diff --git a/modules/foundations/.gitignore b/modules/foundations/.gitignore index 31cd791..8775498 100644 --- a/modules/foundations/.gitignore +++ b/modules/foundations/.gitignore @@ -1,7 +1,9 @@ foundations.html -foundations.md -foundations.tex foundations.bib foundations-session.pdf +security.html +security.md +usability.html +usability.md reading.html session.html diff --git a/modules/foundations/Makefile b/modules/foundations/Makefile index 79c7085..ca4cbc5 100644 --- a/modules/foundations/Makefile +++ b/modules/foundations/Makefile @@ -10,57 +10,44 @@ PUB_GROUP?= svn .PHONY: all all: ${PUB_FILES} -MD2HTMLFLAGS= -s --bibliography=foundations.bib - -foundations.html: foundations.md reading.html session.html foundations.bib - pandoc -s foundations.md -t html -o $@ - pandoc -s --bibliography=foundations.bib -o $@ \ - foundations.html reading.html session.html - -foundations.md: security/security/README.md -foundations.md: security/scientific-method/README.md -foundations.md: usability/attacking-humans/README.md -foundations.md: usability/psychology/README.md -#foundations.md: reading.md -#foundations.md: session.md - -foundations.md: - ${RM} $@ - echo "# Foundations of security" >> $@ - ${CAT} security/security/README.md >> $@ - echo >> $@ - ${CAT} security/scientific-method/README.md >> $@ - echo >> $@ +MD2HTMLFLAGS= -s --bibliography=foundations.bib + +security.md: security/security/README.md +security.md: security/scientific-method/README.md + echo "# Foundations of security" > $@ + for f in $^; do ${CAT} $$f >> $@; echo >> $@; done + +usability.md: usability/attacking-humans/README.md +usability.md: usability/psychology/README.md echo "# Usability" >> $@ - ${CAT} usability/attacking-humans/README.md >> $@ - echo >> $@ - ${CAT} usability/psychology/README.md >> $@ -# echo >> $@ -# ${CAT} reading.md >> $@ -# echo >> $@ -# echo "# Session on foundations" >> $@ -# echo >> $@ -# ${CAT} session.md >> $@ + for f in $^; do ${CAT} $$f >> $@; echo >> $@; done +security.html: security.html foundations.bib +usability.html: usability.html foundations.bib +reading.html: reading.md foundations.bib -.PHONY: all -all: foundations.tex foundations.bib +foundations.html: security.html usability.html reading.html session.html + pandoc -s --bibliography=foundations.bib -o $@ $^ -foundations.tex: security/security/abstract.tex -foundations.tex: security/scientific-method/abstract.tex -foundations.tex: usability/attacking-humans/abstract.tex -foundations.tex: usability/psychology/abstract.tex foundations.tex: - ${RM} $@ - echo "\\paragraph{What is security?}" >> $@ - cat security/security/abstract.tex >> $@ - echo "\\paragraph{The scientific method}" >> $@ - cat security/scientific-method/abstract.tex >> $@ - echo "\\paragraph{Attacking humans}" >> $@ - cat usability/attacking-humans/abstract.tex >> $@ - echo "\\paragraph{Psychology}" >> $@ - cat usability/psychology/abstract.tex >> $@ + true + +#foundations.tex: security/security/abstract.tex +#foundations.tex: security/scientific-method/abstract.tex +#foundations.tex: usability/attacking-humans/abstract.tex +#foundations.tex: usability/psychology/abstract.tex +# +#foundations.tex: +# ${RM} $@ +# echo "\\paragraph{What is security?}" >> $@ +# cat security/security/abstract.tex >> $@ +# echo "\\paragraph{The scientific method}" >> $@ +# cat security/scientific-method/abstract.tex >> $@ +# echo "\\paragraph{Attacking humans}" >> $@ +# cat usability/attacking-humans/abstract.tex >> $@ +# echo "\\paragraph{Psychology}" >> $@ +# cat usability/psychology/abstract.tex >> $@ foundations.bib: security/security/security.bib foundations.bib: security/scientific-method/scientific-method.bib @@ -79,8 +66,13 @@ session/% security/% usability/%: .PHONY: clean clean: - ${RM} foundations.md foundations.html - ${RM} foundations.tex foundations.bib + ${RM} foundations.html + ${RM} foundations.bib + ${RM} security.md security.html + ${RM} usability.md usability.html + ${RM} reading.html + ${RM} session.html + ${RM} foundations-session.pdf ${MAKE} -C security clean ${MAKE} -C usability clean ${MAKE} -C session clean diff --git a/modules/foundations/foundations.tex b/modules/foundations/foundations.tex new file mode 100644 index 0000000..520b278 --- /dev/null +++ b/modules/foundations/foundations.tex @@ -0,0 +1,45 @@ +\emph{Summary:} +In this learning session we will cover the foundations of security. +By this we mean what security is all about, \eg what types of properties we are +interested in and what we want to achieve in our security work. +We will also introduce the scientific method and particularly role in the area +of security. + +There are many human aspects to security, understanding them is important. +There are many ways to attack systems through their human operators. +We cover a variety of examples of such attacks and some aspects of human +psychology. + +\emph{Intended learning outcomes:} +After this session you should be able: +\begin{itemize} + \item to \emph{understand} the what security is generally about. + \item to \emph{differentiate} which types of scientific methods are + appropriate to answer a given question. + \item to \emph{adopt} an adversarial thinking for situtions involving humans. + \item to \emph{incorporate} basic psychology in the design of a system to + increase its security. +\end{itemize} + +\emph{Reading:} +You should read Gollmann's chapter on \enquote{Foundations of Computer + Security}~\cite[Ch.~3]{Gollmann2011cs}. +There he attempts at a definition of Computer Security and related terms, \eg +confidentiality, integrity, and availability, which we need for our treatment of +the topic. +Anderson also covers this in Chapter 1 of~\cite{Anderson2008sea}. +He also treats a wider area than just \emph{computer} security, which is good +for us, he covers many aspects of security in different examples. + +The scientific method is covered in \enquote{How to Design Computer Security + Experiments}~\cite{HowToDesignSecurityExperiments}. +This paper discusses the scientific method of (parts of) the security field. +For a more in-depth reflection on the state of security as a scientific +pursuit, we recommend \enquote{SoK: Science, Security and the Elusive Goal of + Security as a Scientific Pursuit}~\cite{SecurityAsAScience}. + +Anderson gives a short summary of the psychology of users, their strengths and +weaknesses, in Chapter 2 \enquote{Usability and Psychology} of +\enquote{Security Engineering}~\cite{Anderson2008sea}. + +\paragraph{References}