prolog to lecture 2 cs 236 on line ms program networks
play

Prolog to Lecture 2 CS 236 On-Line MS Program Networks and Systems - PowerPoint PPT Presentation

Mar 06, 2023 •133 likes •234 views

Prolog to Lecture 2 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 2 Page 1 CS 236 Online Whats This Prolog Stuff? When I can, I will add a short presentation to each lecture Discussing application

  1. Prolog to Lecture 2 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 2 Page 1 CS 236 Online

  2. What’s This Prolog Stuff? • When I can, I will add a short presentation to each lecture • Discussing application of material from the previous or recent lectures • Generally stuff that’s pretty timely Lecture 2 Page 2 CS 236 Online

  3. Do We Really Care About Security? • Security gets a lot of lip-service • But is the community out there really behind it? – Particularly the industrial community that builds our software? • Two recent stories suggest maybe not Lecture 2 Page 3 CS 236 Online

  4. 1. Fun With Firewire • Many computers have firewire interfaces – Especially laptops • These interfaces allow direct access to memory – No access control – No nuthin’ Lecture 2 Page 4 CS 236 Online

  5. What’s That Mean? • Anyone who hooks up a firewire device to your laptop doesn’t need to log in • He can just read and alter the memory • Proof-of-concept tool 1 allows you to own Windows machine in seconds 1 http://www.darkreading.com/document.asp?doc_id=147713&f_src=drweekly – Lecture 2 Page 5 CS 236 Online

  6. What’s the Response? • “Well, duh, that’s what Firewire is supposed to do” • In other words, we designed your computer to let anyone take it over – If they have physical access • All this login stuff is just window dressing to impress the rubes Lecture 2 Page 6 CS 236 Online

  7. 2. Backdoor Processors • Many devices come with complete processors “hidden” inside – Printers, routers, storage devices, etc. • They’re installed with complete OSes – Often very badly configured • Allowing anyone access • E.g., Cisco had an undocumented test interface in wireless APs and routers (2013) – Allowed attacker to run anything on them Lecture 2 Page 7 CS 236 Online

  8. The Implications • If attacker knows about these, • And you don’t, • He’s got a hidden backdoor into your system • Often these processors have network capabilities • And can access the CPU you already knew you had Lecture 2 Page 8 CS 236 Online

  9. What’s That Mean? • The people who put these processors in neither knew nor cared about security • System management (the purpose of them) was more important • They didn’t care enough to even mention they were there Lecture 2 Page 9 CS 236 Online

  10. The General Lesson • Just because people say they care about security doesn’t mean they do • Many decisions seem to be made without even considering security implications Lecture 2 Page 10 CS 236 Online

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 3 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 3 Page 1 CS 236 Online Mandatory Access Control and the Real World For a long time, things like Bell-La Padula were hard to run

220 views • 6 slides
Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 4 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 4 Page 1 CS 236 Online Brute Force Attacks, the iPhone, and the FBI Recently lots of news about the FBI needing to crack an iPhone It

85 views • 8 slides
Prolog to Lecture 16 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 16 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 16 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 16 Page 1 CS 236 Online Security Evaluations and the US Government The US government runs lots of computers and networks Its a

263 views • 8 slides
Prolog to Lecture 9 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 9 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Prolog to Lecture 9 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 9 Page 1 CS 236 Online Buffer Overflows Buffer overflows are a big problem One class of defenses concentrates on not allowing attacker

767 views • 8 slides
Logic and Prolog Lecture 10 Logic Programming The meaning of a Prolog program can be

Logic and Prolog Lecture 10 Logic Programming The meaning of a Prolog program can be

Logic and Prolog Lecture 10 Logic Programming The meaning of a Prolog program can be explained very naturally using First Order Predicate Logic (FOPL). This gives a theoretical basis for Prolog and related computational systems.

568 views • 4 slides
Learn Prolog Now! SWI Prolog Freely available Prolog interpreter Works with Linux,

Learn Prolog Now! SWI Prolog Freely available Prolog interpreter Works with Linux,

Learn Prolog Now! SWI Prolog Freely available Prolog interpreter Works with Linux, Windows, or Mac OS There are many more Prolog interpreters Not all are ISO compliant/free Lecture 1 Theory Introduction to

1.01k views • 76 slides
Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture

Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture

Network Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 9 Page 1 CS 236 Online Some Important Network Characteristics for Security Degree of locality Media used Protocols used Lecture 9

156 views • 11 slides
Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter

Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter

Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 3 Page 1 CS 236 Online Outline What is data encryption? Cryptanalysis Basic encryption methods Substitution ciphers

766 views • 21 slides
More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 4 Page 1 CS 236 Online Outline Desirable characteristics of ciphers Stream and block ciphers Cryptographic modes Uses of

475 views • 29 slides
An Introduction to Prolog Programming 1 What is Prolog? Prolog ( pro gramming in log ic) is a

An Introduction to Prolog Programming 1 What is Prolog? Prolog ( pro gramming in log ic) is a

An Introduction to Prolog Programming 1 What is Prolog? Prolog ( pro gramming in log ic) is a logic-based programming language: programs correspond to sets of logical formulas and the Prolog interpreter uses logical methods to resolve

1.18k views • 72 slides
Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 7

Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 7

Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 7 Page 1 CS 236 Online Outline Introduction Basic authentication mechanisms Lecture 7 Page 2 CS 236 Online Introduction Much of

799 views • 30 slides
Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Evaluating System Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 15 Page 1 CS 236 Online Evaluating Program Security What if your task isnt writing secure code? Its determining if someone

423 views • 16 slides
Network Security: Continued CS 236 On-Line MS Program Networks and Systems Security Peter

Network Security: Continued CS 236 On-Line MS Program Networks and Systems Security Peter

Network Security: Continued CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 10 Page 1 CS 236 Online Firewall Configuration and Administration Again, the firewall is the point of attack for intruders

375 views • 16 slides
Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 19 Page 1 CS 236 Online Putting It All Together Weve talked a lot about security principles And about security problems And

209 views • 17 slides
Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems

Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems

Security Principles, Policies, and Tools CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 2 Page 1 CS 236 Online Outline Security design principles Security policies Basic concepts Security

419 views • 12 slides
Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter

Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter

Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 11 Page 1 CS 236 Online Outline Introduction Characteristics of intrusion detection systems Some sample intrusion detection

143 views • 12 slides
Disclosures Ms. Bolen serves as a Consultant to Paradigm Labs. 2 1. Review DEA Regulatory

Disclosures Ms. Bolen serves as a Consultant to Paradigm Labs. 2 1. Review DEA Regulatory

3/9/20 Drugs, Documentation, and DEA Improving your Charting of Prescribing Rationale in 2020 and Beyond, Prepared and Presented by Jen Bolen, JD for PainWeek and PainWeekEnd 1 Disclosures Ms. Bolen serves as a Consultant to Paradigm Labs.

426 views • 15 slides
First order phase transition for the Random Cluster model with q > 4 Ioan Manolescu joint work

First order phase transition for the Random Cluster model with q > 4 Ioan Manolescu joint work

First order phase transition for the Random Cluster model with q > 4 Ioan Manolescu joint work with: Hugo Duminil-Copin, Maxime Gagnebin, Matan Harel, Vincent Tassion University of Fribourg 14th February 2017 Diablerets Ioan Manolescu

830 views • 81 slides
Strings and (Non)-Geometry Dieter Lst, LMU and MPI Mnchen Meeting The particle Physics and

Strings and (Non)-Geometry Dieter Lst, LMU and MPI Mnchen Meeting The particle Physics and

Strings and (Non)-Geometry Dieter Lst, LMU and MPI Mnchen Meeting The particle Physics and Cosmology of Supersymmetry and String Theory, Spring Meeting at University of Pennsylvania, Philadelphia, March, 16-18, 2012 Donnerstag, 15.

809 views • 56 slides
Parametrized maximum principle preserving flux limiters for high order schemes: Algorithm,

Parametrized maximum principle preserving flux limiters for high order schemes: Algorithm,

Parametrized maximum principle preserving flux limiters for high order schemes: Algorithm, Development, Application Zhengfu Xu Michigan Technological University Collaborators: J.-M. Qiu, T. Xiong (U. Houston), Y. Jiang (ISU) , C. Liang (MTU),

415 views • 38 slides
City Centre Task Force What Is It? A group formed by Cllr Kelly in response to Coventry

City Centre Task Force What Is It? A group formed by Cllr Kelly in response to Coventry

City Centre Task Force What Is It? A group formed by Cllr Kelly in response to Coventry Telegraph Save Our Shops Campaign. City Centre Task Force Who Is It? Key city centre stakeholders including Coventry City Council

676 views • 34 slides
1 KULKUNYA PRAYARACH, PH.D. Multiple Regression Analysis I. Analysis of Data III. Dummy

1 KULKUNYA PRAYARACH, PH.D. Multiple Regression Analysis I. Analysis of Data III. Dummy

Multiple Regression Analysis I. Analysis of Data III. Dummy Variable II. Hypothesis Testing IV. Research & Group Work 1 KULKUNYA PRAYARACH, PH.D. Multiple Regression Analysis I. Analysis of Data III. Dummy Variable II. Hypothesis

501 views • 24 slides
Profiling Composable HPC Data Services WIP@PDSW, 2019 Srinivasan Ramesh Philip H. Carns Allen

Profiling Composable HPC Data Services WIP@PDSW, 2019 Srinivasan Ramesh Philip H. Carns Allen

Profiling Composable HPC Data Services WIP@PDSW, 2019 Srinivasan Ramesh Philip H. Carns Allen D. Malony Robert Ross Shane Snyder University of Oregon Argonne National Laboratory Data Services: Managing Heterogeneity and Change Storage:

967 views • 6 slides
People Wont Pay for Privacy Adam Shostack adam@homeport.org (Presented at PET2003)

People Wont Pay for Privacy Adam Shostack adam@homeport.org (Presented at PET2003)

People Wont Pay for Privacy Adam Shostack adam@homeport.org (Presented at PET2003) Motivation n 3 Years at Zero Knowledge Systems n Freedom Network didnt succeed n Problems was sales, not law enforcement n LE moved from scared to a

400 views • 7 slides

More recommend