Scribd
Upload
6 views33 pages

Lecture 1 - intro

CS254 is a network security course aimed at broadening knowledge in cyber threats and defenses while providing hands-on experience. The course includes various topics such as network protocols, threats, and defenses, along with a focus on critical thinking and research preparation. Grading is based on participation, presentations, and a research project, with no exams involved.

Uploaded by

Aaryan Bhagat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6 views33 pages

Lecture 1 - intro

CS254 is a network security course aimed at broadening knowledge in cyber threats and defenses while providing hands-on experience. The course includes various topics such as network protocols, threats, and defenses, along with a focus on critical thinking and research preparation. Grading is based on participation, presentations, and a research project, with no exams involved.

Uploaded by

Aaryan Bhagat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 33

CS254 – Network Security

Introduction
Jan 6, 2025

1
Outline
 Welcome!
 Goals of this course

 Get to know interesting network security topics


 Introduction to research

 Exercises
 Grading
Self intro
 Zhiyun Qian
 CSE Prof.

 Web: https://www.cs.ucr.edu/~zhiyunq

 Course webpage:
https://www.cs.ucr.edu/~zhiyunq/teaching/cs254/
 iLearn for announcements and materials

 Office hours (tentative): Wed 11 to noon


Past research - Vulnerable Firewall
4

 Uncover a new class of storage side channel


attacks against OS and networking stacks

 Real-world security impact caused by OS design,


firewall middleboxes and network stacks
Past research – TCP side channels
Past research – TCP remote hijack

CVE-2016-5969

Server
Client

Attacker
Past research – TCP remote hijack
https://youtu.be/S4Ns5wla9DY
Past research – DNS cache poisoning

www.bank.com?
www.bank.com?

www.google.com 172.217.14.100 www.bank.com 5.5.5.5


www.baidu.com 104.193.88.77

Attacker

5.5.5.5
Hacking competitions
Goals of this course
 Broaden your knowledge about cyber
 What can possibly go wrong in networked systems?
 Gain hands-on experience (not just theory)
 Evaluatingsecurity of networked systems
 Break and fix things

 Prepare for research


 Topics in network security
 Identify interesting areas
Getting an A
 This class requires knowledge of networking (and
perhaps a bit of operating system)
 And also a mature understanding of software and
systems
Who are you?

 Name? PhD or MS? Which year?

 What are your area of interest?

 How do you plan to tie your interest with


security?
What do we study in security?
 How a system behaves under “adversarial actions”

Security research vs. System research

=
=

Corner cases vs. Common cases


=

Bugs

Vulnerabilities

14
What is security research?
Play Games vs. Research Security

 Both deal with a set of man-made rules!


 Man-made rules have bugs (which can be exploited)!
 Think about tax systems…
Who does security research?
 Academia
 Industry
 Military
 Government
 Hobbyists
 Bad guys…
On the news
 Microsoft Exchange Server Breach (2021): 250,000
servers worldwide.
 Log4j Vulnerability (2021): remote code execution
 Pumpkin Eclipse DDoS attack (2023): 600,000
SOHO routers bricked
Topics
 Network protocols
 TCP/IP, DNS
 Basic crypto: SSL/TLS, HTTPS
 Network threats
 Reconnaissance
 Botnet
 Underground economy
 Censorship
 Network defenses
 Firewall
 Network intrusion detection systems
 Anonymous communication
Not a theory
class
Why study attacks?
 Research
 Understand limitations of existing systems (e.g., false
assumptions)
 Identify new classes of attacks
 Motivate research on new defenses
 Also
 Fix problems before the attackers find them
 Pressure vendors so they improve their system
 Help designers determine the right threat models
 Help users more accurately evaluate risk
Common security terms
 Threat model
 What capabilities / motivations the attacker has?

 vs.

 vs.

Weakness < Vulnerability < Exploit < Attack


Thinking like an attacker
 Analyze a system with different goals (threats)
 Break into a door? Steal? Fake identity?
 Think outside the box
 Side channel attacks (e.g., steal crypto keys)
 Identify assumptions security of a system depends
on – can they be broken?
 Physical access to a system
 One successful attack case is good enough!

[1] TEMPEST: A Signal Problem. Journal of Cryptologic Spectrum 1972 (1943)


Thinking like an attacker
 Analyze a system with different goals (threats)
 Break into a door? Steal? Fake identity?
 Think outside the box
 Side channel attacks (e.g., steal crypto keys)
 Identify assumptions security of a system depends
on – can they be broken?
 Full-disk encryption: physical access to a system
 One successful attack strategy is good enough!
Thinking like an attacker
 Exercise: What can possibly go wrong when two
parties are communicating?
Thinking like a defender
 Threat model – what attacks to defend?
 Rigorously reason over all possibilities
 What properties to protect?
 Confidentiality,Integrity, Availability, Non-
repudiation, etc.
 Practicality
 Cost vs. Benefit
 Incentives: e.g., encryption, filtering of bad traffic
Security - Functional View
Proactive
 Risk avoidance
 No guarantee, but reduces/minimizes risk
 Need data support
Before  Deterrence
attacks  No guarantee. E.g., surveillance
happen
 Prevention
 By design, bad things cannot happen (e.g.,
VPN). Do require system change

• Detection
After – Long history! Misuse vs. Anomaly
attacks – Cat and Mouse
happen • Recovery
– Generic is hard. Domain-specific. Reactive
Grading
 Paper response and class participation: 25%
 Attack and tool presentation: 25%
 Project: 50%

 No exams!
Paper response & class participation – 25%

 1 or 2 papers each session


 Other readings are recommended but optional
 Come prepared to contribute!
 Beginning discussions led by me
 Volunteers get extra credits for leading the discussions
 Points given to
 Constructive/creative comments
 Speaking up during the class to contribute in critics and ideas
 Points lost for
 Missing classes
 Not participating in discussions
Paper response & class participation – 25%

 Extracting key ideas and insights


 How do you think the authors come up with the idea?
 What is/are the observation(s) that led to the whole paper?
 What high-level principles did the paper follow?
◼ E.g., security by randomization, security by injecting noise (chaff)

 Generalization
 Does the solution cover the entire problem space? If not, what can be
done to cover the more general space?
 Can the idea/insight be applied to other problems?
Paper response & class participation – 25%

 Most important skill: critical thinking


 Is there an implicit assumption not discussed? Does it really
hold in practice?
◼ E.g., A defense is designed to stop attack X. But why is attack Y out-of-the-
picture if X and Y have the same attack requirements?
 Are the good results really coming from the key idea in the solution
instead of other artifacts?
◼ E.g., A solution includes components X, Y, Z. How do we know which one
contributed the most? And maybe there is a dataset bias favoring their solution.
 Limitations of the approach?
◼ E.g., Why do you think the solution is not deployed in practice?

 Alternative solutions
 Would another solution achieve the same or better results?
 What are the tradeoff space and why is the proposed solution in
the “sweet spot” compared to alternatives?
Paper response and discussion
31

 What should be included in the summary?


 Problem, approach, main contribution
 Key insight and novelty. Generalization.

 Weakness / limitations. Alternative approaches?

 Other discussion points: whose job is easier, attacker


or defender? Any inspirations?
 Due before class (ilearn)
Attack or Tool presentation – 25%

 Pointers will be given to students


 Individual,
8 mins of presentation
 Scheduled in week 6

 Either
 Choose one attack/exploit/vulnerability (avoid overlap)
 Explain the attack/vulnerability (demo)

 Extra points to implement or generalize the attack

 or
 Pick
a security tool (preferably new and popular)
 Demo it and explain how it works roughly
Research project – 50%
 A list will be given or you can choose your own
 2 students form a group (individual is also fine)
 Grading based on contribution percentage
 General goals
 Analyze a system to identify weaknesses
 Propose a new defense / Re-implement or adapt a known work
 Aim for a publishable workshop paper (or something you can brag about)
 Sample projects
 Improve a censorship evasion tool
 (re-)Implement a small measurement tool
 (re-)Implement an attack against SSL/TLS
 design a network CTF question
Research project – 50%
 Timeline
 Topic discussion during office hours (also in class)
 Week 2: Initial idea on project due
 Week 4: 8-min pre-proposal presentation due
 End of Week 4: 3-page proposal due
 Week 10: final presentation, Week 11: 10-page final report due

 Three virtual meetings with me


 One for picking a project
 One before pre-proposal
 One before the final presentation

You might also like