Cybersecurity Foundations

This three-day course provides an overview of cybersecurity principles and mechanisms and highlights the challenges of protecting computing systems from determined adversaries. The course provides an understanding of the foundational elements of information security. It also gives the student an awareness of the current threat environment and architectures, mechanisms and technologies used to contain constrain, and control adversarial actions.

Real world examples are provided to help understand the capabilities of cyber adversaries and the impact of their activities.

The course is valuable to scientists, engineers and operators who are entering the field or as a review for employees who want a comprehensive overview. A complete set of notes and references will be provided to all attendees.

• Objectives and concepts of cybersecurity
• Techniques and tactics of cyber attackers
• Foundational elements needed to secure a system
• Tradeoffs between cryptographic techniques and applications
• Value and limitations of firewalls, intrusion detection and prevention systems
• Architectures to control and constrain adversary behavior
• Current capabilities for trustworthy computing and their applications
• Cloud and database security challenges
• Current standards and protocols for secure communication and authentication

1. Current Threat Environment. Characteristics and motivation of cyber attackers. Recent cyber incidents discussed.
2. Objectives and Concepts. Confidentiality, Integrity and Availability. Identity, Authentication, Authorization and Accountability. Identify, Protect, Detect, Respond, Recover. Design principles.
3. Cryptographic Tools. Cryptographic algorithms and applications. Symmetric encryption, asymmetric encryption, and hash functions.
4. Identification and Authentication. Validation of the identity of an entity. Multi-factor authentication. Biometric measures.
5. Access Control. Control of access to computing resources and data. Access control models including DAC, MAC, RBAC, and ABAC.
6. Malicious Behavior. Malious software behavior and characteristics. Injection attacks. Denial of service attacks. Phishing attacks. Attack stages and activities.
7. Monitoring and Detection. Network and host activity monitoring. Anomaly and signature detection models. Integrity measurement. Sandboxing and execution monitoring. Auditing.
8. Flow and Activity Control. Firewalls and intrusion prevention systems. Software execution control. Architectures to control and constrain.
9. OS and Software Security. Software security design principles. Common software flaws. OS security challenges and capabilities.
10. Trustworthy Computing. Motivation and security models for high assurance computing. Methodologies to assess level of assurance. Capabilities available in computing systems today.
11. Cloud and Database Security. Cloud and database security challenges including access control, management, and data inference.
12. Wireless Security. Capabilities of current standard, WPA2 and planned standard, WPA3. WiFi control and management vulnerabilities.

Julie Tarr has over 30 years of experience developing, analyzing, testing, and deploying cybersecurity solutions for government computing environments. Ms. Tarr’s experience includes cryptographic systems, cross domain solutions, intrusion detection, security protocols, cyber deception, and security architectures. Ms. Tarr is currently the Program Manager for Cyber Defensive Systems at the Johns Hopkins University Applied Physics Lab. Before joining JHU/APL, she was the head of the Network Security Section of the Center for High Assurance Computing Systems at the Naval Research Lab. Ms. Tarr teaches cybersecurity at the graduate level for the JHU Whiting School of Engineering.