square wheels and round tuits
play

Square Wheels and Round Tuits Steven M. Bellovin - PowerPoint PPT Presentation

Mar 13, 2024 •350 likes •662 views

Square Wheels and Round Tuits Steven M. Bellovin http://www.cs.columbia.edu/~smb Columbia University April 4, 2006 1 / 22 A Conversation, Circa 1981 Me: You get a lot more performance if you A Conversation, Circa 1981 A Talk, Circa 1982

  1. Square Wheels and Round Tuits Steven M. Bellovin http://www.cs.columbia.edu/~smb Columbia University April 4, 2006 1 / 22

  2. A Conversation, Circa 1981 Me: You get a lot more performance if you A Conversation, Circa 1981 A Talk, Circa 1982 buffer disk I/O The Sins of the Fathers. . . Hobbyist: But then I can’t just eject the floppy A History Lesson Me: You also need memory protection The Root Cause Hobbyist: Why? I’m the only one using the There is a Threat Cell Phone/PDA machine Viruses More Problems Me: (Argghh!) Bellovin’s Laws of Networking Interconnections We Have to Start Somewhere The Square Wheel Parts of a Solution Securing New Systems Principles Solution Characteristics Retrofits It May be Easier 2 / 22

  3. A Talk, Circa 1982 Me: Writing code in a high-level language will A Conversation, Circa 1981 A Talk, Circa 1982 improve productivity and reduce bugs The Sins of the Fathers. . . Audience: You don’t understand how small A History Lesson these machines are! The Root Cause Me: They’ll get bigger There is a Threat Cell Phone/PDA Audience: But today they’re small Viruses More Problems Bellovin’s Laws of Networking Interconnections We Have to Start Somewhere The Square Wheel Parts of a Solution Securing New Systems Principles Solution Characteristics Retrofits It May be Easier 3 / 22

  4. The Sins of the Fathers. . . “Programs written specifically for IBM A Conversation, ■ Circa 1981 A Talk, Circa 1982 compatibles could run faster by bypassing slow The Sins of the Fathers. . . MS-DOS functions, e.g. by writing video A History Lesson information directly to the area of memory The Root Cause assigned to it.” —Wikipedia entry on DOS There is a Threat Cell Phone/PDA That meant that Windows 95 had to permit Viruses ■ More Problems such behavior, and hence couldn’t really run Bellovin’s Laws of Networking Interconnections protected We Have to Start Somewhere Windows 98 couldn’t, either; on Windows XP, ■ The Square Wheel Parts of a Solution most users run as Administrator because many Securing New Systems applications require it Principles Solution Characteristics We are paying today for decisions made 25 ■ Retrofits It May be Easier years ago 4 / 22

  5. A History Lesson Mainframes, 1960 Single application at a time, A Conversation, Circa 1981 A Talk, Circa 1982 no memory protection, limited address space The Sins of the Fathers. . . A History Lesson The Root Cause There is a Threat Cell Phone/PDA Viruses More Problems Bellovin’s Laws of Networking Interconnections We Have to Start Somewhere The Square Wheel Parts of a Solution Securing New Systems Principles Solution Characteristics Retrofits It May be Easier 5 / 22

  6. A History Lesson Mainframes, 1960 Single application at a time, A Conversation, Circa 1981 A Talk, Circa 1982 no memory protection, limited address space The Sins of the Fathers. . . Minis, 1970 Single application at a time, no A History Lesson memory protection, limited address space The Root Cause There is a Threat Cell Phone/PDA Viruses More Problems Bellovin’s Laws of Networking Interconnections We Have to Start Somewhere The Square Wheel Parts of a Solution Securing New Systems Principles Solution Characteristics Retrofits It May be Easier 5 / 22

  7. A History Lesson Mainframes, 1960 Single application at a time, A Conversation, Circa 1981 A Talk, Circa 1982 no memory protection, limited address space The Sins of the Fathers. . . Minis, 1970 Single application at a time, no A History Lesson memory protection, limited address space The Root Cause Micros, 1980 Single application at a time, no There is a Threat Cell Phone/PDA memory protection, limited address space Viruses More Problems Bellovin’s Laws of Networking Interconnections We Have to Start Somewhere The Square Wheel Parts of a Solution Securing New Systems Principles Solution Characteristics Retrofits It May be Easier 5 / 22

  8. A History Lesson Mainframes, 1960 Single application at a time, A Conversation, Circa 1981 A Talk, Circa 1982 no memory protection, limited address space The Sins of the Fathers. . . Minis, 1970 Single application at a time, no A History Lesson memory protection, limited address space The Root Cause Micros, 1980 Single application at a time, no There is a Threat Cell Phone/PDA memory protection, limited address space Viruses More Problems PCs, 1990 Single application at a time, no Bellovin’s Laws of Networking Interconnections memory protection, limited address space We Have to Start Somewhere The Square Wheel Parts of a Solution Securing New Systems Principles Solution Characteristics Retrofits It May be Easier 5 / 22

  9. A History Lesson Mainframes, 1960 Single application at a time, A Conversation, Circa 1981 A Talk, Circa 1982 no memory protection, limited address space The Sins of the Fathers. . . Minis, 1970 Single application at a time, no A History Lesson memory protection, limited address space The Root Cause Micros, 1980 Single application at a time, no There is a Threat Cell Phone/PDA memory protection, limited address space Viruses More Problems PCs, 1990 Single application at a time, no Bellovin’s Laws of Networking Interconnections memory protection, limited address space We Have to Start Somewhere Embedded systems, now . . . The Square Wheel Parts of a Solution Securing New Systems Principles Solution Characteristics Retrofits It May be Easier 5 / 22

  10. A Conversation, Circa 1981 A Talk, Circa 1982 The Sins of the Fathers. . . A History Lesson The Root Cause Those who cannot remember the past are There is a Threat Cell Phone/PDA condemned to repeat it. Viruses More Problems Bellovin’s Laws of Networking —George Santayana, 1906 Interconnections We Have to Start Somewhere The Square Wheel Parts of a Solution Securing New Systems Principles Solution Characteristics Retrofits It May be Easier 6 / 22

  11. The Root Cause Vendors shipped as soon as the hardware was A Conversation, ■ Circa 1981 A Talk, Circa 1982 capable of handling base functionality The Sins of the Fathers. . . A year later, the better hardware is used for ■ A History Lesson more functionality The Root Cause By the time people think about security, ■ There is a Threat Cell Phone/PDA there’s an installed base problem Viruses More Problems Besides, no one believed there was a problem Bellovin’s Laws of ■ Networking Interconnections We have two challenges: ■ We Have to Start Somewhere The Square Wheel To ensure that new systems are designed ◆ Parts of a Solution Securing New properly Systems Principles To figure out how to retrofit legacy ◆ Solution Characteristics systems Retrofits It May be Easier 7 / 22

  12. A Conversation, Circa 1981 A Talk, Circa 1982 The Sins of the Fathers. . . A History Lesson The Root Cause There is a Threat Cell Phone/PDA “Software longa, hardware brevis” Viruses More Problems —Melinda Shore Bellovin’s Laws of Networking Interconnections We Have to Start Somewhere The Square Wheel Parts of a Solution Securing New Systems Principles Solution Characteristics Retrofits It May be Easier 8 / 22

  13. There is a Threat 34 security incidents targetted at process A Conversation, ■ Circa 1981 A Talk, Circa 1982 plants were identified between 1995 and 2003 The Sins of the Fathers. . . 29% of the incidents led to companies losing ■ A History Lesson the ability to monitor or control the plant The Root Cause 36% of external attacks came through the ■ There is a Threat Cell Phone/PDA Internet Viruses More Problems The number of incidents has been increasing Bellovin’s Laws of ■ Networking Interconnections sharply since 2000. We Have to Start Somewhere The Square Wheel Source: http://www.crime-research.org/news/ Parts of a Solution Securing New 19.10.2004/727/ Systems Principles Solution Characteristics Retrofits It May be Easier 9 / 22

  14. Cell Phone/PDA Viruses “Prepare for the likelihood of an increasing A Conversation, ■ Circa 1981 A Talk, Circa 1982 number of threats as time goes on.” The Sins of the Fathers. . . (Microsoft.com) A History Lesson “Cardtrap.A, a Trojan that attacks Symbian ■ The Root Cause mobile phone operating systems, attempts to There is a Threat Cell Phone/PDA infect users’ PCs if they insert the phone’s Viruses More Problems memory card into their computers.” Bellovin’s Laws of Networking Interconnections (news.com) We Have to Start Somewhere “What if a virus drained your cell’s battery and ■ The Square Wheel Parts of a Solution suddenly you couldn’t be reached?” . . . “Once Securing New Systems initiated, it sends the attacker an email Principles Solution Characteristics containing the IP address of your PDA.” Retrofits (Symantec.com) It May be Easier 10 / 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

revitalizing our downtown Why Redevelop Garden Square? ...to create a year-round DESTINATION

revitalizing our downtown Why Redevelop Garden Square? ...to create a year-round DESTINATION

Proposed redevelopment concept for Garden Square View Looking South from CIBC Public Information Session - June 17, 2014 revitalizing our downtown Why Redevelop Garden Square? ...to create a year-round DESTINATION that incorporates

213 views • 17 slides
Resources: Round Peg in a Square Hole? The purpose of this presentation is to analyze both the

Resources: Round Peg in a Square Hole? The purpose of this presentation is to analyze both the

situational awareness | preparedness | response | recovery Resources: Round Peg in a Square Hole? The purpose of this presentation is to analyze both the local jurisdictions and IMTs perspectives regarding resource ordering, tracking,

332 views • 17 slides
NEU TABLE By HAY Neu Table is a small table designed by HAY with a round or a square tabletop.

NEU TABLE By HAY Neu Table is a small table designed by HAY with a round or a square tabletop.

NEU TABLE By HAY Neu Table is a small table designed by HAY with a round or a square tabletop. Neu Table fjts a wide variety of indoor and outdoor environments, including offjces, cafs, restaurants, gardens, terraces and balconies. Neu Table

422 views • 10 slides
From OO to FPGA: From OO to FPGA: Fitting Round Objects Fitting Round Objects into Square

From OO to FPGA: From OO to FPGA: Fitting Round Objects Fitting Round Objects into Square

From OO to FPGA: From OO to FPGA: Fitting Round Objects Fitting Round Objects into Square Hardware? into Square Hardware? Stephen Kou Stephen Kou Jens Palsberg Jens Palsberg UCLA Computer Science Department UCLA Computer Science

429 views • 31 slides
Square Pegs in a Round Pipe: Wire-Compatible Unordered Delivery In TCP and TLS Michael F. Nowlan

Square Pegs in a Round Pipe: Wire-Compatible Unordered Delivery In TCP and TLS Michael F. Nowlan

Square Pegs in a Round Pipe: Wire-Compatible Unordered Delivery In TCP and TLS Michael F. Nowlan 2 Nabin Tiwari 1 Jana Iyengar 1 Syed Obaid Amin 12 Bryan Ford 2 1 Franklin & Marshall 2 Yale University College Project webpage:

514 views • 34 slides
Wheels Wheels Friction wastes energy Friction wastes energy Wheels mitigate the effects

Wheels Wheels Friction wastes energy Friction wastes energy Wheels mitigate the effects

Wheels 1 Wheels 2 Observations about Wheels Observations about Wheels Friction makes wheel Friction makes wheel- -less objects skid to a stop less objects skid to a stop Wheels Wheels Friction wastes energy Friction wastes energy

335 views • 4 slides
How to Create a Workplace Delivery Team at Your Company What is Meals on Wheels? Meals on Wheels

How to Create a Workplace Delivery Team at Your Company What is Meals on Wheels? Meals on Wheels

How to Create a Workplace Delivery Team at Your Company What is Meals on Wheels? Meals on Wheels is a community-based service that provides fresh, nutritious meals and friendly visits to seniors and individuals with short and long-term

441 views • 9 slides
Programming Robots with Westside Boiler Invasion and AndyMark Parts of Robots Sensors Computer/

Programming Robots with Westside Boiler Invasion and AndyMark Parts of Robots Sensors Computer/

Programming Robots with Westside Boiler Invasion and AndyMark Parts of Robots Sensors Computer/ Attachments Brain Movement Mecanum Wheels Omni Wheels Intake Wheels Movement Plaction Wheels Pneumatic Wheels Scooper Shooting

655 views • 8 slides
Fitting a Round Peg in a Square Hole: Japanese Resource Grammar in GF Elizaveta Zimina 29th

Fitting a Round Peg in a Square Hole: Japanese Resource Grammar in GF Elizaveta Zimina 29th

Fitting a Round Peg in a Square Hole: Japanese Resource Grammar in GF Elizaveta Zimina 29th August, 2013 GF Summer School 2013, Frauenchiemsee, Germany Stylistic Differentiation plain style: informal spoken language, in most books,

332 views • 12 slides
Domai Domain St Station ion A SQUARE PEG IN A ROUND HOLE Domai Domain St Station ion

Domai Domain St Station ion A SQUARE PEG IN A ROUND HOLE Domai Domain St Station ion

Me Melbourne Met Metro Rai Rail Domai Domain St Station ion A SQUARE PEG IN A ROUND HOLE Domai Domain St Station ion Presenter: William M. McIntosh B.E.(Hons), M.Sc., MAusIMM(CP) Background: Engineer educated in Melbourne and

269 views • 23 slides
Wheels Wheels wheels and burn rubber or if you just barely wheels and burn rubber or

Wheels Wheels wheels and burn rubber or if you just barely wheels and burn rubber or

Wheels 1 Wheels 2 Introductory Question Introductory Question The light turns green and youre in a hurry. The light turns green and youre in a hurry. Will your car accelerate faster if you skid your Will your car accelerate faster

179 views • 5 slides
Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or horizontal half-planes Round 1 Round 1 Round 1 Round 1 Round 1 h 1 D 2 " 1 =0.30 ! =0.42 1 Round 2 Round 2 Round 2 Round 2 Round

188 views • 5 slides
Wounded Wheels Restoring Heroes and Hot Rods Wounded Wheels Restoring Heroes and Hotrods

Wounded Wheels Restoring Heroes and Hot Rods Wounded Wheels Restoring Heroes and Hotrods

Wounded Wheels Restoring Heroes and Hot Rods Wounded Wheels Restoring Heroes and Hotrods Wh Who a o and nd Wh What t We We Are A federally recognized 501(c)(3) public charity Modifying iconic American muscle cars

437 views • 10 slides
Wounded Wheels Restoring Heroes and Hot Rods Wounded Wheels Restoring Heroes and Hotrods

Wounded Wheels Restoring Heroes and Hot Rods Wounded Wheels Restoring Heroes and Hotrods

Wounded Wheels Restoring Heroes and Hot Rods Wounded Wheels Restoring Heroes and Hotrods Th The e big Th Three ee Engineering and design concepts applied to commonly available resources that provide accessibility in new ways

765 views • 21 slides
MicheleErwin@AllWheelsUp.org www.AllWheelsUp.org WHO IS ALL WHEELS UP? AWU is a 501(c)(3)

MicheleErwin@AllWheelsUp.org www.AllWheelsUp.org WHO IS ALL WHEELS UP? AWU is a 501(c)(3)

MicheleErwin@AllWheelsUp.org www.AllWheelsUp.org WHO IS ALL WHEELS UP? AWU is a 501(c)(3) non-for-profit organization AWU is the ONLY organization in the world crash testing wheelchair restraints for In-cabin use @allwheelsup All Wheels

355 views • 31 slides
TagYoure It! TagYoure It! Michelle Cummings M.S. Training Wheels Michelle

TagYoure It! TagYoure It! Michelle Cummings M.S. Training Wheels Michelle

TagYoure It! TagYoure It! Michelle Cummings M.S. Training Wheels Michelle Cummings M.S. Training Wheels www.training-wheels.com Energizer Games Pair Tag Evolution Viper Tag Wagon Wheel Tag

617 views • 16 slides
C C C Conferences confronted by challenges of Conferences confronted by challenges of C

C C C Conferences confronted by challenges of Conferences confronted by challenges of C

C C C Conferences confronted by challenges of Conferences confronted by challenges of C Conferences confronted by challenges of Conferences confronted by challenges of f f f f f f f f t d b h ll t d b h ll t d b h ll t d b h

194 views • 6 slides
CAST-256 A Submission for the Advanced Encryption Standard Carlisle Adams First AES Candidate

CAST-256 A Submission for the Advanced Encryption Standard Carlisle Adams First AES Candidate

CAST-256 A Submission for the Advanced Encryption Standard Carlisle Adams First AES Candidate Conference August 20-22, 1998 Orchestrating Enterprise Security 1997 Entrust Technologies Vital Statistics ! Name CAST-256 ! Inventors

608 views • 33 slides
Jeffrey D. Ullman Stanford University/Infolab Why Care? 1. Density of triangles measures

Jeffrey D. Ullman Stanford University/Infolab Why Care? 1. Density of triangles measures

Jeffrey D. Ullman Stanford University/Infolab Why Care? 1. Density of triangles measures maturity of a community. As communities age, their members tend to connect. 2. The algorithm is actually an example of a recent and powerful theory

588 views • 42 slides
News ws Text xt Seg egme mentat ntation ion in Hum uman n Per erce cepti ption on

News ws Text xt Seg egme mentat ntation ion in Hum uman n Per erce cepti ption on

News ws Text xt Seg egme mentat ntation ion in Hum uman n Per erce cepti ption on Yagunova 1 , Lidia Pivovarova 2 , Svetlana Volskaya 1 Elena 1 Saint Petersburg State University, Saint Petersburg, Russia 2 University of Helsinki,

496 views • 17 slides
Air pollution and Health: Recent Advances to Inform the European Green Deal 21-22 January, 2020

Air pollution and Health: Recent Advances to Inform the European Green Deal 21-22 January, 2020

Air pollution and Health: Recent Advances to Inform the European Green Deal 21-22 January, 2020 Brussels WIFI: Square-guest Login: hei Password: hei2020 Organizers Dr. Maria Neira Dr. Barbara Hoffmann Dr. Hanna Boogaard Director Public

324 views • 19 slides
State-Based Testing Part C Test Cases Generating test cases for complex behaviour Reference:

State-Based Testing Part C Test Cases Generating test cases for complex behaviour Reference:

State-Based Testing Part C Test Cases Generating test cases for complex behaviour Reference: Robert V. Binder Testing Object-Oriented Systems: Models, Patterns, and Tools Addison-Wesley, 2000, Chapter 7 Test strategies Exhaustive

687 views • 47 slides
CENTER CONSISTENCY Authors: Tim Kraska, Gene Pang, Michael Franklin, Samuel Madden, Alan Fekete

CENTER CONSISTENCY Authors: Tim Kraska, Gene Pang, Michael Franklin, Samuel Madden, Alan Fekete

MDCC : MULTI-DATA CENTER CONSISTENCY Authors: Tim Kraska, Gene Pang, Michael Franklin, Samuel Madden, Alan Fekete Presented By: Kartik Killawala Acknowledgement Tim Kraska, Gene Pang, Michael Franklin : University of California, Berkeley

376 views • 35 slides
Locomotor Transparent Migration of Client-Side Database Code Michael Mior University of

Locomotor Transparent Migration of Client-Side Database Code Michael Mior University of

Locomotor Transparent Migration of Client-Side Database Code Michael Mior University of Waterloo Complex database operations often require queries and updates to be mixed with application code Stored Procedures Using stored

280 views • 16 slides

More recommend