understanding and countering insider threats in software
play

Understanding and Countering Insider Threats In Software Development - PowerPoint PPT Presentation

Oct 04, 2022 •268 likes •557 views

1 of 25 slides Understanding and Countering Insider Threats In Software Development Michael Franz University of California, Irvine Presented by Ivan Hristov Department of Computer Science Dresden University of Technology Winter Semester 2008

  1. 1 of 25 slides Understanding and Countering Insider Threats In Software Development Michael Franz University of California, Irvine Presented by Ivan Hristov Department of Computer Science Dresden University of Technology Winter Semester 2008 iv.hristov@yahoo.com Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  2. Introduction Motivation Defense Discussion 2 of 25 slides Part I Presentation Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  3. Introduction Motivation Defense Discussion 3 of 25 slides ”Bug or feature?” Bugs - bad mistakes or good profit Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  4. Introduction Motivation Defense Discussion 4 of 25 slides Bugs can be power! ”Ispa Scientia Potestas Est - Knowledge is power.” Sir Francis Bacon Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  5. Introduction Motivation Defense Discussion 5 of 25 slides The Problem We live in a chaos! There are bad guys that want bugs! Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  6. Introduction Motivation Defense Discussion 6 of 25 slides Aim(s) What for? “zombie farms” phishing governmental back doors other purposes Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  7. Introduction Motivation Defense Discussion 7 of 25 slides Conspiracy theory Trojan horse $50 billion dollars industry espionage, “moles” “protection” Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  8. Introduction Motivation Defense Discussion 8 of 25 slides Sources of software bugs Important aspects to consider ”doors behind the back doors” stocks always matter outsourcing how well your company treats you the good old friend Buddy Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  9. Introduction Motivation Defense Discussion 9 of 25 slides Open source utopia Some problems - Lack of resources - “Untraceability” - Open source Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  10. Introduction Motivation Defense Discussion 10 of 25 slides Author’s Solution The idea Fault tolerance mechanism through Versioning Parallelism Consistency check Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  11. Introduction Motivation Defense Discussion 11 of 25 slides Author’s Approach Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  12. Introduction Motivation Defense Discussion 12 of 25 slides Problem subset What’s treated? 1 st arbitrary code execution 2 nd specific input What’s NOT treated? covert channels ”time bombs” Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  13. Introduction Motivation Defense Discussion 13 of 25 slides Use case Scenario buffer overflows specific input ”out-of-specification” behavior knowledge determinism Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  14. Introduction Motivation Defense Discussion 14 of 25 slides Existing defense strategies Basic idea Ruin the attacker’s knowledge determinism Drawback Randomization is difficult Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  15. Introduction Motivation Defense Discussion 15 of 25 slides Proposed defense strategy Improvement slightly different versions parallelism monitoring optionally - randomization Basic idea One specific input is meaningful to only one program version Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  16. Introduction Motivation Defense Discussion 16 of 25 slides Basic Idea Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  17. Introduction Motivation Defense Discussion 17 of 25 slides Basic Idea Two variants of the same program.[Fra08] Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  18. Introduction Motivation Defense Discussion 18 of 25 slides Additional variation Where? register reallocation heap randomization code relocation OS Entry Point Randomization Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  19. Introduction Motivation Defense Discussion 19 of 25 slides Checkpointing - take the shortcut Overall process 1 st identical inputs 2 nd behavior synchronization 3 rd internal states monitoring How far do you trust your OS? OS calls as synch points Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  20. Introduction Motivation Defense Discussion 19 of 25 slides Checkpointing - take the shortcut Overall process 1 st identical inputs 2 nd behavior synchronization 3 rd internal states monitoring How far do you trust your OS? OS calls as synch points Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  21. Introduction Motivation Defense Discussion 20 of 25 slides Checkpointing - stay on the safe side Trusted Computing 1 st trusted hypervisor 2 nd hardware component 3 nd additional registers Cost? 0.001% of the total CPU transistor amount Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  22. Introduction Motivation Defense Discussion 20 of 25 slides Checkpointing - stay on the safe side Trusted Computing 1 st trusted hypervisor 2 nd hardware component 3 nd additional registers Cost? 0.001% of the total CPU transistor amount Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  23. Introduction Motivation Defense Discussion 21 of 25 slides Slightly Different Versions HOWTO create multiple versions? HW virtualization storage address remappings hypervisor on-demand code translation Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  24. Introduction Motivation Defense Discussion 22 of 25 slides Overall architecture Trusted Code Base TCB is a hypervisor.[Fra08] Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  25. Introduction Motivation Defense Discussion 23 of 25 slides Some discussion points Does virtualization equate panacea? What type of cost is the important one? Checkpoint protocols scheduling? Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  26. 24 of 25 slides Part II References Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  27. 25 of 25 slides Michael Franz. Understanding and countering insider threats in software development. International MCETECH Conference , pages 81–90, 2008. Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

  28. 25 of 25 slides Part III Questions? Understanding and Countering Insider Threats In Software Development Michael FranzUniversity of California, Irvine

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Detecting and Countering Insider Threats: the Insider Threat Can Policy-Based Access Control

Detecting and Countering Insider Threats: the Insider Threat Can Policy-Based Access Control

Introduction Insiders and Detecting and Countering Insider Threats: the Insider Threat Can Policy-Based Access Control Help? Trust and Trustworthi- ness Access Control and Trustwor- Jason Crampton 1 Michael Huth 2 thiness 1 Information

470 views • 25 slides
Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and

Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and

Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and Challenges Challenges Mission critical information = High value target Threatens Government organizations and large corporations

435 views • 39 slides
Social Science Perspectives and Countering Insider Threat The Framework Social science is

Social Science Perspectives and Countering Insider Threat The Framework Social science is

Social Science Perspectives and Countering Insider Threat Overview What is a Social Scientist? Why M ethods M atter The Application of Social Science Questions? 1 Social Science Perspectives and Countering Insider Threat The

294 views • 11 slides
Insider Threats Maria Thompson State Chief Information Risk Officer February 1, 2018 Who is an

Insider Threats Maria Thompson State Chief Information Risk Officer February 1, 2018 Who is an

Insider Threats Maria Thompson State Chief Information Risk Officer February 1, 2018 Who is an insider? Who is an insider? Carnegie Mellon CERT definition of insider: Someone who has authorized access to an organizations facilities,

217 views • 21 slides
SECURING SECURE SHELL INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT AGAINST INSIDER THREATS

SECURING SECURE SHELL INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT AGAINST INSIDER THREATS

SECURING SECURE SHELL INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT AGAINST INSIDER THREATS Applying Due Care Via Common Sense Approach April 2017 100% 46% Ponemon 2014 SSH Security Vulnerability of 2000 Global do not Organizations Report

307 views • 29 slides
Managing the Weakest Link: A Game-Theoretic Approach for the Mitigation of Insider Threats Aron

Managing the Weakest Link: A Game-Theoretic Approach for the Mitigation of Insider Threats Aron

Managing the Weakest Link: A Game-Theoretic Approach for the Mitigation of Insider Threats Aron Laszka 1 , 2 Benjamin Johnson 3 ottle 4 Pascal Sch Jens Grossklags 1 ohme 4 Rainer B 1 Pennsylvania State University 2 Budapest University of

456 views • 44 slides
A Layered Approach to Insider Threat Detection and Proactive Forensics Phillip G. Bradford, Ning

A Layered Approach to Insider Threat Detection and Proactive Forensics Phillip G. Bradford, Ning

A Layered Approach to Insider Threat Detection and Proactive Forensics Phillip G. Bradford, Ning Hu University of Alabama Tuscaloosa, AL 35487 ACSAC Dec. 5-9, 2005 Insider threats Definition Menaces to computer security as a result of

131 views • 11 slides
International Collaboration International Collaboration and Partnership in and Partnership in

International Collaboration International Collaboration and Partnership in and Partnership in

International Collaboration International Collaboration and Partnership in and Partnership in Countering Biological Countering Biological Threats Threats Presentation by Georgia Presentation by Georgia Biological Weapons Convention Meeting

221 views • 11 slides
OUTLINE NE The 'Self' lf' as 'Insider der' in in Resear arch ch Wh What are the the

OUTLINE NE The 'Self' lf' as 'Insider der' in in Resear arch ch Wh What are the the

OUTLINE NE The 'Self' lf' as 'Insider der' in in Resear arch ch Wh What are the the ben benef efits of of the the 'in 'insider'? What are the Wh the chal allen enges es? The risks of of my my 'in 'insider' sta

199 views • 7 slides
A white noise approach to optimal insider control of systems with delay Olfa Draouil Joint work

A white noise approach to optimal insider control of systems with delay Olfa Draouil Joint work

The Donsker delta functional Optimal insider Control problem for SDDE Transforming the insider control problem to a related parameterized non-insider problem Maximum principle theorems Applications A white noise approach to optimal insider

554 views • 40 slides
A FRAMEWORK TO EFFECTIVELY DEVELOP INSIDER THREAT CONTROLS Randy Trzeciak Dan Costa Director

A FRAMEWORK TO EFFECTIVELY DEVELOP INSIDER THREAT CONTROLS Randy Trzeciak Dan Costa Director

#RSAC SESSION ID: HUM-R02 A FRAMEWORK TO EFFECTIVELY DEVELOP INSIDER THREAT CONTROLS Randy Trzeciak Dan Costa Director Technical Solutions Team Lead CERT National Insider Threat Center CERT National Insider Threat Center Software

784 views • 35 slides
Make My Day Just Run A Web Scanner Countering the faults of typical web scanners through

Make My Day Just Run A Web Scanner Countering the faults of typical web scanners through

Make My Day Just Run A Web Scanner Countering the faults of typical web scanners through bytecode injection Toshinari Kureha, Fortify Software Agenda Problems With Black Box Testing Approaches To Finding Security Issues 4

761 views • 53 slides
Insider Threat Engineering Secure Software Last Revised: November 11, 2020 SWEN-331: Engineering

Insider Threat Engineering Secure Software Last Revised: November 11, 2020 SWEN-331: Engineering

Insider Threat Engineering Secure Software Last Revised: November 11, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Lottery Story At a lottery agency, a manager was able to turn losing tickets into winners He would buy

309 views • 19 slides
CRACK WHIPS ON WILFUL DEFAULTERS What is Insider Trading? Insider Trading is trading/ dealing of a

CRACK WHIPS ON WILFUL DEFAULTERS What is Insider Trading? Insider Trading is trading/ dealing of a

Revamping of SEBI Regulations : A move towards ensuring lucidity in the Regime NEW INSIDER TRADING REGULATIONS: AIMED TO CRACK WHIPS ON WILFUL DEFAULTERS What is Insider Trading? Insider Trading is trading/ dealing of a companys stock by an

941 views • 56 slides
Loo ooking g into Ma o Malicious I Insider ers JPCERT/CC Koichiro Sparky Komiyama First

Loo ooking g into Ma o Malicious I Insider ers JPCERT/CC Koichiro Sparky Komiyama First

Loo ooking g into Ma o Malicious I Insider ers JPCERT/CC Koichiro Sparky Komiyama First Conference, Vienna Agenda Background Previous work Information leakage by malicious insider Our Research How to prevent 2 Insider

335 views • 30 slides
ROLE OF WOMEN IN COUNTERING/PREVENTING VIOLENT EXTREMISM Victims . Perpetrators . Disruptors

ROLE OF WOMEN IN COUNTERING/PREVENTING VIOLENT EXTREMISM Victims . Perpetrators . Disruptors

ROLE OF WOMEN IN COUNTERING/PREVENTING VIOLENT EXTREMISM Victims . Perpetrators . Disruptors WHAT IS THE PROBLEM? A narrow understanding of womens roles in CVE limits policy options and perpetuates strategic blind spots, such as failing to

473 views • 12 slides
-Service Resiliency With Circuit Breakers Lance Ball - Red Hat - @lanceball FullStack 2018

-Service Resiliency With Circuit Breakers Lance Ball - Red Hat - @lanceball FullStack 2018

-Service Resiliency With Circuit Breakers Lance Ball - Red Hat - @lanceball FullStack 2018 Resilience Resiliency is defined as the capability of a system to maintain its functions and structure in the face of internal and external change

512 views • 38 slides
IAB Security Workshop Retrospective IAB Plenary IETF 60 Thursday, August 5, 2004

IAB Security Workshop Retrospective IAB Plenary IETF 60 Thursday, August 5, 2004

IAB Security Workshop Retrospective IAB Plenary IETF 60 Thursday, August 5, 2004 Acknowledgments Many thanks to Steve Bellovin for his thoughts and recollections. Any errors or omissions are the responsibility of the presenters 8/6/2004 2

509 views • 15 slides
Budgeting for Federal Credit Programs: The Case for Fair Value Deborah Lucas Sloan Distinguished

Budgeting for Federal Credit Programs: The Case for Fair Value Deborah Lucas Sloan Distinguished

Budgeting for Federal Credit Programs: The Case for Fair Value Deborah Lucas Sloan Distinguished Professor of Finance and Director, MIT Center for Finance and Policy 1 Overview Background: Goals of FCRA Rationale for adoption of fair

299 views • 18 slides
Virtual Care The Force Multiplier Wendy Carroll General Manager, New Business and Stakeholder

Virtual Care The Force Multiplier Wendy Carroll General Manager, New Business and Stakeholder

Virtual Care The Force Multiplier Wendy Carroll General Manager, New Business and Stakeholder Relations Healthdirect Australia 1/05/2017 FOR OFFICIAL USE ONLY Enabling virtual care Devices devices devices. Source: www.lieftherapeutics.com

445 views • 17 slides
The International Monetary System: Living with Asymmetry Maurice Obstfeld University of

The International Monetary System: Living with Asymmetry Maurice Obstfeld University of

The International Monetary System: Living with Asymmetry Maurice Obstfeld University of California, Berkeley Presentation to the Q Group, Laguna Niguel, CA October 17, 2011 Main Themes The crisis laid bare global stresses related to the

372 views • 25 slides
A Practitioner's Experience of the Use of Cloud Computing in Control Sekou L Remy Assistant

A Practitioner's Experience of the Use of Cloud Computing in Control Sekou L Remy Assistant

A Practitioner's Experience of the Use of Cloud Computing in Control Sekou L Remy Assistant Professor Human Centered Computing Championing learning from examples Dots represent instances of teaching 2 Championing the use of web standards

276 views • 15 slides
Janus: Transactional Processing of Navigational and Analytical Graph Queries on Many-core Servers

Janus: Transactional Processing of Navigational and Analytical Graph Queries on Many-core Servers

Janus: Transactional Processing of Navigational and Analytical Graph Queries on Many-core Servers Kevin Wilkinson Hideaki Kimura Alkis Simitsis (speaker) Hewlett Packard Labs 1/15 Take-away Graph Engine on modern servers for both

410 views • 15 slides
A PRACTITIONER'S GUIDE TO BLOCKCHAIN M A R C H 2 0 , 2 0 1 8 AGENDA MODERATOR CATHERINE CHENEY

A PRACTITIONER'S GUIDE TO BLOCKCHAIN M A R C H 2 0 , 2 0 1 8 AGENDA MODERATOR CATHERINE CHENEY

A PRACTITIONER'S GUIDE TO BLOCKCHAIN M A R C H 2 0 , 2 0 1 8 AGENDA MODERATOR CATHERINE CHENEY WEST COAST CORRESPONDENT DEVEX @ CATHERINECHENEY CATHERINE . CHENEY @ DEVEX . COM AGENDA PANELISTS SHEILA WARREN RIC SHREVES SENIOR ADVISOR , HEAD

724 views • 30 slides

More recommend