Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips
Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips.
Dec 17, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Lecture 14
Program Flaws
CS 450/650
Fundamentals of Integrated Computer Security
Slides are modified from Csilla Farkas and Brandon Phillips
Program Flaws
• Taxonomy of flaws:– how (genesis)– when (time)– where (location)
• the flaw was introduced into the system
2CS 450/650 Lecture 14: Program Flaws
Security Flaws by Genesis• Genesis
– Intentional• Malicious: Trojan Horse, Trapdoor, Logic Bomb, Worms,
Virus• Non-malicious
– Inadvertent• Validation error• Domain error• Serialization error• Identification/authentication error• Other error
3CS 450/650 Lecture 14: Program Flaws
Flaws by time
• Time of introduction– During development
• Requirement/specification/design• Source code• Object code
– During maintenance
– During operation
4CS 450/650 Lecture 14: Program Flaws
Flaws by Location
• Location– Software
• Operating system: system initialization, memory management, process management, device management, file management, identification/authentication, other
• Support tools: privileged utilities, unprivileged utilities• Application
– Hardware
5CS 450/650 Lecture 14: Program Flaws
Malware?
CS 450/650 Lecture 14: Program Flaws 6
Malware Evolution• 1980s
– Malware for entertainment (pranks)
– 1983: “virus”– 1988: Internet Worm
• 1990s– Malware for social status /
experiments– 1990: antivirus software
• Early 2000s– Malware to spam
• Mid 2000s– Criminal malware
CS 450/650 Lecture 14: Program Flaws 7
Malware Targets
Platform %
*nix (Linux, BSD) 0.052%
Mac (OS X primarily) 0.005%
Mobile (Symbian, WinCE) 0.020%
Other (MySQL, IIS, DOS) 0.012%
Windows (XP SP2, SP3, Vista, 7) 99.91%
CS 450/650 Lecture 14: Program Flaws 8
Browser-based Exploits• 10% Adobe Flash• 8% RealPlayer• 8% Microsoft
(Microsoft Security Intelligence Report 6)
CS 450/650 Lecture 14: Program Flaws 9
Bank Logons• A Washington Mutual Bank account in
the U.S. with an available balance of $14,400 is priced at 600 euros ($924), while a Citibank UK account with an available balance of 10,044 pounds is priced at 850 euros ($1,310).
• It may appear to be less dangerous to resell access to a bank account rather than to use it directly.
McAfee ©2008
CS 450/650 Lecture 14: Program Flaws 10
Related Documents
