Software Security.

Slides:



Advertisements
Similar presentations
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Advertisements

Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.
Tamper Resistant Software An Implementation By David Aucsmith, IAL “This paper describes a technology for the construction of tamper resistant software.”
ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.
Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.
Introduction to Security in Computing Computer and Network Security Semester 1, 2011 Lecture #01.
Daily Tests - SAST March , © Ascom1 Daily Tests of Embedded Systems.
The Future of Correct Software George Necula. 2 Software Correctness is Important ► Where there is software, there are bugs ► It is estimated that software.
Nozzle: A Defense Against Heap-spraying Code Injection Attacks Paruj Ratanaworabhan, Cornell University Ben Livshits and Ben Zorn, Microsoft Research (Redmond,
Presented By: Vinay Kumar.  At the time of invention, Internet was just accessible to a small group of pioneers who wanted to make the network work.
Software Testing and Quality Assurance
1 SWE Introduction to Software Engineering Lecture 5.
Rigorous Fault Tolerance Using Aspects and Formal Methods Shmuel Katz Computer Science Department The Technion Haifa, Israel
Developing Dependable Systems CIS 376 Bruce R. Maxim UM-Dearborn.
1 The Problem o Fluid software cannot be trusted to behave as advertised unknown origin (must be assumed to be malicious) known origin (can be erroneous.
Testing Static Analysis Tools using Exploitable Buffer Overflows from Open Source Code Zitser, Lippmann & Leek Presented by: José Troche.
State coverage: an empirical analysis based on a user study Dries Vanoverberghe, Emma Eyckmans, and Frank Piessens.
Expediting Programmer AWAREness of Anomalous Code Sarah E. Smith Laurie Williams Jun Xu November 11, 2005.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
Software Testing Verification and validation planning Software inspections Software Inspection vs. Testing Automated static analysis Cleanroom software.
CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.
Secure Software Development SW Penetration Testing Chapter 6 Rasool Jalili & M.S. Dousti Dept. of Computer Engineering Fall 2010.
Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.
Verification and Validation Yonsei University 2 nd Semester, 2014 Sanghyun Park.
© Janice Regan, CMPT 128, Jan CMPT 128 Introduction to Computing Science for Engineering Students Creating a program.
 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.
1 Debugging and Testing Overview Defensive Programming The goal is to prevent failures Debugging The goal is to find cause of failures and fix it Testing.
CSCE 548 Code Review. CSCE Farkas2 Reading This lecture: – McGraw: Chapter 4 – Recommended: Best Practices for Peer Code Review,
15-740/ Oct. 17, 2012 Stefan Muller.  Problem: Software is buggy!  More specific problem: Want to make sure software doesn’t have bad property.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Secure Systems Research Group - FAU 1 A survey of dependability patterns Ingrid Buckley and Eduardo B. Fernandez Dept. of Computer Science and Engineering.
Microsoft Security Development Lifecycle
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
R Enabling Trusted Software Integrity Darko Kirovski Microsoft Research Milenko Drinić Miodrag Potkonjak Computer Science Department University of California,
{ Enhanced Operating System Security Through Efficient and Fine-grained Address Space Randomization Cristiano Giuffrida, Anton Kuijsten & Andrew S.Tanenbaum.
Software Security Weakness Scoring Chris Wysopal Metricon August 2007.
Model Checking and Model-Based Design Bruce H. Krogh Carnegie Mellon University.
Anton Krbaťa Ján Budáč  Verification: "Are we building the product right ?„  Validation: "Are we building the right product ?"
Topics Covered: Software testing Software testing Levels of testing Levels of testing  Unit testing Unit testing Unit testing  Integration testing Integration.
Security Development Life Cycle Baking Security into Development September 2010.
1 Introduction SEARCH-LAB Ltd.. 2 Introduction of SEARCH-LAB SEARCH Laboratory established at the Budapest University of Technology in 1999 SEARCH-LAB.
Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code Jeff Seibert, Hamed Okhravi, and Eric Söderström Presented.
Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.
A Binary Agent Technology for COTS Software Integrity Anant Agarwal Richard Schooler InCert Software.
Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
HNDIT23082 Lecture 09:Software Testing. Validations and Verification Validation and verification ( V & V ) is the name given to the checking and analysis.
Application Communities Phase 2 (AC2) Project Overview Nov. 20, 2008 Greg Sullivan BAE Systems Advanced Information Technologies (AIT)
Presentation subtitle: 20pt Arial Regular, green R223 | G255 | B102 Recommended maximum length: 2 lines Confidentiality/date line: 13pt Arial Regular,
The PLA Model: On the Combination of Product-Line Analyses 강태준.
Software Security Q: What does it mean to say that a program is secure? A: There is a sufficient amount of trust that the program maintains _____________,
Presented by Rob Carver
CSCE 548 Secure Software Development Risk-Based Security Testing
Software Security Testing
Computer Data Security & Privacy
Cyber Security By: Pratik Gandhi.
State your reasons or how to keep proofs while optimizing code
TRUST:Team for Research in Ubiquitous Secure Technologies
Athith Amarnath, graduate Student Database and Security Research Group
Intrusion Detection & Prevention
CodePeer Update Arnaud Charlet CodePeer Update Arnaud Charlet
Home Internet Vulnerabilities
Lecture 09:Software Testing
Improving Security Using Extensible Lightweight Static Analysis
CodePeer Update Arnaud Charlet CodePeer Update Arnaud Charlet
Motivations Algebraic Manipulation Detection Codes
Progression of Test Categories
Software Engineering for Safety: a Roadmap
Presentation transcript:

Software Security

Messages Repeated message. Characterize security vulnerabilities for software systems, which could be domain specific. Aggressive static analysis to prevent design and implementation errors. Environments, compilers, ... Around 2000 Microsoft went into an overdrive on programming defensively against security vulnerabilities. Vista still has security problems.

Security properties is one more piece of concern added to concerns of functional correctness, performance metrics, real-time constraints, ...

Future More work on establishing lightweight properties of systems. Combination of static analysis and runtime monitoring (postponing what is not doable at compile/design time to runtime). Guard against mal-ware using PCC, establishing properties of code. Main problem is discovering enough lightweight properties that are checkable. Exchanges during verification subject to attacks.

Future Static analysis of binary is a greater issue than analyzing source code. Recovery from detection of security exploit or security related fault in a graceful way. Assumption of environment in static analysis to reduce complexity and false alarms of static analysis.

Future More aggressive support for security and privacy at OS/Kernel level. What are possible organizations of secure kernel + management kernel.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.