Secure Programming for Fun and Profit
|
|
- Harriet Hall
- 6 years ago
- Views:
Transcription
1 Secure Programming for Fun and Profit (Real World Experiences in Secure Programming) Scott D. Miller Security Analyst Arxan Research, Inc. Doctoral Student in CS Advisors: Aditya Mathur; Ray DeCarlo January 10, 2006 Survey of interesting secure programming examples 1
2 Build a Better Mousetrap For most, it s a game. Much ego involved Secure programming boils down to Enforcing access policy E.g. code execution rights Anti-tamper/tamper detection Protection of intellectual property January 10, 2006 Survey of interesting secure programming examples 2
3 Attacker Objectives Network-based attacks Unauthorized code execution Key reconstruction Malicious users Circumventing digital rights management Cracking (Red-team) and unauthorized distribution Well-funded nation and corporate adversaries Tampering and unadvertised functionality Recovery of sensitive IP January 10, 2006 Survey of interesting secure programming examples 3
4 Attack Method Analysis of Software Code Statistical properties Disassembling Analysis of Running Software Timing/Power Analysis Debugging and Emulating Injection/Modification of Code Patching, loading libraries, etc. Stimulation with malicious data Buffer overflows, unexpected values January 10, 2006 Survey of interesting secure programming examples 4
5 Some Interesting Scenarios Secure Programming Examples in Industry January 10, 2006 Survey of interesting secure programming examples 5
6 Code Injection Unexpected injection mechanisms Through social engineering (old BBS days.) Through the context menu! When prevention fails, use detection Statistical profiling of system calls can be effective [For97, Hof98, Mic02, Mar00]. (U.S. Air Force proposal.) January 10, 2006 Survey of interesting secure programming examples 6
7 Vulnerability Broadcasting Consider a security patch to Apache, IE, etc. Diff the patched vs. un-patched version. How many people put off downloading security updates? Obfuscation and execution path randomization can hide the patch from static and dynamic analysis (funded in part by U.S. Air Force.) January 10, 2006 Survey of interesting secure programming examples 7
8 Interesting Obfuscation Eventually, they will get the code [And96]. Remember the U.S. fighter jet s emergency landing in China? Obfuscating to match statistical code properties. Through numerical transforms Data splitting (funded in part by U.S. Army.) January 10, 2006 Survey of interesting secure programming examples 8
9 Our Approach Program with Sensitive Content λ;κϕ;λκϕ;λκ ;λϕκ;λκϕ;λϕκ;λ ;λκϕ;λκϕ;λ Τσαδ ;λκϕ;λϕκγηϕηα ιοϕηλϕκ Ασδφαωδω Ασδφσα ϕ Λκϕλ;κϕ σωεερ ;λκϕ ωθερωθω λ;κϕ;λκϕ;λκ θωερ ;λϕκ;λκϕ;λϕκ;λ Τσαδ ;λκϕ;λκϕ;λ ιοϕηλϕκ ;λκϕ;λϕκγηϕηα Ασδφαωδω Λκϕλ;κϕ Ασδφσα ;λκϕ Σα λ;κϕ;λκϕ;λκ Σαδφσφαδσδα ασδφασδφασδφ ;λϕκ;λκϕ;λϕκ;λ ;λκϕ;λκϕ;λ σδαφασδφασδφ ;λκϕ;λϕκγηϕηα σωεερ Ασδφαωδω σαδφασδφ σδαφασδφασδφ ωθερωθω σωεερ θωερ Θωερθωε σαδφασδφ Θωερθωε λ;ϕλκ λ;ϕλκϕ Non-sensitive Program Sensitive Program λ;κϕ;λκϕ;λκ ;λϕκ;λκϕ;λϕκ;λ ;λκϕ;λκϕ;λ ;λκϕ;λϕκγηϕηα Ασδφαωδω Ασδφσα σωεερ ωθερωθω θωερ January 10, 2006 Survey of interesting secure programming examples 9
10 Non-performance degrading AT For real-time systems (e.g. OSD Anti tamper requirements on all new weapons systems.) Security co-processors in FPGA (funded in part by Missile Defense Agency.) January 10, 2006 Survey of interesting secure programming examples 10
11 Our Approach Anti-tamper Sensitive Components Software RAM Anti-tamper Components FPGA CPU Peripherals January 10, 2006 Survey of interesting secure programming examples 11
12 FPGA-Aided Encryption Protection Encrypted Decrypted CPU Protected Program Decryption Start Trigger Unprotected FPGA Encryption Start Trigger January 10, 2006 Survey of interesting secure programming examples 12
13 Summary There is no shortage of work for Secure Programming Commercial, too (e.g. Microsoft, Boeing, Lockheed Martin, etc.) The threats are ever-evolving Never do the same thing twice! January 10, 2006 Survey of interesting secure programming examples 13
14 ?Questions? January 10, 2006 Survey of interesting secure programming examples 14
15 References [And96] Anderson, R., and M. Kuhn. Tamper Resistance A Cautionary Note. Proc. of Second Usenix Workshop on Electronic Commerce, Oakland, CA, Nov. 1996: [For97] Stephanie Forrest, Steven A. Hofmeyr, and Anil Somayaji. Computer Immunology, Communications of the ACM, Vol. 40, No. 10, 1997, pp [Hof98] Steven A. Hofmeyr, Anil Somayaji, and Stephanie Forrest. Intrusion detection using sequences of system calls. Journal of Computer Security, Vol. 6, 1998, pages [Mar00] Carla Marceau, Characterizing the behavior of a program using multiple-length N-grams, Proceedings of the 2000 workshop on New security paradigms, September 2000, Ballycotton, County Cork, Ireland, pages [Mic02] Christoph C. Michael, Anup K. Ghosh: Simple, state-based approaches to program-based anomaly detection. ACM Trans. Inf. Syst. Secur. Vol. 5, no. 3, 2002, pages January 10, 2006 Survey of interesting secure programming examples 15
The Evolution of System-call Monitoring
The Evolution of System-call Monitoring Stephanie Forrest Steven Hofmeyr Anil Somayaji December, 2008 Outline of Talk A sense of self for Unix processes (Review) Emphasize method rather than results Evolutionary
More informationINTRODUCTION TO CLOAKWARE/TRS TECHNOLOGY
INTRODUCTION TO CLOAKWARE/TRS TECHNOLOGY VERSION 2.2 OCTOBER 2001 SUMMARY Software is easy to tamper with and reverse engineer so unprotected software deployed on malicious hosts can t be trusted by corporations
More informationDNA Intrusion Detection Methodology. James T. Dollens, Ph.D Cox Road Roswell, GA (678)
DNA Intrusion Detection Methodology by James T. Dollens, Ph.D. 1675 Cox Road Roswell, GA 30075 JTDDGC@aol.com (678) 576-3759 Copyright 2001, 2004 James T. Dollens Page 1 of 1 Introduction Computer viruses,
More informationDeveloping Expertise in Software Security: An Outsider's Perspective. Gary McGraw & Anup K. Ghosh. Abstract
Developing Expertise in Software Security: An Outsider's Perspective Gary McGraw & Anup K. Ghosh Reliable Software Technologies Corporation 21515 Ridgetop Circle, Suite 250 Sterling, VA 20166 (703) 404-9293
More informationCan the Best Defense be to Attack?
Can the Best Defense be to Attack? MITACS Digital Security Seminar Series at Carleton University Presenter: Dr. Nur Zincir-Heywood Dalhousie University, Faculty of Computer Science Arms Race Security engineers
More informationArtificial Immune System against Viral Attack
Artificial Immune System against Viral Attack Hyungjoon Lee 1, Wonil Kim 2*, and Manpyo Hong 1 1 Digital Vaccine Lab, G,raduated School of Information and Communication Ajou University, Suwon, Republic
More informationLecture 12 Malware Defenses. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422
Lecture 12 Malware Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422 Malware review How does the malware start running? Logic bomb? Trojan horse?
More informationBuffer Overflow attack avoiding Signature free technique
Buffer Overflow attack avoiding Signature free technique Umesh Deshmukh Student of Comuter Engineering S.E.C.O.E.Kopargaon,A Nagar Maharastra,India Prof.P.N.Kalawadekar Department of Computer Engineering
More informationC and C++ Secure Coding 4-day course. Syllabus
C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course
More informationOn Criteria for Evaluating Similarity Digest Schemes
DIGITAL FORENSIC RESEARCH CONFERENCE On Criteria for Evaluating Similarity Digest Schemes By Jonathan Oliver Presented At The Digital Forensic Research Conference DFRWS 2015 EU Dublin, Ireland (Mar 23
More informationEmbedded/Connected Device Secure Coding. 4-Day Course Syllabus
Embedded/Connected Device Secure Coding 4-Day Course Syllabus Embedded/Connected Device Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted
More informationMcAfee Embedded Control
McAfee Embedded Control System integrity, change control, and policy compliance in one solution McAfee Embedded Control maintains the integrity of your system by only allowing authorized code to run and
More informationAtom. Horizontally Scaling Strong Anonymity. Albert Kwon Henry Corrigan-Gibbs 10/30/17, SOSP 17
Atom Horizontally Scaling Strong Anonymity Albert Kwon Henry Corrigan-Gibbs MIT Stanford Srinivas Devadas Bryan Ford MIT EPFL 10/30/17, SOSP 17 Motivation Anonymous bulletin board (broadcast) in the face
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationAn Immune System Paradigm for the Assurance of Dependability of Collaborative Self-organizing Systems
An Immune System Paradigm for the Assurance of Dependability of Collaborative Self-organizing Systems Algirdas Avižienis Vytautas Magnus University, Kaunas, Lithuania and University of California, Los
More informationMcAfee Embedded Control
McAfee Embedded Control System integrity, change control, and policy compliance in one solution for integrated control systems McAfee Embedded Control for integrated control systems (ICSs) maintains the
More informationDifferent attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT
Different attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT environment (e.g., Windows vs Linux) Levels of abstraction
More informationWhite-Box Cryptography State of the Art. Paul Gorissen
White-Box Cryptography State of the Art Paul Gorissen paul.gorissen@philips.com Outline Introduction Attack models White-box cryptography How it is done Interesting properties State of the art Conclusion
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationto protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large
Executive Summary As a County Government servicing about 1.5 million citizens, we have the utmost responsibility to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large
More informationWeb Security. Outline
Security CS 161/194-1 Anthony D. Joseph November 21, 2005 s Outline Static and Dynamic Content Firewall review Adding a DMZ Secure Topologies 2 1 Polls How many people have set up a personal web server?
More informationSYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS
SYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS David Murotake, (SCA Technica, Inc. Nashua NH, USA; david.murotak@scatechnica.com) Antonio Martin (SCA Technica, Inc., Nashua NH, USA;
More informationBuffer Overflows. A brief Introduction to the detection and prevention of buffer overflows for intermediate programmers.
Buffer Overflows A brief Introduction to the detection and prevention of buffer overflows for intermediate programmers. By: Brian Roberts What is a buffer overflow? In languages that deal with data structures
More informationAnalysis of Java Code Protector
Analysis of Java Code Protector September 2005 December 2005 Submitted to Lockheed Martin Co. Principal Investigators Students Advisors Sean McGinnis ECE Dr. Gina Tang Matthew Sargent ECE Dr. Ravi Ramachandran
More informationSelf-defending software: Automatically patching errors in deployed software
Self-defending software: Automatically patching errors in deployed software Michael Ernst University of Washington Joint work with: Saman Amarasinghe, Jonathan Bachrach, Michael Carbin, Sung Kim, Samuel
More informationThe GenCyber Program. By Chris Ralph
The GenCyber Program By Chris Ralph The Mission of GenCyber Provide a cybersecurity camp experience for students and teachers at the K-12 level. The primary goal of the program is to increase interest
More informationEfficient Group Key Management with Tamper-resistant ISA Extensions
Efficient Group Key Management with Tamper-resistant ISA Extensions Youtao Zhang Jun Yang, and Lan Gao Computer Science Department Computer Science and Engineering Department University of Pittsburgh University
More informationMulti-hashing for Protecting Web Applications from SQL Injection Attacks
Multi-hashing for Protecting Web Applications from SQL Injection Attacks Yogesh Bansal, Jin H. Park* Computer Science, California State University, Fresno, CA 93740, U.S.A. * Corresponding author. Email:
More informationMcAfee Embedded Control for Retail
McAfee Embedded Control for Retail System integrity, change control, and policy compliance for retail point of sale systems McAfee Embedded Control for retail maintains the integrity of your point-of-sale
More informationLecture 4: Threats CS /5/2018
Lecture 4: Threats CS 5430 2/5/2018 The Big Picture Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures. Once Upon a Time Bugs "bug":
More informationTestpassport http://www.testpassport.net Exam : SY0-301 Title : Security+ Certification Exam 2011 version Version : Demo 1 / 5 1.Which of the following is the BEST approach to perform risk mitigation of
More informationLecture 14. System Integrity Services Obfuscation
Lecture 14 System Integrity Services Obfuscation OS independent integrity checking Observation Majority of critical server vulnerabilities are memory based Modern anti-virus software must scan memory Modern
More informationEndpoint Protection : Last line of defense?
Endpoint Protection : Last line of defense? First TC Noumea, New Caledonia 10 Sept 2018 Independent Information Security Advisor OVERVIEW UNDERSTANDING ENDPOINT SECURITY AND THE BIG PICTURE Rapid development
More informationProving who you are. Passwords and TLS
Proving who you are Passwords and TLS Basic, fundamental problem Client ( user ) How do you prove to someone that you are who you claim to be? Any system with access control must solve this Users and servers
More informationEliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat
WHITE PAPER Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat Executive Summary Unfortunately, it s a foregone conclusion that no organisation is 100 percent safe
More informationCODESSEAL: Compiler/FPGA Approach to Secure Applications
CODESSEAL: Compiler/FPGA Approach to Secure Applications Olga Gelbart 1, Paul Ott 1, Bhagirath Narahari 1, Rahul Simha 1, Alok Choudhary 2, and Joseph Zambreno 2 1 The George Washington University, Washington,
More informationMcAfee Endpoint Security
McAfee Endpoint Security Frequently Asked Questions Overview You re facing new challenges in light of the increase of advanced malware. Limited integration between threat detection, network, and endpoint
More informationNew Logic Module for secured FPGA based system
International Journal of Electronics and Communication Engineering. ISSN 0974-2166 Volume 5, Number 4 (2012), pp. 533-543 International Research Publication House http://www.irphouse.com New Logic Module
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : SY0-301 Title : CompTIA Security+ Certification Exam (SY0-301) Vendor : CompTIA Version : DEMO 1 / 5 Get Latest & Valid
More informationPROTECTING ARIZONA AGAINST CYBER THREATS THE ARIZONA CYBERSECURITY TEAM
PROTECTING ARIZONA AGAINST CYBER THREATS THE ARIZONA CYBERSECURITY TEAM THE THREAT WE FACE On average, the Department of Administration information officers identify: 200 brute force attempts per day;
More informationInformation Technology Information Sharing and Analysis Center. First Symposium Barcelona, Spain Feb. 2, 2011
Information Technology Information Sharing and Analysis Center First Symposium Barcelona, Spain Feb. 2, 2011 About Us Non Profit, US Corporation established in 2000 and operational in 2001 Fully funded
More informationTop 10 Database Security Threats and How to Stop Them. Rob Rachwald Director of Security Strategy
Top 10 Database Security Threats and How to Stop Them Rob Rachwald Director of Security Strategy Data Has Value Data Has Value Top 7 Attacks Discussed in Hacker Forums 11% 9% 12% 12% 15% 21% 20% dos/ddos
More informationCCNA Cybersecurity Operations 1.1 Scope and Sequence
CCNA Cybersecurity Operations 1.1 Scope and Sequence Last updated June 18, 2018 Introduction Today's organizations are challenged with rapidly detecting cybersecurity breaches and effectively responding
More informationThe Research on Security Reinforcement of Android Applications
4th International Conference on Mechatronics, Materials, Chemistry and Computer Engineering (ICMMCCE 2015) The Research on Security Reinforcement of Android Applications Feng Xiaorong1, a, Lin Jun2,b and
More informationAn Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)
An Operational Cyber Security Perspective on Emerging Challenges Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL) Johns Hopkins University Applied Physics Lab (JHU/APL) University
More informationFeatured Articles II Security Research and Development Research and Development of Advanced Security Technology
364 Hitachi Review Vol. 65 (2016), No. 8 Featured Articles II Security Research and Development Research and Development of Advanced Security Technology Tadashi Kaji, Ph.D. OVERVIEW: The damage done by
More informationProtecting Against Online Fraud. F5 EMEA Webinar August 2014
Protecting Against Online Fraud F5 EMEA Webinar August 2014 Agenda Fraud threat trends and business challenges Web fraud protection Mobile fraud protection Security operations center Example architecture
More informationDETERMINISTIC VARIATION FOR ANTI-TAMPER APPLICATIONS
DETERMINISTIC VARIATION FOR ANTI-TAMPER APPLICATIONS J. Todd McDonald, Yong C. Kim, Daniel Koranek Dr. Jeffrey Todd McDonald, Ph.D. Center for Forensics, Information Technology, and Security School of
More informationDesignated Cyber Security Protection Solution for Medical Devices
Designated Cyber Security Protection Solution for Medical s The Challenge Types of Cyber Attacks Against In recent years, cyber threats have become Medical s increasingly sophisticated in terms of attack
More informationMobile Payment Application Security. Security steps to take while developing Mobile Application s. SISA Webinar.
Mobile Payment Application Security Security steps to take while developing Mobile Application s About SISA Payment Security Specialists PCI Certification Body (PCI Qualified Security Assessor) Payment
More informationReconstruction Improvements on Compressive Sensing
SCITECH Volume 6, Issue 2 RESEARCH ORGANISATION November 21, 2017 Journal of Information Sciences and Computing Technologies www.scitecresearch.com/journals Reconstruction Improvements on Compressive Sensing
More informationEthical Hacking & Information Security. Justin David G. Pineda Asia Pacific College
Ethical Hacking & Information Security Justin David G. Pineda Asia Pacific College Topics for today: Is there such thing as ethical hacking? What is information security? What are issues that need to be
More informationCCNA Cybersecurity Operations. Program Overview
Table of Contents 1. Introduction 2. Target Audience 3. Prerequisites 4. Target Certification 5. Curriculum Description 6. Curriculum Objectives 7. Virtual Machine Requirements 8. Course Outline 9. System
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationA LTERATURE SURVEY ON REVOCABLE MULTIAUTHORITY CIPHER TEXT-POLICY ATTRIBUTE-BASED ENCRYPTION (CP-ABE) SCHEME FOR CLOUD STORAGE
A LTERATURE SURVEY ON REVOCABLE MULTIAUTHORITY CIPHER TEXT-POLICY ATTRIBUTE-BASED ENCRYPTION (CP-ABE) SCHEME FOR CLOUD STORAGE Vinoth Kumar P, Dr.P.D.R. Vijaya Kumar 1 PG Student, INFO Institute of Engineering,
More informationCourse 832 EC-Council Computer Hacking Forensic Investigator (CHFI)
Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI) Duration: 5 days You Will Learn How To Understand how perimeter defenses work Scan and attack you own networks, without actually harming
More informationTechnical Aspects of Intrusion Detection Techniques
Technical Aspects of Intrusion Detection Techniques Final Year Project 2003-04 Project Plan Version 0.2 28th, November 2003 By Cheung Lee Man 2001572141 Computer Science and Information Systems Supervisor
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationPhishing Discussion. Pete Scheidt Lead Information Security Analyst California ISO
Phishing Discussion Pete Scheidt Lead Information Security Analyst California ISO 2 Phish What is Phishing Types of Phish 3 Phish What is Phishing Attackers (Phishers) would email (cast their nets) far
More informationFRAGILE WATERMARKING USING SUBBAND CODING
ICCVG 2002 Zakopane, 25-29 Sept. 2002 Roger ŚWIERCZYŃSKI Institute of Electronics and Telecommunication Poznań University of Technology roger@et.put.poznan.pl FRAGILE WATERMARKING USING SUBBAND CODING
More informationMain idea. Demonstrate how malware can increase its robustness against detection by taking advantage of the ubiquitous Graphics Processing Unit (GPU)
-Assisted Malware Giorgos Vasiliadis Michalis Polychronakis Sotiris Ioannidis ICS-FORTH, Greece Columbia University, USA ICS-FORTH, Greece Main idea Demonstrate how malware can increase its robustness
More informationVulnerability Assessment Process
Process Coleman Kane Coleman.Kane@ge.com January 14, 2015 Security Process 1 / 12 is the practice of discovering the vulnerabilties posed by an environment, determining their negative risk impact, and
More informationStudy on Computer Network Technology of Digital Library
International Symposium on Computers & Informatics (ISCI 2015) Study on Computer Network Technology of Digital Library Yanming Sui LinYi University, Linyi, China suiyanming@lyu.edu.cn Abstract With the
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationThreats in Optical Burst Switched Network
Threats in Optical Burst Switched Network P. Siva Subramanian, K. Muthuraj Department of Computer Science & Engineering, Pondicherry Engineering College, Pondicherry, India siva.sarathy@pec.edu, muthuraj@pec.edu
More informationA Framework For Trusted Instruction Execution Via Basic Block Signature Verification
A Framework For Trusted Instruction Execution Via Basic Block Signature Verification Milena Milenkovi, Aleksandar Milenkovi, Emil Jovanov Electrical and Computer Engineering ept. The University of Alabama
More informationIdentifying Stepping Stone Attack using Trace Back Based Detection Approach
International Journal of Security Technology for Smart Device Vol.3, No.1 (2016), pp.15-20 http://dx.doi.org/10.21742/ijstsd.2016.3.1.03 Identifying Stepping Stone Attack using Trace Back Based Detection
More informationMobile Security Fall 2013
Mobile Security 14-829 Fall 2013 Patrick Tague Class #6 More WiFi Security & Privacy Issues WiFi Security Issues A Scenario Internet Open AP SSID Network X Open OpenAP AP SSID Attacker Network X LaptopLaptop
More informationTrojan-tolerant Hardware & Supply Chain Security in Practice
Trojan-tolerant Hardware & Supply Chain Security in Practice Who we are Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge George Danezis Professor, UCL Petr Svenda CTO, Enigma Bridge
More informationCurrent Threat Environment
Current Threat Environment Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213, PhD Technical Director, CERT mssherman@sei.cmu.edu 29-Aug-2014 Report Documentation Page Form
More informationTrain as you Fight: Are you ready for the Red Team?
Train as you Fight: Are you ready for the Red Team? An inside look at Red Teaming Yves Morvan Twitter: @morvan_yves Email: Yves@securenorth.ca Agenda Introduction What is Red Teaming? VA s vs. Penetration
More informationInstructor: Eric Rettke Phone: (every few days)
Instructor: Eric Rettke Phone: 818 364-7775 email: rettkeeg@lamission.edu (every few days) Fall 2016 Computer Science 411 - Principles of Cyber Security 1 Please keep a copy of the syllabus handy for the
More informationCyber Security 2010 THE THREATS! THE FUTURE!
Cyber Security 2010 THE THREATS! THE FUTURE! Tom Barberio - Enterprise Technology Manager (CIO) Synerfac Technical Staffing March 16, 2010 Special Presentation to University of Delaware CIS DEPT Graduate
More informationCSE543 - Computer and Network Security Module: Intrusion Detection
CSE543 - Computer and Network Security Module: Intrusion Detection Professor Trent Jaeger 1 Intrusion An authorized action... that exploits a vulnerability... that causes a compromise... and thus a successful
More informationEngineering Your Software For Attack
Engineering Your Software For Attack Robert A. Martin Senior Principal Engineer Cyber Security Center Center for National Security The MITRE Corporation 2013 The MITRE Corporation. All rights reserved.
More informationMultivariate Correlation Analysis based detection of DOS with Tracebacking
1 Multivariate Correlation Analysis based detection of DOS with Tracebacking Jasheeda P Student Department of CSE Kathir College of Engineering Coimbatore jashi108@gmail.com T.K.P.Rajagopal Associate Professor
More informationWeb 2.0, Consumerization, and Application Security
Web 2.0, Consumerization, and Application Security Chenxi Wang, Ph.D. Principal Analyst Forrester Research OWASP, New York City September 25, 2008 Today s enterprises face multitude of challenges Business-driven
More informationCYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD
CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD December 2014 KEVIN GROOM ISACA Involvement (Middle Tennessee Chapter) Treasurer (2009 2011) Vice President (2011 2013) President (2013 present)
More informationTamper Resistance - a Cautionary Note Ross Anderson Markus Kuhn
Tamper Resistance - a Cautionary Note Ross Anderson University of Cambridge Computer Laboratory Markus Kuhn University of Erlangen/ Purdue University Applications of Tamper Resistant Modules Security of
More informationCYSE 411/AIT 681 Secure Software Engineering. Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun
CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun Reading This lecture [McGraw]: Ch. 7-9 2 Seven Touchpoints 1. Code review 2. Architectural
More informationFundamentals of Linux Platform Security
Fundamentals of Linux Platform Security Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Linux Platform Security Module 8 Arbitrary Code Execution: Threats & Countermeasures
More information4. Risk-Based Security Testing. Reading. CYSE 411/AIT 681 Secure Software Engineering. Seven Touchpoints. Application of Touchpoints
Reading This lecture [McGraw]: Ch. 7-9 CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun 2 Seven Touchpoints Application of Touchpoints
More informationCertified Cyber Security Analyst VS-1160
VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The
More informationBuilding a Reactive Immune System for Software Services
Building a Reactive Immune System for Software Services Tobias Haupt January 24, 2007 Abstract In this article I summarize the ideas and concepts of the paper Building a Reactive Immune System for Software
More informationAND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING
PROTECTING BANKING AND FINANCIAL INSTITUTIONS FROM CYBER FRAUD Enabling the financial industry to become proactively secure and compliant Overview In order to keep up with the changing digital payment
More informationDixit Verma Characterization and Implications of Flash Crowds and DoS attacks on websites
Characterization and Implications of Flash Crowds and DoS attacks on websites Dixit Verma Department of Electrical & Computer Engineering Missouri University of Science and Technology dv6cb@mst.edu 9 Feb
More informationInternational Journal of Advance Research in Engineering, Science & Technology
Impact Factor (SJIF): 4.542 International Journal of Advance Research in Engineering, Science & Technology e-issn: 2393-9877, p-issn: 2394-2444 Volume 4, Issue 4, April-2017 Asymmetric Key Based Encryption
More informationNo Country for Old Security Compliance in the Cloud. Joel Sloss, CDSA Board of Directors May 2017
No Country for Old Security Compliance in the Cloud Joel Sloss, CDSA Board of Directors May 2017 Emerging Threats Specific/sequential targeting Effective reconnaissance Practiced tool usage Sophisticated
More informationSneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security
Sneak Peak at CIS Critical Security Controls V 7 Release Date: March 2018 2017 Presented by Kelli Tarala Principal Consultant Enclave Security 2 Standards and Frameworks 3 Information Assurance Frameworks
More informationMoving Beyond Prevention: Proactive Security with Integrity Monitoring
A Trend Micro Whitepaper I May 2016 Moving Beyond Prevention: Proactive Security with Integrity Monitoring» Detecting unauthorized changes can be a daunting task but not doing so may allow a breach to
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security
EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack
More informationStealth Measurements for Cheat Detection in On-line Games. Ed Kaiser Wu-chang Feng Travis Schluessler
Stealth Measurements for Cheat Detection in On-line Games Ed Kaiser Wu-chang Feng Travis Schluessler Cheating Affects On-line Games Frustrates legitimate players not fun to play against cheaters can't
More informationCYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments
CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) 2010 October 25 29, 2010 Kuala Lumpur Convention Centre Securing Virtual Environments Raimund Genes CTO Trend Micro The Changing Datacenter
More informationMaximum Security with Minimum Impact : Going Beyond Next Gen
SESSION ID: SP03-W10 Maximum Security with Minimum Impact : Going Beyond Next Gen Wendy Moore Director, User Protection Trend Micro @WMBOTT Hyper-competitive Cloud Rapid adoption Social Global Mobile IoT
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 0400: Research,, Test & Evaluation, Defense-Wide BA 3: Advanced Technology (ATD) COST ($ in Millions)
More informationWeb Security Vulnerabilities: Challenges and Solutions
Web Security Vulnerabilities: Challenges and Solutions A Tutorial Proposal for ACM SAC 2018 by Dr. Hossain Shahriar Department of Information Technology Kennesaw State University Kennesaw, GA 30144, USA
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationBSIT 1 Technology Skills: Apply current technical tools and methodologies to solve problems.
Bachelor of Science in Information Technology At Purdue Global, we employ a method called Course-Level Assessment, or CLA, to determine student mastery of Course Outcomes. Through CLA, we measure how well
More information