fred sam joe fred sam joe a brief history of
play

Fred Sam Joe Fred Sam Joe A BRIEF HISTORY OF COMMUNICATIONS - PowerPoint PPT Presentation

Oct 07, 2023 •126 likes •350 views

THERE AND BACK AGAIN BRIAN CHESS SEPTEMBER 2013 Fred Sam Joe Fred Sam Joe A BRIEF HISTORY OF COMMUNICATIONS SECURITY 6 COMPUTER SECURITY 7 THE PROGRAMMER "Programming is hard" Donald Knuth Programmers not historically

  1. THERE AND BACK AGAIN BRIAN CHESS SEPTEMBER 2013

  3. Fred Sam Joe

  4. Fred Sam Joe

  6. A BRIEF HISTORY OF COMMUNICATIONS SECURITY 6

  7. COMPUTER SECURITY 7

  8. THE PROGRAMMER "Programming is hard" Donald Knuth • Programmers not historically responsible for security. • Programmers already have one hard job to do. 8

  9. DEFENSIVE PROGRAMMING IS NOT ENOUGH Defensive programming: "Write the program to cope with small disasters." [Kernighan and Plauger] A C function with no error checking: void printMsg(FILE* file, char* msg) { fprintf(file, msg); } Crashes when file or msg is null. 9

  10. DEFENSIVE PROGRAMMING IS NOT ENOUGH Error checking added: void printMsg(FILE* file, char* msg) { if (file == NULL) { logError("attempt to print to null file"); } else if (msg == NULL) { logError("attempt to print null message"); } else { fprintf(file, msg); } No more crashes. Fixed? } Hint: AAA1_%08x.%08x.%08x.%08x.%08x.%n 10

  11. THIS IS ENOUGH Must also defend against format string attacks : void printMsg(FILE* file, char* msg) { if (file == NULL) { logError("attempt to print to null file"); } else if (msg == NULL) { logError("attempt to print null message"); } else { fprintf(file, "%.128s" , msg); } } 11

  12. SOFTWARE QUALITY VS. SOFTWARE SECURITY QUALITY SECURITY • Cannot be bolted on • Cannot be bolted on • Must be built in • Must be built in • Does the program do what • Does the program have it's supposed to do? “bonus” features? • Will the users be happy? • Will the attackers get what they want? • Are common cases smooth • Are there corner cases we and easy? haven't considered? • Will people pay for it? • What do we stand to lose? 12

  13. THE EXPLOITABILITY TRAP Trap Clearly Dangerous Clearly Safe “ I’ll fix it if you show me an exploit. ” 13

  14. CITI IPHONE INFO LEAK 14

  15. BER BERTRAND TRAND RUSSELL USSELL ’ S CHICKEN S CHICKEN Food Food Shelter Shelter Companions Companions 15

  16. Success is foreseeing failure. – Henry Petroski

  17. STATIC ANALYSIS IS GOOD

  18. STATIC ANALYSIS = GOOD = getInputFroNetwork(); buff newBuff copyBuffer( , ); buff exec( ); (command injection) newBuff

  19. CHAINSAW

  20. MEASURING PROCESS Building Security In Maturity Model (BSIMM) http://www.bsi-mm.com 20

  21. THERE AND BACK AGAIN BRIAN CHESS SEPTEMBER 2013

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

www.instove.org Fred Colgan Co-founder and Executive Director fred@instove.org Office: +1 541

www.instove.org Fred Colgan Co-founder and Executive Director fred@instove.org Office: +1 541

www.instove.org Fred Colgan Co-founder and Executive Director fred@instove.org Office: +1 541 515 1330 Mobile: +1 541 514 3653 Our Mission: We are a humanitarian not-for-profit organization, dedicated to mass producing high quality

675 views • 29 slides
Planetesimal Collisions as Clues to the Early Dynamic History of the Solar System Fred Ciesla 1

Planetesimal Collisions as Clues to the Early Dynamic History of the Solar System Fred Ciesla 1

Planetesimal Collisions as Clues to the Early Dynamic History of the Solar System Fred Ciesla 1 Thomas Davison 2 Gareth Collins 2 David OBrien 3 1 University of Chicago 2 Imperial College London 3 Planetary Science Institute Bill Hartmann Art

607 views • 37 slides
@lunivore An Example of an Example Given Fred has bought a microwave And the microwave cost

@lunivore An Example of an Example Given Fred has bought a microwave And the microwave cost

Liz Keogh @lunivore An Example of an Example Given Fred has bought a microwave And the microwave cost 100 When we refund the microwave Then Fred should be refunded 100. Examples Given a context When an event happens Then an outcome

904 views • 73 slides
Turbomachinery Applications w ith STAR-CCM+ Fred Mendona Fred Mendona Turbomachinery Sector

Turbomachinery Applications w ith STAR-CCM+ Fred Mendona Fred Mendona Turbomachinery Sector

Turbomachinery Applications w ith STAR-CCM+ Fred Mendona Fred Mendona Turbomachinery Sector Manager An Integrated Solution The applications of the software A single integrated software g g seem to be infinite. The user-friendly

596 views • 20 slides
Contact data validation in FRED Jaromir Talir jaromir.talir@nic.cz 18.11.2013 Agenda

Contact data validation in FRED Jaromir Talir jaromir.talir@nic.cz 18.11.2013 Agenda

Contact data validation in FRED Jaromir Talir jaromir.talir@nic.cz 18.11.2013 Agenda FRED To validate or not to validate Other approaches Our way Keeping contacts data valid Conclusion FRED Open source

282 views • 17 slides
Research and Education on Power Electronics for Power Systems Fred Wang fred.wang@utk.edu NSF

Research and Education on Power Electronics for Power Systems Fred Wang fred.wang@utk.edu NSF

Research and Education on Power Electronics for Power Systems Fred Wang fred.wang@utk.edu NSF Workshop on Power Electronics- enabled Operation of Power Systems Chicago, IL October 31, 2019 CURENT at a Glance CURENT was established in

841 views • 22 slides
Bias Robert S. Chang Professor of Law and Director, Fred T. Korematsu Center for Law and

Bias Robert S. Chang Professor of Law and Director, Fred T. Korematsu Center for Law and

Bias Robert S. Chang Professor of Law and Director, Fred T. Korematsu Center for Law and Equality changro@seattleu.edu So far . . . History/context Disproportionalities throughout CJS Proffered causes Crime commission

613 views • 15 slides
Investor Presentation July 2020 Fred Liu, CFA Hayden Capital, LLC 1345 Avenue of the Americas,

Investor Presentation July 2020 Fred Liu, CFA Hayden Capital, LLC 1345 Avenue of the Americas,

Investor Presentation July 2020 Fred Liu, CFA Hayden Capital, LLC 1345 Avenue of the Americas, 33 rd Floor Managing Partner New York, NY. 10105 Office: (646) 883-8805 Mobile: (513) 304-3313 Email: fred.liu@haydencapital.com Disclaimer

156 views • 13 slides
FRED update ICANN61 TechDay Puerto Rico Jaromir Talir jaromir.talir@nic.cz

FRED update ICANN61 TechDay Puerto Rico Jaromir Talir jaromir.talir@nic.cz

FRED update ICANN61 TechDay Puerto Rico Jaromir Talir jaromir.talir@nic.cz 12.03.2018 What is FRED? Open source domain registry solution EPP, DNSSEC, WHOIS, RDAP Developed (and used) by CZ.NIC since 2006 Just

649 views • 18 slides
Building the Next Generation of Researchers: Why does it Matter? Prof. Fred Wabwire Mangen

Building the Next Generation of Researchers: Why does it Matter? Prof. Fred Wabwire Mangen

Building the Next Generation of Researchers: Why does it Matter? Prof. Fred Wabwire Mangen Lead Trainer Makerere University Overview o Ov of I Inter-University Child Focu cused Research ch Training Fred Wabwire-Ma Fr Mangen en MB

517 views • 36 slides
remote monitoring technology in extensive grazing industries @FMCentre Shawn McGrath Fred

remote monitoring technology in extensive grazing industries @FMCentre Shawn McGrath Fred

Proposals to develop/validate remote monitoring technology in extensive grazing industries @FMCentre Shawn McGrath Fred Morley Centre School of Animal and Veterinary Sciences Charles Sturt University Fred Morley Unit SCR applications in

495 views • 10 slides
Quad working point Fred Hartjes NIKHEF 1. False hits when using T2K gas 2. Reduction of the gas

Quad working point Fred Hartjes NIKHEF 1. False hits when using T2K gas 2. Reduction of the gas

Quad working point Fred Hartjes NIKHEF 1. False hits when using T2K gas 2. Reduction of the gas gain at high rate Both solvable in the MEMS technology LC-TPC Collaboration Meeting January 14, 2020 False hits when using T2K gas Fred Hartjes 2

706 views • 25 slides
BIM DELIVERABLES FOR MASON CONTRACTORS VOLUMES I & II Prepared by Fred Kinateder Kinateder

BIM DELIVERABLES FOR MASON CONTRACTORS VOLUMES I & II Prepared by Fred Kinateder Kinateder

BIM DELIVERABLES FOR MASON CONTRACTORS VOLUMES I & II Prepared by Fred Kinateder Kinateder Fred Kinateder Kinateder Consulting DELIVERABLES GUIDES I &II CONTRIBUTORS Adrian Siverson R & D Masonry Mike Kinateder, KMI

817 views • 58 slides
Best Practices for Recovery Houses Fred Way Pennsylvania Alliance of Recovery Residences

Best Practices for Recovery Houses Fred Way Pennsylvania Alliance of Recovery Residences

Best Practices for Recovery Houses Fred Way Pennsylvania Alliance of Recovery Residences National Alliance for Recovery Residences s HISTORY OF OAS RECOVERY HOUSE SYSTEM AND STANDARDS In Fisc scal al Year 1995 the Philad adelphia

1.15k views • 35 slides
Chris Savage, Bell Helicopter Infrastructure Operations Mgr Introductions Fred Devoir Chris

Chris Savage, Bell Helicopter Infrastructure Operations Mgr Introductions Fred Devoir Chris

NVIDIA GRID and Dassault Catia from Proof of Concept to Production April 5, 2016 Fred Devoir, Textron Mgr IT Infrastructure Chris Savage, Bell Helicopter Infrastructure Operations Mgr Introductions Fred Devoir Chris Savage Manager IT

460 views • 13 slides
Pr Prevention and Treatment of Osteoporosis (What more do we need to kn know?) Fred Saad MD

Pr Prevention and Treatment of Osteoporosis (What more do we need to kn know?) Fred Saad MD

Pr Prevention and Treatment of Osteoporosis (What more do we need to kn know?) Fred Saad MD FRCS Professor and Chairman of Urology Director of GU Oncology Raymond Garneau Chair in Prostate Cancer University of Montreal Hospital Center

573 views • 46 slides
Non-Attacking Chess Pieces: The Bishop Thomas Zaslavsky Binghamton University (State University

Non-Attacking Chess Pieces: The Bishop Thomas Zaslavsky Binghamton University (State University

Non-Attacking Chess Pieces: The Bishop Thomas Zaslavsky Binghamton University (State University of New York) C R Rao Advanced Institute of Mathematics, Statistics and Computer Science 29 July 2010 Joint work with Seth Chaiken and Christopher

376 views • 16 slides
CSE5390 & 7390 Special Topics in Ubiquitous Computing lecture eight, beyond the screen Eric

CSE5390 & 7390 Special Topics in Ubiquitous Computing lecture eight, beyond the screen Eric

CSE5390 & 7390 Special Topics in Ubiquitous Computing lecture eight, beyond the screen Eric C. Larson, Lyle School of Engineering, Computer Science and Engineering, Southern Methodist University 1 class logistics A1 due! upload

483 views • 21 slides
Tactical and Strategic AI Marco Chiarandini Department of Mathematics & Computer Science

Tactical and Strategic AI Marco Chiarandini Department of Mathematics & Computer Science

DM810 Computer Game Programming II: AI Lecture 13 Tactical and Strategic AI Marco Chiarandini Department of Mathematics & Computer Science University of Southern Denmark Board game AI MiniMaxing Alpha-beta pruning Transposition Tables

1.06k views • 40 slides
Introduction Philipp Koehn 28 January 2020 Philipp Koehn Artificial Intelligence: Introduction

Introduction Philipp Koehn 28 January 2020 Philipp Koehn Artificial Intelligence: Introduction

Introduction Philipp Koehn 28 January 2020 Philipp Koehn Artificial Intelligence: Introduction 28 January 2020 Administrative 1 Instructor: Philipp Koehn (phi@jhu.edu) TA: Daniil Pakhomov Class: Tuesdays and Thursdays 1:30-2:45,

842 views • 35 slides
CSEE 3827: Fundamentals of Computer Systems Lecture 15 April 1, 2009 Martha Kim

CSEE 3827: Fundamentals of Computer Systems Lecture 15 April 1, 2009 Martha Kim

CSEE 3827: Fundamentals of Computer Systems Lecture 15 April 1, 2009 Martha Kim martha@cs.columbia.edu and the rest of the semester (software) Source code (e.g., *.java, *.c) Compiler MIPS instruction set architecture Application

888 views • 63 slides
CS535 Big Data 4/27/2020 Week 14-A Sangmi Lee Pallickara CS535 Big Data | Computer Science |

CS535 Big Data 4/27/2020 Week 14-A Sangmi Lee Pallickara CS535 Big Data | Computer Science |

CS535 Big Data 4/27/2020 Week 14-A Sangmi Lee Pallickara CS535 Big Data | Computer Science | Colorado State University CS535 Big Data | Computer Science | Colorado State University CS535 BIG DATA FAQs Please check the announcement for the

545 views • 8 slides
Enhanced Target Collision Resistant Hash Functions Revisited Mohammad-Reza Reyhanitabar, Willy

Enhanced Target Collision Resistant Hash Functions Revisited Mohammad-Reza Reyhanitabar, Willy

Centre for Computer and Information Security Research Enhanced Target Collision Resistant Hash Functions Revisited Mohammad-Reza Reyhanitabar, Willy Susilo, and Yi Mu Centre for Computer and Information Security Research University of

230 views • 21 slides
15-251 Great Theoretical Ideas in Computer Science Lecture 9: Boolean Circuits September 29th,

15-251 Great Theoretical Ideas in Computer Science Lecture 9: Boolean Circuits September 29th,

15-251 Great Theoretical Ideas in Computer Science Lecture 9: Boolean Circuits September 29th, 2015 Where we are, where we are going Computer science is no more about computers than astronomy is about telescopes. ? P = NP P vs NP is on the

780 views • 64 slides

More recommend