Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.

Slides:



Advertisements
Similar presentations
By Olga Gelbart Mobile Agents By Olga Gelbart
Advertisements

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
The Mobile Code Paradigm and Its Security Issues Anthony Chan and Michael Lyu September 27, 1999.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
Security+ Guide to Network Security Fundamentals
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Survivability of Mobile Code Land Warfare Requirements for IMPACT Agent Systems IMPACT Symposium -12 August 1999 University of Maryland at College Park.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Electronic Voting (E-Voting) An introduction and review of technology Written By: Larry Brachfeld CS591, December 2010.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Cyber-Attack On Department Of Defense. Overview Washington has reported that there has been a widespread attack on Defense Department computers that may.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Data Security.
Silberschatz and Galvin  Operating System Concepts Module 20: Security The Security Problem Authentication Program Threats System Threats Threat.
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
BUSINESS B1 Information Security.
Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
Viruses & Destructive Programs
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.
Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Malicious Attacks By Katya, Grace, Lachlan, Sairus and Eric!
 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.
PROTECTION ON THE INTERNET NADIA SNOW VIRUS Is a file made to do harm or criminal activity there are many types: -worms -Trojan horse -Spyware How they.
11 CONFIGURING TCP/IP ADDRESSING AND SECURITY Chapter 11.
Operating system Security By Murtaza K. Madraswala.
Types of Electronic Infection
Security System Ability of a system to protect information and system resources with respect to confidentiality and integrity.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Course code: ABI 204 Introduction to E-Commerce Chapter 5: Security Threats to Electronic Commerce AMA University 1.
CS795.Net Impersonation… why & How? Presented by: Vijay Reddy Mara.
Security CS Introduction to Operating Systems.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Computer Ethics. Computer Virus  A Virus is a computer program written to alter the way a computer operates, without the permission or knowledge of the.
Malicious Software.
n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.
Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
 Introduction  Tripwire For Servers  Tripwire Manager  Tripwire For Network Devices  Working Of Tripwire  Advantages  Conclusion.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
Antivirus Software Troy Behmer. Outline Topics covered: – What is Antivirus software (AVS)? – What are the advantages and disadvantages of AVS? – What.
Computer safety Filip Hruby.
Securing Network Servers
Security Shmuel Wimer prepared and instructed by
Operating system Security
Risk of the Internet At Home
12: Security The Security Problem Authentication Program Threats
Chap 10 Malicious Software.
Faculty of Science IT Department By Raz Dara MA.
Security.
Chap 10 Malicious Software.
Operating System Concepts
Computer Security By: Muhammed Anwar.
Operating System Concepts
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Presentation transcript:

Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems are becoming popular and ubiquitous,and while…the security issues that these systems raise must now be dealt with more thoroughly. presented by Wei Zhong

Outline Introduction Common Assumptions & Their Violations Conclusion

Introduction What are mobile code systems? - In mobile code systems, programs or processes travel from a server to a client, then execute on the client after arrival. Mobile code systems raise new security issues. - e.g. CHRISTMA EXEC, internet worms Why? - The mobile code systems violate a number of assumptions, and most existing computer security systems are based on them.

Common Assumptions & Their Violations Identity Assumptions 1. Whenever a program attempts some action, we can easily identify a person to whom that action can be attributed, and it is safe to assume that that person intends the action to be taken. Violation by mobile code systems: When a program attempts some action, we may be unable to identify a person to whom that action can be attributed, and it is not safe to assume that any particular person intends the action to be taken. - e.g. virus

Common Assumptions & Their Violations(cnt.) Identity Assumptions 2. There is one security domain corresponding to each user; all actions within that domain can be treated the same way. Violation by mobile code systems: There are potentially many security domains corresponding to each user; different actions initiated by the same user may need to be treated differently. - Different programs may have different level of trust. - The programs which have different level of trust must be treated differently.

Common Assumptions & Their Violations(cnt.) Trojan Horses are rare Users think: Essentially all programs are obtained from easily-identifiable and generally trusted sources. users think: Why ? because users think: - Attackers would be - Attackers would be unlikely to escape detection and punishment. - Commercial custom and law place some restraints. Violation by mobile code systems: In mobile code systems, many programs may be obtained from unknown or untrusted sources. - e.g. download files from an unknown site

Common Assumptions & Their Violations(cnt.) The origin of attacks Significant security threats come from attackers running programs with the intent of accomplishing unauthorized results. - Most computer security efforts go into user authentication (id, password etc). Violation by mobile code systems: Significant security threats come from authorized users running programs which take advantage of the users rights in order to accomplish undesirable results. - Authentication systems are unable to prevent authorized users attack.

Common Assumptions & Their Violations(cnt.) Programs stay put Programs or processes are immobile, they run entirely on one machine or one particular operating system. Computer security is provided by the operating system. Violation by mobile code systems: Programs cross administrative boundaries often, can arrange for their own transmission and reproduction. …Computer security may not be provided by the operating system; … - e.g. internet worms, distributed-processing system.

Conclusion All network developers and users should know at least a little bit about Assumption Violation by Mobile Code Systems. This article is an excellent introduction. * Question: Could you explain how setuid feature of Unix violates Identity Assumption ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.