情報リテラシ第一 情報セキュリティと情報倫理...情報倫理とセキュリティ...
TRANSCRIPT
情報リテラシ第一 情報セキュリティと情報倫理理学系教養科目(情報)実施委員会
情報倫理とセキュリティクイックガイド 東工大のグイドへのリンク ウィキペディア Information security (英語) 情報セキュリティ(日本語) 英語ページは参考になります. 日本語ページはhum…
<latexit sha1_base64="UwpZmQzu+e/pRjgEQ14Sp4XeHwI=">AAACN3icbZC7TsMwFIYd7pRbgJElokJiShOEBHSqYGEEiQJSW1XOyQk1OHawHUoV9V14DV6AFVYmNsTKG+BeBm5HsvT7Pzf7izLOtAmCV2dicmp6ZnZuvrSwuLS84q6unWuZK8A6SC7VZUQ1ciawbpjheJkppGnE8SK6ORrkL+5QaSbFmell2ErplWAJA2qs1XarzVsFMsaiY0ymq5VKt9v1mfbBt8MQOj4F/zqrMJFIbg1FoWcvMd5X+m23HPjBMLy/IhyLMhnHSdt9b8YS8hSFAU61boRBZloFVYYBx36pmWvMKNzQK2xYKWiKulUM/9j3tqwTe4lU9gjjDd3vHQVNte6lka1Mqeno37mB+V+ukZtkv1UwkeUGBYwWJTn3jPQGwLyYKQTDe1ZQUMy+1YMOtSAsjZ9bRiT7JQsm/I3hrzjf8cNd/+B0p1w7HCOaIxtkk2yTkOyRGjkmJ6ROgDyQJ/JMXpxH5815dz5GpRPOuGed/Ajn8wt96K1a</latexit>
情報セキュリティ
Source: https://www.securitymagazine.com/articles/91258-information-security-forum-releases-internet-of-things-guide
情報セキュリティー
Key concepts Security controls Risk management Typical black hat motivations Attack methods
Key concepts
Confidentiality 機密性 Integrity 完全性 Availability 可用性
Non-repudiation 否認防止
Source: https://www.comtact.co.uk/blog/what-is-the-cia-triad
Security ControlsAdministrative policies, procedures, standards, guidelines laws, regulations
Logical authentication, firewalls, intrusion detection, encryption principle: least privilege
Physical doors, locks, alarms, cameras, security guards principle: separation of duties
Risk Management
Security in depth At design time:
1. strengthen system A 2. “what if?”: strengthen B assuming A is violated 3. repeat at each level
Typical dark motivesDestruction attacks of devices/infrastructures, harassment, …
Information / money theft identity theft, spy activities, account violation, ransomware
Stealing processing power spambot farms
Self-infatuation (自慢)
Attack methods (generic)
Eavesdropping (盗み聞き) Masquerading (仮装する) Replay attack (リプレイ攻撃) Man-in-the-middle (中間者攻撃) Session highjacking
Normal communication
communication
Attacker
Alice Bob
(マーヴィン)
(ボブ)(アリス)
Eavesdropping
communication
Attacker
Alice Bob
(マーヴィン)
(ボブ)(アリス)
Masquerading
communi
cation
Attacker
Alice Bob
(マーヴィン)
(ボブ)(アリス)
Replay attack
communication
Attacker
Alice Bob
A, B, C, D
(マーヴィン)
(ボブ)(アリス)
Replay attack
commun
i
cation
Attacker
Alice BobA, B, C, D
(マーヴィン)
(ボブ)(アリス)
Man-in-the-middle
communi
cation
Attacker
Alice Bobcommuni
cation
(マーヴィン)
(ボブ)(アリス)
Session highjacking (step 1)
communication
Attacker
Alice Bob
A, B, …
(マーヴィン)
(ボブ)(アリス)
Session highjacking (step 2)
commun
i
cation
Attacker
Alice Bob
communication
…, C, D
(マーヴィン)
(ボブ)(アリス)
Attack vectorsHuman “social engineering”, phishing, garbage diving
Hardware backdoor, physical attack
Software / Network next slide …
Program threatsTrapdoor Trojan horse Logic bomb Virus / worm Denial of service (DoS) Spyware / monitoring Covert channels
Some countermeasuresFirewall Phishing monitor Anti-virus software Backup Cryptographic protection (暗号法) encryption(暗号化), privacy, authentication(認証), certification
Privacy mode, adblock TOR …
情報倫理
Source: https://uxdesign.cc/ethical-design-and-accessibility-a287c930a8ab
Copyright for Digital Technologies
Software copyright Software license Reverse engineering
Copyright on programs
Copyright on program source code, executable code, programming libraries Copyright on assets (images, sounds, characters, ...)
class Raymond(p: ProcessConfig, initialParent: PID) extends ReactiveProtocol(p, "Raymond Mutex") { private var interested_i = false private var parent_i = initialParent private var queue_i = Seq.empty[PID]
def onSend = { case MutexClient.Request => // operation acquire_object() interested_i = true if (parent_i != me) { queue_i = queue_i :+ me if (queue_i.size == 1) SEND( Request(me, parent_i) ) } else { DELIVER(MutexClient.CanEnter) } case MutexClient.Release => // operation release_object() interested_i = false if (queue_i.nonEmpty) { val pk = queue_i.head queue_i = queue_i.tail assert(pk != me) SEND (PrivObject (me, pk)) parent_i = pk if (queue_i.nonEmpty) SEND (Request (me, parent_i)) } }
listenTo(classOf[Request]) listenTo(classOf[PrivObject]) def onReceive = { case Request(pk,_) if parent_i == me && interested_i=> queue_i = queue_i :+ pk case Request(pk,_) if parent_i == me => parent_i = pk ; SEND(PrivObject(me, pk)) case Request(pk,_) => queue_i = queue_i :+ pk if (queue_i.size == 1) SEND(Request(me, parent_i))
case PrivObject(_,_) => val pk :: tail = queue_i queue_i = tail if (pk == me) { parent_i = me DELIVER(MutexClient.CanEnter) } else { parent_i = pk SEND( PrivObject(me, pk) ) if (queue_i.nonEmpty) SEND ( Request(me, parent_i) ) } } }
case class Request (from:PID, to:PID) extends UnicastMessage case class PrivObject(from:PID, to:PID) extends UnicastMessage
Copyright on programs
ルック・アンド・フィール (“look-and-feel”) pull-down menu vs pop-up menu trash can vs. recycle bin logo vs. start menu
Software licenseFree software / Open source “free as in beer” or “free as in freedom”
Variants BSD, MIT license, Apache GPL, LGPL Creative commons
Software licenseFreeware free to use restrictions may apply
Shareware limited + pay for unlock paid content
Commercial license personal, site, floating license
Summary & key pointsInformation security concepts: confidentiality, integrity, availability, non-repudiation controls: administrative, physical, logical attack vectors, program threats
Information ethics copyright software license
Next quarter?Information literacy II - processing data, visualizing (python/matplotlib) - scientific writing (LaTeX) - preparing presentations
Less talking, more doing! First lecture, June 25 at 8:50 Web page:
https://xdefago.github.io/InfoLite/y20-2q/
<latexit sha1_base64="j6WOtJ6gU+cLPJZao9fgdE3h/T8=">AAACMHicbZDPbhMxEMa9KZQ0hZKWI5cVEVIv7D+QoD1F7QUkDqlE0khJFHm9s4kVr72xZ6tGqzxIX6Mv0Cu8AZwqLhx4ijp/DjThkyx9+mZGM/7FueAGg+CXU9l58nT3WXWvtv/8xcHL+uFRx6hCM2gzJZTuxtSA4BLayFFAN9dAs1jAZTw5X9Qvr0AbruQ3nOUwyOhI8pQzijYa1t/3p5qpBMoxYm5Off86gZSOlDfiOC5ijyv/i0zVV47gz6LgXTT158N6I/CCpdxtE65Ng6zVGtb/9BPFigwkMkGN6YVBjoOSauRMwLzWLwzklE3oCHrWSpqBGZTLz83dtzZJ3FRp+yS6y/TfiZJmxsyy2HZmFMdms7YI/1frFZh+GpRc5gWCZKtFaSFcVO6ClJtwDQzFzBrKNLe3umxMNWVoeT7askI4r1kw4SaGbdOJvPCDd3IRNZpna0RV8pq8IcckJB9Jk3wmLdImjNyQO/Kd/HBunZ/OvfN71Vpx1jOvyCM5fx8Ab9ippA==</latexit>