Presented by Mohammed F. MokbelSecurity and Privacy on the Internet {0360564}Instructor: Dr. AggarwalFall 2007

10/4/200710/4/2007

Security-Privacy Abstraction

Presenting Security-Privacy at abstract level as a mean of Global Generalization rather than a specific example from real life (?)

Using universal (Abstract)) SP system to approach a satisfactory confidence level

Knowledge Division in terms of discrete SP evolution.

Presentation Layout Introduction Human Factor In SP Normal Vs. Competent end user

First Impression Knowledge acquisition A proposal for a new System PMBS

People equality at decoding info. stream Time + Relativity = %[Confidence * (StaticC/DynamicC)] Implementation breaches – Procedures , Techniques and the

system itself People & Technology := Mutual Interaction (Inseparable

Entities) Nothing what it seems People & people: Clear path POC: In the womb: revamping console code injection Some Advcies Future Work Conclusions

Introduction. Human Factor in SP In today world of computer security and internet

widespread usage an enormous amount of information is carried out using either a wire or a wireless devices

The normal user and the competent end user are those who has a different perspectives about internet and computer in general, they do really appreciate the elegance of how things performed at the bits level but mostly precaution and analytical thinking is more imaginable and accurate for the competent end user, because everything is computed with a reliable acquired knowledge about the subject under investigation.

Probabilistic Mathematical Behavioral System PMBS In which the magnitude of the

information required to meet ones’ expectations is proportional to the user fundamental knowledge in terms of time elapsed since the user start using the system and this to be determined stochastically.

People equality at decoding info. stream Are people equal at information demystification or is it just a

matter of time? As most of the theories suggest that exercising the knowledge

you have would achieve a satisfactory level of collective thinking.

Time Factor. Everything is relativistic The reason why most people ought to be confidence with the

information they have is probably due to the short experience they have with huge amount of resources (again time is the major factor). They may consider things perfect or less but the problem lies in the implementation process where most of the security breaches do not manipulate the system itself but rather reversing or annihilating the techniques and the procedures used to help embed the core system and in this case a plethora of holes and worms are taking its place for a very devious and nefarious attack.

Proof of Concept

In the womb: Revamping console code injection…

modifying the internal structure of the executable file using code injection technique.

Further works has to be done to link it to a more elusive malicious scenario by inserting a special area for network communication using Winsock API’s

Continue .A monitoring matrix of scattered random

modifications should be traced to control these set of alterations so that a meta-transformer tool could be designed to handle it in automated manner as a final revised edition.

The main purpose of this section is to demonstrate the validity of this approach following a case study scenario in which an absolute phase modulation is applied.

Some Advices I advice you to start using some of the best

special versions of Linux OS Such as, Hackin9, Damn Vulnerable Linux,

Black Track 2, Protech,… These editions are designed for a special

purposes so that you can exercise your theory in real time scenarios. But take care as these things are dangerous if you let it happen outside a controlled environment.

Preferably is to use a virtual machine software such as, VMWare, Virtual PC,…

Future Work

Further work has to be done in the area of code injection technique especially employing a stealthy connection and tricky behavior to the culprit binary file. In addition to that a more detailed case studies could be provided to make things easier to understand and less obstructive.

Conclusions

This paper establishes a new dimension of computer security vision by providing the security aspect in terms of philosophy and conceptual analysis. It does not gives an absolute approach for security problems as almost everything is relativistic based on the case under assessment.

?

Now bombard me with your Questions?