending our Nation’s Infrastructure in the 21st Century Paul Martin and Michael Rushanan April 15, 2012
Who am I? Background Education Previous Internships Current Research Interests
Who Are You? Survey says… 1.  How many of you own a personal computer? 2.  How many of you own a smartphone (Android, Blackberry, iPhone)? 3.  How many of you play video games? 4.  How many of you have programmed before? 5.  How many of you use [Windows, Mac OS X, Linux]?
Who Are You? Now you’re on the spot… Tell us a little about yourself: •  What are your Interests? •  Have you thought about future goals, and if so – what? •  What do you hope to learn from this?
Background Context
What is a Computer? Can you list some of the computing devices that you use on a daily basis?
What is a Computer? What separates a computer from other electronic/mechanical devices?
What is a Computer? What sorts of computers are researchers concerned with?
What is a Computer? What sorts of computers require security? Trick Question: ALL OF THEM!
What is a Program? Computational processes/algorithms that are purposely built to do something. e.g. Chrome Web Browser •  Where does the browser run? •  Does the browser take input? •  What does the browser output? •  Does your chrome browser notice that iTunes is currently running (ignoring possible extension ideas)?
What is a Program? What are some of the programs that use on a daily basis?
Cybersecurity
What is Cybersecurity? What do you think of when you hear the term “cybersecurity”?
What is Cybersecurity? What have you heard about cybersecurity in the news?
What is Cybersecurity? Why do you think cybersecurity is important? Do you think it’s important?
Computer Security
Computer Security The most annoying thing you will see repeatedly in your life… confidentiality Security Model integrity availability A is also for: authentication, authorization.
Computer Security •  Information security applied to computers •  Controlling who or what has access to certain information and under what conditions they may access or modify this information •  Very broad – some examples: •  Cell phones, game consoles, ebook readers •  Medical records •  Corporate email •  Banking • Two broad areas (that overlap) •  Security •  Privacy
Computer Security Tool Belt •  Hacking/Pen Testing •  Building Secure Systems •  Enforcing Access Control Policies •  All of these overlap with privacy issues, but ignore that for now
Hacking
Hacking The Hacker Manifesto by +++The Mentor+++ Written January 8, 1986 Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"... Damn kids. They're all alike. But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world... Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me... Damn underachiever. They're all alike. you can't stop us all... after all, we're all alike.
Hacking I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..." Damn kid. Probably copied it. They're all alike. I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or doesn't like teaching and shouldn't be here... Damn kid. All he does is play games. They're all alike. And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all... Damn kid. Tying up the phone line again. They're all alike…
Hacking You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert. This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can’t stop us all…after all, we’re all alike.
Hacking •  What is hacking and what is a hacker? •  What can we hack? •  Is hacking always bad?
WikiLeaks •  Discuss.
Exercise #[1,2]
The Hat System •  Traditionally “hats” are used to refer to hackers affiliation •  White hat = good, black hat = bad •  But is it really so black and white?
Exercise #1 •  In groups of 3-4, take 10-15 minutes to go online and find something interesting that has been hacked. Define: Interesting – Take your interests mentioned earlier, and see if anything has been done in that specific domain! •  Describe to the class: •  What was being protected? •  Was this white or black hat hacking? •  What was hacked? •  How was it hacked (if applicable)? •  What was the result? •  How does this effect society?
Exercise #2 •  Remaining in the same group, we hope you played nice, you will be appointed an interesting hacking topic for 10-15 minutes (the topic is interesting because I say it is). •  Describe to the class •  What was being protected? •  What was hacked? •  How was it hacked (if applicable)? •  What was the result? •  How does this effect society?
How are Things Hacked?
How are Things Hacked? •  What do you think the goal of hacking is?
How are Programs Hacked? •  How do you own a box? •  You hack a program and take it over, gaining it’s privileges. •  You want it to execute instructions that you provide rather than what it’s programmed to do. How do you go about doing this? •  The program execution flow can be modeled by a digraph if that helps. •  (Functions, loops, conditionals). •  This is pretty standard, no matter what you are hacking, though it is not necessarily the only way that things are hacked. •  Do we want examples of how this happens (I won’t be offended if you say no)?
How Do Security Holes Happen? •  Programmer error •  Anywhere input comes from an external source, it needs to be modified to fit specific preconditions. •  This usually doesn’t happen and that’s how computers get hacked.
So We Hacked a Program, Now What? •  To hack a computer you hack a program to gain control of its process •  Then you hack the computer again to run as a superuser with full control over the system. •  This is short circuited if you can just hack a program running as a superuser to begin with. •  These are less common because of this security risk. •  To hack a program you typically see what programs are listening for network connections and you focus your attention here. •  Most (lazy or unpaid) people just run a scanner and determine the program/version running on a server and then look up known security holes in these programs online.
So We Hacked a Program, Now What? •  Nowadays exploits (the way to hack a specific version of a specific program) typically come prepackaged. •  (Almost) every program has unknown vulnerabilities that can be found by experts with time (and money). (especially money)
Privacy
Privacy •  What does it mean for something to be private? •  How private is private?
Privacy Real world application time… In the health domain, privacy is a major concern! For instance, let us imagine that we are a team of developers that have just been contracted by the CDC, Centers for Disease Control and Prevention, to develop a web application specific to the recent outbreak of Share-And-Chew. This new viral outbreak has has been linked to sharing a piece of gum (yes, pre-chewed), and has a wide spread of health complications, including death. The problem with this outbreak, specifically, is that people are generally to embarrassed to seek help and contact those they have shared gum with to seek treatment. The CDC would like us to build an anonymous notification and treatment application to solve this complex social hurdle.
Privacy Design Requirements: 1)  Considering this is a web application, should the site be accessible over HTTP or HTTPS? If the users identity was leaked, how would it make him/her feel? What if you used an anonymous service like this; how would you feel if your identity leaked? 2)  What about a site cookie, why is this a good/bad idea? 3)  We were asked to write geolocation, from derived IP location, to the sites database for population and location spread. What is the implication of gathering such data, and should we also write the IP to the database? 4)  We are also to offer an opt out feature in which someone who received an email can choose not to receive any more. Doing so requires writing the email to the database. Should we hash this email?

Recommandé

Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplationsChris Roberts
 
Gunning for granny
Gunning for grannyGunning for granny
Gunning for grannyChris Roberts
 
Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020Chris Roberts
 
I hack you hack we all hack
I hack you hack we all hackI hack you hack we all hack
I hack you hack we all hackKaraMichelleHarkins
 
Currentissuenotes
CurrentissuenotesCurrentissuenotes
Currentissuenotesherri2mj
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingHarshit Upadhyay
 
Ethical Hacking
Ethical Hacking Ethical Hacking
Ethical Hacking Harshit Upadhyay
 

Recommandé

Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplationsChris Roberts
 
Gunning for granny
Gunning for grannyGunning for granny
Gunning for grannyChris Roberts
 
Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020Chris Roberts
 
I hack you hack we all hack
I hack you hack we all hackI hack you hack we all hack
I hack you hack we all hackKaraMichelleHarkins
 
Currentissuenotes
CurrentissuenotesCurrentissuenotes
Currentissuenotesherri2mj
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingHarshit Upadhyay
 
Ethical Hacking
Ethical Hacking Ethical Hacking
Ethical Hacking Harshit Upadhyay
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Vibrant Event
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer SecurityEthical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer SecurityVibrant Technologies & Computers
 
Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation dhirujapla
 
An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In LibrariesBlake Carver
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
5G and the Invisible Interface
5G and the Invisible Interface5G and the Invisible Interface
5G and the Invisible InterfaceExperience UX
 
Information security consciousness
Information security consciousnessInformation security consciousness
Information security consciousnessCiarán Mc Mahon
 
hacking
hackinghacking
hackingmayank1293
 
Computer Security
Computer SecurityComputer Security
Computer SecurityGreater Noida Institute Of Technology
 
Lesson 2
Lesson 2Lesson 2
Lesson 2Rexly Lasaca
 
Computer security and awareness
Computer security and awarenessComputer security and awareness
Computer security and awarenessRichard Bartlett
 
Technology Report By Noah Coffman
Technology Report By Noah CoffmanTechnology Report By Noah Coffman
Technology Report By Noah CoffmanMarq2014
 
So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017Adrien de Beaupre
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxDinesh582831
 
Privacy and libraries
Privacy and librariesPrivacy and libraries
Privacy and librariesDorothea Salo
 
Phish training final
Phish training finalPhish training final
Phish training finalJen Ruhman
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Marta Barrio Marcos
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingMuzaffar Ahmad
 
Dec2018 istanbul-2
Dec2018 istanbul-2Dec2018 istanbul-2
Dec2018 istanbul-2Chris Roberts
 
Security and Privacy in Implantable Medical Devices
Security and Privacy in Implantable Medical DevicesSecurity and Privacy in Implantable Medical Devices
Security and Privacy in Implantable Medical DevicesMichael Rushanan
 
Versatile Low Power Media Access for Wireless Sensor Networks
Versatile Low Power Media Access for Wireless Sensor NetworksVersatile Low Power Media Access for Wireless Sensor Networks
Versatile Low Power Media Access for Wireless Sensor NetworksMichael Rushanan
 

Contenu connexe

Similaire à Special Topics Day for Engineering Innovation Lecture on Cybersecurity

Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Vibrant Event
 
Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation dhirujapla
 
An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In LibrariesBlake Carver
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
5G and the Invisible Interface
5G and the Invisible Interface5G and the Invisible Interface
5G and the Invisible InterfaceExperience UX
 
Information security consciousness
Information security consciousnessInformation security consciousness
Information security consciousnessCiarán Mc Mahon
 
Computer security and awareness
Computer security and awarenessComputer security and awareness
Computer security and awarenessRichard Bartlett
 
Technology Report By Noah Coffman
Technology Report By Noah CoffmanTechnology Report By Noah Coffman
Technology Report By Noah CoffmanMarq2014
 
So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017Adrien de Beaupre
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxDinesh582831
 
Privacy and libraries
Privacy and librariesPrivacy and libraries
Privacy and librariesDorothea Salo
 
Phish training final
Phish training finalPhish training final
Phish training finalJen Ruhman
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Marta Barrio Marcos
 

Similaire à Special Topics Day for Engineering Innovation Lecture on Cybersecurity (20)

Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer SecurityEthical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation
 
An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries An Introduction To IT Security And Privacy In Libraries
An Introduction To IT Security And Privacy In Libraries
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and Concerns
 
5G and the Invisible Interface
5G and the Invisible Interface5G and the Invisible Interface
5G and the Invisible Interface
 
Information security consciousness
Information security consciousnessInformation security consciousness
Information security consciousness
 
hacking
hackinghacking
hacking
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Computer security and awareness
Computer security and awarenessComputer security and awareness
Computer security and awareness
 
Technology Report By Noah Coffman
Technology Report By Noah CoffmanTechnology Report By Noah Coffman
Technology Report By Noah Coffman
 
So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
 
Privacy and libraries
Privacy and librariesPrivacy and libraries
Privacy and libraries
 
Phish training final
Phish training finalPhish training final
Phish training final
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Dec2018 istanbul-2
Dec2018 istanbul-2Dec2018 istanbul-2
Dec2018 istanbul-2
 

Plus de Michael Rushanan

Security and Privacy in Implantable Medical Devices
Security and Privacy in Implantable Medical DevicesSecurity and Privacy in Implantable Medical Devices
Security and Privacy in Implantable Medical DevicesMichael Rushanan
 
Versatile Low Power Media Access for Wireless Sensor Networks
Versatile Low Power Media Access for Wireless Sensor NetworksVersatile Low Power Media Access for Wireless Sensor Networks
Versatile Low Power Media Access for Wireless Sensor NetworksMichael Rushanan
 
Reading Group Presentation: Web Attacks on Host-Proof Encrypted Storage
Reading Group Presentation: Web Attacks on Host-Proof Encrypted StorageReading Group Presentation: Web Attacks on Host-Proof Encrypted Storage
Reading Group Presentation: Web Attacks on Host-Proof Encrypted StorageMichael Rushanan
 
Reading Group Presentation: The Power of Procrastination
Reading Group Presentation: The Power of ProcrastinationReading Group Presentation: The Power of Procrastination
Reading Group Presentation: The Power of ProcrastinationMichael Rushanan
 
600.250 UI Cross Platform Development and the Android Security Model
600.250 UI Cross Platform Development and the Android Security Model600.250 UI Cross Platform Development and the Android Security Model
600.250 UI Cross Platform Development and the Android Security ModelMichael Rushanan
 
Reading Group Presentation: Why Eve and Mallory Love Android
Reading Group Presentation: Why Eve and Mallory Love AndroidReading Group Presentation: Why Eve and Mallory Love Android
Reading Group Presentation: Why Eve and Mallory Love AndroidMichael Rushanan
 

Plus de Michael Rushanan (6)

Security and Privacy in Implantable Medical Devices
Security and Privacy in Implantable Medical DevicesSecurity and Privacy in Implantable Medical Devices
Security and Privacy in Implantable Medical Devices
 
Versatile Low Power Media Access for Wireless Sensor Networks
Versatile Low Power Media Access for Wireless Sensor NetworksVersatile Low Power Media Access for Wireless Sensor Networks
Versatile Low Power Media Access for Wireless Sensor Networks
 
Reading Group Presentation: Web Attacks on Host-Proof Encrypted Storage
Reading Group Presentation: Web Attacks on Host-Proof Encrypted StorageReading Group Presentation: Web Attacks on Host-Proof Encrypted Storage
Reading Group Presentation: Web Attacks on Host-Proof Encrypted Storage
 
Reading Group Presentation: The Power of Procrastination
Reading Group Presentation: The Power of ProcrastinationReading Group Presentation: The Power of Procrastination
Reading Group Presentation: The Power of Procrastination
 
600.250 UI Cross Platform Development and the Android Security Model
600.250 UI Cross Platform Development and the Android Security Model600.250 UI Cross Platform Development and the Android Security Model
600.250 UI Cross Platform Development and the Android Security Model
 
Reading Group Presentation: Why Eve and Mallory Love Android
Reading Group Presentation: Why Eve and Mallory Love AndroidReading Group Presentation: Why Eve and Mallory Love Android
Reading Group Presentation: Why Eve and Mallory Love Android
 

Dernier

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 

Dernier (20)

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 

Special Topics Day for Engineering Innovation Lecture on Cybersecurity

  • 1. Cybersecurity Defending our Nation’s Infrastructure in the 21st Century Paul Martin and Michael Rushanan April 15, 2012
  • 2. Who am I? Background Education Previous Internships Current Research Interests
  • 3. Who Are You? Survey says… 1.  How many of you own a personal computer? 2.  How many of you own a smartphone (Android, Blackberry, iPhone)? 3.  How many of you play video games? 4.  How many of you have programmed before? 5.  How many of you use [Windows, Mac OS X, Linux]?
  • 4. Who Are You? Now you’re on the spot… Tell us a little about yourself: •  What are your Interests? •  Have you thought about future goals, and if so – what? •  What do you hope to learn from this?
  • 6. What is a Computer? Can you list some of the computing devices that you use on a daily basis?
  • 7. What is a Computer? What separates a computer from other electronic/mechanical devices?
  • 8. What is a Computer? What sorts of computers are researchers concerned with?
  • 9. What is a Computer? What sorts of computers require security? Trick Question: ALL OF THEM!
  • 10. What is a Program? Computational processes/algorithms that are purposely built to do something. e.g. Chrome Web Browser •  Where does the browser run? •  Does the browser take input? •  What does the browser output? •  Does your chrome browser notice that iTunes is currently running (ignoring possible extension ideas)?
  • 11. What is a Program? What are some of the programs that use on a daily basis?
  • 13. What is Cybersecurity? What do you think of when you hear the term “cybersecurity”?
  • 14. What is Cybersecurity? What have you heard about cybersecurity in the news?
  • 15. What is Cybersecurity? Why do you think cybersecurity is important? Do you think it’s important?
  • 17. Computer Security The most annoying thing you will see repeatedly in your life… confidentiality Security Model integrity availability A is also for: authentication, authorization.
  • 18. Computer Security •  Information security applied to computers •  Controlling who or what has access to certain information and under what conditions they may access or modify this information •  Very broad – some examples: •  Cell phones, game consoles, ebook readers •  Medical records •  Corporate email •  Banking • Two broad areas (that overlap) •  Security •  Privacy
  • 19. Computer Security Tool Belt •  Hacking/Pen Testing •  Building Secure Systems •  Enforcing Access Control Policies •  All of these overlap with privacy issues, but ignore that for now
  • 21. Hacking The Hacker Manifesto by +++The Mentor+++ Written January 8, 1986 Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"... Damn kids. They're all alike. But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world... Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me... Damn underachiever. They're all alike. you can't stop us all... after all, we're all alike.
  • 22. Hacking I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..." Damn kid. Probably copied it. They're all alike. I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or doesn't like teaching and shouldn't be here... Damn kid. All he does is play games. They're all alike. And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all... Damn kid. Tying up the phone line again. They're all alike…
  • 23. Hacking You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert. This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can’t stop us all…after all, we’re all alike.
  • 24. Hacking •  What is hacking and what is a hacker? •  What can we hack? •  Is hacking always bad?
  • 27. The Hat System •  Traditionally “hats” are used to refer to hackers affiliation •  White hat = good, black hat = bad •  But is it really so black and white?
  • 28. Exercise #1 •  In groups of 3-4, take 10-15 minutes to go online and find something interesting that has been hacked. Define: Interesting – Take your interests mentioned earlier, and see if anything has been done in that specific domain! •  Describe to the class: •  What was being protected? •  Was this white or black hat hacking? •  What was hacked? •  How was it hacked (if applicable)? •  What was the result? •  How does this effect society?
  • 29. Exercise #2 •  Remaining in the same group, we hope you played nice, you will be appointed an interesting hacking topic for 10-15 minutes (the topic is interesting because I say it is). •  Describe to the class •  What was being protected? •  What was hacked? •  How was it hacked (if applicable)? •  What was the result? •  How does this effect society?
  • 30. How are Things Hacked?
  • 31. How are Things Hacked? •  What do you think the goal of hacking is?
  • 32. How are Programs Hacked? •  How do you own a box? •  You hack a program and take it over, gaining it’s privileges. •  You want it to execute instructions that you provide rather than what it’s programmed to do. How do you go about doing this? •  The program execution flow can be modeled by a digraph if that helps. •  (Functions, loops, conditionals). •  This is pretty standard, no matter what you are hacking, though it is not necessarily the only way that things are hacked. •  Do we want examples of how this happens (I won’t be offended if you say no)?
  • 33. How Do Security Holes Happen? •  Programmer error •  Anywhere input comes from an external source, it needs to be modified to fit specific preconditions. •  This usually doesn’t happen and that’s how computers get hacked.
  • 34. So We Hacked a Program, Now What? •  To hack a computer you hack a program to gain control of its process •  Then you hack the computer again to run as a superuser with full control over the system. •  This is short circuited if you can just hack a program running as a superuser to begin with. •  These are less common because of this security risk. •  To hack a program you typically see what programs are listening for network connections and you focus your attention here. •  Most (lazy or unpaid) people just run a scanner and determine the program/version running on a server and then look up known security holes in these programs online.
  • 35. So We Hacked a Program, Now What? •  Nowadays exploits (the way to hack a specific version of a specific program) typically come prepackaged. •  (Almost) every program has unknown vulnerabilities that can be found by experts with time (and money). (especially money)
  • 37. Privacy •  What does it mean for something to be private? •  How private is private?
  • 38. Privacy Real world application time… In the health domain, privacy is a major concern! For instance, let us imagine that we are a team of developers that have just been contracted by the CDC, Centers for Disease Control and Prevention, to develop a web application specific to the recent outbreak of Share-And-Chew. This new viral outbreak has has been linked to sharing a piece of gum (yes, pre-chewed), and has a wide spread of health complications, including death. The problem with this outbreak, specifically, is that people are generally to embarrassed to seek help and contact those they have shared gum with to seek treatment. The CDC would like us to build an anonymous notification and treatment application to solve this complex social hurdle.
  • 39. Privacy Design Requirements: 1)  Considering this is a web application, should the site be accessible over HTTP or HTTPS? If the users identity was leaked, how would it make him/her feel? What if you used an anonymous service like this; how would you feel if your identity leaked? 2)  What about a site cookie, why is this a good/bad idea? 3)  We were asked to write geolocation, from derived IP location, to the sites database for population and location spread. What is the implication of gathering such data, and should we also write the IP to the database? 4)  We are also to offer an opt out feature in which someone who received an email can choose not to receive any more. Doing so requires writing the email to the database. Should we hash this email?