all your family secrets belong to us worrisome security
play

All your family secrets belong to us - Worrisome security issues in - PowerPoint PPT Presentation

Nov 03, 2022 •272 likes •1.84k views

All your family secrets belong to us - Worrisome security issues in tracker apps Siegfried Rasthofer | Fraunhofer SIT, Germany Stephan Huber | Fraunhofer SIT, Germany DefCon26, August 11 th 2018 Who are we? Stephan Siegfried Security

  1. Agenda § Motivation § Background Information § Client-Side Authorization § Client-Side and Communication Vulnerabilities § Server-Side Vulnerabilities § Responsible Disclosure Process § Summary 47

  2. Mitm Attack DATA DATA tracking provider (back-end/cloud) user/app 48

  3. Mitm Attack DATA DATA tracking provider (back-end/cloud) user/app 49

  4. Mitm Attack DATA DATA tracking provider (back-end/cloud) user/app 50

  5. Mitm Attack DATA DATA tracking provider (back-end/cloud) user/app 51

  6. Mitm + Bad Crypto + Obfuscation ?? 52

  7. Mitm + Bad Crypto + Obfuscation ?? user@example.com secure123 53

  8. Mitm + Bad Crypto + Obfuscation http ://s9.***********.com/login/?aaa... GET /login/?aaa=Bi9srqo&nch=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A& tnd=CFF1CxQoaQcoLWoRaQ%3D%3D%0A HTTP/1.1 54

  9. Mitm + Bad Crypto + Obfuscation GET /login/? aaa=Bi9srqo& 1. nch=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A& tnd=CFF1CxQoaQcoLWoRaQ%3D%3D%0A HTTP/1.1 user@example.com secure123 55

  10. Mitm + Bad Crypto + Obfuscation GET /login/? aaa=Bi9srqo& 1. nch=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A& tnd=CFF1CxQoaQcoLWoRaQ%3D%3D%0A HTTP/1.1 GET /login/? ssp=CFF1CxQoaQcoLWoRaQ%3D%3D%0A& 2. eml=4hBWVqJg4D& mix=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A HTTP/1.1 user@example.com secure123 56

  11. Mitm + Bad Crypto + Obfuscation GET /login/? aaa=Bi9srqo& 1. nch=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A& tnd=CFF1CxQoaQcoLWoRaQ%3D%3D%0A HTTP/1.1 GET /login/? ssp=CFF1CxQoaQcoLWoRaQ%3D%3D%0A& 2. eml=4hBWVqJg4D& mix=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A HTTP/1.1 user@example.com GET /login/? secure123 psw=-ZI-WQe& 3. amr=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A& rma=CFF1CxQoaQcoLWoRaQ%3D%3D%0A HTTP/1.1 57

  12. Mitm + Bad Crypto + Obfuscation GET /login/? aaa=Bi9srqo& 1. nch=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A& tnd=CFF1CxQoaQcoLWoRaQ%3D%3D%0A HTTP/1.1 GET /login/? ssp=CFF1CxQoaQcoLWoRaQ%3D%3D%0A& 2. eml=4hBWVqJg4D& mix=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A HTTP/1.1 user@example.com GET /login/? secure123 psw=-ZI-WQe& 3. amr=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A& rma=CFF1CxQoaQcoLWoRaQ%3D%3D%0A HTTP/1.1 GET /login/? aaa=ZTZrO& 4. mag=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A& df=CFF1CxQoaQcoLWoRaQ%3D%3D%0A& data=5JFJzgYW_ HTTP/1.1 58

  13. Mitm + Bad Crypto + Obfuscation GET /login/? aaa=Bi9srqo& 1. nch=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A& tnd=CFF1CxQoaQcoLWoRaQ%3D%3D%0A HTTP/1.1 GET /login/? ssp=CFF1CxQoaQcoLWoRaQ%3D%3D%0A& 2. eml=4hBWVqJg4D& mix=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A HTTP/1.1 user@example.com GET /login/? secure123 psw=-ZI-WQe& 3. amr=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A& rma=CFF1CxQoaQcoLWoRaQ%3D%3D%0A HTTP/1.1 GET /login/? aaa=ZTZrO& 4. mag=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A& df=CFF1CxQoaQcoLWoRaQ%3D%3D%0A& data=5JFJzgYW_ HTTP/1.1 59

  14. Mitm + Bad Crypto + Obfuscation GET /login/? aaa=Bi9srqo& 1. nch=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A& tnd=CFF1CxQoaQcoLWoRaQ%3D%3D%0A HTTP/1.1 GET /login/? ssp=CFF1CxQoaQcoLWoRaQ%3D%3D%0A& 2. eml=4hBWVqJg4D& mix=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A HTTP/1.1 user@example.com GET /login/? secure123 psw=-ZI-WQe& 3. amr=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A& rma=CFF1CxQoaQcoLWoRaQ%3D%3D%0A HTTP/1.1 GET /login/? aaa=ZTZrO& 4. mag=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A& df=CFF1CxQoaQcoLWoRaQ%3D%3D%0A& data=5JFJzgYW_ HTTP/1.1 60

  15. Mitm + Bad Crypto + Obfuscation 'k', 'c', '#', 'a', 'p', 'p', '#', 'k', 'e', 'y', '#' 61

  16. Mitm + Bad Crypto + Obfuscation @ user@example.com 'k', 'c', '#', 'a', 'p', 'p', '#', 'k', 'e', 'y', '#' XOR Base64 DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ== 62

  17. Mitm + Bad Crypto + Obfuscation @ user@example.com 'k', 'c', '#', 'a', 'p', 'p', '#', 'k', 'e', 'y', '#' XOR {nl, bhf, mag, bdt, qac, trn, amr, mix, nch} + “=“ + Random() Base64 nch = DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A mix = DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A amr = DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A mag = DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A 63

  18. Mitm + Bad Crypto + Obfuscation @ ******** secure123 user@example.com 'k', 'c', '#', 'a', 'p', 'p', '#', 'k', 'e', 'y', '#' XOR XOR {df, ssp, fgh, drt, tnd, rfb, rma, vwe, hac} {nl, bhf, mag, bdt, qac, trn, amr, mix, nch} + “=“ Base64 + + + Random() Random() Base64 “=“ nch = DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A CFF1CxQoaQcoLWoRaQ%3D%3D%0A = tnd mix = DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A CFF1CxQoaQcoLWoRaQ%3D%3D%0A = ssp amr = DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A CFF1CxQoaQcoLWoRaQ%3D%3D%0A = rma mag = DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A CFF1CxQoaQcoLWoRaQ%3D%3D%0A = df 64

  19. Mitm + Bad Crypto + Obfuscation decode Base64 decode Base64 DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ== CFF1CxQoaQcoLWoRaQ== 65

  20. Mitm + Bad Crypto + Obfuscation @ ******** secure123 user@example.com 'k', 'c', '#', 'a', 'p', 'p', '#', 'k', 'e', 'y', '#' XOR XOR decode Base64 decode Base64 DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ== CFF1CxQoaQcoLWoRaQ== 66

  21. Mitm + Bad Crypto + Obfuscation GET /login/? @ aaa =Bi9srqo& nch=DzttDRMbYQcAPmUfAGQZHDxOJRMbclZeKQ%3D%3D%0A& tnd=CFF1CxQoaQcoLWoRaQ%3D%3D%0A ******** data =5JFJzgYW_ HTTP/1.1 + “=“ + GenerateRandomString() Random() {usr, psw, uid, data, eml, pss, foo, clmn, count, nam, srv, answ, aaa } 67

  22. 68

  23. Correct Secure Communication § Use https via TLS 1.2 or TLS 1.3 § Valid server certificate 69

  24. Correct Secure Communication § Use https via TLS 1.2 or TLS 1.3 § Valid server certificate § Implementation in Android: Kotlin: Java: URL url = new URL(" https ://wikipedia.org"); val url = URL(" https ://wikipedia.org") URLConnection urlConnection = url.openConnection(); val urlConnection: URLConnection = url.openConnection() https://developer.android.com/training/articles/security-ssl#java 70

  25. “Authentication“ 71

  26. “Authentication“ … Message message = new Message(); try { Class.forName("com.mysql.jdbc.Driver"); Connection con = DriverManager. getConnection( ); try { … 72

  27. “Authentication“ … Message message = new Message(); try { Class.forName("com.mysql.jdbc.Driver"); Connection con = DriverManager. getConnection(" jdbc:mysql://mysql.r*****************r.mobi/r*************06 ", "r*************06" , " t**********b "); try { … 73

  28. “Authentication“ … Message message = new Message(); try { Class.forName("com.mysql.jdbc.Driver"); Connection con = DriverManager. getConnection(" jdbc:mysql://mysql.r*****************r.mobi/r*************06 ", "r*************06" , " t**********b "); try { … database address username 74

  29. “Authentication“ … Message message = new Message(); try { Class.forName("com.mysql.jdbc.Driver"); Connection con = DriverManager. getConnection(" jdbc:mysql://mysql.r*****************r.mobi/r*************06 ", "r*************06" , " t**********b "); try { … database address username password 75

  30. “Authentication“ § MySQL Database with following table scheme: Field Type Null Key Default Extra nome varchar(50) NO NULL email varchar(30) NO NULL latitude varchar(30) NO NULL longitude varchar(30) NO NULL data varchar(30) NO NULL hora varchar(30) NO NULL codrenavam varchar(30) NO NULL placa Varchar(30) NO PRI NULL 76

  31. “Authentication“ … Message message = new Message(); try { Class.forName("com.mysql.jdbc.Driver"); Connection con = DriverManager. getConnection(" jdbc:mysql://mysql.r*****************r.mobi/r*************06 ", "r*************06" , " t**********b "); try { … database address username password All in all we had access to over 860.000 location data of different users, distributed over the whole world. 77

  32. Is that all ? 78

  33. Prepared Statement? WTF! … Message message = new Message(); try { Class.forName("com.mysql.jdbc.Driver"); Connection con = DriverManager. getConnection("jdbc:mysql://mysql.r*****************r.mobi/r*************06", "r*************06", "t**********b"); try { PreparedStatement prest = con.prepareStatement("insert rastreadorpessoal values(?)"); 79

  34. Prepared Statement? WTF! … Message message = new Message(); try { Class.forName("com.mysql.jdbc.Driver"); Connection con = DriverManager. getConnection("jdbc:mysql://mysql.r*****************r.mobi/r*************06", "r*************06", "t**********b"); try { PreparedStatement prest = con.prepareStatement("insert rastreadorpessoal values(?)"); prest.executeUpdate(" insert into rastreadorpessoal values ('" + this.atributos.getNome() + "', '" + this.atributos.getEmail() + "', '" + this.atributos.getLatitudeStr() + "', '" + this.atributos.getLongitudeStr() + "', '" + this.atributos.getDataBancoStr() + "', '" + this.atributos.getHoraBancoStr() + "', '" + this.atributos.getRenavam() + "', '" + this.atributos.getPlaca() + "')"); prest.close(); con.close(); … 80

  35. Prepared Statement? WTF! … Message message = new Message(); try { Class.forName("com.mysql.jdbc.Driver"); Connection con = DriverManager. getConnection("jdbc:mysql://mysql.r*****************r.mobi/r*************06", "r*************06", "t**********b"); try { PreparedStatement prest = con.prepareStatement("insert rastreadorpessoal values(?)"); prest.executeUpdate(" insert into rastreadorpessoal values ('" + this.atributos.getNome() + "', '" + this.atributos.getEmail() + "', '" + this.atributos.getLatitudeStr() + "', '" + this.atributos.getLongitudeStr() + "', '" + this.atributos.getDataBancoStr() + "', '" + this.atributos.getHoraBancoStr() + "', '" + this.atributos.getRenavam() + "', '" + this.atributos.getPlaca() + "')"); prest.close(); con.close(); … 81

  36. Stupid ! 82

  37. Agenda § Motivation § Background Information § Client-Side Authorization § Client-Side and Communication Vulnerabilities § Server-Side Vulnerabilities § Responsible Disclosure Process § Summary 83

  38. 101 1. Authentication Process 2. Authorization Process Observer 84

  39. WTF-States of Server-Side Vulnerabilties 85

  40. ”That‘s a feature” 86

  41. Not a Bug it‘s a Feature § Web service provides public access to user tracks, allow all by default 87

  42. Not a Bug it‘s a Feature § Web service provides public access to user tracks, allow all by default 88

  43. Not a Bug it‘s a Feature https://www.greenalp.com/realtimetracker/index.php?viewuser=USERNAME 89

  44. Demo Time ! 90

  45. Is that all ? 91

  46. Public Webinterface 92

  47. Authentication – What? 93

  48. Part1: Who Needs Authentication? http ://***********g.azurewebsites.net/trackapplochistory.aspx? userid =********& childid =2***** ***0& currentdate =07/12/2017 94

  49. Part1: Who Needs Authentication? nothing new http ://***********g.azurewebsites.net/trackapplochistory.aspx? userid =********& childid =2***** ***0& currentdate =07/12/2017 95

  50. Part1: Who Needs Authentication? nothing new your user id http ://***********g.azurewebsites.net/trackapplochistory.aspx? userid =********& childid =2***** ***0& currentdate =07/12/2017 96

  51. Part1: Who Needs Authentication? nothing new your user id http ://***********g.azurewebsites.net/trackapplochistory.aspx? userid =********& childid =2***** ***0& currentdate =07/12/2017 id of the person to track 97

  52. Part1: Who Needs Authentication? nothing new your user id http ://***********g.azurewebsites.net/trackapplochistory.aspx? userid =********& childid =2***** ***0& currentdate =07/12/2017 id of the person to track requested date 98

  53. Part1: Who Needs Authentication? Response for http://***********g.azurewebsites.net/... 07:47 PM*49.8715330929084,8.639047788304 attacker 07:52 PM*49.8731935027927,8.63498598738923 tracker back-end 07:53 PM*49.871533247265,8.63904788614738 … List of the complete track 99

  54. Part1: Who Needs Authentication? 100

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

BELONG A family support programme promoting a sense of belonging for black & minority ethnic

BELONG A family support programme promoting a sense of belonging for black & minority ethnic

BELONG A family support programme promoting a sense of belonging for black & minority ethnic children through: Cultural Confidence & Competence Anti-Bullying & Anti-Racial Bullying Education BELONG Beginnings

301 views • 18 slides
All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring

All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring

All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring Systems Andrei Costin EURECOM, France 1 st Workshop on Security & Privacy in the Cloud (SPC) 30 Sep 2015, Florence Italy Agenda

640 views • 63 slides
Whispered Secrets Eleanor McHugh Whispered Secrets @feyeleanor http://leanpub.com/GoNotebook

Whispered Secrets Eleanor McHugh Whispered Secrets @feyeleanor http://leanpub.com/GoNotebook

Whispered Secrets Eleanor McHugh Whispered Secrets @feyeleanor http://leanpub.com/GoNotebook we all have secrets and these secrets matter to us thats what makes them secrets software should keep our secrets some secrets are awful

1k views • 75 slides
Five Secrets to Building a Security Culture WWW.ISECOM.ORG Secret #1 You are NOT designed by

Five Secrets to Building a Security Culture WWW.ISECOM.ORG Secret #1 You are NOT designed by

Five Secrets to Building a Security Culture WWW.ISECOM.ORG Secret #1 You are NOT designed by default to be security aware. You are not aware or in control of your thoughts. You are a bag of hormones and disease making wants and needs.

259 views • 9 slides
Hunting crypto secrets in SAP systems Martin Gallo, Product Owner/Security Researcher AGENDA

Hunting crypto secrets in SAP systems Martin Gallo, Product Owner/Security Researcher AGENDA

Hunting crypto secrets in SAP systems Martin Gallo, Product Owner/Security Researcher AGENDA Problem definition Cryptographic material Personal Security Environment (PSE) SSO credentials (cred_v2) Local Protection Store (LPS)

1.18k views • 62 slides
All your GPS Trackers belong to Us 1 Who we are Pierre Barre, Lead Security Researcher,

All your GPS Trackers belong to Us 1 Who we are Pierre Barre, Lead Security Researcher,

All your GPS Trackers belong to Us 1 Who we are Pierre Barre, Lead Security Researcher, Mobile and Telecom Lab Chaouki Kasmi, Lab Director, Mobile and Telecom Lab Eiman Al Shehhi, Security Researcher, Mobile and Telecom Lab The

469 views • 25 slides
All Your Cloud Are Belong to Us Hunting Compromise in Azure Nate Warfield Microsoft Security

All Your Cloud Are Belong to Us Hunting Compromise in Azure Nate Warfield Microsoft Security

All Your Cloud Are Belong to Us Hunting Compromise in Azure Nate Warfield Microsoft Security Response Center The opinions expressed are my own and do not necessarily reflect those of Microsoft Corporation. Whoami: Nate Warfield (@dk_effect)

506 views • 24 slides
Presentation Secrets Presentation Secrets Filesize: 9.28 MB Reviews Reviews Just no phrases to

Presentation Secrets Presentation Secrets Filesize: 9.28 MB Reviews Reviews Just no phrases to

NAHPXXJI6KNA Book ^ Presentation Secrets Presentation Secrets Presentation Secrets Filesize: 9.28 MB Reviews Reviews Just no phrases to describe. It typically does not price an excessive amount of. It is extremely difficult to leave it before

260 views • 3 slides
Apache Security Secrets: Revealed for ApacheCon 2002, Las Vegas Mark J Cox revision 1

Apache Security Secrets: Revealed for ApacheCon 2002, Las Vegas Mark J Cox revision 1

Apache Security Secrets: Revealed for ApacheCon 2002, Las Vegas Mark J Cox revision 1 www.awe.com/mark/apcon2002 Quick Introduction Who am I? Why do you care? What is Security Response Why do we need it? Red Hat, Apache,

551 views • 51 slides
The Logic of Secrets LAMAS 2020, 8 May 2020 Thomas gotnes University of Bergen, Norway

The Logic of Secrets LAMAS 2020, 8 May 2020 Thomas gotnes University of Bergen, Norway

The Logic of Secrets LAMAS 2020, 8 May 2020 Thomas gotnes University of Bergen, Norway Southwest University (SWU), China Zuojun Xiong, SWU Yuzhi Zhang, SWU Secrets Of fundamental importance in, e.g., safety and security cryptography

747 views • 47 slides
Decrypting All Users' Secrets and PFX Passwords Paula Januszkiewicz CQURE: CEO, Penetration

Decrypting All Users' Secrets and PFX Passwords Paula Januszkiewicz CQURE: CEO, Penetration

DPAPI and DPAPI-NG: Decrypting All Users' Secrets and PFX Passwords Paula Januszkiewicz CQURE: CEO, Penetration Tester / Security Expert CQURE Academy: Trainer MVP: Enterprise Security, MCT Microsoft: Regional Director www.cqureacademy.com

615 views • 27 slides
Secrets and Lies Secrets and Lies a summary traversal of Bruce Schneier a summary traversal of

Secrets and Lies Secrets and Lies a summary traversal of Bruce Schneier a summary traversal of

Secrets and Lies Secrets and Lies a summary traversal of Bruce Schneier a summary traversal of Bruce Schneier s book s book David Morgan Page 1 Page 1 Complexity is the worst enemy of security. Trajectory of our industry Trajectory

392 views • 28 slides
Presentation Secrets Presentation Secrets Filesize: 8.11 MB Reviews Reviews It is really an

Presentation Secrets Presentation Secrets Filesize: 8.11 MB Reviews Reviews It is really an

XUECRQXNRXVS Book Presentation Secrets Presentation Secrets Presentation Secrets Filesize: 8.11 MB Reviews Reviews It is really an remarkable book which i have ever go through. It can be writter in simple terms and not difficult to

343 views • 3 slides
Password-Based Cryptography: Strong Security from Weak Secrets Anja Lehmann IBM Research

Password-Based Cryptography: Strong Security from Weak Secrets Anja Lehmann IBM Research

Password-Based Cryptography: Strong Security from Weak Secrets Anja Lehmann IBM Research Zurich based on joint work with Jan Camenisch, Anna Lysyanskaya & Gregory Neven ROADMAP Password-Based Authentication How to make password

1.43k views • 43 slides
Seven Secrets to Building a Successful Business Introductions The Seven Secrets to Building a

Seven Secrets to Building a Successful Business Introductions The Seven Secrets to Building a

Seven Secrets to Building a Successful Business Introductions The Seven Secrets to Building a Successful Business The Essential Tools Incredible Offer!!! Todays Agenda Just for attending you get Copy of the Presentation Link to the

698 views • 56 slides
All your packets are belong to us Attacking backbone technologies Daniel Mende & Enno Rey

All your packets are belong to us Attacking backbone technologies Daniel Mende & Enno Rey

All your packets are belong to us Attacking backbone technologies Daniel Mende & Enno Rey {dmende, erey}@ernw.de Who we are Old-school network geeks. Working as security researchers for Germany based ERNW GmbH. Fiddling

630 views • 38 slides
Do not track as a driver for transparency of social networking advertisement practices?

Do not track as a driver for transparency of social networking advertisement practices?

Do not track as a driver for transparency of social networking advertisement practices? Jens Grossklags The Pennsylvania State University W3C Do-Not-Track 1 What information is made available? Details of the offer Information

497 views • 5 slides
Introduction CMSC 414: Computer and Network Security Spring 2016 What is computer & network

Introduction CMSC 414: Computer and Network Security Spring 2016 What is computer & network

Introduction CMSC 414: Computer and Network Security Spring 2016 What is computer & network security? Normally, we are concerned with correctness Does the software achieve the desired behavior? Security is a form of correctness

682 views • 47 slides
CS642: Computer Security Professor Ristenpart

CS642: Computer Security Professor Ristenpart

Diffie-Hellman, Side-channels, RNGs CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University

494 views • 26 slides
Privacy-Invasive Software and Preventive Mechanisms Martin Boldt School of Engineering Blekinge

Privacy-Invasive Software and Preventive Mechanisms Martin Boldt School of Engineering Blekinge

Privacy-Invasive Software and Preventive Mechanisms Martin Boldt School of Engineering Blekinge Institute of Technology S-372 25 Ronneby Sweden martin.boldt@bth.se The Spyware Problem (i) According to Earthlink (an American ISP) 55% of

298 views • 18 slides
Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and

Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and

Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and Jan-Christoph K uster Background, what Android is Developed by Android Inc. (acquired by Google in 2005) Open Handset Alliance (founded in 2007)

161 views • 15 slides
SQL:Queries,Programming, Triggers Chapter5

SQL:Queries,Programming, Triggers Chapter5

SQL:Queries,Programming, Triggers Chapter5 DatabaseManagementSystems3ed,R. Ramakrishnan andJ.Gehrke 1 sid bid day R1 22 101 10/10/96 ExampleInstances 58 103 11/12/96

411 views • 11 slides
Views Views In some cases, it is not desirable for all users to see the entire logical model

Views Views In some cases, it is not desirable for all users to see the entire logical model

Views Views In some cases, it is not desirable for all users to see the entire logical model (i.e, all the actual relations stored in the database.) Consider a person who needs to know a customers loan number but has no need to see the

692 views • 14 slides
Neues in Open-Source-SQL-Datenbanken @MarkusWinand @ModernSQL

Neues in Open-Source-SQL-Datenbanken @MarkusWinand @ModernSQL

Neues in Open-Source-SQL-Datenbanken @MarkusWinand @ModernSQL http://www.almaden.ibm.com/cs/people/chamberlin/sequel-1974.pdf Neues in Open-Source-SQL-Datenbanken @MarkusWinand @ModernSQL

2.09k views • 196 slides

More recommend