{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Lecture_10_Vulnerability_Analysis

Lecture_10_Vulnerability_Analysis - Endpoint...

Info icon This preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
COMP 6370 – Vulnerability Analysis – Lecture 10 1 Endpoint Vulnerabilities Summation of the course so far Internet Standards, RFCs and Conventional Encryption Conventional Encryption Message Confidentiality Public Key Systems System Security Malicious Software Virus Protection and Prevention Virus Design Buffer Overruns Vulnerability Analysis
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
COMP 6370 – Vulnerability Analysis – Lecture 10 2 Admin Comments The Scholarship for Service (SFS) program The Scholarship for Service (SFS) program provides funding for two-year full scholarships for students to pursue academic programs in information assurance for the final two years of undergraduate study, or for two years of master's- level study, or for the final two years of Ph.D.-level study. The recipients will be required to work for a federal agency for two years in fulfillment of their Federal Cyber Service commitment. The scholarships provide academic year stipends of $8,000 per year for undergraduate students and $12,000 per year for graduate students.
Image of page 2
COMP 6370 – Vulnerability Analysis – Lecture 10 3 Software Vulnerability Analysis Operating Systems Security by Obscurity Reverse Engineering Code Obfuscation “Many Eyes Phenomenon” Case Studies Microsoft Java GNU Mailman Trojan Horses What to do if you meet a suit
Image of page 3

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
COMP 6370 – Vulnerability Analysis – Lecture 10 4 Operating Systems User Space versus Kernel Space Process space protection A single process is not allowed to access any of the memory allocated to other processes directly Additionally, no process can directly access the memory marked as “in use” by the operating system Windows NT/2000 and ALL UNIX systems provide process space protection Windows 95/98/ME do NOT provide process space protection Palm Pilot example any file stored on an internet-enabled PalmOS device is accessible by any application running on the Palm Generally, in an advanced OS, user-level processes need to use kernel services to access devices
Image of page 4
COMP 6370 – Vulnerability Analysis – Lecture 10 5 Security by Obscurity Hide the source code and only release the executable. False belief that code compiled into binary remains secret just because the source is not available. Java byte code is particularly vulnerable Netscape POP (post office protocol) 1999 password with weak cryptography stored in windows registry experimentation with XOR on password strings pattern detected encryption algorithm reverse engineered “Today’s security woes are not dominated by the existence of bugs that might be discovered by open-source developers studying system source code.” -- Fred Schneider
Image of page 5

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
COMP 6370 – Vulnerability Analysis – Lecture 10 6 Reverse Engineering Machine code analysis Core Dumps
Image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern