Lecture9.pptx - Applications Security Computer Security...

Info icon This preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
edithcowancollege.edu.au navitas.com Applications Security Computer Security
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
edithcowancollege.edu.au navitas.com Security Issues Attackers who takeover applications, can usually execute commands with the access permissions of the compromised application. Many application run with admin/root privileges. So taking over the application gives the attacker total control of the host.
Image of page 2
edithcowancollege.edu.au navitas.com Why admin/root privileges? Program may make changes to registry Program may need to access or alter system files You may need to make major changes to the OS (i.e. installing drivers) What happens in an ECU computer lab when you try and install a program into C:\Program Files ??
Image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
edithcowancollege.edu.au navitas.com Application Vulnerabilities Like Operating Systems, applications are complex systems They will have Design flaws Implementation errors Leading to vulnerabilities
Image of page 4
edithcowancollege.edu.au navitas.com Security Requirements Secure is an attribute that all software should possess Software may have particularly high Confidentiality requirements Integrity requirements Availability requirements What consequence would there be if the above security requirements of KeePass were not met in the S/W?
Image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
edithcowancollege.edu.au navitas.com Principle of Least Privilege Every process, user or a program must be only access the information and resources that are necessary for its legitimate purpose. A user designed to backup a computer system should not be given privileges to install additional software
Image of page 6
edithcowancollege.edu.au navitas.com Software Bugs As a general rule; more lines of code more bugs more bugs more vulnerabilities As the number of lines of code grow, it becomes difficult to eliminate bugs We need to assume that any software beyond what is trivially simple WILL have bugs
Image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
edithcowancollege.edu.au navitas.com Tight Integration Tight integration with Operating Systems Tight integration of multiple packages All programs in an integrated package are accessed via a common launch pad Does any application consist of one .exe file? How many applications install completely into their own directory and are completely standalone? How many applications share components?
Image of page 8
edithcowancollege.edu.au navitas.com Application and OS Integration Advantages Less overall code which means less bugs If you write good quality ‘secure’ code then overall the application should be secure Disadvantages A bug in a shared component can be shared across many applications Vulnerabilities can be shared The software writer may purposefully implement vulnerabilities to be exploited at a later date
Image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
edithcowancollege.edu.au navitas.com Security Problems with App Development Security is often not considered at all Security is often an ‘add on’ Security can be scoped out as project deadlines approach
Image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern