• Home

  • Documents

  • Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified...
10
Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips

Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips

Tags:

Embed Size (px)

Citation preview

Page 1: Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips

Lecture 14

Program Flaws

CS 450/650

Fundamentals of Integrated Computer Security

Slides are modified from Csilla Farkas and Brandon Phillips

Page 2: Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips

Program Flaws

• Taxonomy of flaws:– how (genesis)– when (time)– where (location)

• the flaw was introduced into the system

2CS 450/650 Lecture 14: Program Flaws

Page 3: Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips

Security Flaws by Genesis• Genesis

– Intentional• Malicious: Trojan Horse, Trapdoor, Logic Bomb, Worms,

Virus• Non-malicious

– Inadvertent• Validation error• Domain error• Serialization error• Identification/authentication error• Other error

3CS 450/650 Lecture 14: Program Flaws

Page 4: Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips

Flaws by time

• Time of introduction– During development

• Requirement/specification/design• Source code• Object code

– During maintenance

– During operation

4CS 450/650 Lecture 14: Program Flaws

Page 5: Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips

Flaws by Location

• Location– Software

• Operating system: system initialization, memory management, process management, device management, file management, identification/authentication, other

• Support tools: privileged utilities, unprivileged utilities• Application

– Hardware

5CS 450/650 Lecture 14: Program Flaws

Page 6: Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips

Malware?

CS 450/650 Lecture 14: Program Flaws 6

Page 7: Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips

Malware Evolution• 1980s

– Malware for entertainment (pranks)

– 1983: “virus”– 1988: Internet Worm

• 1990s– Malware for social status /

experiments– 1990: antivirus software

• Early 2000s– Malware to spam

• Mid 2000s– Criminal malware

CS 450/650 Lecture 14: Program Flaws 7

Page 8: Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips

Malware Targets

Platform %

*nix (Linux, BSD) 0.052%

Mac (OS X primarily) 0.005%

Mobile (Symbian, WinCE) 0.020%

Other (MySQL, IIS, DOS) 0.012%

Windows (XP SP2, SP3, Vista, 7) 99.91%

CS 450/650 Lecture 14: Program Flaws 8

Page 9: Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips

Browser-based Exploits• 10% Adobe Flash• 8% RealPlayer• 8% Microsoft

(Microsoft Security Intelligence Report 6)

CS 450/650 Lecture 14: Program Flaws 9

Page 10: Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips

Bank Logons• A Washington Mutual Bank account in

the U.S. with an available balance of $14,400 is priced at 600 euros ($924), while a Citibank UK account with an available balance of 10,044 pounds is priced at 850 euros ($1,310).

• It may appear to be less dangerous to resell access to a bank account rather than to use it directly.

McAfee ©2008

CS 450/650 Lecture 14: Program Flaws 10


CATION FLAWS

CATION FLAWS

Documents
SEC v. Farkas Complaint)

SEC v. Farkas Complaint)

Documents
BODÓ LUKÁCS CSILLA - ELTE

BODÓ LUKÁCS CSILLA - ELTE

Documents
Csilla C Bianka Enikő K R Vectors and indicators of ...epa.oszk.hu/01000/01040/00021/pdf/EPA01040_agrar... · Csilla Csák – Bianka Enikő Kocsis – Anikó Raisz Journal of Agricultural

Csilla C Bianka Enikő K R Vectors and indicators of ...epa.oszk.hu/01000/01040/00021/pdf/EPA01040_agrar... · Csilla Csák – Bianka Enikő Kocsis – Anikó Raisz Journal of Agricultural

Documents
Cabinet Project / Ana Paula Reyes / Csilla Jagamos

Cabinet Project / Ana Paula Reyes / Csilla Jagamos

Documents
Software Flaws

Software Flaws

Documents
Caravana Farkas

Caravana Farkas

Documents
Legal and Ethical Issues in Computer Security Csilla Farkas farkas@cec.sc.edu

Legal and Ethical Issues in Computer Security Csilla Farkas [email protected]

Documents
Flaws in Practice Flaws in Practice

Flaws in Practice Flaws in Practice

Documents
Merits Flaws

Merits Flaws

Documents
ISA 763 Security Protocol Verification CSP Semantics We thank Professor Csilla Farkas of USC for providing some transparencies that were used to construct

ISA 763 Security Protocol Verification CSP Semantics We thank Professor Csilla Farkas of USC for providing some transparencies that were used to construct

Documents
Case study of Balaton Resort Area, Hungary Csilla Nezdei

Case study of Balaton Resort Area, Hungary Csilla Nezdei

Documents
Farkas George

Farkas George

Documents
Common Flaws

Common Flaws

Documents
Managing Headings in Print and Online Documentsfaculty.washington.edu/farkas/TC510-Fall2011/Farkas... · 2009-09-26 · Managing Headings in Print and Online Documents David K. Farkas

Managing Headings in Print and Online Documentsfaculty.washington.edu/farkas/TC510-Fall2011/Farkas... · 2009-09-26 · Managing Headings in Print and Online Documents David K. Farkas

Documents
Farkas GIannakidou 1996

Farkas GIannakidou 1996

Documents
Design Flaws

Design Flaws

Education
farkas/syz33.pdfPDF file

farkas/syz33.pdfPDF file

Documents
Flaws Theme

Flaws Theme

Documents
Amy farkas unicef

Amy farkas unicef

Business
Farkas Appeal 011812

Farkas Appeal 011812

Documents
Fixes and flaws 2000 uneven lies for common flaws

Fixes and flaws 2000 uneven lies for common flaws

Documents
Implementation Flaws

Implementation Flaws

Documents
: CCNC Flaws:

: CCNC Flaws:

Documents
Alcts farkas

Alcts farkas

Documents
Musculature Playing Farkas

Musculature Playing Farkas

Documents
Organization 2.0: Meredith Farkas

Organization 2.0: Meredith Farkas

Documents
Territorial competitiveness and the human factors, Csilla FILÓ

Territorial competitiveness and the human factors, Csilla FILÓ

Business
Csilla Farkas Department of Computer Science and Engineering University of South Carolina

Csilla Farkas Department of Computer Science and Engineering University of South Carolina

Documents
Welding flaws

Welding flaws

Engineering