Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mark Ryan Professor of Computer Security 25 November 2009

Published byChloe Randall Modified over 6 years ago

Similar presentations

Presentation on theme: "Mark Ryan Professor of Computer Security 25 November 2009"— Presentation transcript:

1 Mark Ryan Professor of Computer Security 25 November 2009

2 Insecure PCs buffer overflow virus Trojan horse malware DoS attack
phishing worm spam cross-site scripting spyware identity theft botnets keyloggers DNS spoofing

3 β α means β is a possible way to achieve α hardware theft
hardware keylogger phishing data theft (inc. ID theft) DNS spoofing XSS exploit software vulnerabilities destruction (inc. vandalism) install malware DDoS promotion send spam create botnet β α means β is a possible way to achieve α

4

5

6 Malware covers all kinds of intruder software
Malware is software intended to intercept or take partial control of a computer's operation without the user's informed consent. It subverts the computer's operation for the benefit of a third party. Also called spyware. The term “spyware” taken literally suggests software that surreptitiously monitors the user. But it has come to refer more broadly to any kind of malware, Malware covers all kinds of intruder software including viruses, worms, backdoors, rootkits, Trojan horses, stealware etc. These terms have more specific meanings.

7 How malware spreads Trojan horse Virus Worm Drive-by
a malicious program that is disguised as useful and legitimate software. Can be part of, or bundled with, the carrier software. Virus Self-replicating program that spreads by inserting copies of itself into other executable code or documents. Worm Self-replicating program, similar to virus, but is self- contained (does not need to be part of another program). Spreads by exploiting service vulnerabilities. Drive-by installs as side-effect of visiting a website; exploits browser vulnerability. Detail from "The Procession of the Trojan Horse in Troy“, Giovanni Domenico Tiepolo

8

9

10 Why does this problem exist?
Why can't engineers create systems that are not vulnerable to this plethora of attacks? Compare: cars aircraft telephone system electricity production

11 We have the technology... Attack Defence malware
digital signatures for code anti-virus software phishing encrypted traffic key certificates education DNS spoofing

12 Why does this problem exist?
complexity immaturity of technology: “release and fix” of designers/programmers: bad culture of users: a new one born every day... open platform monoculture

13 Trusting Trust backdoor
How to create an undetectable backdoor: Change the compiler so that, when compiling the login program, it adds the hard-coded username/password check to the login program. Thus, the login program source code looks completely normal. As an extra twist, change the compiler so that, when compiling the compiler, it adds the code to add the code to the login program. Thus, even if the compiler is recompiled, the backdoor will still be inserted. And none of the source code reveals the backdoor. Described in a paper by Ken Thompson, Reflections on Trusting Trust, 1995.

14 What you can do Don't connect directly to the Internet – connect via a router instead Don't install anything! no third-party toolbars, extensions, helpers, freebies unless you really know where they came from Be sceptical about from nice people who want to give you $20,000,000 or help you reduce your mailbox usage or help your computer to go faster Stop using Windows use Linux, *BSD (or derivative, including Mac OS X) Update/patch frequently

15 What industry is doing better engineering thin clients cloud computing
trusted computing protected capabilities outside software control virtualisation, to support throw-away OS

Download ppt "Mark Ryan Professor of Computer Security 25 November 2009"

Similar presentations

Copyright, 1995-2006 1 The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce.

Copyright, The Malware Menagerie Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in Cyberspace Law & Policy at U.N.S.W., eCommerce.
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Threats To A Computer Network

Threats To A Computer Network
Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.

Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.
How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA 92697 USA

How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA USA
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.

Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.

ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.
Unit 2 - Hardware Computer Security.

Unit 2 - Hardware Computer Security.
Malware  Viruses  E-mail Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
By Mohammed kiche. Viruses A computer virus is a malware program that when executed replicates by inserting copies of itself modified into other computer.

By Mohammed kiche. Viruses A computer virus is a malware program that when executed replicates by inserting copies of itself modified into other computer.
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.

Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.

Similar presentations

Ads by Google