Trusted DBMS Architecture. Trusted DBMS Architecture featuring Trusted OS
|
|
- Godwin Eaton
- 5 years ago
- Views:
Transcription
1 Trusted DBMS Architecture featuring Trusted OS KIM, Hyung Chan Security Research Group, New Wave Computing Lab. Dept. of Information and Communications, Gwangju Institue of Science and Technology (GIST) Oct 10, 2005 for SSR Tokyo Dept. of Info. & Comm., GIST, 1 Oryong-dong Buk-gu Gwangju , Korea Contents Trusted DBMS Trusted DBMS Architecture Some Korean Products for DB Protection Security Research Group 2 1
2 Database Security Security in DB systems [Russell et al. 1991] Secrecy Disclosure to an unauthorized individual Integrity Improper modification System availability Avoiding denial of service Database Protection Requirements Protection from improper access Protection from inference Integrity of the database Operational integrity of data Semantic integrity of data Accountability and auditing User Authentication Management and protection of sensitive data Multilevel protection Confinement Security Research Group 3 Security Control in Database Flow Control [Denning 76,77,82] Regulation the information flow among accessible objects Ex. Forbidding low-to-high information flow. Inference Control [Denning & Schlorer 83] Protecting data from indirect detection Ex. statistical inference Access Control Responsible for mediating all accesses in the system according to rules Security Research Group 4 2
3 Trusted DBMS including Security Features DBMS End User On-line queries Login Authentication User Profiles Logs Auditor Security axioms Schemas: Views Logical scheme Internal scheme Authorization System Data Manager Authorization rules Transaction Manager OS control Application programs File system DBA SA Database H/W control Executable files Security Research Group 5 Trusted DBMS Design with TOS TOS is useful in realizing TDBMS. Managed(Security-relavant) I/O function. Encrypted Filesystem. Extended Access Control primitives. Multilevel protection Role-Based Access Control However, DBMS Security shouldn t be considered a simple extension to the underlying OS functions. Security Research Group 6 3
4 Trusted DBMS Design with TOS Differences btw OSs and DBMS. [Henning 88] Object granularity obj. in DBMS is more finer. Semantic data correlations Access control should be enforced considering semantic relations among data. Metadata Structure of the data. It also target of the protection. Logical and physical objects OS(Physical): file, memory, devices DBMS(Logical): view, relations Multiple data types Statistical mode, administrative mode (In OS, only physical access) Static and Dynamic objects In DBMS, objects can be created dynamically (ex. Result of query) Multilevel transactions In OS, only elementary operations involved. Data life cycle Data in the database has a long lifecycle. Security Research Group 7 Trusted DBMS Architectures Two General Types Woods Hole Architecture [US Air force Study 1982] MAC enforcement is delegated to Trusted OS. Development of multilevel secure DBMS using untrusted off-the-shelf RDBMS with minimal changes Kernelized and Distributed Architecture Trusted Subject Architecture MAC is enforced by itself Security Research Group 8 4
5 Trusted DBMS Architectures Kernelized Architecture Multiple off-the-shelf DBMS are associated with each TFEs. TFE enforce multilevel protection by attaching security labels. Trusted OS responsible for the physical accesses to data in the database with mandatory protection. SeeView(Reseach Prototype) and Oracle(Commercial) High user High Trusted front end (TFE) High DBMS Trusted OS Database (high & low data) Low user Low Trusted front end Low DBMS Security Research Group 9 Trusted DBMS Architectures Pros and Cons of Kernelized Architecture Pros Easy to implement High level assurance Separation of data by TOS Easy evaluation If TOS is well-evaluated. Cons Additional overhead As TOS involves to manage data by the security level. Need-to-combine data from multiple level of DB On higher trusted user s query. Distributed Architecture Against cons of Kernelzied arch. An RDBMS at security level i contains at level i can access For ex. (i. i-1,.. 1). Additional overhead in update operation. Security Research Group 10 5
6 Trusted DBMS Architectures Trusted Subject Architecture High user Untrusted front end Low user Untrusted front end TCB TDBMS + TOS Trusted DB acting as a trusted subject with respect to the OS. Subject having DBMS label are considered trusted subjects and are exempt from TOS mandatory controls. Sybase (with VAX(B2), Secure Unix(B1)) Trusted DBMS Trusted OS Database Security Research Group 11 Trusted DBMS Architectures Pros and Cons of Trusted Subject Architecture Pros Overhead minimization in retrieval and update. TOS may just maintain one database object. DBMS has access to all levels of data at the same time. Cons Large amount of trusted code required. Lacks the potential to be evaluated. Possible problem on separation of mandatory objects. Security Research Group 12 6
7 Threats to DB Introduced by Inadequate OS Security Attacks on Operating Systems OS Kernel exploitation Ptrace, Page Fault exploitation, LKM attack Program Attack Buffer overflow, TOCTTOU Attacks on Network Module Remote Attack Buffer overflow from remote site [ex. MS RPC] Inadequate Web script SQL Injection [Over 50% of CVE advisories] Many cases involve the possibility of database corruption. DB itself needs to equip self-defending or self-healing mechanisms. One case: Self-Healing DB, Transaction level intrusion tolerance [P.Liu 04] Data consistency check and recovery after facing the attack Security Research Group 13 Some Korean Products for DB Protection (3) Security Research Group 14 7
8 D amo Penta Security (In Korean) DB Extrusion Prevention System PKI based DB encryption/decryption solution Target Platform: Oracle Main Function Batch encryption of stored data. Column based runtime encryption/decryption. User access control for protected columns. Access Control Audit for unprotected columns. Encryption/Decryption Security Research Group 15 DB Safer & Charkra PNP Secure ( Main Function SQL Logging and Monitoring Access Control Attr.: User, IP, SQL, target schema etc. Network console logging (on DBMS connection) Policy driven control for settlement transaction (DB Safer- Decide) Inetworks ( Access Control SQL based on organizational transaction process SQL analysis (Server Time, Session Count, Transaction Usage, Return Row ) Log Audit Security Research Group 16 8
9 Characteristics Korea Commercial Products Ad-on type on Major vendor s DBMS Sybase, Oracle, DB2, MS-SQL, Informix Korean Commercial DBMS: UniSQL (DAC based Access Control) Ad-on type protection software exists. Security Research Group 17 Concluding Remark Trusted DBMS Architecture Coupled arch. with Trusted OS Korean Products Recent Research?! Some illuminated subjects: Security Administration of Distributed Database. Object-Oriented / Site(Domain) bounded Network Security perspective Access Control in SQL (MLS/RBAC) Cryptographic techniques in Database Inference Control Managed Transaction XML with DB Security Embedded or Real Time DB Secure DB management in wireless mobile environment Not much on Security Architecture with Trusted OS. (Mostly before the middle of 90??) Security Research Group 18 9
10 Bibliography S. Castano, M. Fugini, G. Martellam, P. Samarati, Database Security, ACM Press (Prentice-Hall ptr), M. S. Oliver, D. L. Spooner, Database and Application Security XV, Proc. of IFIP TC11/WG th Annual Working Conference on Database and Application Security, Kluwer Academic Publishers, Lunt, T.F. Report from the second RADC database security workshop Computer Security Applications Conference, 1989., Fifth Annual 4-8 Dec Page(s): N. Wu, Database Security Coursework, Walid Rjaibi, An introduction to multilevel secure relational database management systems, Proceedings of the 2004 conference of the Centre for Advanced Studies on Collaborative research, VORMETRIC Inc., Defending OS Vulnerabilities in an Oracle Environment, Vormetric Technical Brief, P. Liu, J. Jing, P. Luenam, Y. Wang, L. Li, S. Ingsriswang, The Design and Implementation of a Self-Healing Database System, Journal of Intelligent Information Systems, Vol. 23, No. 3, , 2004 Security Research Group 19 10
Multilevel relations: Schema and multiple instances based on each access class. A multilevel relation consists of two parts:
The Jajodia & Sandhu model Jajodia & Sandhu (1991), a model for the application of mandatory policies in relational database systems. Based on the sec classifications introduced in BLP. It extends the
More information#$% &'( ) *+)$,-./ $., (Logical DB Sec.) (2 )6 7 )8 #$% ) 9-: ;.*< 34$7 (2 6#$% -6#$;61 = '6, 9; > $A.
#$% jalili@sharif.edu 1 &'( ) *+)$,-./ 012 34$., (Logical DB Sec.) (2 )6 7 )8 #$% ) 9-: ;.*< 34$7 (2 6#$% -6#$;61 = '6, 9; > ;7?.?&7:$@ $A. = #$% )B1'7 87-86 - - 2 1 2-&'( $6A 7 DE #$% )=: ', :'? &7:$@
More informationIT Service Delivery and Support Week Three. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao
IT Service Delivery and Support Week Three IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao 1 Infrastructure Essentials Computer Hardware Operating Systems (OS) & System Software Applications
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationKarthik Bharathy Program Manager, SQL Server Microsoft
Karthik Bharathy Program Manager, SQL Server Microsoft Key Session takeaways Understand the many views of SQL Server Look at hardening SQL Server At the network level At the access level At the data level
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More informationOracle Database Auditing
By Craig Moir craig@mydba.co.za http://www.mydba.co.za August 2012 Version 1 WHY AUDIT? Allows organizations to enforce the trust-but-verify security principle. Satisfying compliance regulations. Enables
More informationCSCI 420: Mobile Application Security. Lecture 7. Prof. Adwait Nadkarni. Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger
CSCI 420: Mobile Application Security Lecture 7 Prof. Adwait Nadkarni Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger 1 cryptography < security Cryptography isn't the solution to
More informationDatabase Management Systems
DATABASE CONCEPTS & APPLICATIONS Database Management Systems A Database Management System (DBMS) is a software package designed to store and manage databases through database applications. User Database
More informationAdvanced Systems Security: Principles
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationMULTILEVEL POLICY BASED SECURITY IN DISTRIBUTED DATABASE
MULTILEVEL POLICY BASED SECURITY IN DISTRIBUTED DATABASE CHAPTER 8 Addressing security demands under fixed budgets and deadline constraints are becoming extremely challenging, time consuming and resource
More informationSecuring Web Applications. Architecture Alternatives. Web Application Security Roadmap. Defense in Depth. Defense in Depth
V User Terminal Key Secure Storage Personal Computers AntiVirus Certificate Mgmt Authority :::::: Multiplexor Securing Web Applications Jennifer L. Bayuk jennifer@bayuk.com www.bayuk.com 1 Mainframe Wireless
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationPCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard
Introduction Verba provides a complete compliance solution for merchants and service providers who accept and/or process payment card data over the telephone. Secure and compliant handling of a customer
More informationPost-Class Quiz: Access Control Domain
1. In order to perform data classification process, what must be present? A. A data classification policy. B. A data classification standard. C. A data classification procedure. D. All of the above. 2.
More informationSAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0
Welcome BIZEC Roundtable @ IT Defense, Berlin SAP Security BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0 February 1, 2013 Andreas Wiegenstein CTO, Virtual Forge 2 SAP Security SAP security is a complex
More informationOracle Audit Vault. Trust-but-Verify for Enterprise Databases. Tammy Bednar Sr. Principal Product Manager Oracle Database Security
Oracle Audit Vault Trust-but-Verify for Enterprise Databases Tammy Bednar Sr. Principal Product Manager Oracle Database Security Agenda Business Drivers Audit Vault Overview Audit
More informationDatabase Attacks, How to protect the corporate assets. Presented by: James Bleecker
Database Attacks, How to protect the corporate assets Presented by: James Bleecker Agenda Introduction Network/Application Landscape Database Vulnerabilities Are The New Front-Lines Attacking Where the
More informationCyber Moving Targets. Yashar Dehkan Asl
Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target techniques, their threat models, and their technical details. Cyber moving target technique: Defend a system
More informationAdvanced Systems Security: Multics
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationIT443 Network Security Administration Spring Gabriel Ghinita University of Massachusetts at Boston
IT443 Network Security Administration Spring 2018 Gabriel Ghinita University of Massachusetts at Boston Contact Information Instructor: Dr. Gabriel Ghinita Email: Gabriel.Ghinita@umb.edu (preferred contact)
More informationChapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao
Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database
More informationTautology based Advanced SQL Injection Technique A Peril to Web Application
IJIRST National Conference on Latest Trends in Networking and Cyber Security March 2017 Tautology based Advanced SQL Injection Technique A Peril to Web Application Kritarth Jhala 1 Shukla Umang D 2 2 Department
More informationN-Variant SystemsA Secretless Framework for Security through. Diversity Cox et al.
N-Variant Systems A Secretless Framework for Security through Diversity Cox et al. The problem Software homogeneity makes the process of leveraging a known exploit easy. Some solutions Address space randomization
More informationSecurity context. Technology. Solution highlights
Code42 CrashPlan Security Code42 CrashPlan provides continuous, automatic desktop and laptop backup. Our layered approach to security exceeds industry best practices and fulfills the enterprise need for
More informationIntroduction to Security
Introduction to Security Avinanta Tarigan Universitas Gunadarma 1 Avinanta Tarigan Introduction to Security Layout Problems General Security Cryptography & Protocol reviewed 2 Avinanta Tarigan Introduction
More informationDistribution Transparencies For Integrated Systems*
Distribution Transparencies For Integrated Systems* Janis Putman, The Corporation Ground System Architectures Workshop 2000 The Aerospace Corporation February 2000 Organization: D500 1 * The views and
More informationAdvanced Systems Security: Principles
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationDetecting Insider Attacks on Databases using Blockchains
Detecting Insider Attacks on Databases using Blockchains Shubham Sharma, Rahul Gupta, Shubham Sahai Srivastava and Sandeep K. Shukla Department of Computer Science and Engineering Indian Institute of Technology,
More informationMcAfee Database Security
McAfee Database Security Sagena Security Day 6 September 2012 September 20, 2012 Franz Hüll Senior Security Consultant Agenda Overview database security DB security from McAfee (Sentrigo) VMD McAfee Vulnerability
More informationL1: Computer Security Overview. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806
L1: Computer Security Overview Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 8/17/2015 CSCI 451- Fall 2015 1 Acknowledgement Many slides are or
More informationEngineering Your Software For Attack
Engineering Your Software For Attack Robert A. Martin Senior Principal Engineer Cyber Security Center Center for National Security The MITRE Corporation 2013 The MITRE Corporation. All rights reserved.
More informationmission critical applications mission critical security Oracle Critical Patch Update July 2011 Oracle Database Impact
mission critical applications mission critical security Oracle Critical Patch Update July 2011 Oracle Database Impact Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of
More informationEFFICIENT DATA SHARING WITH ATTRIBUTE REVOCATION FOR CLOUD STORAGE
EFFICIENT DATA SHARING WITH ATTRIBUTE REVOCATION FOR CLOUD STORAGE Chakali Sasirekha 1, K. Govardhan Reddy 2 1 M.Tech student, CSE, Kottam college of Engineering, Chinnatekuru(V),Kurnool,Andhra Pradesh,
More informationChapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More informationMcAfee Embedded Control
McAfee Embedded Control System integrity, change control, and policy compliance in one solution McAfee Embedded Control maintains the integrity of your system by only allowing authorized code to run and
More informationA (sample) computerized system for publishing the daily currency exchange rates
A (sample) computerized system for publishing the daily currency exchange rates The Treasury Department has constructed a computerized system that publishes the daily exchange rates of the local currency
More informationAdministrative Details. CS 140 Final Review Session. Pre-Midterm. Plan For Today. Disks + I/O. Pre-Midterm, cont.
Administrative Details CS 140 Final Review Session Final exam: 12:15-3:15pm, Thursday March 18, Skilling Aud (here) Questions about course material or the exam? Post to the newsgroup with Exam Question
More informationImproving data integrity on cloud storage services
International Journal of Engineering Science Invention Volume 2 Issue 2 ǁ February. 2013 Improving data integrity on cloud storage services Miss. M.Sowparnika 1, Prof. R. Dheenadayalu 2 1 (Department of
More informationInstructor: Jinze Liu. Fall 2008
Instructor: Jinze Liu Fall 2008 http://www.securityfocus.com/news/11455 Jinze Liu @ University of Kentucky 9/22/2008 2 Source: http://www.gocsi.com/ Database Security - Farkas 3 Almost all corporate/organizational
More informationOS Security III: Sandbox and SFI
1 OS Security III: Sandbox and SFI Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 VMs on lab machine Extension? 3 Users and processes FACT: although ACLs use users as subject, the OS
More informationIS THERE A HOLE IN YOUR RISC-V SECURITY STACK? JOTHY ROSENBERG DOVER MICROSYSTEMS
IS THERE A HOLE IN YOUR RISC-V SECURITY STACK? JOTHY ROSENBERG DOVER MICROSYSTEMS I understand the difference in destruction is dramatic, but this has a whiff of August 1945. Someone just used a new weapon,
More informationIntegrigy Consulting Overview
Integrigy Consulting Overview Database and Application Security Assessment, Compliance, and Design Services March 2016 mission critical applications mission critical security About Integrigy ERP Applications
More informationmission critical applications mission critical security Oracle Critical Patch Update July 2011 E-Business Suite Impact
mission critical applications mission critical security Oracle Critical Patch Update July 2011 E-Business Suite Impact Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director
More informationA Knowledge-based Alert Evaluation and Security Decision Support Framework 1
A Knowledge-based Alert Evaluation and Security Decision Support Framework 1 Jinqiao Yu Department of Mathematics and Computer Science Illinois Wesleyan Univerisity P.O.Box 2900 Bloomington, IL 61701 Ramana
More informationOracle Audit Vault Implementation
Oracle Audit Vault Implementation For SHIPPING FIRM Case Study Client Company Profile It has been involved in banking for over 300 years. It operates in over 50 countries with more than 1, 47,000 employees.
More informationIssues of Operating Systems Security
ECAI 2007 - International Conference Second Edition Electronics, Computers and Artificial Intelligence 29 th 30 th June, 2007, Piteşti, ROMÂNIA Issues of Operating Systems Security Academy of Economic
More informationCOPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51
Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual
More informationIntroduction to Computer Security
Introduction to Computer Security Instructor: Mahadevan Gomathisankaran mgomathi@unt.edu 1 Introduction So you can specify a well-thought-out policy and a concrete model now what? Now it s time for a system
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (1 st Week) Outline Course Information and Policies Course Syllabus 1. Overview Course Information Instructor: Prof. Dr. Hasan H. BALIK, balik@yildiz.edu.tr,
More informationASC Chairman. Best Practice In Data Security In The Cloud. Speaker Name Dr. Eng. Bahaa Hasan
Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Best Practice In Data Security
More informationChapter 18: Evaluating Systems
Chapter 18: Evaluating Systems Goals Trusted Computer System Evaluation Criteria FIPS 140 Common Criteria SSE-CMM Slide #18-1 Overview Goals Why evaluate? Evaluation criteria TCSEC (aka Orange Book) FIPS
More informationTrust4All: a Trustworthy Middleware Platform for Component Software
Proceedings of the 7th WSEAS International Conference on Applied Informatics and Communications, Athens, Greece, August 24-26, 2007 124 Trust4All: a Trustworthy Middleware Platform for Component Software
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationC and C++ Secure Coding 4-day course. Syllabus
C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course
More informationCASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001)
CASP CompTIA Advanced Security Practitioner Study Guide: (Exam CAS-001) Gregg, Michael ISBN-13: 9781118083192 Table of Contents Foreword xxi Introduction xxvii Assessment Test xliv Chapter 1 Cryptographic
More informationStudents should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Secure Java Web Application Development Lifecycle - SDL (TT8325-J) Day(s): 5 Course Code: GK1107 Overview Secure Java Web Application Development Lifecycle (SDL) is a lab-intensive, hands-on Java / JEE
More informationLecture 15 Designing Trusted Operating Systems
Lecture 15 Designing Trusted Operating Systems Thierry Sans 15-349: Introduction to Computer and Network Security Anatomy of an operating system Concept of Kernel Definition Component that provides an
More informationTop 10 Database Security Threats and How to Stop Them. Rob Rachwald Director of Security Strategy
Top 10 Database Security Threats and How to Stop Them Rob Rachwald Director of Security Strategy Data Has Value Data Has Value Top 7 Attacks Discussed in Hacker Forums 11% 9% 12% 12% 15% 21% 20% dos/ddos
More informationOWASP 5/07/09. The OWASP Foundation OWASP Static Analysis (SA) Track Session 1: Intro to Static Analysis
Static Analysis (SA) Track Session 1: Intro to Static Analysis Eric Dalci Cigital edalci at cigital dot com 5/07/09 Copyright The Foundation Permission is granted to copy, distribute and/or modify this
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationIntroduction p. 1 The purpose and fundamentals of access control p. 2 Authorization versus authentication p. 3 Users, subjects, objects, operations,
Preface p. xv Acknowledgments p. xvii Introduction p. 1 The purpose and fundamentals of access control p. 2 Authorization versus authentication p. 3 Users, subjects, objects, operations, and permissions
More informationWeb Security. Outline
Security CS 161/194-1 Anthony D. Joseph November 21, 2005 s Outline Static and Dynamic Content Firewall review Adding a DMZ Secure Topologies 2 1 Polls How many people have set up a personal web server?
More informationDynamic Datacenter Security Solidex, November 2009
Dynamic Datacenter Security Solidex, November 2009 Deep Security: Securing the New Server Cloud Virtualized Physical Servers in the open Servers virtual and in motion Servers under attack 2 11/9/09 2 Dynamic
More informationSYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS
SYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS David Murotake, (SCA Technica, Inc. Nashua NH, USA; david.murotak@scatechnica.com) Antonio Martin (SCA Technica, Inc., Nashua NH, USA;
More informationSql Server Service Specific Error Code 1814
Sql Server Service Specific Error Code 1814 but I'm receiving the error message Incorrect syntax near 'dummy_driver'. "Too localized - this could be because your code has a typo, basic error, or is Server
More informationCompliance and Privileged Password Management
Introduces Compliance and Privileged Password Management [ W H I T E P A P E R ] Written by Kris Zupan, CEO/CTO e-dmz Security, LLC April 13, 2007 Compliance and Privileged Password Management Overview
More informationProduct Security Briefing
Product Security Briefing Performed on: Adobe ColdFusion 8 Information Risk Management Plc 8th Floor Kings Building Smith Square London SW1 P3JJ UK T +44 (0)20 7808 6420 F +44 (0)20 7808 6421 Info@irmplc.com
More information19.1. Security must consider external environment of the system, and protect it from:
Module 19: Security The Security Problem Authentication Program Threats System Threats Securing Systems Intrusion Detection Encryption Windows NT 19.1 The Security Problem Security must consider external
More information"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary
Course Summary Description Securing.Net Web Applications - Lifecycle is a lab-intensive, hands-on.net security training course, essential for experienced enterprise developers who need to produce secure.net-based
More informationA Pigeon Agents based Analytical Model to Optimize Communication in Delay Tolerant Network
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 6, June 2015, pg.1029
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationSurvey Paper on Efficient and Secure Dynamic Auditing Protocol for Data Storage in Cloud
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 1, January 2014,
More informationACS-3921/ Computer Security And Privacy. Chapter 5 Database and Data Centre Security
ACS-3921/4921-001 Computer Security And Privacy Chapter 5 Database and Data Centre Security ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted
More informationSurvey of Cyber Moving Targets. Presented By Sharani Sankaran
Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationProtect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013
Protect Your Application with Secure Coding Practices Barrie Dempster & Jason Foy JAM306 February 6, 2013 BlackBerry Security Team Approximately 120 people work within the BlackBerry Security Team Security
More informationCollaborative Framework for Testing Web Application Vulnerabilities Using STOWS
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320 088X IMPACT FACTOR: 5.258 IJCSMC,
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationDATABASE MANAGEMENT SYSTEMS. UNIT I Introduction to Database Systems
DATABASE MANAGEMENT SYSTEMS UNIT I Introduction to Database Systems Terminology Data = known facts that can be recorded Database (DB) = logically coherent collection of related data with some inherent
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationFabric Security (Securing the SAN Infrastructure) Daniel Cohen Solutioneer Brocade Communications Systems, Inc
Fabric Security (Securing the SAN Infrastructure) Daniel Cohen Solutioneer Brocade Communications Systems, Inc Agenda Why Secure a SAN? SAN Security Threats Weaknesses Fabric Security Controls Security
More informationPROVIDING DATABASE ENCRYPTION AS A SCALABLE ENTERPRISE INFRASTRUCTURE SERVICE. Protecting against External and Internal Threats
PROVIDING DATABASE ENCRYPTION AS A SCALABLE ENTERPRISE INFRASTRUCTURE SERVICE Protecting against External and Internal Threats Ulf T. Mattsson, CTO Protegrity Abstract: As databases become networked in
More information- Table of Contents -
- Table of Contents - 1 INTRODUCTION... 1 1.1 OBJECTIVES OF THIS GUIDE... 1 1.2 ORGANIZATION OF THIS GUIDE... 2 1.3 COMMON CRITERIA STANDARDS DOCUMENTS... 3 1.4 TERMS AND DEFINITIONS... 5 2 BASIC KNOWLEDGE
More informationHow were the Credit Card Numbers Published on the Web? February 19, 2004
How were the Credit Card Numbers Published on the Web? February 19, 2004 Agenda Security holes? what holes? Should I worry? How can I asses my exposure? and how can I fix that? Q & A Reference: Resources
More informationCourse overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)
Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience
More informationSTING: Finding Name Resolution Vulnerabilities in Programs
STING: Finding Name Resolution ulnerabilities in Programs Hayawardh ijayakumar, Joshua Schiffman, Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department
More informationManaging the Emerging Semantic Risks
The New Information Security Agenda: Managing the Emerging Semantic Risks Dr Robert Garigue Vice President for information integrity and Chief Security Executive Bell Canada Page 1 Abstract Today all modern
More informationDrone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created
Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:
More informationTowards Formal Evaluation of a High-Assurance Guard
Towards Formal Evaluation of a High-Assurance Guard Mark R. Heckman Roger R. Schell Edwards E. Reed 2012 Layered Assurance Workshop,
More informationA Ubiquitous Web Services Framework for Interoperability in Pervasive Environments
A Ubiquitous Web Services Framework for Interoperability in Pervasive Environments Hyung-Jun Yim and Kyu-Chul Lee * Dept. of Computer Engineering, Chungnam National University 220 Gung-Dong, Yuseong-Gu,
More informationSecurity Technologies for Dynamic Collaboration
Special Issue Advanced Technologies Driving Dynamic Collaboration Featuring System Technologies Security Technologies for Dynamic Collaboration By Hiroshi MIYAUCHI,* Ayako KOMATSU, Masato KAWATSU and Masashi
More informationIBM Future of Work Forum
IBM Cognitive IBM Future of Work Forum The Engaged Enterprise Comes Alive Improving Organizational Collaboration and Efficiency While Enhancing Security on Mobile and Cloud Apps Chris Hockings IBM Master
More informationWeb Security Vulnerabilities: Challenges and Solutions
Web Security Vulnerabilities: Challenges and Solutions A Tutorial Proposal for ACM SAC 2018 by Dr. Hossain Shahriar Department of Information Technology Kennesaw State University Kennesaw, GA 30144, USA
More informationSecuring Information Systems
Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value
More information