 Alright folks, let's get started. Thank you for sharing with minor technical difficulties. I don't know man, how do HDMI and USB-C and all that stuff need to work? Before we get started, I'd like to have your other TA besides Max introduce himself, so go ahead and take the mic and introduce yourself. Hey everyone, my name is Wilco, I'm from Max. I'm a USB student, I work with Adam and the other three professors at SETCOG. I was an apprentice here before joining when we had a USB student for like 10 months. I played the USB then, and that's pretty pretty much what I wanted to do. Can I talk about what you did at the DEPF on last year? Well, I was helping them last year with the DEPF on, but this year I played with Shedfish for the CVF. And yeah, I'm a part of Shedfish right now, so that's pretty good. And that's it, so I hope... I mean if you guys have any questions or anything, feel free to ask me. That's it, thank you. Cool! Alright, there's 28 of you more than the last time we met on Thursday. So, yeah, lots of cool friends in this class. So let's get right into it. So we talked about on Thursday, we talked about what are the components of security. Can somebody help refresh our memory? Until when we think about security, what are the three components we think about? What does confidentiality mean? It means access. Can somebody give me an example of something violating confidentiality? Who can do it now? Making public data accessible to people that don't need to know it. Right, so making data that should be private, public, and accessible to people that don't necessarily need to know it with ties into the concept of access control. Cool, what are one of the other...availability? So what would be an example of something that compromises the availability of a system? Yeah, so not being able to access a resource like the classroom, but being more broadly rather than just computer systems. Cool, what's the third one? We're in a weird order, by the way. Integrity. Integrity, so can you give us an example of something, an example that violates integrity? What are you talking about? Yeah, so changing your bank account, right, value without you actually making and initiating that change, right? Which also then, again, has a bit of ties into in terms of access control, who's supposed to do what, those kind of things. Cool. All right, so we have our great confidentiality, integrity, availability. So this helps us think about maybe security problems or security issues against the system, but we also, so the other thing, are these just kind of... So we also think about, okay, the security of the system could be violated in kind of at a high level these three ways, right, confidentiality, integrity, availability. But we also always want to be thinking about what are the threats to a system? So what is a threat? Something that could potentially harm the system. Something that could potentially harm the system. Has it actually happened yet? Do you expect me to follow on? No. No, maybe? Why not? Why was that a questioning, though? I feel like you shouldn't have broken the first place. What was that thing? You shouldn't have broken the first place. That way it's kind of on hold, but if something hasn't actually happened, you could say, you know... Okay, so at this point we may not know if this threat actually occurred or not. We may have evidence, we may not have evidence. So why is thinking through... So threats are... So what are some of the threats to... Let's say... So what are then some threats that we've talked about in some of these scenarios? Or you're talking about security, what's it... Use the bank account for an initial example. Or a bank. Let's use a bank. So what are some threats to a bank? Think they have no threats? They should just... Everyone out of the bank. Have you been to a bank? You ever have to actually physically go into a bank? Is everybody super relaxed there? Just chill? Yeah. Someone being able to access usernames and passwords? Yeah, so somebody being able to access usernames and passwords, and why would that be a threat? Yeah, so using those usernames and passwords, they log on to the bank website as that user impersonating them. Essentially, maybe transferring money. Yeah, all in the bank. So it would be... Yeah, a lot of this stuff... We're not here to kind of finely dice all of these things and have philosophical discussions of is it exactly a threat or something else, but it's to... The purpose is to get us thinking about that. So what things would you be worried about? Like faculty... I'd say faculty, but staff at a bank may be making mistakes on. Yeah, so think about have you ever driven past a bank? Have you tried looking into the windows of a bank from outside? Can you see the computer screens of the employees inside the bank? Have you ever thought about this? Apparently, you're not malicious enough. I need to start getting you thinking like black hat hackers so you can think about these kinds of things. So what could you do if you could see maybe the screen of a loan officer at a bank? What information might you be able to clean? Bank account number... Bank account number, well... Balances. Balances. Credit score. Credit score. Think people want some other stuff. Social security number, somebody said that. I think it goes over here somewhere. Addresses. Yeah, with that you can actually maybe go to another bank and sign up for a loan in that person's name. Right? And this is literally just from maybe parking your car outside the bank and just watching. Right? Or maybe parking farther away, getting some binoculars so you can see. I've actually seen this in some businesses, it's insane. Now, every time you walk past a business, you'll look inside and you'll be able to see, can I see people's computer screens from where I am? Cool. So yeah, that's definitely a threat, right? Is it something that the organization the bank should care about? Why? Because that's part of their assets. Yeah, so because it's going to essentially impact the security of their system, right? So it doesn't only matter that this is maybe negligence by an employee or something. They are responsible for securing that data and it's up to them to kind of think about that. Cool. What are some of the threats? High-tech here at Hard Drive? Yeah. Wait, Hard Drive? Yeah. I thought you were talking about robbing a bank. Like, has nobody watched a movie? This is the plot of many, many movies. Physically robbing a bank, right? Taking money out of the vault. We like to think as computer scientists there's maybe more elegant ways of doing that. But still, we think about Hard Drive, right? What happens with a Hard Drive? You think about threats. What if an employee says, ah, this Hard Drive is just, it's not working and they just chuck it in the trash can. Which then is throwing the dumpster out back. Does that have any security impact? Yes. Yes? How so? Does someone want to elaborate? Somebody said yes over here. Oh. Okay, perfect. They can try to use some, I'm not electro-inventing anything out of my head, but they can check that. Neither am I. They can check that physical Hard Drive or actual, like, data, and stuff, especially if it's not encrypted. Yeah, so the Hard Drive, maybe, there's all kinds of crazy stuff you can do depending on how sophisticated you get. Maybe they just think the Hard Drive is broken, but it actually still works. Have you ever done this trick where you put a Hard Drive in a freezer to try to make it work again? No? Am I the only one? Okay. Well, I guess now with SSDs, that's probably less of an issue. But spinning Hard Drives, that used to be a way you could fix it and then it would work again. You could even go so far as maybe the controller is broken, so you put your own controller and access the raw drive. You can actually have people that open up and read the raw vids directly from the Hard Drive. Right? So if that information, again, is not encrypted, now the bank is leaking out information. Cool. What are some other threats? Yeah? On the same note, like I said, applying to the current, I'm sorry, faculty there. You could have maybe insider threats or people with malicious intent inside that worker. Yeah. So insider threats. So we'll stick with staff. We don't want to malign all faculty members. Right? So even though they may be more vulnerable than regular staff. But yeah. So now, so we're just talking about threats. What's the difference between the threat of a, let's say a careless employee versus the threat of a actively malicious employee? What's the difference? The work thinking about those differently? Yeah. Right. So the careless employee, maybe we can put some procedures and we'll talk about those kind of things in place to prevent them from doing those careless actions. Maybe we can train them because they're just not aware. Whereas a malicious employee may have knowledge of the system and take active actions against our system. So what would you do as a malicious employee of a bank? Accounts under somebody else's name. That's insane. What bank would do that? Sorry. Starts with the WS and then elsewhere. Yeah. So creating fake accounts in people's names. That would be something that a malicious insider could do. What else? Yeah. Installing a key logger. Installing a key logger. So what's that? What does it do? It logs your keyboard keys so that you can install it. Yeah. So you can install this on all the computers in there so you could get, and then maybe, well, or what you could maybe do. And install it on your own computer. Usually employees don't have admin access to their machine. So then you call IT and you say, I'm having massive problems with my computer. They come in and they log in with their IT username and password, which now you've stolen because you have a key logger running there. And then maybe that gives you access to other systems so you can minimize your footprint of trying to put key loggers on every single machine. Yeah. Yeah. So locking people's computers. This is a game we've started at our lab, which I won't tell you all the details of, but you can ask people in our lab. Basically, if you find somebody who has their computer unlocked, you can go in and do stuff. It actually escalated during my PhD to the point where people would download shell scripts that would run every time the person would log in to try to steal passwords. But at that point, we decided that was way too much. So we've reduced it so you could just prove that somebody had their computer unlocked by posting as them on a Slack or email form or social media. That proves to everyone else that you had access to their machine and you promised not to do any additional damage. That is annoying. What are the threats to the bank? Yeah, more to it. So it's a steal money? So a steal money? So yeah, maybe a malicious employee could steal money from the bank or form a user, transfer money. They say, well, yeah, the user came in and they asked me to pull out a thousand dollars in cash and I gave it to them, but actually they put it in their back pocket. Yeah. So a malicious employee could work with a malicious customer to coordinate something. Right. So yeah, you could have people actually working together. Does it make sense to think about those threats differently? Like the one malicious employee versus maybe an employee that's even hired by a malicious customer? It's cool. It's not recorded on the video. Donna is a little tempted to be maybe one of the most disastrous because one of the most valuable things that a bank employee had was crazy to sound. He's aware of what the security systems are and the information on what those security systems are and therefore how they can pass the bypass. Right. Could be given to outside agencies. And that's actually, not only is that usually used to present a huge amount of power to bypass a malicious employee there, but it's hard to track because a bank employee is selling out of cash that's relatively unplaceable and you never know what that means. That's probably actually one of the biggest threats we face. Yeah. So then it's important to be thinking about actually all these cases differently, right? So if we're going to try to prevent threats from a careless employee, that may cause us to do a certain number of things versus a malicious or insider threat and employee that turns bad versus an employee that turns bad because they're working with an outside criminal organization that's trying to get inside our system. Right. So thinking about those different things is really important. So let's see. So we want to think about kind of all these things. In the book there's like a lot of, basically these are kind of categories to try to think about some different types of threats, but all the things we're throwing out, all the things we're talking about are definitely threats that need to be considered. And so when we think about it, so what would be an example of deception, let's say, in what we talked about in our bank example? Yeah. Fishing someone's email. Fishing someone's email. So somebody may be outside the organization sending an email to one of the employees. They click on that link. It brings them to what looks to be the internal employee login system. They type in their username and password, but little do they know. They're actually talking to the adversary system, which feels their username and password, and then redirects them internally or whatever they need to go. What else? Yeah. Credit card scammers. Credit card scammers. So yeah, what can you describe that? Basically it's a little device that goes over where you put your credit card and then records the information from your credit card. Yeah. So these are common on gas stations. So you know when you go to the gas station, you're plugging your cards, right? So what the attacker will do is put a little thingy on the front of that. So not only does the gas station get your credit card number, they get your credit card number. And then they store it until the attacker comes and they kind of suck it up. And that's one way to steal credit card numbers. Yeah. Yeah. Okay. Back to the bank tax movies. There's like a great way to think about how like literally physically hacking into a system, right? What do they do? They show up in maybe janitorial staff or maintenance staff and say there were some requests that needed to be happened. Or you dress up really fancy and nice and everyone assumes you're supposed to be there and nobody challenges you, right? These are all different ways to see people. Yeah. They talked about the social aspect and they said sometimes they'll just show up and say like we're part of the janitor's crew. Yeah. And then they can get in and the company pays them to do that. Right, exactly. So yeah, there's companies that do not just like computer and network penetration testing but sometimes physical security pen testing. I had a, went to a talk similarly by somebody who worked at early warning and he was talking about what he used to do to get, so their goal was to get to like floor 20 of some building. And it's one of these buildings you have to have a key card to get access to all this stuff. So he'd say he'd purposely time it in the morning when he knew he was super busy. He'd have like a bag of like McDonald's and a coffee in one hand and he'd be like run after somebody who was clearly like going into the building. I'll hold the door and then you'd like just follow them in. And they'd be like, oh yeah, no problem. I mean, hold those in the store for you because you clearly have stuff in your hand. He'd also make like a fake badge based on their badges so that it wouldn't work, but they would see that he had a badge so they never ever questioned him. So yeah, all kinds of ways and threats into the system. So this is kind of something to think about. So in computer systems, so there's kind of a set of common threats that we definitely occur a lot that we have even brought up when talking about like a bank and safety of a bank. So one of that is, so as part of let's say confidentiality, you want to keep secret things secret. So if you're an adversary and you want to keep, you want to learn secret things, what do you need to do? So what are some ways that like law enforcement has to do that? Convince someone on the inside to help you. Okay, convince someone on the inside so try to flip someone. That's a little difficult, but yes, doable. What else? Yeah. Just social engineering. Social engineering a little way. So what are you trying to do? Appeal like, it's sort of more of a deception, but it's more of like appealing that it's in their best interest to help you. Okay. All right. So it's one inner person. What else? Yeah. What was that? Yeah, or wire tap their phone. I mean, it used to be like physical days you have somebody physically tap into the wire of their phone system so you can listen to all their conversations, right? What are some ways we can do that on computer systems? So one would maybe be in the phone. There's companies that sell software that if you download it to somebody's phone, it gives remote party access to all of your text messages, voice calls, everything. What other ways? Yeah. Group force. Group force what? Easy name, password. So their password, maybe you're being able to group force, let's say their phone password, so you can get in their phone and look at stuff. Yeah. You could find all the way through the password so you could, you know, get in the social engineering part of this conversation. So it's very clear that your phone is being something like that. Yeah, and you could use that. Actually, that's a great point. You could use that in terms of anybody ever forget their password on the website. No, we have a lot of geniuses here that never forget their password in every second. Yeah, so how do you get access to the site? In the middle of town. Great. No, I'm talking about, you are a legitimate owner of this account. You are locked out of this account. How do you get access? I hope you don't resort to that. Forget password. Yes, forget password and then what does it do? Security questions. Security questions. That asks you what kinds of things? Mother's maiden name. What's it? What city were you born in? Favorite pet. First pet. Favorite sports team. Your first best friend. The name of your childhood best friend? Right. Yeah, are these secret bits of information that you've never told anyone in your life? No. No, is that data maybe out there or easy to get? So if you want to get access to somebody's site, maybe that's how, or some account. Maybe that's how you go about it. Cool. What about, is anyone connected to the ASU guest Wi-Fi? Occasionally? Yeah, that's fine. You can do it. Is that, that's the unsecured one, right? Yeah. Yeah, so what's the difference between secured Wi-Fi and unsecured Wi-Fi? Yeah. Don't say secured. What's that? What is it? Encryption. Yeah, so encryption, right? What does that mean? I mean, yeah. So like, usually on a secured one, you send them out. Say louder, sorry. Usually on like an unsecured one, you can like, send the packets to or what is forward going to. Yeah, so if you're in an unsecured Wi-Fi, like in Starbucks or wherever, or your local favorite coffee shop, because we love Starbucks here, if they're ever listening, we love Starbucks. So if you're on an open Wi-Fi, literally anybody with a Wi-Fi radio can see exactly what you're sending. So they can look at all the packets you're sending. As we'll see if you're using some higher level form of encryption, like HTTPS, they won't be able to see the exact content of what you're doing, but they can see a ton of stuff. So this is kind of in that same vein that we talked about of snooping, wiretapping, right? This is kind of a common threat that as we're thinking now in terms of a little bit more computer systems, we always need to be thinking about, right? Is this data supposed to be confidential? How can somebody get access to this? Does anybody remember one of the revelations that Edward Snowden brought out from the NSA? There was a lot, specifically Google thought. So every now and then, do you have a vague idea of how Google works on the inside? And they have data centers with like thousands and thousands of servers and machines, right? And they have one data center. They have many data centers that look like that. And many data centers spread all throughout the country for geographic redundancy, actually technically around the world, right? So they have all these data centers. They need to shuttle data between them. They thought that because this was all kind of their private networks and they had a lot of stuff there, they thought everything was fine. Well, it turned out one of the things that Snowden released was that the NSA was able to wiretap in between these links inside Google, Microsoft, and I think one other company too. Maybe, I don't remember what it was, but it doesn't really matter. So that actually caused Google to re-engineer all of their data systems such that all machine to machine communication, even internal, which they thought they'd never had considered either the possibility, maybe they'd never considered the threat of a nation state listening to their internal links, but now that that was proven to them, they encrypted all communication from machine to machine communication inside Google to protect their users. So we also are worried about people modifying, altering data. So one of the interesting terms that came up was the man in the middle. So what's like a man in the middle attack? Or what's an example? Either client-to-server, there are two people talking to each other and the message we're sending across, we're sending from like me to you and say Spencer here is in the middle and he just intercepts my message. I'm saying, I'm going to be meeting you at 4.30 and he's like, no, 3.30. And he goes to you and you're like, oh, cool, 3.30 and you show up when I'm not there. Yeah, I would be very upset in this hypothetical situation. So basically if you're able, in the middle of communication, so think about if you've ever, so you go to Google.com but somebody along the way because your data doesn't just get being directly to Google, it has to go through several hops to the Wi-Fi router or ASU to some switch inside ASU to some border router to some other border router to then somehow into Google's network and then anywhere there. If anyone in there messes with your data or your message, right, they can have it say whatever you want. They could completely control, alter, and really affect the integrity of your message. Other things we think of are masquerading or spoofing. How does that get into some of the threats we've talked about? Yeah, so like, so in the context of a bank, so if you were able to get access to other people's credentials, logging on to a system as them, you're masquerading, you're spoofing their address. Is it always that? If you're spoofing your IP address, then it makes yourself feel like I'm being so hard to track. That'd be cool. Okay, so you use technical controls to do that. What about like a social context? Or maybe, I don't know, why don't you talk a little bit about the internet? I mean, just like staying anonymous on the internet, you know, so that way people can track you and what you're doing all the time, like Google selling your information. You don't want that, so you don't take counter measures so that your IP address is different, all your data is secure. Okay, cool. So yeah, thinking about this in terms of anonymity in the sense that you're not necessarily masquerading as another person, but you're masquerading or spoofing as several different people. So in that way, with a large number of N, or you appear as a different person every time, you're actually limiting the amount of information you're giving to the service Yeah, wait, let's actually, let's think for a minute, this is actually a good thing. Let's think about Michael Crowe, right? He's the president of ASU. Have you ever received an email from Michael Crowe? Yes. I think yes, all of you. Do you think he wrote that email and sent it to you? No. But it comes from him. So is somebody spoofing and masquerading as Michael Crowe? Should we go tell him that his security has been compromised? People are sending welcome to ASU emails as Michael Crowe. No, somebody delegated that to him, right? Or he delegated that to somebody else, right? So it's the other way around. But yeah, this happens often, very often in organizations, right? He'll give a trusted person the ability to send emails as him. And he's, so why is that not a security concern? To be delegated to somebody. And then that person says, I have the authority to this person and I can do whatever's want and start sending out emails to students. They're like, hey, your email at the reach center, your customer's reach center, send me your password. Yeah, so this actually could, this behavior could introduce additional threats that we now need to consider. That's a good point. There's a hand over here. Yeah. I heard you were on marketing plays the last night. How many products do you think we colorize? Yes. So yeah, so related in a sense of like spoofing emails, spoofing phone numbers. So yeah, in all these contexts, right, there are cases where it's actually useful, right? So similar to phone numbers, when a company calls you, every person in the company probably has a different phone number, but outgoing calls, they want to go to a certain phone number internally. So they'll often spoof their phone numbers to a number that they control, but that's not the exact phone that made the connection. So in all these cases, right, I mean it's, I wouldn't say that the fact that somebody can send email as Crow is a security vulnerability because it has really violated confidentiality, integrity, or availability because he has chosen to give that to a person, right? If I'm that person and I somehow have the ability to send email as Michael Crow, but he never authorized me to do that, then that would be a clear security violation, right? But it does change and we need to think about threats, new threats that this behavior introduces. So this is just to get you thinking that it's very easy to think about, like, oh, masquerading or spoofing or sending an email as another person. That's clearly always a bad thing. That's not necessarily the case. You have to really understand the context surrounding what's going on here. Cool. Repudiation, what does that mean? Denying you sent something? Why would that be useful? Well, why is that a threat? Well, you can figure out the nine that you sent something. Yeah? You can send to the same party. You guys can only get sent an email. So, okay, maybe you are replying all to an email that you meant to make a private comment to somebody else? For the bank example, if you make a purchase and said that wasn't made. Yeah, so the bank example or other aspect of banking, right? Let's say you tell your stockbroker you want to buy a million dollars worth of shares of company X and then they do that and then an hour later the stock drops by 25%. And you go, why the heck did you buy this? I didn't authorize you to buy this. They said, well, we got this email from you and then you say, why never sent that email? So the ability, so common threats would be the ability to, well, what you want here is non-repudiation. So you want a mechanism, maybe cryptographically, where you can say, actually no, this was you. You didn't tell us to buy this. You didn't think about those kind of things. Other things, denial of receipt. So, if you've ever received something, so kind of the reverse in a little bit of repudiation. Delaying things, denial of service, all kinds of common threats. So how do we defend against threats? Do we care about defending against threats? I guess part of it is you have to make the mindset of what threats there are. So you need to know what threats there are, right? So how can you defend against something? You have no idea if it's possible, right? So that's actually a key aspect of securing a system and analyzing the security of a system is thinking through what are all the possible threats. This is why I've been trying to, you know, I was playing in two classes, but I've been trying to get you to put on that adversarial black hat so you can, this hacker mindset so you can look at something and think what are all the different ways I could break this or maybe do something bad. Yeah, authenticate. So we may want to think about, can we talk about those a little bit? Sorry, so you get the information that you're asking for. Perfect, so we may, and so we may, if we think we're an organization or we're securing a system, right, we may want to ask, well, okay, if we're worried about threats of impersonation or masquerading or spoofing, we want to ask, okay, how are we authenticating that people are who they say they are, right? As we talk about, if people, if everyone in our system's password is password, it's probably highly likely that people can spoof other people. Yeah, that's great. Hiring enough manpower to deal with it. Like, you've seen recently how a lot of companies are trying to increase how many, like Syracuse 3D people they have, like Facebook is a big one and thing. Yeah, so this is a really interesting kind of meta point almost, right? How do we defend against threats? Well, we may think about things in terms of technology, right? Maybe we need to analyze the technical controls and systems we have. Maybe we need to ask ourselves, well, how many people do we have to actually do something about this? Yeah, that's a great point, yep. So we may want to look at ways of either, let's say, completely eliminating threats by reducing ways that we could be vulnerable. Yeah, I mean, well, you could think of it if we're worried, one of the threats we're super worried about is people hacking into our external login system for employees, what if we disabled that and made it only through internal, right? Then we've made or moved one avenue, we can't just say everything's secure and put up our hands and say we're done, but at least now we can think through, okay, what does that mean that now only inside the company we can access this data? So we may institute some kind of policies, right? So we may say, okay, as a company we are mandating that all employees do, let's say, security training. As anybody in the ASU employee, does ASU do this? What do they do? So ASU has two-factor authentication? Is that for students, too? Yes, cool. So what's that trying to help or what kind of threat is that preventing? Yeah, so if somebody like, okay, here's a great example. How many professors have you seen come into a computer that they have no idea of the security on and log into it with their ASU username and password? If you didn't have two-factor authentication, what does it take to change grades in a course? The username and password of the instructor, right? You can even go back and retroactively change grades and do stuff. So it's almost insane that you can just go to a computer, right? So we talked about keyloggers. How do I know that anybody has to install the keylogger on this machine here in the classroom? I don't, right? I mean, so that is a threat that the university is concerned about. And this is what we'll talk about in a bit of policies and mechanisms. So the university has instituted a technical mechanism which means that when I log on to my ASU, I need my username, my password, and I need access to my phone which has that, which either the duo pushes an alert to that I have to approve on my phone or it has a code that's auto-changing. So we'll get into all this different types of authentication, but here I need two things. I need my password to log into my account and I need access to a device like my phone. Do you think it's a pain in the butt? Yes. Okay, hopefully, I would never think to change your mind. I would just, hopefully by the end of this course you'll at least appreciate the security benefits of this. I think of it similarly, you know, like, does it suck to lose your keys and get locked out of your apartment or your house? Yes. It sucks a lot. I've done that a lot. But also, would you rather have no locks on your house? So see what I'm getting at. It's kind of a, yeah. I've heard of this, like there's a system called the music key that I use at a lot of companies. I don't quite understand how that's like providing the additional value because generally the music keys can't be plugged into the computer at all times. So how is that providing Right. So a UV key is a little, maybe I can show that. Okay. Cool. So a UV key is a little device that similar entities like Google Authenticator or one of these other apps. So essentially the way these work is the server and the, in this case the physical device share a secret. And based on that secret, everybody I think 30 seconds or every minute or whatever, it generates a new random number. And the idea is cryptographically, if you steal one of these numbers you can't predict what the next number is going to be. And so this way you have to be physically like, or at least I'm thinking about the UV keys that show numbers that change on it. I think there's other ones that plug in which is a similar concept. Right. So the idea is not really that you break into that computer. Right. So the threat is if I break into your computer that has the UV key installed I can do whatever I want. But the threat that combats is if you are tricked into divulging your password to some other website an attacker can't get access because they don't have physical access to that machine right then. So security and threats that I've always been interested in. So there are all these wide-scale attacks that people talk about like security-wise particularly in terms of security and stuff like that. But then I also hear people argued that from like unless you have like actually access to it enough security yourself to like a lot of high-power technology to really secure things realistically there's not a lot you can do to affect your own security and your main form of security is security by being you know, massive and equal. So the likelihood of you being hit is low. Right. Is there a truth to that or is there a lot more valuing up in your life? Aside from basically combing the same password for everything is there really much that the average person can do against those type of large-scale threats? So I think it's important and that's actually why we're talking about threats. Right. So you can consider so think about an organization like Google. Right. Are they concerned with some person who just wants to like break into the Google website and deface it for fun? Right. That's one threat with one set of capabilities versus a nation-state level that wants to hack into Google to get access to Gmail to look for dissident emails and all this kind of stuff. Right. So the level of sophistication there in your adversary is much, much, much larger. So yeah, I think that makes sense even when thinking about personal security. Right. Or you're not physical security but you're personal cybersecurity. What threats are you worried about? And one of the things that we'll talk about is a probability of threats. Right. So you could be worried about the probability of a threat of an alien coming with advanced technology and hacking into your systems but the probability of that is vanishingly low so you probably shouldn't worry about that. But if you're in a job or a position or whatever where you might be a target let's say, and this is happening in the past, like you own Bitcoin. Right. You own $10 million of Bitcoin. You should probably set your game up a bit. Right. Because you may be targeted more than the normal person. So I think it's both. Right. You have to consider what are the things you can do that will make you kind of stand out from the crowd. I mean I guess similarly in the physical world I don't know if you've ever heard this but if you really say I don't know if it's actually saying or not but like a good anti-card theft deterrent is to always partner next to a really expensive car. That's what this is. So if somebody tries to decide which car to break into they'll choose the other car. And that of course doesn't really bring a factor in the ease of breaking into a car maybe it's easier to break into your car than their car because they're super important. I don't have a good answer of what you should do personally but it definitely is a super important part of security is contextualizing these threats for this specific environment. I probably not recommend anybody here think on the level of a Google in terms of personally what do I need to do but you want to think like what happens if I lose my phone and somebody gets access to all my pictures or what can somebody break into my iCloud account or text messages or something like that and these are things I think that are important. So it kind of sounds like what you're saying is basically be careful who you're trusting with your information essentially. Have you cognizant of where your information is what they're doing with it and what you can and make conscious trade-offs I think it would be important but anyways we can talk about personal security in a bit but cool. Okay so it really boils down to two things I think about I'm thinking about how to defend against threats policies and mechanisms so what do these mean and what are some examples of them? Well I guess one of the policies would be having rules for password length and what they must include Yeah so policy could be exactly so having rules for passwords minimum lengths right we can make sure that people don't have common passwords like password as their password but yeah so that's definitely a good example of a policy what else yeah let's go back there I guess a mechanism would be Yeah a mechanism would be let's say we're worried about threats attacks of general service attacks against our web service we put mechanisms in place we put technical measures in place we put like Cloudflare I think is what you said right so we hire a company basically to suck up and give us DDoS protection yeah so that would be a mechanism that we're putting in place yeah like having a bat yeah so having a bat like so there's two aspects here right so there's you can have the technical mechanism right that to physically get access to a room you need a key card which is actually what we have here at ASU right does anybody try to get into a building after I mean 630 or something yeah they're locked right you need to have access to the building before a certain time but then so there's a mechanism if you only have the mechanism are you going to have an effective and secure system yeah so you need the policy right that states that if you think about a company right an employee every employee has to badge in is usually the way that policy goes so it's crazy because you have to fight this like human urge to be nice and like let people into a door right you're supposed to and they're not that they don't have access they'll get denied right you'd have other policies during undergrad I worked at AT&T government solutions they had a secure facility but I was in like the unclassified thing and I hadn't worked much this semester for whatever reason and so I go in there and I'm walking around the halls and somebody's like who are you like I'm Adam I've never seen you before who's your manager I was like I don't know who you are and you're walking around in this facility I was like okay so but like having that culture and those policies to challenge people if you don't recognize that because maybe I was there to steal stuff like I don't know so that's so those are I think that's that door example that badge example is a great example of the distinction between if you just think you have a mechanism it may not be super effective so you may need additional policies but still all of these specific policies right so you also need training you need policies checking policies all these kinds yeah and then you go over the top with the mechanism you could go to a mechanism that's so extreme you don't have a policy but then it causes other inconveniences like you couldn't have an airlock door that a scanner was in well that's one person through and then most of the scans make sure there's one person you could go together and then the airlock you could go crazy with it but then you're going to have accessibility problems with that yeah that's a great example so if you ask me can I build you a very secure computer I would say sure I can definitely do this right I can take a computer put it in a secure facility let's say like Fort Knox where the US government keeps a bunch of gold we'll burrow down build a room with concrete around it we'll put the cement I would say that computer is very secure and what will you say it's not built it's not built I can't use it it's not doing what I want it to do right so it's actually a great point we need to be thinking about when we're thinking about these policies and mechanisms if you think about it just in the security mindset you will be actively harming the business and the what are the outcomes that are supposed to occur and so as a security professional you're always the one people are smart they will find a way to do their jobs while getting around your policies and mechanisms so you always want to be thinking about those things so let's take it to an example so we'll think through here about we'll talk about threats we'll talk about we'll spend like 10 to 15 minutes on this this will be a good discussion I enjoyed this so we'll think about threats so we'll try to enumerate all their kinds of threats we'll try to talk so we want to defend the house does everyone know what the house is so what threats are there and why do we do it threats first apart from that one yeah so we need to figure out what you need to defend against yeah so we need to figure out what threats we want to defend against in order to put policies and mechanisms in place great so threats who's living in the house who's living in the house why is that important I just said we want to defend the house we gotta know who's allowed in the house yeah yeah so this is the house for me I may not need as much security as Bill Gates right would you agree Bill Gates and I have different levels of threats yes the answer is yes I think so so that's a great question so who do you want to be in the house how big is the house right so are you talking about the house okay well I just realized I compared yeah I started this comparison and I'm regretting it but yeah so that makes sense right and why does the size of the house matter in terms of defense and and threats right somebody hasn't talked yet there's more places you can get in what else how many houses nearby why does the like relation of this house to other houses matter yeah if someone's a really tall house next to you they can jump off that house into your house yeah so you can use the geographic landscape of this house right in relation to other houses actually matters a lot right other things is it like Bill Gates has a house on the I think it's on the Puget Sound or maybe it's a lake or something a lake a lake wash anyway it doesn't matter but right that actually may have a big impact because you think about how people get to this house right is it through a road is it are there waterways into this house that are actually all smarter than this slide right because what are you doing right now you're talking about threats or policies or mechanisms what are you doing talking about the house you're contextualizing what it is we're defending right without any of that information you'll be defending the wrong thing you'll never be able to create effective policies mechanisms if you don't know what you're doing okay is the house made of I'm not very good at planable things but is the house made of matches versus so that actually may be an important thing right so we want to consider fire risk yeah it's a really hard tough right so like I only have one staff member and Bill Gates probably won't know right and so thinking about do we need to think about we're talking about access who has access to the house these kind of things do we just need to secure one person are they married do they have kids what's the size of this household look why does that matter yeah so what kind of budget are we working with does the budget impact threats yeah so it depends on what budget we're talking about let's just say it's our budget of how much we have to secure this house does that affect the threats that we'll see or that we should be considering okay interesting that's a good place that may impact like if we think about our budget how much budget we have all the mechanisms we introduce with an impact and we need to think about the threats against there on the other side people like top notch security people will be deterred from going against you would put certain threats interesting so yes I think these are all yes I would say in general when you're thinking about threats and like threat modeling you want to consider right and then you can say okay given our budget and what we think the probability of these threats are what can we actually address right these are kind of important things that come up but yeah that's great can you say like defend the house and what exactly people inside it or the items yeah what are we defending right I mean exactly is it the people is it the house is it the valuables inside the house right what are all these things that we're defending again so do you think it's like average rule again or like a lot to do order right yeah so who are we defending against right this gets into threats a little bit so we start thinking okay if we know more about this house what else yeah do you want to answer okay cool so so something yeah I think this is just the house just the house right once so yeah determine right the house like are we worried about termites are we worried about bats up in I don't know bats are bad what else is the other natural disasters natural disasters are we worried about tornadoes hurricanes right and what is our ideas of those threats how does that impact like what factors impact that where we live right so we probably are in Phoenix right agree yes but if we're in Florida or on the coast somewhere maybe we worry more about those versus earthquakes versus all kinds of stuff cool okay so let's pare it down a bit we have a let's say semi high value we'll call it roughly a million or so like in value house I don't know how do you want to split that up maybe there's some jewels whatever you think it's I don't know like a three bedroom house in a neighborhood let's say coming up you guys could tell me what the house is I'm I'm sorry so let's take a threat so then what threats does this house and we want to defend against let's say damage to the house damage to the people the people I mean the things that you would expect if you hired me to defend secure your house or defend the house right yeah that's interesting I don't know let's ignore that threat so let's say so one we can get kind of we can talk about threat actors like we're concerned about but one threat let's say a concrete threat would be people breaking in through a window right so how do they do that so you have a specific example yeah so does anyone ever try to break in their place or house or place or house through a window yes some of the windows are better than others so yeah so so how good is the lock like so a threat would be somebody not breaking the window because that would be a different threat right of somebody getting into the house through let's say a window right so what kind of what we'll go in order a little bit kind of policies and mechanisms what we need here to lock up yeah so a policy would be lock all the windows right all the windows need to be locked all the time yeah install bars on the windows install bars on the windows okay yeah these are all often yeah no no judgments no judgments yeah no windows no windows design the house so that it doesn't have windows put the sticks in there windows still so you can't open it yeah so you choose on that thing now so it's very annoying but yeah so the sticks they put on the windows so you can't open it like there's a physical barrier to opening it all the way yeah an alarm so we can put an alarm that alerts when the windows open I think modern security systems kind of do that yeah cool so what of these would you like actually propose doing like what of these seem feasible to combat the threat like is no building the house with no windows is that why not because you can't use windows because yeah there's no windows in the house let's like a crappy house to live in and the house may already exist you may not be able to modify the house that actually may be out of your budget a lock so forcing people to lock so the policy of forcing people to lock what about like in the winter when it's nice and you want like a breeze in the house are you going to not open the window because your policy now says that you I know we all are living out in summer where we don't even think about opening windows yeah okay you have a policy of that are people going to follow that no no it's a house they live in yeah you can't say you have to do this you have to work around what they want to do so maybe we need to think about what are the people in this house actually going to do how can we work around it yeah that's a good point cool yeah the entire bodyguards stand by each window the entire bodyguards stand by each window yeah very interesting ideas implement mechanisms that enforce the policy yeah so we can implement a mechanism you can have a security system that flashes an alarm whenever it detects that there's nobody in the house but the windows are open or something or alerts you on your phone if we want to get crazy IOT what were you talking about yeah the camera locks the windows you have a camera and then hire somebody to watch your cameras that are watching your windows or machine learning or machine learning that's not effective I use it a few minutes okay so what other threats would we be interested in so we've talked at length about that yeah okay so I'm not thinking in terms of a so why are we what threat so that's more of a policy mechanism aspect what threat are we worried about there I mean the threat I guess one way is like you can have like a lock that's just like automated in the IOT right so let's say now we have let's say we have a smart lock where we can unlock our door through our phone all this stuff right so we want to be worried about the threat of what happens now if somebody hacks into our network because now we've added kind of this digital cybersecurity aspect to the physical security of this home because of that yeah yeah so we need to think about what the impacts are and these policies and mechanisms we're implementing in place yeah that's good anything else yeah even like a gas leak in the house you want to watch out for that yeah gas leak so what would be some policies or mechanisms we've put in place to combat that carbon monoxide detector what else yeah say again louder yeah so change like don't use gas use an electric soak right that would definitely be one option what else rational valves yeah monthly inspection or you know you can have a policy that says you must turn off the stove after you're done using it has anybody left the stove running before so you understand how effective policies can be yeah I think part of the policy should be also how you recover from things that you didn't have originally a policy for so it's just how you bounce back from that because it would be more important because if you handle it ideologically that it's not going to go wrong yeah so it's an interesting point that kind of points to the future we'll definitely talk about kind of the cycle of what you what you do in an actual organization so thinking through what happens yeah tell him I would assume have an insurance policy yeah so have an insurance policy what is the insurance policy important to recover so we'd actually maybe think about the threat would be what is something that we haven't thought about occurring and how can we recover from that and so buying insurance actually gives us some level of security or insurance that we will be covered in case there's a significant count on happening cool okay so this is one of my favorite examples okay so very quickly this is kind of the things we've been talking about right when we think about security policies they should really try to be it all in terms of threats right so we want to prevent threats so this was the great idea of removing all the windows on the house have you prevented the threat of somebody preventing it and as other problems as we talk about in terms of detection so going through the window what were some did we talk about any policies or mechanisms that dealt with detection alarm alarm so we can have an alarm that alerts every time the windows opened right that would actually be a detection mechanism why is that important so that we can we think there may be a violation we think there may be a threat we might look and verify this what about recovery is recovery important yes you want to close the window if someone opens it and runs yes so how do we recover from that or we can think about what happens if somebody throws a brick through the window right some of these mechanisms we talked about actually don't like locking always locking the window that actually doesn't help if somebody has a brick and throws it through your window maybe we can detect that maybe we have a way to recover from it a system will automatically call law enforcement when they detect that this happens and of course what do the criminals do in that case you've seen movies you have that like fancy thing that like spins around and cuts out like a thing from the glass so it doesn't shatter the whole thing in glass so they can go in and open it right do you people not watch enough movies watch more movies cool okay we'll get back we'll talk about this now we'll talk about what okay so I think we talked about this a little bit on Thursday but this isn't hands on course this is not a theory course this is a you will need to write code do stuff this will be online in two seconds it's technically already online but the links to it will be there when I check updates so that being said it's having the past where people's coding skills are up to where they should be at this point this is not as difficult as 340 I've taught that in the past but it's not an easy course if that makes sense I don't know it's hard for me to gauge how difficult things are so I would say start this early use this as a self-check this is not meant to be an insanely difficult assignment it's supposed to get you and everyone can get at least 5% on this assignment it's incredibly easy sign up for the course with the ATSA so you can all do it if you've already done it awesome boom 5 points in the bag everything else is easy cool so what we're going to try to do here is in some sense implement one access control policy and mechanism which is what kind of for specifically for a house so the idea is and this is where a lot of people get tripped up on you can theoretically do this in whatever language you want I'll give you the tools to do that in whatever you want don't go too crazy and be like I'm going to learn a new language in less than two weeks and do this assignment if you want to do that that's fine but there's only so much help we can give if you start going crazy whatever you're most comfortable in it's like whatever you have the most experience doing the say it again almost everything so we'll talk about that in a second okay so basically so the other goal of this is you'll be able to see some kind of difficulties that arise when you try to specify a security policy so this policy is written in English my English right similarly if you are a security chief security officer you write some security policy it's going to be in English and people are going to implement that so it's a house you're building a house simulator so activities, actions will occur in this house you will respond appropriately the basic policy is so imagine you have a smart lock system only users that have an authorized key can enter the house so in order to enter a house you first put your lock in the key and you go into the house and the key is valid makes sense like a normal lock everyone understands how a lock works does anyone not understand how a lock works but then I don't know maybe it's possible somebody's only grown up using smart locks their whole life is that possibly true if it is finding out okay but we have other types of mechanisms so we have this amazing smart lock system but we want to give let's say there's a fire we want to give firefighters access to our house so the house doesn't burn down it seems like a thing we'd want in our security policy so firefighters can enter with the secret key that is literally the string all uppercase exact matching firefighter underscore secret underscore key this is the policy pretty easy right we don't have to verify that the firefighter is the firefighter good question hold that as we go through okay so as I said you can do this in any language it just has to conform to this interface right so just like compiler's computer system security right it's like things have to be exactly right or they mess up and you have problems so the input and output is exactly specified here if your code does not match it it's this isn't a oh it's kind of close like something is kind of secure it either passes or it doesn't pass I've had students get into trouble with this where they're like I'm failing all the test cases and I look and their output is all wonky like they created their own language to output this just follow the specification you have problems come to office hours pretty easy so command line interface all probably post is go cool here right to get a leave for a class yes you're here okay remind me I'll add more links here to like command line arguments for different languages and so basically you run this program secure house you specify an owner name you specify one to end number of keys on the command line and those are the valid keys everything is all all inputs to the program so you don't have to worry about parsing this isn't like a complicated thing it's all lowercase letters A through C uppercase letters A through Z 0 through 9 that's it that's all you have to do go ahead and underscore if you want it yeah alphanumeric underscore dash everyone know what that is all matching is case sensitive what does that mean capital letters matter capital letters matter case matters cool alright input will be given to your program as a series of new lines fed to your program your program will breed in each new line and respond appropriately so for instance one possible input would be insert space key space username and then key so insert key atom and the name of the key the response should be key key inserted by atom so this would be key foo inserted by atom the next could be this could be this could happen in any order the next one would be turnkey username so turnkey atom right so I've inserted a key I've turned it so the semantics here and the idea here is this username turns the key in the door there's two possible options right success the username atom turns key key or failure username unable to turn key key when would you be able to fail when would it fail what was it the wrong key so it's not in the list of valid keys other things what was it no key so yeah no key what else different user so the user that inserted the key was not the same user that's turning the key right that would be an invalid failure cool and then enter house username so the username enters the house there's two possible this is where you're getting access control checks right possible responses access denied or access allowed makes sense so when would access allowed happen yeah when the right person so when the person puts in the correct key and turns it insert key insert key yes insert key commanding all of that insert key sure yeah yes you should handle that in a way that makes sense with a key yeah or with a there's no take out key so you should if you're inserting you have to take the yeah once the door is unlocked does it need to stay unlocked until it holds to be locked or does it immediately relock actually immediately relocks so yeah so then these would be only key based actions insert insert key turn key enter house and then you can ask who's inside where you'll output the list of users that are inside otherwise nobody home then the important thing is of course users want to be able to rekey their house have you ever had your house rekey yeah so only and if we look here the owner name is the first argument to our program so only the owner is able to rekey the house so they can change locks put a new so who wants to try to change the locks and change the given keys possible responses are access denied okay because only the owner can rekey the locks that source code you'll see alright people can leave the house there's an example here follow it make sure that you understand roughly what's going on here just a second important part here we're running everything on a boot to 1804 so make sure you can develop that locally you can run test stuff you're doing a really good cross-platform language that should be fine and simple there's a mechanism here just don't like you're doing something that's not installed by default on a boot to so somebody had the question of what stuff is installed by default there's a boot to I can't remember what else this should be pretty easy we'll be able to debug this if it doesn't work but you can add additional packages if you're doing something crazy like Haskell or the person I'm giving you a test script that will test everything locally so you can check that you passed this example before you actually submit just give you a way to submit it we have a submission site so that you all can create accounts on so you'll be able to submit through here I don't think this actually works quite yet so don't submit I'll let you know when there's nothing to actually do the grading I think you can submit if nothing happens so the important thing is make files oh I didn't update that yet oh there we go so we use make files this is how we do this so you'll submit a bunch of files we will take those we'll run make which executes a make file to compile your program this way you can do it in whatever you want as long as it outputs something called secure underscore house that is executable we'll test that so that gets into the we want you to submit the source that builds this I understand you don't have experience with make files that's okay let's help each other out you can post files on the course piazza I will post good ones on here also post my own for python so you can see that don't let this be a barrier to getting started all that stuff yes you have 20 submissions for now but don't use the submission site as an oracle like don't just make one change submit