Computer security and privacy
COM-301
Resource: Video Recordings
COM-301 Computer security
45, Lecture 10.3 - Malware - Botnets
16.12.2021, 13:44
In this block we discuss:
- What is a botnet
- Botnet configurations
- How to defend from botnets
44, Lecture 10.2 - Malware - Types of malware
16.12.2021, 13:43
In this block with discuss:
- Viruses and examples
- Worms and examples
- Trojan Horses
- Rootkits
43, Lecture 10.1 - Malware - Introduction
16.12.2021, 13:43
In this block we discuss:
- What is malware
- How important is malware for deployed systems
- Why is malware so important
- What types of malware are out there
42b, Lecture 9.3.2 - Privacy - Some Privacy Technologies (part II)
10.12.2021, 10:57
In this lecture we discuss:
- Anonymous communications systems (low latency and high latency)
- Attribute based credentials
- Other PETs
42, Lecture 9.3.1 - Privacy - Some Privacy Technologies (part I)
10.12.2021, 10:56
In this lecture we discuss:
- Adversarial models of anti-surveillance privacy technologies
- End-to-end encryption
- The need to protect metadata
41, Lecture 9.2 - Privacy - What is privacy
10.12.2021, 10:50
In this lecture we discuss:
- Definitions and dimensions of privacy
- Technical privacy concerns
- Privacy adversarial models and privacy enhancing technologies that help against those adversaries
40, Lecture 9.1 - Privacy - Why is privacy important
10.12.2021, 10:49
In this video we discuss:
- The goals of the Privacy lecture
- Privacy as a security property
- Privacy as a support for societal values
39, Lecture 8.6 - Network Security - Other protections
05.12.2021, 21:44
In this lecture we discuss:
- Security implications of NAT
- Firewalls
- Network configuration
38, Lecture 8.5 - Network Security - Denial of Service
05.12.2021, 21:44
In this lecture we discuss:
- The goal of a Denial of Service attack
- Different examples of Denial of service
- Principles to defense against denial of service
37, Lecture 8.4- Network Security - Transport Layer Security
05.12.2021, 21:44
In this lecture we discuss:
- Limitations of TCP
- The Transport Layer Security Handshake
36, Lecture 8.3 - Network Security - TCP security
05.12.2021, 21:43
In this lecture we discuss:
- Refresher of TCP protocol
- How to hijack a TCP session
35, Lecture 8.2 - Network Security - IP security
27.11.2021, 19:50
In this lecture we discuss:
- Refresher of IP
- IP spoofing and consequences
- IPSec as a defense, and its modes
- Virtual Private Networks
34, Lecture 8.1.4 - Network Security - BGP spoofing
27.11.2021, 15:33
32, Lecture 8.1.2 - Network Security - ARP spoofing
25.11.2021, 12:18
In this lecture we discuss:
- Refresher of routing in LAN
- ARP spoofing: Naming and routing attacks in LAN
- Defenses against ARP spoofing
33, Lecture 8.1.3 - Network Security - DNS spoofing
25.11.2021, 12:18
In this lecture we discuss:
- Refresher of DNS
- Types of DNS spoofing
- DNS spoofing defenses
31, Lecture 8.1.1 - Network Security
25.11.2021, 12:15
In this lecture we discuss:
- Desired security properties at the network level
- On which layers of the networks protocols security matters
30, Lecture 7.3.3 - Software security - Security testing - Sanitizers
20.11.2021, 10:20
In this lecture we discuss:
- What is a sanitizer
- Different types of sanitizers
29, Lecture 7.3.2 - Software security - Security testing - Fuzzing
20.11.2021, 10:19
In this lecture we discuss:
- What is fuzzing
- Different types of fuzzing
28, Lecture 7.3.1 - Software security - Security testing
20.11.2021, 10:19
In this lecture we discuss:
- What is security testing
- The kinds of security testing
- Coverage as a metric
27, Lecture 7.2 - Software security - Execution attacks and defenses
20.11.2021, 10:18
In this lecture, we discuss:
- Code Injection attacks
- Control-flow hijack attacks
- Deployed defenses: Data Execution Prevention, Stack Canaries, Address Space Layout Randomization
26, Lecture 7.1 - Software security - Memory safety
13.11.2021, 17:26
In this lecture we discuss:
- Why software security is important
- What is memory safety: temporal errors and spatial errors
- Uncontrolled Format String
25, Lecture 6.3 - Adversarial thinking - Defender - Common Weaknesses Enumeration
13.11.2021, 17:26
In this lecture we discuss:
- What are Common Weaknesses, Common Vulnerabilities, and Common Vulnerability Scoring System
- Weaknesses stemming from non-sanitized data sent between components
- Weaknesses stemming from using unsanitized inputs on critical components
- Defenses that do are not working
24, Lecture 6.2 - Adversarial thinking - Defender - Threat modelling
03.11.2021, 14:26
In this lecture we discuss:
- What is threat modelling
- A few threat modeling methodologies
23b, Demo Sudo bug (Lecture 6.1)
03.11.2021, 14:26
This video contains a demo of how to exploit a bug in Sudo
https://access.redhat.com/security/cve/cve-2019-14287
23, Lecture 6.1 - Adversarial thinking - Reasoning as an adversary
03.11.2021, 14:26
In this lecture we discuss:
- Why are attacks important
- What is the attacker thinking process and how to systematically find weaknesses
(The demo for the last bug will be given live in the Thursday Q&A)
22, Lecture 5.4 - Authentication - Tokens
03.11.2021, 14:25
In this lecture, we discuss:
- Shortcomings of biometrics
- What is a token
- How tokens work
- Two factor authentication
21, Lecture 5.3 - Authentication - Biometrics
28.10.2021, 10:22
In this lecture we discuss:
- Problems with passwords
- What are biometrics and their advantages
- How to enroll (record) and verify (check) biometrics
- Biometrics require balancing false positives and false negatives
20, Lecture 5.2 - Authentication - Passwords
28.10.2021, 10:21
In this lecture we discuss:
- What are passwords
- How to transfer passwords securely
- How to store passwords securely
- How to check passwords securely
- Techniques to increase the security of passwords
19, Lecture 5.1 - Authentication - Basics
28.10.2021, 10:18
In this lecture we discuss:
- What is authentication
- Methods for user authentication
18, Lecture 4.5 - Applied Cryptography - Assymetric cryptography
21.10.2021, 18:31
17, Lecture 4.4 - Applied Cryptography - Hash functions
21.10.2021, 18:30
In this lecture we discuss:
- What is a hash function
- What are the properties of hash functions
- What are the typical uses of hash functions
16, Lecture 4.3 - Applied Cryptography - Symmetric - Integrity
21.10.2021, 18:30
In this lecture we discuss:
- Symmetric cryptography algorithms for integrity: CBC-MAC
- How to obtain confidentiality & integrity using symmetric encryption
15, Lecture 4.2 - Applied Cryptography - Symmetric - Confidentiality
14.10.2021, 19:02
In this lecture we discuss the use of symmetric cryptography for confidentiality:
- Stream ciphers
- Block ciphers
- Bloc ciphers mode of operation
14, Lecture 4.1 - Applied Cryptography - Basics
14.10.2021, 19:02
In this lecture we discuss
- Old encryption schemes and their weaknesses
- One-time pad encryption
13, Lecture 3.6 -Mandatory Access Control - Multi-property Security Models
10.10.2021, 10:37
In this block we discuss:
- The Chinese Wall model, that enables to combine confidentiality and integrity in the context of conflicts of interest
- A summary of the Mandatory Access Control lecture
12, Lecture 3.5 - Mandatory Access Control - Integrity Models
10.10.2021, 10:36
In this block we discuss:
- The Biba model for integrity
- Different implentations of security level change in Biba
- The process of Sanitization
11, Lecture 3.4 - Mandatory Access Control - Confidentiality Models
10.10.2021, 10:36
In this block we discuss:
- The Bell La Padula model for confidentiality
- Covert Channels
- The difficulties of declassification
10, Lecture 3.3 - Discretionary Access Control Examples - Linux and Windows
30.09.2021, 13:41
In this lecture, we discuss how Linux and Windows implement access control following the Discretionary Access Control approach.
We discuss what are their principles and objects and the mechanisms they implement to follow the Security Principles to the extent possible
9, Lecture 3.2- Discretionary Access Control II
30.09.2021, 13:41
In this lecture we discuss:
- Alternative implementations of Access Control Lists to better deal with dynamic user management
- What are capabilities and how they implement the Access Control Matrix
- The confused deputy problem
8, Lecture 3.2 - Discretionary Access Control I
30.09.2021, 13:41
In this lecture we discuss:
- What an Access Control Matrix can conceptualize discretionary access control policies
- How Access Control Lists can implement an Access Control Matrix and their advantages and shortcomings
7, Lecture 3.1 - Access control introduction
30.09.2021, 13:41
In this lecture, we discuss:
- what is access control
- where it fits in computer security
- how it should be implemented
6, Lecture 2.4 - Principles IV
24.09.2021, 12:19
In this lecture, we discuss:
- the 'work factor' principle
- the 'compromise recording' principle
5, Lecture 2.3 - Principles III
24.09.2021, 12:18
In this lecture, we discuss:
- the 'least privilege' principle
- the 'least common mechanism' principle
- the 'psychological acceptability' principle
4, Lecture 2.2 - Principles II
24.09.2021, 12:18
In this lecture, we discuss:
- the 'complete mediation' principle
- the 'open design' principle
- the 'separation of privilege' principle
3, Lecture 2.1 - Principles I
24.09.2021, 12:18
In this lecture, we discuss:
- what are security principles and why are they relevant
- the 'economy of mechanism' principle
- the 'fail safe default' principle
1, Lecture 1.1 - Basics - definitions and vocabulary
09.09.2020, 22:24
In this lecture, we discuss:
- why computer security deserves its own course
- how to model an adversary
- key vocabulary to talk about security problems
2, Lecture 1.2 Basics - Security engineering concepts
09.09.2020, 16:05
In this lecture, we discuss:
- what is a security mechanisms
- how do show a system is secure
- the key steps in the security engineering process
COM-301 Computer security
45, Lecture 10.3 - Malware - Botnets
16.12.2021, 13:44
In this block we discuss:
- What is a botnet
- Botnet configurations
- How to defend from botnets
44, Lecture 10.2 - Malware - Types of malware
16.12.2021, 13:43
In this block with discuss:
- Viruses and examples
- Worms and examples
- Trojan Horses
- Rootkits
43, Lecture 10.1 - Malware - Introduction
16.12.2021, 13:43
In this block we discuss:
- What is malware
- How important is malware for deployed systems
- Why is malware so important
- What types of malware are out there
42b, Lecture 9.3.2 - Privacy - Some Privacy Technologies (part II)
10.12.2021, 10:57
In this lecture we discuss:
- Anonymous communications systems (low latency and high latency)
- Attribute based credentials
- Other PETs
42, Lecture 9.3.1 - Privacy - Some Privacy Technologies (part I)
10.12.2021, 10:56
In this lecture we discuss:
- Adversarial models of anti-surveillance privacy technologies
- End-to-end encryption
- The need to protect metadata
41, Lecture 9.2 - Privacy - What is privacy
10.12.2021, 10:50
In this lecture we discuss:
- Definitions and dimensions of privacy
- Technical privacy concerns
- Privacy adversarial models and privacy enhancing technologies that help against those adversaries
40, Lecture 9.1 - Privacy - Why is privacy important
10.12.2021, 10:49
In this video we discuss:
- The goals of the Privacy lecture
- Privacy as a security property
- Privacy as a support for societal values
39, Lecture 8.6 - Network Security - Other protections
05.12.2021, 21:44
In this lecture we discuss:
- Security implications of NAT
- Firewalls
- Network configuration
38, Lecture 8.5 - Network Security - Denial of Service
05.12.2021, 21:44
In this lecture we discuss:
- The goal of a Denial of Service attack
- Different examples of Denial of service
- Principles to defense against denial of service
37, Lecture 8.4- Network Security - Transport Layer Security
05.12.2021, 21:44
In this lecture we discuss:
- Limitations of TCP
- The Transport Layer Security Handshake
36, Lecture 8.3 - Network Security - TCP security
05.12.2021, 21:43
In this lecture we discuss:
- Refresher of TCP protocol
- How to hijack a TCP session
35, Lecture 8.2 - Network Security - IP security
27.11.2021, 19:50
In this lecture we discuss:
- Refresher of IP
- IP spoofing and consequences
- IPSec as a defense, and its modes
- Virtual Private Networks
34, Lecture 8.1.4 - Network Security - BGP spoofing
27.11.2021, 15:33
32, Lecture 8.1.2 - Network Security - ARP spoofing
25.11.2021, 12:18
In this lecture we discuss:
- Refresher of routing in LAN
- ARP spoofing: Naming and routing attacks in LAN
- Defenses against ARP spoofing
33, Lecture 8.1.3 - Network Security - DNS spoofing
25.11.2021, 12:18
In this lecture we discuss:
- Refresher of DNS
- Types of DNS spoofing
- DNS spoofing defenses
31, Lecture 8.1.1 - Network Security
25.11.2021, 12:15
In this lecture we discuss:
- Desired security properties at the network level
- On which layers of the networks protocols security matters
30, Lecture 7.3.3 - Software security - Security testing - Sanitizers
20.11.2021, 10:20
In this lecture we discuss:
- What is a sanitizer
- Different types of sanitizers
29, Lecture 7.3.2 - Software security - Security testing - Fuzzing
20.11.2021, 10:19
In this lecture we discuss:
- What is fuzzing
- Different types of fuzzing
28, Lecture 7.3.1 - Software security - Security testing
20.11.2021, 10:19
In this lecture we discuss:
- What is security testing
- The kinds of security testing
- Coverage as a metric
27, Lecture 7.2 - Software security - Execution attacks and defenses
20.11.2021, 10:18
In this lecture, we discuss:
- Code Injection attacks
- Control-flow hijack attacks
- Deployed defenses: Data Execution Prevention, Stack Canaries, Address Space Layout Randomization
26, Lecture 7.1 - Software security - Memory safety
13.11.2021, 17:26
In this lecture we discuss:
- Why software security is important
- What is memory safety: temporal errors and spatial errors
- Uncontrolled Format String
25, Lecture 6.3 - Adversarial thinking - Defender - Common Weaknesses Enumeration
13.11.2021, 17:26
In this lecture we discuss:
- What are Common Weaknesses, Common Vulnerabilities, and Common Vulnerability Scoring System
- Weaknesses stemming from non-sanitized data sent between components
- Weaknesses stemming from using unsanitized inputs on critical components
- Defenses that do are not working
24, Lecture 6.2 - Adversarial thinking - Defender - Threat modelling
03.11.2021, 14:26
In this lecture we discuss:
- What is threat modelling
- A few threat modeling methodologies
23b, Demo Sudo bug (Lecture 6.1)
03.11.2021, 14:26
This video contains a demo of how to exploit a bug in Sudo
https://access.redhat.com/security/cve/cve-2019-14287
23, Lecture 6.1 - Adversarial thinking - Reasoning as an adversary
03.11.2021, 14:26
In this lecture we discuss:
- Why are attacks important
- What is the attacker thinking process and how to systematically find weaknesses
(The demo for the last bug will be given live in the Thursday Q&A)
22, Lecture 5.4 - Authentication - Tokens
03.11.2021, 14:25
In this lecture, we discuss:
- Shortcomings of biometrics
- What is a token
- How tokens work
- Two factor authentication
21, Lecture 5.3 - Authentication - Biometrics
28.10.2021, 10:22
In this lecture we discuss:
- Problems with passwords
- What are biometrics and their advantages
- How to enroll (record) and verify (check) biometrics
- Biometrics require balancing false positives and false negatives
20, Lecture 5.2 - Authentication - Passwords
28.10.2021, 10:21
In this lecture we discuss:
- What are passwords
- How to transfer passwords securely
- How to store passwords securely
- How to check passwords securely
- Techniques to increase the security of passwords
19, Lecture 5.1 - Authentication - Basics
28.10.2021, 10:18
In this lecture we discuss:
- What is authentication
- Methods for user authentication
18, Lecture 4.5 - Applied Cryptography - Assymetric cryptography
21.10.2021, 18:31
17, Lecture 4.4 - Applied Cryptography - Hash functions
21.10.2021, 18:30
In this lecture we discuss:
- What is a hash function
- What are the properties of hash functions
- What are the typical uses of hash functions
16, Lecture 4.3 - Applied Cryptography - Symmetric - Integrity
21.10.2021, 18:30
In this lecture we discuss:
- Symmetric cryptography algorithms for integrity: CBC-MAC
- How to obtain confidentiality & integrity using symmetric encryption
15, Lecture 4.2 - Applied Cryptography - Symmetric - Confidentiality
14.10.2021, 19:02
In this lecture we discuss the use of symmetric cryptography for confidentiality:
- Stream ciphers
- Block ciphers
- Bloc ciphers mode of operation
14, Lecture 4.1 - Applied Cryptography - Basics
14.10.2021, 19:02
In this lecture we discuss
- Old encryption schemes and their weaknesses
- One-time pad encryption
13, Lecture 3.6 -Mandatory Access Control - Multi-property Security Models
10.10.2021, 10:37
In this block we discuss:
- The Chinese Wall model, that enables to combine confidentiality and integrity in the context of conflicts of interest
- A summary of the Mandatory Access Control lecture
12, Lecture 3.5 - Mandatory Access Control - Integrity Models
10.10.2021, 10:36
In this block we discuss:
- The Biba model for integrity
- Different implentations of security level change in Biba
- The process of Sanitization
11, Lecture 3.4 - Mandatory Access Control - Confidentiality Models
10.10.2021, 10:36
In this block we discuss:
- The Bell La Padula model for confidentiality
- Covert Channels
- The difficulties of declassification
10, Lecture 3.3 - Discretionary Access Control Examples - Linux and Windows
30.09.2021, 13:41
In this lecture, we discuss how Linux and Windows implement access control following the Discretionary Access Control approach.
We discuss what are their principles and objects and the mechanisms they implement to follow the Security Principles to the extent possible
9, Lecture 3.2- Discretionary Access Control II
30.09.2021, 13:41
In this lecture we discuss:
- Alternative implementations of Access Control Lists to better deal with dynamic user management
- What are capabilities and how they implement the Access Control Matrix
- The confused deputy problem
8, Lecture 3.2 - Discretionary Access Control I
30.09.2021, 13:41
In this lecture we discuss:
- What an Access Control Matrix can conceptualize discretionary access control policies
- How Access Control Lists can implement an Access Control Matrix and their advantages and shortcomings
7, Lecture 3.1 - Access control introduction
30.09.2021, 13:41
In this lecture, we discuss:
- what is access control
- where it fits in computer security
- how it should be implemented
6, Lecture 2.4 - Principles IV
24.09.2021, 12:19
In this lecture, we discuss:
- the 'work factor' principle
- the 'compromise recording' principle
5, Lecture 2.3 - Principles III
24.09.2021, 12:18
In this lecture, we discuss:
- the 'least privilege' principle
- the 'least common mechanism' principle
- the 'psychological acceptability' principle
4, Lecture 2.2 - Principles II
24.09.2021, 12:18
In this lecture, we discuss:
- the 'complete mediation' principle
- the 'open design' principle
- the 'separation of privilege' principle
3, Lecture 2.1 - Principles I
24.09.2021, 12:18
In this lecture, we discuss:
- what are security principles and why are they relevant
- the 'economy of mechanism' principle
- the 'fail safe default' principle
1, Lecture 1.1 - Basics - definitions and vocabulary
09.09.2020, 22:24
In this lecture, we discuss:
- why computer security deserves its own course
- how to model an adversary
- key vocabulary to talk about security problems
2, Lecture 1.2 Basics - Security engineering concepts
09.09.2020, 16:05
In this lecture, we discuss:
- what is a security mechanisms
- how do show a system is secure
- the key steps in the security engineering process