Lecture 26, May 31

Reading: §22 (not 22.6), 26.3, [Nac97] (This is available in the Resources area of SmartSite; look in the folder “Handouts”)
Due: Homework #5, due June 6, 2013 at 11:55pm

Discussion Problem. It has often been said that the only way to decipher a message that has been enciphered using RSA is to factor the modulus n used by the cipher. If you were told that an enciphered message was on a computer that you controlled, and that the message was enciphered using RSA with an n of 1024 bits (about 309 decimal digits), how would you find the encrypter’s private key?

Lecture outline.

  1. Greetings and Felicitations!
    1. Review session: Friday, June 7, at 11:00am–12:00pm in room 184 Young (this room!)
  2. Types of malicious logic (con’t)
    1. Computer worm
    2. Bacterium, rabbit
    3. Logic bomb
  3. Ideal: program to detect malicious logic
    1. Can be shown: not possible to be precise in most general case
    2. Can detect all such programs if willing to accept false positives
    3. Can constrain case enough to locate specific malicious logic
  4. Defenses
    1. Type checking (data vs. instructions)
    2. Limiting rights (sandboxing)
    3. Limiting sharing
    4. Preventing or detecting changes to files
    5. Prevent code from acting beyond specification (proof carrying code)
    6. Static signature checking
    7. Behavioral analysis
    8. Check statistical characteristics of programs
  5. Network Security
    1. Firewalls
    2. Network organization, DMZ
    3. Hiding internal addresses

You can also obtain a PDF version of this. Version of May 30, 2013 at 12:27PM