Register now to access 7 million high quality study materials (What's Course Hero?) Course Hero is the premier provider of high quality online educational resources. With millions of study documents, online tutors, digital flashcards and free courseware, Course Hero is helping students learn more efficiently and effectively. Whether you're interested in exploring new subjects or mastering key topics for your next exam, Course Hero has the tools you need to achieve your goals.
3 Pages
jan17
Course: CS 426, Spring 2012School: Purdue
Rating:
Word Count: 713
Document Preview
426 CS class Jan 17, 2012 www.cs.purdue.edu/homes/ssw/cs426/{index.html,syll.pdf,outline} (General purpose) Program security These ideas apply also to OS and DB. Read Chapter 3 What does it mean for a pgm to be secure? Depends whom you ask. Takes a long time to break its security controls Has run for 9 weeks with no failure Contains no potential security flaw A program fault is an unexpected (bad) behavior...
Unformatted Document Excerpt
Coursehero >> Indiana >> Purdue >> CS 426Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
Course Hero has millions of student submitted documents similar to the one
below including study guides, practice problems, reference materials, practice exams, textbook help and tutor support.
426 CS class Jan 17, 2012
www.cs.purdue.edu/homes/ssw/cs426/{index.html,syll.pdf,outline}
(General purpose) Program security
These ideas apply also to OS and DB.
Read Chapter 3
What does it mean for a pgm to be secure? Depends whom you ask.
Takes a long time to break its security controls
Has run for 9 weeks with no failure
Contains no potential security flaw
A program fault is an unexpected (bad) behavior of a pgm
Which program is more secure?
1. pgm with 100 faults discovered and fixed
2. a similar pgm with 20 faults discovered and fixed
Early computer security was "penetrate and patch"
Not a good solution because:
1. narrow focus on a fault ignores the context
2. fault may have nonobvious side effects
3. fixing one problem may cause another
4. fault not fixed because the fixed system wouldn't work
A better approach to computer security (via software engineering)
program security flaw = pgm behavior not what designers
intended or users expected.
Flaws may be either inadvertent human errors or
malicious, intentional flaws.
Unintentional human error are more common than deliberate
malicious ones, and they cause more damage.
Computer security terms differ IEEE standard terms: error, fault, failure
Program security is hard and we can't avoid all flaws because:
1. pgms are complicated; it is hard to describe all
unexpected behavior. A thm in CS 526 says
that it is NP-complete to decide whether a
program is secure.
2. software engineering advances faster than security
But we can still do something and make most programs secure.
Landwehr et al. [1994] classified flaws as:
A. Intentional flaws
1. malicious
2. nonmalicious
B. Inadvertent errors:
1. validation: incomplete or inconsistent permission check
2. domain: controlled access to data
3. serialization and aliasing: program flow order
4. failed authorization due to bad identification/authentication
5. boundary condition violation: first or last case failure
6. other exploitable logic errors
Three classic nonmalicious program errors (pre-Internet)
1. Buffer overflows
Memory is finite and so are arrays and strings (buffers)
Example:
int buff[10];
for (i=0; i<10; i++)
buff[i]=2;
buff[10]=3;
The last instruction may write 3 into
1. the user's data
2. the user's program code
3. another user's data
4. another user's program code
5. data
6. system system program code
A malicious attacker who knows about a buffer overflow error in
a program he can use may use the error to write malicious code
Example: passwd, browser URL parameter
Control: test after each input character; OS memory protection
2. Incomplete mediation
Not checking whether input data is valid or in range
Example: date 17 Jan 2012 okay, 37 Jat 1843 not okay
Control: check input correctness or use drop-down box
Example: Ebusiness, order form returns total price,
and customer changes it
3. Time-of-check to time-of-use error.
synchronization problem
check before use; approve in "work ticket"; user changes
the request in the ticket before the order is executed.
Example: open file (one you may open); after approval,
change file name to one you may not open.
Control: copy the ticket so the user can't access it.
If it is too big to copy and must remain accessible
to the user, then save its hash value.
Malicious code
A computer may get malicious code during installation of
(good) code, setup, or download of other code.
Malicious code runs as you and can do anything you can.
Malicious code has been around at least since 1970.
Malware definitions
Malicious code = rogue program = whole program or code
that does unexpected or unintended actions caused
by an agent intent on damage
agent = person who wrote or distributed the malicious code
virus = malicious code that can replicate itself by
modifying nonmalicious code.
transient virus = virus that stops when its attached
program stops
resident virus = virus that puts itself in memory and
keeps going even when its attached program stops
Trojan horse = malicious code that has a benign primary
effect and a nonobvious malicious effect.
Example: passwd, editor, compiler
Logic bomb = malicious code that does something bad
when a condition happens (a file is opened)
Time bomb = logic bomb with a certain date/time as condition
Trapdoor = backdoor = program feature that lets anyone
have special privileges by entering a secret code.
Example: ATM program with secret PIN
May be used for maintenance or to erase record of crime
Worm = whole program that spreads copies of itself
through a network, does not attach to other programs
Rabbit = virus or worm that replicates without bound,
exhausting time or memory
Find millions of documents on Course Hero - Study Guides, Lecture Notes, Reference Materials, Practice Exams and more.
Course Hero has millions of course specific materials providing students with the best way to expand
their education.
Below is a small sample set of documents:
Below is a small sample set of documents:
Purdue - CS - 426
CS 426 class Jan 19, 2012www.cs.purdue.edu/homes/ssw/cs426/cfw_index.html,syll.pdf,outline(General purpose) Program securityThese ideas apply also to OS and DB.Read Chapter 3How does a virus attach?1. at beginning of pgm, so it can run before the p
Purdue - CS - 426
CS 426 class Jan 24, 2012www.cs.purdue.edu/homes/ssw/cs426/cfw_index.html,syll.pdf,outline(General purpose) Program securityThese ideas apply also to OS and DB.Read Chapter 3Targeted malicious code attacks a particular machine,not a type of machine
Purdue - CS - 426
CS 426 class Jan 26, 2012www.cs.purdue.edu/homes/ssw/cs426/cfw_index.html,syll.pdf,outline(General purpose) Operating System securityOS is pgm, so Chapter 3 applies: virus, worm, trapdoor, covert, SERead Chapter 4Here we consider security problems sp
Purdue - CS - 426
CS 426 class Jan 31, 2012www.cs.purdue.edu/homes/ssw/cs426/cfw_index.html,syll.pdf,outline(General purpose) Operating System securityAccess protection of general objectsIn multiprogramming, OS must protect:memory (already discussed: fence, B/B, page
Purdue - CS - 426
CS 426, Spring 2012, outline10 January: Intro to Computer Security, Read Chapter 1.12 January: More Intro to Computer Security + crypto, Read Chapters 1+2.17 January: Program Security, Read Chapter 3.19 January: Program Security, Read Chapter 3.24 Ja
Purdue - CS - 426
Documents Authors Tables Log in Sign up MetaCartDocuments: Advanced Search Authors: Advanced Search Tables: SearchInclude CitationsSearchInclude Citations |DisambiguateSearchA Taxonomy of Computer Program Security Flaws, with Examples (1993) Cac
Purdue - CS - 426
CS 42600 Computer SecuritySamuel Wagstaff January 19, 2012CS 42600, Spring, 2012, 4:305:45 PM, HAAS G066. Instructor: Samuel Wagstaff Office: 1167 LWSN Phone: 494-6022 Email: ssw@cs.purdue.edu Office Hours: Tuesday 12 PM, Thursday 23 PM. Teaching Assist
Purdue - CS - 502
CS 502: Compilers: Principles and PracticeImportant facts: Name: Dr. Tony Hosking Email: hosking@cs.purdue.edu Office: LWSN 3154L Basis for grades: 20% midterm 30% final 40% project 10% homeworksThings to do make sure you have a working XINU account re
Purdue - CS - 502
Scannersource code scanner tokens parser IRSpecifying patternsA scanner must recognize the units of syntax Some parts are easy: white space <ws> := | | |errors maps characters into tokens the basic unit of syntax x = x + y; becomes <id, x> = <id, x>
Purdue - CS - 502
The role of the parserSyntax analysissource codescannertokensparserIRContext-free syntax is specified with a context-free grammar. Formally, a CFG G is a 4-tuple (Vt ,Vn, S, P), where:errorsParser performs context-free syntax analysis guides cont
Purdue - CS - 502
Semantic ProcessingThe compilation process is driven by the syntactic structure of the program as discovered by the parser Semantic routines: interpret meaning of the program based on its syntactic structure two purposes: finish analysis by deriving cont
Purdue - CS - 502
Runtime organizationThe procedure abstraction supports separate compilation: allows us to build large programs keeps compile times reasonable requires independent procedures The linkage convention: a social contract machine dependent division of responsi
Purdue - CS - 502
IR trees: ExpressionsCONST i NAME n TEMP t BINOP e1 e2 Integer constant i Symbolic constant n Temporary t [a code label] [one of any number of "registers"]IR trees: StatementsMOVE TEMP t MOVE MEM e1 EXP e JUMP e [l1 , . . . , ln ] CJUMP e1 e2 t f e2 Ev
Purdue - CS - 502
Instruction selectionSimple approach: Macro-expand each IR tuple/subtree into machine instructions Expanding tuples/subtrees independently poor quality code Sometimes mapping is many-to-one "Maximal munch": works reasonably well with RISC Other approache
Purdue - CS - 502
Optimizing compilersCompiler structuretoken stream Parser syntax tree Semantic analysis(eg, type checking)syntax tree Intermediate code generator low!level IR Optimizer low!level IR Machine code generator(eg, canonical trees/tuples) (eg, canonical tr
Purdue - CS - 502
Principles of Program Analysis: A Sampler of ApproachesTransparencies based on Chapter 1 of the book: Flemming Nielson, Hanne Riis Nielson and Chris Hankin: Principles of Program Analysis. Springer Verlag 2005. c Flemming Nielson & Hanne Riis Nielson & C
Purdue - CS - 535
CS 535, Fall 2011 Due Thursday September 8 at 6am. Assignment1-Basics Develop an application with the following functionality: Load, display, modify, and save a digital image. The image files loaded and saved should be in the tiff format (www.libtiff.or
Purdue - CS - 535
CS 535, Fall 2011 Due Tuesday September 20 at 6:00 am. Assignment2-Hello3Dword Extend your application to allow the user to navigate a 3D scene interactively. Concretely: Develop a planar pinhole camera (PPC) class o Stores vectors a, b, c, and C, as we
Purdue - CS - 535
CS 535, Fall 2011 Due Tuesday October 4 at 6am. Assignment3-Coloringwithinthelines Extend your graphics application with the following functionality: Triangle rasterization with zbuffering (demonstrate using color stored with geometric models). Gouraud
Purdue - CS - 535
CS 535, Fall 2011 Due Thursday October 20 at 6am. Assignment4-Adifferentpointofview 1. Enhance your renderer with projective texture mapping functionality. Create a method that: takes a reference image defined by a planar pinhole camera (PPC) and a fram
Purdue - CS - 535
Index of /cgvlab/courses/535/FALL_2011/Assignments/A5Name Last modified Size DescriptionParent Directory-A5.pdf17-Oct-2011 09:5179Kuffizi_cross.tiff23-Oct-2009 14:44 3.7MApache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8r Server at www.cs.purdue.e
Purdue - CS - 535
CS 535, Fall 2011 Due Tuesday November 29 at 6am. Assignment6-Welcometothefinallevel:themachine 1. Gouraud shading and texture mapping with fixedpipeline support. Add a hardware rendering method to your triangle mesh class. If the mesh is textured rende
Purdue - CS - 535
Index of /cgvlab/courses/535/FALL_2011/AssignmentsName Last modified Size DescriptionParent Directory-A1.pdf30-Aug-2011 13:21 99KA2.pdf09-Sep-2011 19:05 87KA3.pdf21-Sep-2011 11:59 81KA4.pdf07-Oct-2011 10:19 85KA5/17-Oct-2011 09:53-A6.pdf07
Purdue - CS - 535
Index of /cgvlab/courses/535/FALL_2011/AssignmentsName Last modified Size DescriptionParent Directory-A5/17-Oct-2011 09:53-A6.pdf07-Nov-2011 11:17 81KA3.pdf21-Sep-2011 11:59 81KA4.pdf07-Oct-2011 10:19 85KA2.pdf09-Sep-2011 19:05 87KA1.pdf30
Purdue - CS - 535
Index of /cgvlab/courses/535/FALL_2011/AssignmentsName Last modified Size DescriptionParent Directory-A1.pdf30-Aug-2011 13:21 99KA2.pdf09-Sep-2011 19:05 87KA3.pdf21-Sep-2011 11:59 81KA4.pdf07-Oct-2011 10:19 85KA5/17-Oct-2011 09:53-A6.pdf07
Purdue - CS - 535
Index of /cgvlab/courses/535/FALL_2011/AssignmentsName Last modified Size DescriptionParent Directory-A6.pdf07-Nov-2011 11:17 81KA5/17-Oct-2011 09:53-A4.pdf07-Oct-2011 10:19 85KA3.pdf21-Sep-2011 11:59 81KA2.pdf09-Sep-2011 19:05 87KA1.pdf30
Purdue - CS - 535
Voicu Popescu, fall 2009Sample exam questions1. Given a planar pinhole camera PPHC(a, b, c, C) and a 3D point P, derive the (u, v) image plane coordinates of the projection of P with PPHC. 2. Given a circle CC of center O, normal n, and radius r, constr
Purdue - CS - 535
CS 535 Interactive Computer Graphics -general information-Administrative affairs 1. 2. Instructor: Voicu Popescu, popescu@purdue.edu Teaching assistant: Jian Cui, cui9@purdue.edu Office hours: Voicu: M, 10:00-11:00, LWSN 3179 Jian: Th, 2:00-3:00, LWSN 3
Purdue - CS - 535
CS 535 Interactive Computer Graphics -general information-Administrative affairs 1. 2. Instructor: Voicu Popescu, popescu@purdue.edu Teaching assistant: Jian Cui, cui9@purdue.edu Office hours: Voicu: M, 10:00-11:00, LWSN 3179 Jian: Th, 2:00-3:00, LWSN 3
Purdue - CS - 535
Image Based Renderingan overviewPhotographs We have tools that acquire and tools that display photographs at a convincing quality level213425637849105Photographs We have tools that acquire and tools that display photographs at a convinc
Purdue - CS - 535
Index of /cgvlab/courses/535/FALL_2011/LecturesName Last modified Size DescriptionParent Directory-TRast.pdf19-Sep-2006 09:29 110KTMapping.pdf13-Oct-2006 09:59 547KReflectedSceneImpost.>17-Nov-2009 19:09 514KRastParInterp.pdf19-Sep-2006 09:304
Purdue - CS - 535
Index of /cgvlab/courses/535/FALL_2011/LecturesName Last modified Size DescriptionParent Directory-BasicShadingAndLight.>17-Oct-2006 09:4512KBasics.pdf19-Sep-2006 09:1683KEnvMapping.pdf17-Oct-2006 10:00 872KExamSampleQuestions.pdf08-Oct-2009
Purdue - CS - 535
Index of /cgvlab/courses/535/FALL_2011/LecturesName Last modified Size DescriptionParent Directory-BasicShadingAndLight.>17-Oct-2006 09:4512KExamSampleQuestions.pdf08-Oct-2009 14:2715KHWrendering.pdf26-Oct-2007 12:2022KProjAndShadowTM.pdf17-
Purdue - CS - 535
Index of /cgvlab/courses/535/FALL_2011/LecturesName Last modified Size DescriptionParent Directory-Basics.pdf19-Sep-2006 09:1683KPHC.pdf19-Sep-2006 09:1757KTRast.pdf19-Sep-2006 09:29 110KRastParInterp.pdf19-Sep-2006 09:3041KTMapping.pdf13-
Purdue - CS - 535
11/17/2009Reflectionsa difficult problem Every reflector is a portal onto a world which is as rich as the directly observed scene and which has complex image formation laws formation lawsVoicu Popescu, Chunhui Mei, Jordan Dauble, and Elisha Sacks Purdu
Purdue - STAT - 598
David MacKay Information Theory, Pattern Recognition and Neural NetworksPrerequisites Summary Slides Supervisions The Book Errors SoftwareAny questions?Search :Information Theory, Inference, and Learning Algorithms(Hardback, 640 pages, Published Sept
Purdue - STAT - 598
ICML 2009 Tutorial Survey of Boosting from an Optimization Perspective Part I: Entropy Regularized LPBoost Part II: Boosting from an Optimization PerspectiveManfred K. Warmuth - UCSC S.V.N. Vishwanathan - Purdue & Microsoft ResearchUpdated: March 23, 20
Purdue - STAT - 598
Stephen P. Boyd Home Teaching Biography Research Books Convex Optimization Papers Stephen Boyd and Lieven Vandenberghe Software Students Cambridge University Press Classes EE263 (Aut 10) EE363 More material can be found at the web sites for EE364A (Stanfo
Purdue - STAT - 598
2 Density Estimation2.1 Limit Theorems Assume you are a gambler and go to a casino to play a game of dice. As it happens, it is your unlucky day and among the 100 times you toss the dice, you only see '6' eleven times. For a fair dice we know that each f
Purdue - STAT - 598
Emacs Quick ReferenceKey Bindings Compiling Debugging Controlling Windows Emacs Manual For more information, see Chap. 23 in H. Hahn, Harley Hahn's Student Guide to UNIX, 2nd edition, McGraw-Hill, 1996; Appendix F summarizes most of the emacs commands. F
Purdue - STAT - 598
CS 598 and STAT 598A: Homework 1Due: 9th February 20101. Attempt as many problems as possible 2. No points for random guessing. You have to explain your answers. 3. Mail your source code to vishy@stat.purdue.edu before the class on 9th of February 2010.
Purdue - STAT - 598
CS 598 and STAT 598A: Homework 2Due: 2nd March 20101. Attempt as many problems as possible 2. No points for random guessing. You have to explain your answers. 3. Mail your source code to vishy@stat.purdue.edu before the class on 2nd of March 2010. You m
Purdue - STAT - 598
CS 598 and STAT 598A: Homework 3Due: 23rd March 20101. Attempt as many problems as possible 2. No points for random guessing. You have to explain your answers. 3. Mail your source code to vishy@stat.purdue.edu before the class on 23rd of March 2010. You
Purdue - STAT - 598
CS 598 and STAT 598A: Homework 4Due: 6th April 20101. Attempt as many problems as possible 2. No points for random guessing. You have to explain your answers. 3. Mail your source code to vishy@stat.purdue.edu before the class on 6th of April 2010. You m
Purdue - STAT - 598
CS 598 and STAT 598A: Homework 5Due: 20th April 20101. Attempt as many problems as possible 2. No points for random guessing. You have to explain your answers. 3. Mail your source code to vishy@stat.purdue.edu before the class on 20th of April 2010. You
Purdue - STAT - 598
Introduction to Machine LearningCS 590 and STAT 598A, Spring 2010Instructor: S.V. N. Vishwanathan (email: vishy)http:/www.stat.purdue.edu/~vishy/introml/introml.htmlJanuary 12, 2010S.V N. Vishwanathan (Purdue University) .Introduction to Machine Lea
Purdue - STAT - 598
<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-/W3C/DTD XHTML 1.0 Transitional/EN" "http:/www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http:/www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta name="generator" c
Purdue - STAT - 598
6 Linear ModelsA hyperplane in a space H endowed with a dot product is described by the set cfw_x H| w x + b = 0 (6.1)where w H and b R. Such a hyperplane naturally divides H into two half-spaces: cfw_x H| w x + b 0 and cfw_x H| w x + b < 0, and hence c
Purdue - STAT - 598
6 Conditional DensitiesA number of machine learning algorithms can be derived by using conditional exponential families of distribution (Section 2.3). Assume that the training set cfw_(x1 y1 ) . . . (xm ym ) was drawn iid from some underlying distributio
Purdue - STAT - 598
5 OptimizationOptimization plays an increasingly important role in machine learning. For instance, many machine learning algorithms minimize a regularized risk functional: min J(f ) := (f ) + Remp (f )f(5.1)with the empirical risk Remp (f ) := 1 l(f (
Purdue - STAT - 598
Probability distributionFrom Wikipedia, the free encyclopediaJump to: navigation, search This article is about probability distribution. For generalized functions in mathematical analysis, see Distribution (mathematics). For other uses, see Distribution
Purdue - STAT - 598
CS 580 and STAT 598A: Project ProposalDue: 23rd March 2010The goal of the course project is implement and investigate the behavior of a statistical technique that interests you and to use it to analyze some nontrivial datasets (at least 10,000 data poin
Purdue - CS - 591
Contracts: Practical Contribution Incentives for P2P Live StreamingMichael Piatek Richard Yang AbstractPPLive is a popular P2P video system used daily by millions of people worldwide. Achieving this level of scalability depends on users making contribut
Purdue - CS - 591
CS 59100-001: Distributed Systems and Networking Seminar: Fall 2010The goal of the seminar is to allow students and faculty to get together on a weekly basis to discuss topics ranging from papers published in recent networking conferences such as SIGCOMM
Purdue - CS - 591
CS 59100-002: Distributed Systems and Networking Seminar: Spring 2010The goal of the seminar is to allow students and faculty to get together on a weekly basis to discuss topics ranging from papers published in recent networking conferences such as SIGCO
Purdue - CS - 591
mClock: Handling Throughput Variability for Hypervisor IO SchedulingAjay Gulati Arif Merchant Peter Varman VMware Inc HP Labs Rice University agulati@vmware.com arif@hpl.hp.com pjv@rice.eduAbstractVirtualized servers run a diverse set of virtual machin
Purdue - CS - 591
NetFence: Preventing Internet Denial of Service from Inside OutXin LiuDept. of Computer Science Duke UniversityXiaowei YangDept. of Computer Science Duke UniversityYong XiaNetworking Systems Group NEC Labs Chinaxinl@cs.duke.edu ABSTRACTxwy@cs.duke
Purdue - CS - 591
Data Center TCP (DCTCP)Mohammad Alizadeh , Albert Greenberg , David A. Maltz , Jitendra Padhye , Parveen Patel , Balaji Prabhakar , Sudipta Sengupta , Murari SridharanMicrosoft ResearchStanford Universitycfw_albert, dmaltz, padhye, parveenp, sudipta,
Purdue - CS - 591
Internet Inter-Domain TrafficCraig Labovitz, Scott Iekel-Johnson, Danny McPherson cfw_labovit, scottij, danny@arbor.netArbor Networks Ann Arbor, MIJon Oberheide, Farnam Jahanian cfw_jonojono, farnam@umich.eduUniversity of Michigan Ann Arbor, MIABSTRA
Purdue - CS - 591
Theory and New Primitives for Safely Connecting Routing Protocol InstancesFranck LeCarnegie Mellon University franckle@cmu.eduGeoffrey G. XieNaval Postgraduate School xie@nps.eduHui ZhangCarnegie Mellon University hzhang@cs.cmu.eduABSTRACTRecent s
Purdue - CS - 591
Reverse tracerouteEthan Katz-Bassett Harsha V. Madhyastha Vijay Kumar Adhikari Colin Scott Justine Sherry Peter van Wesep Thomas Anderson Arvind Krishnamurthy AbstractTraceroute is the most widely used Internet diagnostic tool today. Network operators u