Designed-in Security Some Major Challenges Security Group Department of Computer Science University of California, Santa Barbara Trustworthy.

Slides:



Advertisements
Similar presentations
Building Secure Mashups D. K. Smetters PARC Usable.
Advertisements

Runtime Prevention & Recovery Protect existing applications Advantages: Prevents vulnerabilities from doing harm Safe mode for Web application execution.
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Operating System Security
Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.
Parcel Look-up City of Santa Barbara Community Development Department.
SO YOU WANT TO BE A HACKER? Maybe not yet, but you will at the end of the hour!
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
Spotting Web Vulnerabilities (from the eyes of an Script Kiddie)
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Privacy: Challenges and Opportunities Tadayoshi Kohno Department of Computer Science and Engineering University of Washington.
Software Security David Wagner University of California at Berkeley.
CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.
CS 441: Charles Durran Kelly.  What are Wireless Sensor Networks?  WSN Challenges  What is a Smartphone Sensor Network?  Why use such a network? 
Leveraging User Interactions for In-Depth Testing of Web Application Sean McAllister Secure System Lab, Technical University Vienna, Austria Engin Kirda.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Norman SecureSurf Protect your users when surfing the Internet.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
Testing Tools. Categories of testing tools Black box testing, or functional testing Testing performed via GUI. The tool helps in emulating end-user actions.
1 Autonomic Computing An Introduction Guenter Kickinger.
Software Quality Assurance Lecture #8 By: Faraz Ahmed.
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
CS 501: Software Engineering Fall 1999 Lecture 16 Verification and Validation.
Preventing SQL Injection Attacks in Stored Procedures Alex Hertz Chris Daiello CAP6135Dr. Cliff Zou University of Central Florida March 19, 2009.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Adam L. Jacobs, CISSP Principal Program Manager, Oracle 15/16 November 2005 Why is Commercial Software So Vulnerable (and How Can We Fix It)?
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Security Testing Case Study 360logica Software Testing Services.
 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.
CSC-682 Cryptography & Computer Security Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Pompi Rotaru Based on an article.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.
An Ad Hoc Writable Rule Language for White-Box Security Scanners Author:Sebastian Schinzel Referent:Prof. Dr. Alexander del Pino Korreferent:Prof. Dr.
Playing Safely in the Cloud Marie Greenberg, CISSP, IAM, IEM Information Security Manager Virginia State Corporation Commission.
October 5, 2011 Abstraction, Privacy, and the Internet.
1 ITGD 2202 Supervision:- Assistant Professor Dr. Sana’a Wafa Al-Sayegh Dr. Sana’a Wafa Al-SayeghStudent: Anwaar Ahmed Abu-AlQumboz.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
1 Diversifying Sensors to Improve Network Resilience Wenliang (Kevin) Du Electrical Engineering & Computer Science Syracuse University.
Security (Keep your site secure at extension level) Sergey Gorstka Fastw3b.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.
Web Security Group 5 Adam Swett Brian Marco. Why Web Security? Web sites and web applications constantly growing Complex business applications are now.
1 ECE 4112 Internetwork Security: Web Application Security 28 April 2005 John Owens Shantan Pesaru.
CS223: Software Engineering
Introduction to Hardware Verification ECE 598 SV Prof. Shobha Vasudevan.
FORMAL METHOD. Formal Method Formal methods are system design techniques that use rigorously specified mathematical models to build software and hardware.
What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.
CS 5150 Software Engineering Lecture 22 Reliability 3.
Abstraction, Privacy, and the Internet. What is Abstraction? “The act of withdrawing or removing something” “The act or process of leaving out of consideration.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
Software Security Q: What does it mean to say that a program is secure? A: There is a sufficient amount of trust that the program maintains _____________,
TAG Presentation 18th May 2004 Paul Butler
CS457 Introduction to Information Security Systems
Web Application Security
Design for Security Pepper.
CS 3630 Database Design and Implementation
TAG Presentation 18th May 2004 Paul Butler
Security of web applications.
Cloud Testing Shilpi Chugh.
Playing Safely in the Cloud
Playing Safely in the Cloud
I UNDERSTAND CONCEPTS OF CYBERSECURITY
CS5123 Software Validation and Quality Assurance
PLANNING A SECURE BASELINE INSTALLATION
Privacy and Data Mining
Code vulnerabilities Vulnerabilities are mistakes, errors or weaknesses in a piece of software’s source code that can be directly used by a hacker to perform.
Activities of Formal Methods
Presentation transcript:

Designed-in Security Some Major Challenges Security Group Department of Computer Science University of California, Santa Barbara Trustworthy Cyberspace May 25, 2011 Richard A. Kemmerer

UC Santa Barbara Four Major Challenges Application specific flaws –How do we write a specification for “there are no application level flaws”? Dynamic monitoring –How do we design-in an after-deployment environment? Privacy –How do we help users understand the privacy implications of their actions? Human in the loop –How do we design-in protection against user errors? 2

UC Santa Barbara Application-level flaws Need to go beyond simple input vulnerabilities –e.g., SQL injections, cross-site scripting –Software/web framework could check for these Need to understand more complex vulnerabilities that are specific to a particular application –E.g., applying a discount multiple times or getting an item for free from Amazon –How can these be designed-in? 3

UC Santa Barbara Dynamic Monitoring Cannot statically prove the absence of all bugs Need an environment where systems can be continuously monitored after deployment –This environment needs to maintain/guarantee properties that were assumed during the development process –How is this after-deployment monitor designed-in during development? 4

UC Santa Barbara Privacy Cybersecurity must include privacy too Foolish users on social networks not only compromise their own private data, but the private data of their friends too Need to design-in warnings, etc. that let users know when they are jeopardizing their privacy Need to help users understand the implications of their actions 5

UC Santa Barbara Human in the Loop How is a formally verified system going to avoid “social engineering”? How does one specify/verify skinware? How do we design-in the capability to keep users from doing foolish things to themselves and others? 6

UC Santa Barbara 7 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.