Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips.

Published byAlexia McBride Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips."— Presentation transcript:

1 Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips

2 Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650 Lecture 14: Program Flaws

3 Security Flaws by Genesis Genesis – Intentional Malicious: Trojan Horse, Trapdoor, Logic Bomb, Worms, Virus Non-malicious – Inadvertent Validation error Domain error Serialization error Identification/authentication error Other error 3 CS 450/650 Lecture 14: Program Flaws

4 Flaws by time Time of introduction – During development Requirement/specification/design Source code Object code – During maintenance – During operation 4 CS 450/650 Lecture 14: Program Flaws

5 Flaws by Location Location – Software Operating system: system initialization, memory management, process management, device management, file management, identification/authentication, other Support tools: privileged utilities, unprivileged utilities Application – Hardware 5 CS 450/650 Lecture 14: Program Flaws

6 Malware? CS 450/650 Lecture 14: Program Flaws 6

7 Malware Evolution 1980s – Malware for entertainment (pranks) – 1983: “virus” – 1988: Internet Worm 1990s – Malware for social status / experiments – 1990: antivirus software Early 2000s – Malware to spam Mid 2000s – Criminal malware CS 450/650 Lecture 14: Program Flaws 7

8 Malware Targets Platform% *nix (Linux, BSD)0.052% Mac (OS X primarily)0.005% Mobile (Symbian, WinCE)0.020% Other (MySQL, IIS, DOS)0.012% Windows (XP SP2, SP3, Vista, 7)99.91% CS 450/650 Lecture 14: Program Flaws 8

9 Browser-based Exploits 10%Adobe Flash 8%RealPlayer 8%Microsoft (Microsoft Security Intelligence Report 6)‏ CS 450/650 Lecture 14: Program Flaws 9

10 Bank Logons A Washington Mutual Bank account in the U.S. with an available balance of $14,400 is priced at 600 euros ($924), while a Citibank UK account with an available balance of 10,044 pounds is priced at 850 euros ($1,310). It may appear to be less dangerous to resell access to a bank account rather than to use it directly. McAfee ©2008 CS 450/650 Lecture 14: Program Flaws 10

Download ppt "Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips."

Similar presentations

 Prof. Dr. M. H. Assal Introduction to Computer AS 26/10/2014.

 Prof. Dr. M. H. Assal Introduction to Computer AS 26/10/2014.
1 BENT Educational Society  Software is collection of instructions which tells the computer that what to do and how to do.  There.

1 BENT Educational Society  Software is collection of instructions which tells the computer that what to do and how to do.  There.
Putting It All Together 1.  Maintaining a Hard Drive Ch 4 Lab  Hardware cleaning tips ▪ Microsoft Tips Microsoft Tips ▪ Computer Hope Tips Computer.

Putting It All Together 1.  Maintaining a Hard Drive Ch 4 Lab  Hardware cleaning tips ▪ Microsoft Tips Microsoft Tips ▪ Computer Hope Tips Computer.
Computers Software. Computer Layers Hardware BIOS Operating System Applications.

Computers Software. Computer Layers Hardware BIOS Operating System Applications.
Lecture 13 Malicious Software modified from slides of Lawrie Brown.

Lecture 13 Malicious Software modified from slides of Lawrie Brown.
Chapter 3 (Part 1) Network Security

Chapter 3 (Part 1) Network Security
A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys,

A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys,
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.

3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.
________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]
Introduction to Computer Programming CSC 1401: Introduction to Programming with Java Lecture 2 Wanda M. Kunkle.

Introduction to Computer Programming CSC 1401: Introduction to Programming with Java Lecture 2 Wanda M. Kunkle.
Nasca 2007 100 200 300 400 500 Internet Networking and Security viruses.

Nasca Internet Networking and Security viruses.
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.

Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.
Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,

Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,
Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.

Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.
Computer Viruses and Threats Section 1.03: Identify best practices for computer security and privacy Essential Question: What are the threats to your computer?

Computer Viruses and Threats Section 1.03: Identify best practices for computer security and privacy Essential Question: What are the threats to your computer?
Learning Outcomes At the end of this lesson, students should be able to: State the types of system software – Operating system – Utility system Describe.

Learning Outcomes At the end of this lesson, students should be able to: State the types of system software – Operating system – Utility system Describe.
Security for Seniors SeniorNet Help Desk 631.629.5426

Security for Seniors SeniorNet Help Desk

Similar presentations

Ads by Google