|
Computer and Network Security
A tutorial for the attendees of
ICDCS 2007
Part 1: Intro.
to Computing and Consumer Security |
|
Computer and Network Security
A tutorial for the attendees of
ICDCS 2007
Part 1: Intro.
to Computing and Consumer Security |
|
Introduction Security is at the forefront of the currents of computing news. Fraud has taken a front seat in the Internet, and is already causing significant financial losses that are climbing. The innovations in computer crime has blown the lid on many inherent flaws in our computing infrastructure (i.e. use of passwords) and financial infrastructure (i.e. use of credit card and account numbers). We are coasting in denial and spreading the losses and hoping things will get better. From “Evil Twins” to “Pharming”, from “SQL Injection” to “Rootkits”, the march of attack discovery is outpacing the fixes. The sinister truth is well stated by a trade magazine that said: “Computing at home has never been so powerful - and treacherous. Just as millions of Americans are buying new PCs and signing up for blur-fast Internet connections, cybercrooks are hatching schemes to take control of their machines.” About the Tutorial This tutorial is designed to bridge the gap that exists in the community of computer professionals, designers and researchers in their awareness of security vulnerabilities and countermeasures. While, for example, public key systems are well known, most professionals are unaware of how it can be used to be a very effective method of authentication and non-repudiation and also, how even public key systems can be prone to vulnerabilities. We cover the techniques used by attacks to gain personal information and financial gains. We cover the countermeasures that are being deployed with limited success. We cover the variety of new tricks that play cat and mouse between fraudsters and security experts. We cover the inherent design defects that to unintended consequences. In addition we cover the latest research techniques and academic protocols that can stem the tide of attacks (virtualization, integrity checking, link farm detection and so on). Presenter Bio Partha Dasgupta is on the faculty of Arizona State University. His core areas of expertise are in Computer Security, Operating Systems and Distributed Computing. His current research focus is the use of cryptography and secure software systems to provide security and dependability of consumer computing. These technologies have the ability to safeguard naďve computer users from attacks that attempt to defraud via spoofing, viruses and spam. In addition he works with software, hardware and networking techniques for enhancement of security and attack resilience. He has significant prior research results and publications in construction of distributed operating systems, high performance systems and secure computing infrastructures. He also has experience in industrial consulting, training course development and delivery. Most of his classes are available in on-line versions. Dr. Dasgupta joined ASU in 1991 and has held faculty positions at Georgia Tech and New York University. His research funding has primarily been from NSF and DARPA with smaller grants from Intel, Microsoft and the Consortium for Embedded Systems. He has 20 years of experience with operating systems and 8 years experience with security systems. He is an accomplished teacher and researcher of topics in computer security and distributed computing. He has a Ph.D. in Computer Science from Stony Brook University. Web page:
http://cactus.eas.asu.edu/Partha/
|
|
|
For the convenience of attendees the tutorial will consist of two (somewhat) independent parts. The Morning Session will cover the basics and provide a roadmap to the attacks and countermeasures. The Afternoon Session will go deeper into the details of the usage of Cryptography in Security Applications. Part 1: Morning Session Security Basics
Attacks
Countermeasures
Part 2: Afternoon Session Cryptography
Network Security
System Security
State of the Art?
|
|
|
|
Sponsored by: |
