models
play

Models Extreme programming Rapid prototyping and best practices - PowerPoint PPT Presentation

Jul 30, 2023 •213 likes •585 views

Models Extreme programming Rapid prototyping and best practices Project driven by business decisions Requirements open until project complete Programmers work in teams Components tested, integrated several times a

  1. Models • Extreme programming – Rapid prototyping and “best practices” – Project driven by business decisions – Requirements open until project complete – Programmers work in teams – Components tested, integrated several times a day – Objective is to get system into production as quickly as possible, then enhance it – Evidence adduced after development needed for assurance May 12, 2005 ECS 153, Introduction to Computer Slide #1 Security

  2. Security: Built In or Add On? • Think of security as you do performance – You don’t build a system, then add in performance later • Can “tweak” system to improve performance a little • Much more effective to change fundamental algorithms, design • You need to design it in – Otherwise, system lacks fundamental and structural concepts for high assurance May 12, 2005 ECS 153, Introduction to Computer Slide #2 Security

  3. Reference Validation Mechanism • Reference monitor is access control concept of an abstract machine that mediates all accesses to objects by subjects • Reference validation mechanism (RVM) is an implementation of the reference monitor concept. – Tamperproof – Complete (always invoked and can never be bypassed) – Simple (small enough to be subject to analysis and testing, the completeness of which can be assured) • Last engenders trust by providing assurance of correctness May 12, 2005 ECS 153, Introduction to Computer Slide #3 Security

  4. Examples • Security kernel combines hardware and software to implement reference monitor • Trusted computing base ( TCB ) is all protection mechanisms within a system responsible for enforcing security policy – Includes hardware and software – Generalizes notion of security kernel May 12, 2005 ECS 153, Introduction to Computer Slide #4 Security

  5. Adding On Security • Key to problem: analysis and testing • Designing in mechanisms allow assurance at all levels – Too many features adds complexity, complicates analysis • Adding in mechanisms makes assurance hard – Gap in abstraction from requirements to design may prevent complete requirements testing – May be spread throughout system (analysis hard) – Assurance may be limited to test results May 12, 2005 ECS 153, Introduction to Computer Slide #5 Security

  6. Example • 2 AT&T products – Add mandatory controls to UNIX system – SV/MLS • Add MAC to UNIX System V Release 3.2 – SVR4.1ES • Re-architect UNIX system to support MAC May 12, 2005 ECS 153, Introduction to Computer Slide #6 Security

  7. Comparison • Architecting of System – SV/MLS: used existing kernel modular structure; no implementation of least privilege – SVR4.1ES: restructured kernel to make it highly modular and incorporated least privilege May 12, 2005 ECS 153, Introduction to Computer Slide #7 Security

  8. Comparison • File Attributes ( inodes ) – SV/MLS added separate table for MAC labels, DAC permissions • UNIX inodes have no space for labels; pointer to table added • Problem: 2 accesses needed to check permissions • Problem: possible inconsistency when permissions changed • Corrupted table causes corrupted permissions – SVR4.1ES defined new inode structure • Included MAC labels • Only 1 access needed to check permissions May 12, 2005 ECS 153, Introduction to Computer Slide #8 Security

  9. Key Points • Assurance critical for determining trustworthiness of systems • Different levels of assurance, from informal evidence to rigorous mathematical evidence • Assurance needed at all stages of system life cycle • Building security in is more effective than adding it later May 12, 2005 ECS 153, Introduction to Computer Slide #9 Security

  10. Malcious Logic Overview • Defining malicious logic • Types – Trojan horses – Computer viruses and worms – Other types • Defenses – Properties of malicious logic – Trust May 12, 2005 ECS 153, Introduction to Computer Slide #10 Security

  11. Malicious Logic • Set of instructions that cause site security policy to be violated May 12, 2005 ECS 153, Introduction to Computer Slide #11 Security

  12. Example • Shell script on a UNIX system: cp /bin/sh /tmp/.xyzzy chmod u+s,o+x /tmp/.xyzzy rm ./ls ls $* • Place in program called “ls” and trick someone into executing it • You now have a setuid-to- them shell! May 12, 2005 ECS 153, Introduction to Computer Slide #12 Security

  13. Trojan Horse • Program with an overt purpose (known to user) and a covert purpose (unknown to user) – Often called a Trojan – Named by Dan Edwards in Anderson Report • Example: previous script is Trojan horse – Overt purpose: list files in directory – Covert purpose: create setuid shell May 12, 2005 ECS 153, Introduction to Computer Slide #13 Security

  14. Example: NetBus • Designed for Windows NT system • Victim uploads and installs this – Usually disguised as a game program, or in one • Acts as a server, accepting and executing commands for remote administrator – This includes intercepting keystrokes and mouse motions and sending them to attacker – Also allows attacker to upload, download files May 12, 2005 ECS 153, Introduction to Computer Slide #14 Security

  15. Replicating Trojan Horse • Trojan horse that makes copies of itself – Also called propagating Trojan horse – Early version of animal game used this to delete copies of itself • Hard to detect – 1976: Karger and Schell suggested modifying compiler to include Trojan horse that copied itself into specific programs including later version of the compiler – 1980s: Thompson implements this May 12, 2005 ECS 153, Introduction to Computer Slide #15 Security

  16. Thompson's Compiler • Modify the compiler so that when it compiles login , login accepts the user's correct password or a fixed password (the same one for all users) • Then modify the compiler again, so when it compiles a new version of the compiler, the extra code to do the first step is automatically inserted • Recompile the compiler • Delete the source containing the modification and put the undoctored source back May 12, 2005 ECS 153, Introduction to Computer Slide #16 Security

  17. The Login Program user password login source correct compiler login executable logged in user password or magic password login source doctored compiler login executable logged in May 12, 2005 ECS 153, Introduction to Computer Slide #17 Security

  18. The Compiler login source compiler source correct compiler compiler executable correct login executable login source compiler source doctored compiler compiler executable rigged login executable May 12, 2005 ECS 153, Introduction to Computer Slide #18 Security

  19. Comments • Great pains taken to ensure second version of compiler never released – Finally deleted when a new compiler executable from a different system overwrote the doctored compiler • The point: no amount of source-level verification or scrutiny will protect you from using untrusted code – Also: having source code helps, but does not ensure you’re safe May 12, 2005 ECS 153, Introduction to Computer Slide #19 Security

  20. Computer Virus • Program that inserts itself into one or more files and performs some action – Insertion phase is inserting itself into file – Execution phase is performing some (possibly null) action • Insertion phase must be present – Need not always be executed – Lehigh virus inserted itself into boot file only if boot file not infected May 12, 2005 ECS 153, Introduction to Computer Slide #20 Security

  21. Pseudocode beginvirus: if spread-condition then begin for some set of target files do begin if target is not infected then begin determine where to place virus instructions copy instructions from beginvirus to endvirus into target alter target to execute added instructions end; end; end; perform some action(s) goto beginning of infected program endvirus: May 12, 2005 ECS 153, Introduction to Computer Slide #21 Security

  22. Trojan Horse Or Not? • Yes – Overt action = infected program’s actions – Covert action = virus’ actions (infect, execute) • No – Overt purpose = virus’ actions (infect, execute) – Covert purpose = none • Semantic, philosophical differences – Defenses against Trojan horse also inhibit computer viruses May 12, 2005 ECS 153, Introduction to Computer Slide #22 Security

  23. History • Programmers for Apple II wrote some – Not called viruses; very experimental • Fred Cohen – Graduate student who described them – Teacher (Adleman) named it “computer virus” – Tested idea on UNIX systems and UNIVAC 1108 system May 12, 2005 ECS 153, Introduction to Computer Slide #23 Security

  24. Cohen’s Experiments • UNIX systems: goal was to get superuser privileges – Max time 60m, min time 5m, average 30m – Virus small, so no degrading of response time – Virus tagged, so it could be removed quickly • UNIVAC 1108 system: goal was to spread – Implemented simple security property of Bell-LaPadula – As writing not inhibited (no *-property enforcement), viruses spread easily May 12, 2005 ECS 153, Introduction to Computer Slide #24 Security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Consistency of Models) 1. Big Models 2. Examples of Graphs in Models 3. Types of Graphs Prof.

Consistency of Models) 1. Big Models 2. Examples of Graphs in Models 3. Types of Graphs Prof.

Fakultt Informatik, Institut fr Software- und Multimediatechnik, Lehrstuhl fr Softwaretechnologie 12) Validation of Graph-Based Models and Programs (Analysis and Consistency of Models) 1. Big Models 2. Examples of Graphs in Models 3. Types

764 views • 74 slides
Models for Models for Retrieval and Browsing Retrieval and Browsing - Structural Models and

Models for Models for Retrieval and Browsing Retrieval and Browsing - Structural Models and

Models for Models for Retrieval and Browsing Retrieval and Browsing - Structural Models and Browsing Berlin Chen 2004 Reference : 1. Modern Information Retrieval , chapter 2 Taxonomy of Classic IR Models Set Theoretic Fuzzy Extended Boolean

837 views • 29 slides
Models For All Nicolas Le Novre Characterising dynamical behaviours Models

Models For All Nicolas Le Novre Characterising dynamical behaviours Models

Models For All Nicolas Le Novre Characterising dynamical behaviours Models Simulation Results Minimal requirements (SBRML) Data-models Ontologies Is the matrix of standards complete? Models

406 views • 15 slides
Logistic mixed models for DIF IRT models can be regarded as logistic mixed models (e.g., Adams,

Logistic mixed models for DIF IRT models can be regarded as logistic mixed models (e.g., Adams,

28.02.2011 Logistic mixed models for DIF IRT models can be regarded as logistic mixed models (e.g., Adams, Wilson, & Wu, 1997; de Exploring DIF using explanatory Bock & Wilson, 2004; Kamata, 2001) IRT models Formulation of the Rasch

193 views • 4 slides
Graphical Models Kalman Filter DBN ML 701 Undirected Models Anna Goldenberg

Graphical Models Kalman Filter DBN ML 701 Undirected Models Anna Goldenberg

Outline Dynamic Models Gaussian Linear Models Graphical Models Kalman Filter DBN ML 701 Undirected Models Anna Goldenberg Unification Summary HMMs HMM in short is a Bayes Net satisfies Markov property

286 views • 9 slides
Models for Models for Retrieval and Browsing Retrieval and Browsing - Fuzzy Set, Extended

Models for Models for Retrieval and Browsing Retrieval and Browsing - Fuzzy Set, Extended

Models for Models for Retrieval and Browsing Retrieval and Browsing - Fuzzy Set, Extended Boolean, Generalized Vector Space Models Berlin Chen 2004 Reference: 1. Modern Information Retrieval . Chapter 2 Taxonomy of Classic IR Models Set

511 views • 30 slides
Probabilistic Models Models describe how (a portion of) the world works Models are always

Probabilistic Models Models describe how (a portion of) the world works Models are always

Probabilistic Models Models describe how (a portion of) the world works Models are always simplifications May not account for every variable May not account for all interactions between variables All models are wrong; but some

749 views • 49 slides
Math 211 Math 211 Lecture #5 Models of Motion September 5, 2003 2 Models of Motion Models of

Math 211 Math 211 Lecture #5 Models of Motion September 5, 2003 2 Models of Motion Models of

1 Math 211 Math 211 Lecture #5 Models of Motion September 5, 2003 2 Models of Motion Models of Motion History of models of planetary motion. Babylonians - 3000 years ago. Initiated the systematic study of astronomy. Collection

814 views • 21 slides
Math 211 Math 211 Lecture #5 Models of Motion September 6, 2002 2 Models of Motion Models of

Math 211 Math 211 Lecture #5 Models of Motion September 6, 2002 2 Models of Motion Models of

1 Math 211 Math 211 Lecture #5 Models of Motion September 6, 2002 2 Models of Motion Models of Motion History of models of planetary motion. Babylonians - 3000 years ago. Initiated the systematic study of astronomy. Collection

414 views • 8 slides
Model-driven approaches to Why models? large-scale e-business The anatomy of models From models

Model-driven approaches to Why models? large-scale e-business The anatomy of models From models

Agenda Model-driven approaches to Why models? large-scale e-business The anatomy of models From models to code system development Standards and maturity Steve Cook IBM Distinguished Engineer Visiting Professor, UKC The architecture is

213 views • 10 slides
Functional Linear Models 1 66 / 181 Functional Linear Models Statistical Models So far we have

Functional Linear Models 1 66 / 181 Functional Linear Models Statistical Models So far we have

Functional Linear Models Functional Linear Models 1 66 / 181 Functional Linear Models Statistical Models So far we have focussed on exploratory data analysis Smoothing Functional covariance Functional PCA Now we wish to examine predictive

1.04k views • 43 slides
Forward and Inverse Models in the Cerebellum Computational Models of Neural Systems Lecture 2.3

Forward and Inverse Models in the Cerebellum Computational Models of Neural Systems Lecture 2.3

Forward and Inverse Models in the Cerebellum Computational Models of Neural Systems Lecture 2.3 David S. Touretzky September, 2017 Dynamical Control The Marr-Albus models are static models that map a single input pattern to a

508 views • 28 slides
Models are the M in JML Using ADT Models in Formal Specification with JML Joseph Kiniry

Models are the M in JML Using ADT Models in Formal Specification with JML Joseph Kiniry

Models are the M in JML Using ADT Models in Formal Specification with JML Joseph Kiniry Department of Computer Science University College Dublin Models, not Modeling the M in JML is not the same as the M in UML, even if

381 views • 11 slides
Outline Hierarchy of Information Levels Final-size models Survival models

Outline Hierarchy of Information Levels Final-size models Survival models

Outline Hierarchy of Information Levels Final-size models Survival models Likelihood models Bayesian models Summary Basic Setting for Household Studies A community of households. May

589 views • 46 slides
Lecture 8 AR, MA, and ARMA Models 9/27/2018 1 AR models AR(p) models We can generalize from

Lecture 8 AR, MA, and ARMA Models 9/27/2018 1 AR models AR(p) models We can generalize from

Lecture 8 AR, MA, and ARMA Models 9/27/2018 1 AR models AR(p) models We can generalize from an AR(1) to an AR(p) model by simply adding additional autoregressive terms to the model. () =1 What are the

598 views • 36 slides
DSGE Models: A User Guide for Policymakers Lawrence J. Christiano Outline Why models? Why

DSGE Models: A User Guide for Policymakers Lawrence J. Christiano Outline Why models? Why

DSGE Models: A User Guide for Policymakers Lawrence J. Christiano Outline Why models? Why models? Why did New Keynesian DSGE models become Wh did N K i DSGE d l b so popular in past decade? DSGE models after 2008. Why Models?

797 views • 69 slides
How does the come to life? the consists of a collection of Modula-2 modules the modules required

How does the come to life? the consists of a collection of Modula-2 modules the modules required

slide 1 gaius How does the come to life? the consists of a collection of Modula-2 modules the modules required for laboratory 1, 2 and 3 are different when you compile using make the makefile is analyzed and a module dependency list is created

653 views • 6 slides
PC Hardware and Booting Chester Rebeiro IIT Madras CPUs Processor i386 2 Everything has an

PC Hardware and Booting Chester Rebeiro IIT Madras CPUs Processor i386 2 Everything has an

PC Hardware and Booting Chester Rebeiro IIT Madras CPUs Processor i386 2 Everything has an address 0x3c0:0x3cf Processor i386 0x1f0:0x1f7 0x0 : 0x200000 0x60:0x6f 3 Address Types Memory Addresses IO Addresses Memory Mapped

629 views • 35 slides
Operating Systems CMPSC 473 Storage April 3, 2008 - Lecture 20 1 Outline Disk structure:

Operating Systems CMPSC 473 Storage April 3, 2008 - Lecture 20 1 Outline Disk structure:

Operating Systems CMPSC 473 Storage April 3, 2008 - Lecture 20 1 Outline Disk structure: physical and logical Disk addressing Disk scheduling Management 2 Need for Storage Memory is: volatile: persistence is

740 views • 34 slides
system calls/excpetions/context switches 1 Changelog Changes made in this version not seen in

system calls/excpetions/context switches 1 Changelog Changes made in this version not seen in

system calls/excpetions/context switches 1 Changelog Changes made in this version not seen in fjrst lecture: contexts (B running) adjust remark about where values are saved to note that As user regs are saved on As kernel stack rather

1.74k views • 106 slides
0117401: Operating System Chapter 12: Mass-Storage structure

0117401: Operating System Chapter 12: Mass-Storage structure

0117401: Operating System Chapter 12: Mass-Storage structure xlanchen@ustc.edu.cn http://staff.ustc.edu.cn/~xlanchen Computer Application Laboratory, CS, USTC @ Hefei Embedded System Laboratory,

794 views • 41 slides
Mostafa Z. Ali Mostafa Z. Ali mzali@just.edu.jo 1-1 Chapter 2 Disk Operating System (DOS)

Mostafa Z. Ali Mostafa Z. Ali mzali@just.edu.jo 1-1 Chapter 2 Disk Operating System (DOS)

Fall 2009 Lecture 2 Operating Systems: Configuration & Use C IS345 Disk Operating System (DOS) Mostafa Z. Ali Mostafa Z. Ali mzali@just.edu.jo 1-1 Chapter 2 Disk Operating System (DOS) Finding DOS and Understanding its Strengths and

1.04k views • 66 slides
GUID Partition Table Unified Extensible Firmware Interface (UEFI) Master Boot Record (MBR)

GUID Partition Table Unified Extensible Firmware Interface (UEFI) Master Boot Record (MBR)

GUID Partition Table Unified Extensible Firmware Interface (UEFI) Master Boot Record (MBR) GUID Partition Table (GPT) Computer Center, CS, NCTU Unified Extensible Firmware Interface Legacy BIOS limitations 16-bit processor mode

474 views • 14 slides
21/02/2012 CSN08101 Digital Forensics Lecture 5A: PC Boot Sequence and Storage Devices Module

21/02/2012 CSN08101 Digital Forensics Lecture 5A: PC Boot Sequence and Storage Devices Module

21/02/2012 CSN08101 Digital Forensics Lecture 5A: PC Boot Sequence and Storage Devices Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Objectives BIOS and boot process Storage devices Partitions Computer Hardware

777 views • 15 slides

More recommend