The SkyNet Virus Why It Is Unstoppable; How To Stop It By Marc Stiegler

Slides:



Advertisements
Similar presentations
presents from anywhere… to anywhere… in any format.
Advertisements

H Apr-01 Clark Thomborson Software Security CompSci 725 Handout 28: Report Writing #2 (Sample Titles & Abstracts) Clark Thomborson University of.
Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets Chapter 4.
Problem Solving Environments: Expectations and Reality Richard Fateman Computer Science Division University of California, Berkeley.
VM: Chapter 5 Guiding Principles for Software Security.
HACKER NOT CRACKER. HACKER IS  A person who enjoys exploring the details of programmable systems and how to stretch their capabilities  Most often programmers.
Active X Microsoft’s Answer to Dynamic Content Reference: Using Active X by Brian Farrar QUE
‘SECURITY ISSUES OF P2P COMPUTING’ Presented By Sravan K Abbaraju CS
1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research
Chapter 9 Security Environment Basics of Cryptography Protection Mechanisms Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,
Chapter 9 Security Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.
Version # Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 1999 by Carnegie.
AXIS Camera Station Comprehensive video management software for monitoring, recording, playback and event management.
Agile Testing with Testing Anywhere The road to automation need not be long.
Electronic Thesis And Dissertation Database Errors Luke Schmader Ryan Mestre Client: Zhiwu Xie CS4624 5/6/2014.
Starting Chapter 4 Starting. 1 Course Outline* Covered in first half until Dr. Li takes over. JAVA and OO: Review what is Object Oriented Programming.
Digital Citizenship By Web Design.  It is a system to teach students and teachers the way to use technology correctly. As new technology appears we all.
Viruses.
 Computer Hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.  the act.
Chapter 5 Security Threats to Electronic Commerce
Using the Powerful Microsoft Azure Platform, e-SUAP Properly and Securely Manages All Steps for Customizable Business Activities Permissions MICROSOFT.
Mark S. Miller, Bill Tulloh, Jonathan Shapiro Virus-Safe Computing Project Hewlett Packard Laboratories Johns Hopkins University George Mason University.
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
Computer Security. 2 Computer Crime and Cybercrime Computer crimes occur when intruders gain unauthorized access to computer systems Cybercrime is crime.
3.3 Digital Communication Security. Overview Demonstrate knowledge and understanding of basic network security measures, e.g. passwords, access levels,
Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.
Security in Computer System 491 CS-G(172) By Manesh T
CHAPTER 7: PRIVACY, CRIME, AND SECURITY. Privacy in Cyberspace  Privacy: an individual’s ability to restrict or eliminate the collection, use and sale.
An Introduction to Progress Arcade ™ June 12, 2013 Rob Straight Senior Manager, OpenEdge Product Management.
Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.
BY: CHASIDY TUCKER Digital Citizenship Project. Plagiarism Pass off ideas of others without crediting the source.
MAGNA COMICS. Computer security. System security Problems to the system: Complete shut down. Slow response to actions. Possibility of loosing files Identity.
 Simpletranscript.com is an application to ease those cumbersome processes for the Student as well as the Universities to share transcripts online. 
1 Problem Solving We now have enough tools to start solving some problems. For any problem, BEFORE you start writing a program, determine: –What are the.
THOMAS RANDOLPH KYLE SMITH STUART FELDT NICK PARKER What: Restaurant Management System. Why: Improve customer experience. Makes us better: Ours is personal.
Upload, Process, and Deliver Digital Media Assets from Everywhere and at Any Time with Reelway and the Microsoft Azure Cloud MICROSOFT ISV PROFILE: REELWAY.
Macro Recording. Macros Image-pro Plus has an internal programming language called Auto-Pro. We can use Auto-pro to create: Executable Routines Executable.
Mario Čagalj Sveučilište u Splitu 2014/15. Sigurnost računala i podataka.
Principles of Information Systems, Sixth Edition 1 The Internet, Intranets, and Extranets Chapter 7.
Lecture 13 Page 1 CS 236 Online Principles for Secure Software Following these doesn’t guarantee security But they touch on the most commonly seen security.
Capability Secure Distributed File Management By Combex, Inc. For More Information Contact Marc Stiegler
1 Mobile Code l Java Review –Java code is platform independent and runs within a “sandbox”, or a set of restrictions that keep downloaded applets from.
NetTech Solutions Protecting the Computer Lesson 10.
Applets, Images, and Audio Chapter 14 CSCI CSCI 1302 – Applets, Images, and Audio2 Outline Introduction The Applet Class –The init Method –The start.
ANU COMP2110 Software Design in 2003 Lecture 10Slide 1 COMP2110 Software Design in 2004 Lecture 12 Documenting Detailed Design How to write down detailed.
Part V Electronic Commerce Security Online Security Issues Overview Managing Risk Computer Security Classifications. Security.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Technology Education THE PERSONAL COMPUTER (PC) SOFTWARE PART 1.
1 Figure 9-3: Webserver and E-Commerce Security Browser Attacks  Take over a client via the browser Interesting information on the client Can use browser.
 Internet –INTERnational NETwork is the network of computer networks.  It is a Wide Area Network(WLAN).You can have unlimited access to internet. 
Java State Explorer by: Richard Sherman Stephanie Taylor.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Top useful Tool for Publishing online and offline flip books.
Introduction of Wget. Wget Wget is a package for retrieving files using HTTP and FTP, the most widely-used Internet protocols. Wget is non-interactive,
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.
Cases Study: Code Red. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Case Study: Code Red Author: Jedidiah.
Techdotcomp Support Based on Seattle, WA USA. Why Select AVG Antivirus? AVG antivirus is considered to be one of the most user friendly antiviruses of.
MLM Software Company, MLM Software Demo, Multi level Marketing Software
The popularity of Yahoo Best features of Yahoo General technical issues of Yahoo CALL US:
State your reasons or how to keep proofs while optimizing code
Windows 8 Microsoft Windows is the dominant operating system on personal computers around the world. The operating system is the most important software.
BioCoRE A web-based collaborative environment for biomedical research, research management, and training Group research by projects Co-authoring and sharing.
eChat (Capability Secure Instant Messaging)
Security Technologies Compare and Contrast
Capability Security with Traditional Software
Systems Design Chapter 6.
Case Study: Code Red Author: Jedidiah R. Crandall,
My 7-Point Plan for Windows Security
Presentation transcript:

The SkyNet Virus Why It Is Unstoppable; How To Stop It By Marc Stiegler

Marc Stiegler – -- – (928) Principle of Least Authority/Privilege  POLA  Thousands of years old

Marc Stiegler – -- – (928) The Last POLA Violation Humanity Makes Congressman: If you activate SkyNet, it can destroy this supervirus, right? General Brewster: Yes…but while it is activated, it will control all our nuclear missiles. Congressman: But you will control SkyNet, right? General Brewster: [long, long pause]…Yes.

Marc Stiegler – -- – (928) Lip Service  Firewalls  Access Control Lists  Certificates

Marc Stiegler – -- – (928)  Every Application is Launched with Grossly Excessive Authority Universal Security Problem: Ambient Authority

Marc Stiegler – -- – (928) Ubiquitous Excess Authority Guarantees Abuse John Connor: General Brewster, SkyNet is the virus Yahoo Instant Messenger

Marc Stiegler – -- – (928) Solution: No Default Authority  Only get granted authority by creators, invokers  User Interface Disaster?  Java Web Start, Proof By Disaster

Marc Stiegler – -- – (928) Solution’s Solution: Bundle Designation with Authority  File Dialog  Drag/Drop  Etc.

Marc Stiegler – -- – (928) The Golden Triangle Java Applets (impotent) Java Web Start Multi- level Security Virus Checkers Java Apps (insecure) You can have it all! (unusable)

Marc Stiegler – -- – (928) POLA Inside the Application

Marc Stiegler – -- – (928) Object-Level Authority Bundling  Granovetter Diagram  Absolute Encapsulation  Only source of authority Alice says: bob.foo(carol)

Marc Stiegler – -- – (928) Object POLA Boundaries: Almost Free  Taken from “Capability Based Financial Instruments”  Proceedings of Financial Cryptography ’00  Security Is Easy At Finest Grain, Hard Anywhere Else Digital Money with a Capability Secure Language in 1 page

Marc Stiegler – -- – (928) Trustworthy Programmers Do Not Mean Trustworthy Software

Marc Stiegler – -- – (928) Ubiquitous POLA Means Trustworthy Software

Marc Stiegler – -- – (928) Economic Proof Of Unstoppability  Ross Anderson  Fix 95/100 security bugs, cracker who finds only 10 bugs still gets one you missed  Correct for conventional security regimes (perimeter security model)  False! For Ubiquitous POLA Defense In Depth

Marc Stiegler – -- – (928) Sara Connor: No Fate Except What We Make “It is unthinkable that another thirty years will go by without one of two occurrences: either there will be horrific cyber disasters…or the available technology will be delivered…in products that provide effective security.” --Karger&Schell References:

Marc Stiegler – -- – (928) Demo

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.