Cyber Security

Introduction to Cyber
Security
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
Objectives
Define computer security as well as basic computer security terms
Introduce the C-I-A Triad
Introduce basic access control terminology
Explain basic threats, vulnerabilities, and attacks
Show how controls map to threats
 What Is Computer Security?
• Protection of the items you value, called the assets of a computer or
computer system.
• There are many types of assets
 Hardware
 Software
 Data
 Or combinations of these
Assets
Values of Assets
 Basic Terms
• Vulnerability
• Threat
• Attack
• Countermeasure or control
Vulnerabilities, Threats,
Attacks, Controls
• Vulnerability is a weakness in the security system
• (i.e., in procedures, design, or implementation), that might be exploited to cause
loss or harm.
• Threat to a computing system is a set of circumstances that has the potential to

cause loss or harm.
• a potential violation of security
• A human (criminal) who exploits a vulnerability perpetrates an attack on the system.
• How do we address these problems?

• We use a control as a protective measure.
• That is, a control is an action, device, procedure, or technique that removes or reduces a
vulnerability.
Threat and Vulnerability
Relationship among threats, controls, and vulnerabilities:
• A threat is blocked by control of a vulnerability.
• To devise controls, we must know as much about threats as possible.
The fact that the violation might occur

means that the actions that might
cause it should be guarder against.
 C-I-A Triad
• When we talk about computer security, we mean that we are addressing
three important aspects of any computer-related system:
• Confidentiality
• Integrity
• Availability
• Sometimes two other desirable characteristics:
• Authentication
• Process or action of proving or showing something to be true, genuine, or valid.
• Nonrepudiation
• Refers to the ability to ensure that a party to a contract or a communication
cannot deny the authenticity of their signature on a document or the sending
of a message that they originated.
• Confidentiality ensures that computer-related assets are accessed only by
authorized parties.
• i.e. reading, viewing, printing, or even knowing their existence
• Secrecy or privacy
• Integrity means that assets can be modified only by authorized parties or only in
authorized ways.
• i.e. writing, changing, deleting, creating
• Availability means that assets are accessible to authorized parties at appropriate
times.
• i.e. often, availability is known by its opposite, denial of service.
Relationship between Confidentiality Integrity and
Availability
• In fact, these three characteristics can be independent, can overlap, and
can even be mutually exclusive.
Confidentiality
Secure
Integrity Availability
Access Control
Types of Threats
Types of Attackers
Threats
• In an interception means that some unauthorized party has gained access to an
asset.
• In an interruption, an asset of the system becomes lost, unavailable, or unusable.
• If an unauthorized party not only accesses but tampers (forges) with an asset, the
threat is a modification.
• Finally, an unauthorized party might create a fabrication of counterfeit objects on

a computing system.
Types of Harm
Method, Opportunity, and Motive
(MOM)
• A malicious attacker must have three things (MOM):
• method: the skills, knowledge, tools, and other things with which
to be able to pull off the attack
• Knowledge of systems are widely available
• opportunity: the time and access to accomplish the attack

• Systems available to the public are accessible to them
• motive: a reason to want to perform this attack against this system

Goals of Security
• Prevention
• Prevent attackers from violating security policy
• Detection
• Detect attackers’ violation of security policy
• Recovery
• Stop attack, assess and repair damage
• Continue to function correctly even if attack succeeds
Trust and Assumptions
• Trust underlies all aspects of security
• Policies
• Unambiguously partition system states
• Correctly capture security requirements
• Mechanisms
• Assumed to enforce policy
• Support mechanisms work correctly
 Control or Countermeasure
• Means to counter threats. Harm occurs when a threat is realized against a
vulnerability. To protect against harm, then, we can neutralize the threat, close
the vulnerability, or both.
• The possibility for harm to occur is called risk. We can deal with harm in several
ways:
• prevent it, by blocking the attack or closing the vulnerability
• deter it, by making the attack harder but not impossible
• deflect it, by making another target more attractive (or this one less so)
• mitigate it, by making its impact less severe
• detect it, either as it happens or some time after the fact
• recover from its effects
Controls/Countermeasures
Different Types of Controls
Controls Available
• Encryption
• We take data in their normal, unscrambled state, called:
• cleartext or plaintext, and transform them so that they are unintelligible to the outside
observer; the transformed data are called enciphered text or ciphertext.
• Encryption clearly addresses the need for confidentiality of data.
• Additionally, it can be used to ensure integrity;

• data that cannot be read generally cannot easily be changed in a meaningful manner.
Controls Available
• Encryption does not solve all computer security problems, and other tools must
complement its use.
• if encryption is not used properly, it may have no effect on security or could
even degrade the performance of the entire system.
• Weak encryption can actually be worse than no encryption at all,

• because it gives users an unwarranted sense of protection.
• Therefore, we must understand those situations in which encryption is most

useful as well as ways to use it effectively.
Controls Available
• Software/Program Controls
• Programs must be secure enough to prevent outside attack
• They must also be developed and maintained so that we can be confident of the programs'
dependability.
• Program controls include the following:

• Internal program controls: parts of the program that enforce security restrictions,
• i.e. access limitations in a database management program
• Operating system and network system controls: limitations enforced by the operating system
or network to protect each user from all other users
• i.e. chmod on UNIX: (Read, Write, Execute) vs. (Owner, Group, Other)
• Independent control programs: application programs,

• i.e. password checkers, intrusion detection utilities, or virus scanners, that protect against
certain types of vulnerabilities
Controls Available
• Development controls:
• quality standards under which a program is designed, coded
(implementation), tested, and maintained to prevent software faults from
becoming exploitable vulnerabilities
• i.e. Penetration testing (pen testing or ethical hacking), is the practice of testing a
computer system, network or web application to find security vulnerabilities that an
attacker could exploit.
• Software controls frequently affect users directly ?

• i.e. when the user is interrupted and asked for a password before being
given access to a program or data.
• Because they influence the usability of the system, software controls must be carefully
designed.
• Ease of use and capabilities are often competing goals in the design of a collection of
software controls.
Controls Available
• Hardware Controls
• Numerous hardware devices have been created to assist in providing computer
security. These devices include a variety of means, such as
• hardware or smart card implementations of encryption

• locks or cables limiting access or deterring theft
• devices to verify users' identities
• firewalls
• intrusion detection systems
• circuit boards that control access to storage media
Controls Available
• Policies and Procedures
• Sometimes, we can rely on agreed-on procedures or policies among users rather than
enforcing security through hardware or software means
• i.e. frequent changes of passwords
• We must not forget the value of community standards and expectations when we consider
how to enforce security.
• Physical Controls
• i.e. locks on doors,
• guards at entry points,
• backup copies of important software and data, and
• physical site planning that reduces the risk of natural disasters.
Effectiveness of Controls
• Awareness of Problem
• People using controls must be convinced of the need for security. That is,
people will willingly cooperate with security requirements only if they
understand
• why security is appropriate in a given situation.
• Likelihood of Use
• Of course, no control is effective unless it is used
• Principle of Effectiveness:
• Controls must be used properly to be effective.
• They must be efficient, easy to use, and appropriate.
• This principle implies that computer security controls

• must be efficient enough, in terms of time, memory space, human activity, or other
resources used,
• using the control does not seriously affect the task being protected.
• Controls should be selective so that they do not exclude legitimate accesses.
• Overlapping Controls
• Several different controls may apply to address a single vulnerability.
• Periodic Review
• Just when the security specialist finds a way to secure assets against certain
kinds of attacks, the opposition doubles its efforts in an attempt to defeat the
security mechanisms. Thus, judging the effectiveness of a control is an
ongoing task.
Principle of Weakest Link
• Security can be no stronger than its weakest link !!!
• Whether it is the power supply that powers the firewall or the operating
system under the security application or the human who plans, implements,
and administers controls, a failure of any control can lead to a security failure.
Summary
• Vulnerabilities are weaknesses in a system;
• threats exploit those weaknesses;
• controls protect those weaknesses from exploitation
• Confidentiality, integrity, and availability are the three basic security
primitives
• Different attackers pose different kinds of threats based on their
capabilities and motivations
• Different controls address different threats; controls come in many
flavors and can exist at various points in the system
DES (Data Encryption
Standard)
Basics
• The Data Encryption Standard (DES) is a symmetric-key block cipher
created in the early 1970s by an IBM team and adopted by the
National Institute of Standards and Technology (NIST).
• Symmetric-key means that it employs the same key in both encrypting
and decrypting the data.
• DES uses 16 rounds and the block size is 64-bit. Though, key length is
64-bit, DES has an effective key length of 56 bits, since 8 of the 64 bits
of the key are not used by the encryption algorithm.
DES Algorithm Steps
• The process begins with the 64-bit plain text block getting handed
over to an initial permutation (IP) function.
• The initial permutation (IP) is then performed on the plain text.
• Next, the initial permutation (IP) creates two halves of the permuted
block, referred to as Left Plain Text (LPT) and Right Plain Text (RPT).
• Each LPT and RPT goes through 16 rounds of the encryption process.
• Finally, the LPT and RPT are rejoined, and a Final Permutation (FP) is
performed on the newly combined block.
• The result of this process produces the desired 64-bit ciphertext.
1. Initial permutation (IP)
2. 16 Rounds
Details of one round in DES

Step1: Key Transformation
Step2: Expansion Permutation
Step3- S Box Substitution
Step4: P Box Permutation
In this step, S Box RPT will be permuted according to the P Box table
and gives rise to P Box RPT.
Step5: XOR
and Swap
3. Final permutation
DES Modes of Operation
• Electronic Codebook (ECB). Each 64-bit block is encrypted and
decrypted independently
• Cipher Block Chaining (CBC). Each 64-bit block depends on the
previous one and uses an Initialization Vector (IV)
• Cipher Feedback (CFB). The preceding ciphertext becomes the input for
the encryption algorithm, producing pseudorandom output, which in
turn is XORed with plaintext, building the next ciphertext unit
• Output Feedback (OFB). Much like CFB, except that the encryption
algorithm input is the output from the preceding DES
• Counter (CTR). Each plaintext block is XORed with an encrypted
counter. The counter is then incremented for each subsequent block
DES: The Data Encryption Standard
• Symmetric block cipher
AES: Advanced Encryption System
• Symmetric block cipher
• Developed in 1999 by
independent Dutch
cryptographers
• Still in common use
DES vs. AES
RSA Algorithm
Public Key (Asymmetric) Cryptography
• Instead of two users sharing one secret key, each user has two
keys: one public and one private.
• Messages encrypted using the user’s public key can only be
decrypted using the user’s private key, and vice versa.
Basics
• RSA algorithm is asymmetric cryptography algorithm. Asymmetric means
that it works on two different keys i.e. Public Key and Private Key. The
Public Key is given to everyone and Private key is kept private.
• An example of asymmetric cryptography :
o A client (for example browser) sends its public key to the server and
requests for some data.
o The server encrypts the data using client’s public key and sends the
encrypted data.
o Client receives this data and decrypts it.
Basics
Key Generation
RSA Encryption
RSA Decryption
𝐶𝑑
RSA Example
Security of RSA
Mathematical Attacks
Timing Attacks
Diffie-Hellman Key Exchange
The Problem of Key Exchange
• One of the main problems of symmetric key

encryption is it requires a secure & reliable
channel for the shared key exchange.
• The Diffie-Hellman Key Exchange protocol

offers a way in which a public channel can
be used to create a confidential shared key.
Public Key to Exchange Secret
Keys
Key Exchange Man in the
Middle
Modular what?
• In practice, the shared encryption key relies

on such complex concepts as Modular
Exponentiation, Primitive Roots and Discrete
Logarithm Problems.
• Let’s see though is we can explain the Diffie-

Hellman algorithm with no complex
mathematics.
A Difficult One-Way Problem
• The first thing we require is a simple real-world

operation that is easy to Do but hard to Undo.
• You can ring a bell but not unring one.
• Toothpaste is easy to squeeze out of a tube but
famously hard to put back in.
• In our example we will use Mixing Colors.

• Easy to mix 2 colors, hard to unmix
Alice & Bob with Eve listening
wish to make a secret shared color
Step 1 - Both publicly agree to a
shared color
Step 2 - Each picks a secret color
Step 3 - Each adds their secret
color to the shared color
Step 4 - Each sends the other
their new mixed color
Each combines the shared color from
the other with their own secret color
Alice & Bob have agreed to a
shared color unknown to Eve
• How is it that Alice & Bob’s final mixtures are
identical?
• Alice mixed
• [(Yellow + Teal) from Bob] + Orange
• Bob mixed
• [(Yellow + Orange) from Alice] + Teal
Alice & Bob have agreed to a
shared color unknown to Eve
• How is it that Alice & Bob’s final mixture is
secret?
• Eve never has knowledge of the secret colors of

either Alice or Bob
• Unmixing a color into its component colors is a

hard problem
Diffie-Hellman Key Exchange
Adding Mathematics
Let’s get back to math
• We will rely on the formula below being an

easy problem one direction and hard in
reverse.
• s = gn mod p
• Easy: given g, n, & p, solve for s
• Hard: given s, g, & p, solve for n
• And the property of
• ga*b mod p = gb*a mod p
Step 1 –Publicly shared
information
• Alice & Bob publicly agree to a large prime number
called the modulus, or p.
• Alice & Bob publicly agree to a number called the
generator, or g, which has a primitive root
relationship with p.
• In our example, assume
• p = 17
• g=3
• Eve is aware of the values of p or g.
Step 2 – Select a secret key
• Alice selects a secret key, which we will call a.

• Bob selects a secret key, which we will call b.
• For our example assume:
• a = 54
• b = 24
• Eve is unaware of the values of a or b.
Step 3 – Combine secret keys
with public information
• Alice combines her secret key of a with the
public information to compute A.
• A = ga mod p
• A = 354 mod 17
• A = 15
Step 3 – Combine secret key with
public information
• Bob combines his secret key of b with the
public information to compute B.
• B = gb mod p
• B = 354 mod 17
• B = 16
Step 4 – Share combined values
• Alice shares her combined value, A, with Bob.

Bob shares his combined value, B, with Alice.
• Sent to Bob
• A = 15
• Sent to Alice
• B = 16
• Eve is privy to this exchange and knows the
values of A and B
Step 5 – Compute Shared Key
• Alice computes the shared key.
• s = (B mod p)a mod p
• s = gb*a mod p
• s = 354*24 mod 17
• s=1
• Bob computes the shared key.
• s = (A mod p)a mod p
• s = ga*b mod p
• s = 324*54 mod 17
• s=1
Alice & Bob have a shared
encryption key, unknown to Eve
• Alice & Bob have created a shared secret
key, s, unknown to Eve
• In our example s=1
• The shared secret key can now be used to
encrypt & decrypt messages by both parties.
• See the Youtube video on this example at:
https://www.youtube.com/watch?v=3QnD2c4Xovk
Man-in-the-Middle Attack
1. Darth prepares by creating two private / public keys
2. Alice transmits her public key to Bob
3. Darth intercepts this and transmits his first public key to
Bob. Darth also calculates a shared key with Alice
4. Bob receives the public key and calculates the shared key
(with Darth instead of Alice)
5. Bob transmits his public key to Alice
6. Darth intercepts this and transmits his second public key
to Alice. Darth calculates a shared key with Bob
7. Alice receives the key and calculates the shared key (with
Darth instead of Bob)
 Darth can then intercept, decrypt, re-encrypt, forward all
messages between Alice & Bob
Man-in-the-Middle Attack
Bob Darth Alice
xA
yA = a mod q
xDA
y'A = a mod q
xB
yB = a mod q
xDB
y'B = a mod q
xB xA
KDAB = y' A mod q KADB = y' B mod q
Darth has a private, unauthenticated
channel with each of Alice and Bob
Error Detecting Codes
• Demonstrates that a block of data has been modified
• Simple error detecting codes:
• Parity checks
• Cyclic redundancy checks
• Cryptographic error detecting codes:
• One-way hash functions
• Cryptographic checksums
• Digital signatures
Parity Check
Cyclic Redundancy Check
(CRC)
CRC Generator
One-Way Hash Function
Digital Signature
Certificates: Trustable Identities and
Public Keys
• A certificate is a public key and an identity
bound together and signed by a certificate
authority.
• A certificate authority is an authority that users
trust to accurately verify identities before
generating certificates that bind those
identities to keys.
Certificate Signing and Hierarchy
Cryptographic Tool Summary
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved.
• Consider the secret key = "CHARLES".
Now decrypt the following cipher text using Playfair
Cipher.
PRSBHADGDCBCAZRZVPAMBW
PR
SB
C H A R L
HA
E S B D F DG
DC
G I/J K M N BC
Secret Key = AZ
O P Q T U RZ
VP
V W X Y Z AM
BW
Rules:
If 2 alphabets in same row, write most left alphabet.
If 2 alphabets in same column, write above most alphabet.
If none of above, then make rectangle out of them (alphabet) and write their
opposite corners.
Plain Text TH ES CH EM ER EA LX LY WO RK SX
Cipher Text PR SB HA DG DC BC AZ RZ VP AM BW
Final Plaintext = THE SCHEME REALLY WORKS

• Consider the secret key = "playfair example".
Now encrypt the following plain text using Playfair
Cipher. Also, discuss rules followed in solving the
given problem.
hide the gold in the tree stump

Using "playfair example" as the key (assuming that I and J are interchangeable), the table
becomes (omitted letters in red):
hide the gold in the tree stump
Final Ciphertext = bmodzbxdnabekudmuixmmouvif

Vigenère Cipher
Encryption The plaintext(P) and key(K) are added modulo 26.
Ei = (Pi + Ki) mod 26
Decryption Di = (Ei - Ki) mod 26
• The plaintext is "JAVATPOINT", and the key is "BEST".

Encryption
Decryption
• What is cipher text of following plain text as per vignere
cipher? Keyword: GREEN
HELLOHOWAREYOU
Caesar Cipher
• Identify plain text from cipher text using Caesar
cipher with a shift of 4.
Cipher text: EXXEGOEXSRGI,
P = (C-shift) mod 26
Autokey Cipher
• Generate cipher text from plain text using Auto-key
cipher with initial key of 12.
Plain text: ATTACK SUCCESSFUL

Columnar Transposition Cipher
Row Transposition Cipher
• Bob chooses p=3 and q=11 as two large prime numbers. He also
chooses encryption key as 7. Now assume, Alice wants to send a
message to Bob. Bob received 29 as cipher text from Alice. What is
the decryption key and message sent by Alice to Bob?
n = p*q = 3*11 = 33
ø(n) = (p-1)*(q-1) = 2*10 = 20
choose d such that (d*e) % ø(n) = 1. One solution is d (private key) = 3
Decryption of cipher text (c) = 29 is M = 293 % 33 = 2
• Diffie-Hellman key exchange algorithm with example.
Program Security
Challenges to writing secure
code
Unintentional (Non-
malicious) Programming
Oversights
Non-malicious code
• Caused from a mistake done by a human such as programmers and
developers.
• Many such errors cause program malfunction but do not lead to more
serious security vulnerabilities.
• Program flaws can have two kinds of security implications:

- They can cause integrity problems leading to harmful output or action
- They offer an opportunity for exploitation by a malicious actor
1. Buffer Overflow
2. Incomplete Mediation
3. Time-of-Check to Time-of-Use
4. Undocumented Access Point
5. Off-by-One Error
6. Integer Overflow
7. Unterminated / Null-Terminated String
8. Parameter Length, Type, and Number
9. Unsafe Utility Program
10. Race Condition
 Buffer Overflow
• A buffer overflow occurs when a program or process attempts to
write more data to a fixed-length block of memory, or buffer, than the
buffer is allocated to hold.
• Buffers contain a defined amount of data; any extra data will
overwrite data values in memory addresses adjacent to the
destination buffer.
• That sort of overflow can be avoided if the program includes sufficient
bounds checking to flag or discard data when too much is sent to a
memory buffer.
Buffer Overflow Attack
• Exploiting a buffer overflow allows an attacker to control or crash a process or
to modify its internal variables.
• A threat actor can send carefully crafted input -- referred to as arbitrary
code -- to a program.
• The original data in the buffer includes the exploited function's return pointer
-- the address to which the process should go next.
• However, the attacker can set new values to point to an address of their
choosing. The attacker usually sets the new values to a location where the
exploit payload is positioned.
• This change alters the process's execution path and transfers control to the
attacker's malicious code.
 Incomplete Mediation
- Mediation means checking: the process of intervening to
confirm an actor’s authorization before it takes an
intended action.
- Attackers exploit incomplete mediation to cause security
problems.
• Consider the following URL. In addition to a web address, it contains two parameters,
http://www.somesite.com/subpage/userinput.asp?
parm1=(808)555-1212&parm2=2015Jan17
• As a security professional, you might examine the various parts of the URL to determine what they
mean and how they might be exploited.
• For instance, the parameters parm1 and parm2 look like a telephone number and a date, respectively.
• But what would happen if parm2 were submitted as 1800Jan01? Or 1800Feb30? Or 2048Min32? Or
1Aardvark2Many?
• Something in the program or the system with which it communicates would likely fail. One possibility is
that the system would fail catastrophically, with a routine’s failing on a data type error as it tried to
handle a month named “Min” or even a year (like 1800) that was out of expected range.
• Another possibility is that the receiving program would continue to execute but would generate a very
wrong result.
Solution to incomplete mediation
• Three properties of a reference monitor are
(1) small and simple enough to give confidence of correctness
(2) Unbypassable
(3) always invoked
• These three properties combine to give us solid, complete mediation.

 Time-of-Check to Time-of-Use
• To improve efficiency, modern processors and operating systems usually
change the order in which instructions and procedures are executed.
• In particular, instructions that appear to be adjacent may not actually be
executed immediately after each other, either because of intentionally
changed order or because of the effects of other processes in concurrent
execution.
• Time-of-check-to-time-of-use (pronounced TOCK-too) flaw occurs when a
resource is checked for a particular value, such as whether a file exists or
not, and that value then changes before the resource is used, invalidating
the results of the check.
Example
• Consider a person’s buying a gift that costs $100. The buyer takes out five
$20 bills, carefully counts them in front of the seller, and lays them on the
table.
• Then, the seller turns around to write a receipt. While the seller’s back is
turned, the buyer takes back one $20 bill. When the seller turns around,
the buyer hands over the stack of bills, takes the receipt, and leaves with
the gift.
• Between the time the security was checked (counting the bills) and the
access occurred (exchanging the gift for the bills), a condition changed:
What was checked is no longer valid when the object (that is, the gift) is
accessed.
File Access Data Structure
Unchecked change to work descriptor

 Undocumented Access Point
(Trapdoor)
• During program development and testing, the programmer needs a way to
access the internals of a module. Reasons:
- result is not being computed correctly
- flow of control is not proceeding as it should
• Programmer creates an undocumented entry point or execution mode.
• Such an entry can transfer control to any point with any privileges the
programmer wanted.
Example
• Microsoft’s Excel spreadsheet program, in an old version, Excel 97, had the
following feature.
1. Open a new worksheet
2. Press F5
3. Type X97:L97 and press Enter
4. Press Tab
5. Hold <Ctrl-Shift> and click the Chart Wizard
• A user who did that suddenly found that the spreadsheet disappeared and
the screen filled with the image of an airplane cockpit! Using the arrow
keys, the user could fly a simulated plane through space.
 Off-by-One Error
• When learning to program, neophytes can easily fail with the off-by-one error:
miscalculating the condition to end a loop (repeat while i< = n or i<n? repeat until
i=n or i>n?) or overlooking that an array of A[0] through A[n] contains n+1
elements.
• For example, a program may manage a list that increases and decreases. Think of
a list of unresolved problems in a customer service department: Today there are
five open issues, numbered 10, 47, 38, 82, and 55; during the day, issue 82 is
resolved but issues 93 and 64 are added to the list.
• A programmer may create a simple data structure, an array, to hold these issue
numbers and may reasonably specify no more than 100 numbers. But to help
with managing the numbers, the programmer may also reserve the first position
in the array for the count of open issues.
Example
 Integer Overflow
• An integer overflow occurs because a storage location is of fixed,
finite size and therefore can contain only integers up to a certain limit.
• The overflow depends on whether the data values are signed (that is,
whether one bit is reserved for indicating whether the number is +ve
or -ve).
• When a computation causes a value to exceed one of the limits, the
extra data does not spill over to affect adjacent data items.
• That’s because the arithmetic is performed in a hardware register of
the processor, not in memory.
• Instead, either a hardware program exception or fault condition is
signalled, which causes transfer to an error handling routine, or the
excess digits on the most significant end of the data item are lost.
 Unterminated Null-Terminated
String
• Long strings (variable-length character) are the source of many buffer
overflows.
• Sometimes an attacker intentionally feeds an overly long string into a
processing program to see if and how the program will fail.
• Other times the vulnerability has an accidental cause:
A program mistakenly overwrites part of a string, causing the string to
be interpreted as longer than it really is.
Example
 Parameter Length, Type, and
Number
• Too many parameters. Even though an application receives only three
incoming parameters, for example, that application can incorrectly
write four outgoing result parameters.
• Wrong output type or size. A calling and called procedure need to
agree on the type and size of data values exchanged. If the caller
provides space for a two byte integer but the called routine produces
a four-byte result.
• Too-long string. A procedure can receive as input a string longer than
it can handle, or it can produce a too-long string on output, each of
which will also cause an overflow condition.
 Unsafe Utility Program
• Programming languages, especially C, provide a library of utility
routines to assist with common activities, such as moving and copying
strings.
• In C the function strcpy(dest,src) copies a string from src to dest,
stopping on a null, with the potential to overrun allocated memory.
• A safer function is strncpy(dest, src, max), which copies up to the null
delimiter or max characters, whichever comes first.
 Race Condition
• Two processes are competing within the same time interval, and the
race affects the integrity or correctness of the computing tasks.
• Two devices may submit competing requests to the operating system
for a given chunk of memory at the same time.
• In the two-step request process, each device first asks if the size
chunk is available, and if the answer is yes, then reserves that chunk
for itself.
• Depending on the timing of the steps, the first device could ask for
the chunk, get a “yes” answer, but then not get the chunk because it
has already been assigned to the second device.
Overbooking Example
• A race condition is difficult to detect because it depends on the
order in which two processes execute. But the execution order of
the processes can depend on:
- total load on the system
- amount of available memory space
- priority of each process
- number and timing of system interrupts to the processes
• The likelihood of a race condition increases with this increasing

system heterogeneity.
Authentication, Access Control,
and Cryptography
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043).
Authentication
• The act of proving that a user is who she says she is.
• Methods:
– Something the user knows
– Something the user is
– Something the user has
Something You Know
• Passwords
• Security questions
• Attacks on “something you know”:
– Dictionary attacks
– Inferring likely passwords/answers
– Guessing
– Defeating concealment
– Exhaustive or brute-force attack
– Rainbow tables
Distribution of Password Types
Password Storage
Plaintext Concealed
Biometrics: Something You Are
Problems with Biometrics
• Intrusive
• Expensive
• Single point of failure
• Sampling error
• False readings
• Speed
• Forgery
Tokens: Something You Have
Federated Identity Management
Single Sign-On
Access Control
Access Policies
• Goals:
– Check every access
– Enforce least privilege
– Verify acceptable usage
• Track users’ access

o Enforce at appropriate granularity
o Use audit logging to track accesses
Implementing Access Control
• Reference monitor
• Access control directory
• Access control matrix
• Access control list
• Privilege list
• Capability
• Procedure-oriented access control
• Role-based access control
Reference Monitor
Access Control Directory
Access Control Matrix
Access Control List
Problems Addressed by Encryption
• Suppose a sender wants to send a message to a
recipient.
• An attacker may attempt to
– Block the message
– Intercept the message
– Modify the message
– Fabricate an authentic-looking alternate message
Encryption Terminology
• Sender
• Recipient
• Transmission medium
• Interceptor/intruder
• Encrypt, encode, or encipher
• Decrypt, decode, or decipher
• Cryptosystem
• Plaintext
• Ciphertext
Encryption/Decryption Process
Symmetric vs. Asymmetric
Secret Key vs. Public Key Encryption
Stream Ciphers
Block Ciphers
Stream vs. Block
Stream Block
Advantages  Speed of  High diff usion
transformation  Immunity to
 Low error insertion of
propagation symbol
Disadvantages  Low diff usion  Slowness of

 Susceptibility to encryption
malicious  Padding
insertions and  Error
modifications propagation
Cryptography
• The art of secret writing.
• It is technique of securing information and
communications through use of codes so that
only those person for whom the information is
intended can understand it and process it.
Cryptography (cont.)
• characterize cryptographic system by:
– type of encryption operations used

• substitution / transposition / product
– number of keys used
• single-key or private / two-key or public
– way in which plaintext is processed
• block / stream
Symmetric Encryption
• or conventional / private-key / single-key.
• sender and recipient share a common key.
• all classical encryption algorithms are private-
key.
Symmetric Cipher Model
Requirements
• two requirements for secure use of symmetric
encryption:
– a strong encryption algorithm
– a secret key known only to sender / receiver
• mathematically have:
Y = EK(X)
X = DK(Y)
Cryptanalysis
• objective to recover key not just message
• general approaches:
– cryptanalytic attack
– brute-force attack
Cryptanalytic Attacks
• ciphertext only
– only know algorithm & ciphertext, is statistical,
know or can identify plaintext
• known plaintext
– know/suspect plaintext & ciphertext
• chosen plaintext
– select plaintext and obtain ciphertext
• chosen ciphertext
– select ciphertext and obtain plaintext
• chosen text
– select plaintext or ciphertext to en/decrypt
More Definitions
• unconditional security
– no matter how much computer power or time is
available, the cipher cannot be broken since the
ciphertext provides insufficient information to
uniquely determine the corresponding plaintext
• computational security
– given limited computing resources (eg time
needed for calculations is greater than age of
universe), the cipher cannot be broken
Brute Force Search
• always possible to simply try every key
• most basic attack, proportional to key size
• assume either know / recognise plaintext
Key Size (bits) Number of Alternative Time required at 1 Time required at 106
Keys decryption/µs decryptions/µs
32 231 µs = 35.8 minutes 2.15 milliseconds
2 32
= 4.3 × 10 9
56 255 µs = 1142 years 10.01 hours

2 56
= 7.2 × 10 16
128
2128 = 3.4 × 1038 2127 µs = 5.4 × 1024 years 5.4 × 1018 years
168
2168 = 3.7 × 1050 2167 µs = 5.9 × 1036 years 5.9 × 1030 years
26 characters
(permutation) 26! = 4 × 1026 2 × 1026 µs = 6.4 × 1012 years 6.4 × 106 years
Classical Substitution Ciphers
• where letters of plaintext are replaced by
other letters or by numbers or symbols
• or if plaintext is viewed as a sequence of bits,

then substitution involves replacing plaintext
bit patterns with ciphertext bit patterns
Caesar Cipher
• earliest known substitution cipher.
• by Julius Caesar.
• first attested use in military affairs.
• replaces each letter by 3rd letter on.
• example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
Caesar Cipher
• can define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
• Mathematically, give each letter a number

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
• then have Caesar cipher as:

c = E(p) = (p + k) mod (26) = (24+3) mod 26= 1 (b)
p = D(c) = (c – k) mod (26)
= (1-3) mod 26 = -2 mod 26= 24
Cryptanalysis of Caesar Cipher
• only have 26 possible ciphers
– A maps to A,B,..Z
• Attacker could simply try each in turn
• a brute force search
• given ciphertext, just try all shifts of letters
• do need to recognize when have plaintext
• eg. break ciphertext "GCUA VQ DTGCM"
Monoalphabetic Cipher
• rather than just shifting the alphabet, could shuffle
(jumble) the letters arbitrarily.
• each plaintext letter maps to a different random
ciphertext letter.
• hence key is 26 letters long.
Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
Monoalphabetic Cipher Security
• now have a total of 26! = 4 x 1026 keys.
• with so many keys, might think is secure.
• but would be !!!WRONG!!!.
• problem is language characteristics.
Language Redundancy and Cryptanalysis
• human languages are redundant.

• eg "th lrd s m shphrd shll nt wnt"
• letters are not equally commonly used.
• in English E is by far the most common letter
– followed by T,R,N,I,O,A,S
• other letters like Z,J,K,Q,X are fairly rare.
• have tables of single, double & triple letter
frequencies for various languages.
English Letter Frequencies
Use in Cryptanalysis
• key concept - monoalphabetic substitution ciphers
do not change relative letter frequencies.
• discovered by Arabian scientists in 9th century.
 calculate letter frequencies for ciphertext.
 compare counts/plots against known values.
 if caesar cipher look for common peaks/troughs
 peaks at: A-E-I triple, NO pair, RST triple
 troughs at: JK, X-Z
 for monoalphabetic must identify each letter
– tables of common double/triple letters help
Playfair Cipher
• not even the large number of keys in a
monoalphabetic cipher provides security.
• one approach to improving security was to
encrypt multiple letters.
• the Playfair Cipher is an example.
• invented by Charles Wheatstone in 1854, but
named after his friend Baron Playfair.
Playfair Key Matrix
• a 5X5 matrix of letters based on a keyword
• fill in letters of keyword (sans duplicates)
• fill rest of matrix with other letters
• eg. using the keyword MONARCHY
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
Encrypting and Decrypting
• plaintext is encrypted two letters at a time
1. if a pair is a repeated letter, insert filler like 'X’
2. if both letters fall in the same row, replace each
with letter to right (wrapping back to start from
end)
3. if both letters fall in the same column, replace
each with the letter below it (again wrapping to
top from bottom)
4. otherwise each letter is replaced by the letter in
the same row and in the column of the other
letter of the pair
Example of Playfair Cipher
• The sender and the receiver deicide on a particular key,
say ‘tutorials’.
• In a key table, the first characters (going left to right) in
the table is the phrase, excluding the duplicate letters.
• The rest of the table will be filled with the remaining
letters of the alphabet, in natural order. The key table
works out to be −
Process of Playfair Cipher
• First, a plaintext message is split into pairs of

two letters (digraphs). If there is an odd
number of letters, a Z is added to the last
letter. Let us say we want to encrypt the
message “hide money”. It will be written as −
• HI DE MO NE YZ
• The rules of encryption are −
– If both the letters are in the same column, take the letter
below each one (going back to the top if at the bottom)
T U O R I
A L S B C
D E F G H ‘H’ and ‘I’
are in same
K M N P Q column,
V W X Y Z hence take
letter below
them to
replace. HI
→ QC
• If both letters are in the same row, take the letter to the right
of each one (going back to the left if at the farthest right)
T U O R I
A L S B C
D E F G H ‘D’ and ‘E’
are in same
K M N P Q row, hence
V W X Y Z take letter to
the right of
them to
replace. DE
→ EF
• If neither of the preceding two rules are true, form
a rectangle with the two letters and take the
letters on the horizontal opposite corner of the
rectangle.
• Using these rules, the result of the encryption of
‘hide money’ with the key of ‘tutorials’ would be −
• QC EF NU MF ZV
• Decrypting the Playfair cipher is as simple as doing
the same process in reverse. Receiver has the same
key and can create the same key table, and then
decrypt any messages made using that key.
Security of Playfair Cipher
• security much improved over monoalphabetic.
• since have 26 x 26 = 676 digrams
• would need a 676 entry frequency table to analyse
(verses 26 for a monoalphabetic)
• and correspondingly more ciphertext
• was widely used for many years

– eg. by US & British military in WW1
• it can be broken, given a few hundred letters.
• since still has much of plaintext structure.
Polyalphabetic Ciphers
• polyalphabetic substitution ciphers
• improve security using multiple cipher alphabets
• make cryptanalysis harder with more alphabets to
guess and flatter frequency distribution
• use a key to select which alphabet is used for each
letter of the message
• use each alphabet in turn
• repeat from start after end of key is reached
Vigenère Cipher
• simplest polyalphabetic substitution cipher
• effectively multiple caesar ciphers
• key is multiple letters long K = k1 k2 ... kd
• ith letter specifies ith alphabet to use
• use each alphabet in turn
• repeat from start after d letters in message
• decryption simply works in reverse
Example of Vigenère Cipher
• write the plaintext out
• write the keyword repeated above it
• use each key letter as a caesar cipher key
• encrypt the corresponding plaintext letter
• eg using keyword deceptive
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
Vigenere Cipher
• This scheme of cipher uses a text string (say, a

word) as a key, which is then used for doing a
number of shifts on the plaintext.
• For example, let’s assume the key is ‘point’.
Each alphabet of the key is converted to its
respective numeric value: In this case,
• p → 15, o → 14, i → 8, n → 13, and t → 19.
• Thus, the key is: 15 14 8 13 19.
Process of Vigenere Cipher
• The sender and the receiver decide on a key.
Say ‘point’ is the key. Numeric representation
of this key is ‘15 14 8 13 19’.
• The sender wants to encrypt the message, say
‘attack from south east’. He will arrange
plaintext and numeric key as follows −
a t t a c k f r o m s o u t h e a s t
1 1 8 1 1 1 1 8 1 1 1 1 8 1 1 1 1 8 1
5 4 3 9 5 4 3 9 5 4 3 9 5 4 3
• He now shifts each plaintext alphabet by the number
written below it to create ciphertext as shown below
−
a t t a c k f r o m s o u t h e a s t
1 1 8 1 1 1 1 8 1 1 1 1 8 1 1 1 1 8 1
5 4 3 9 5 4 3 9 5 4 3 9 5 4 3
p h b n v z t z b f h c c g a t o a g
• Here, each plaintext character has been shifted by a

different amount – and that amount is determined by
the key.
• The key must be less than or equal to the size of the
message.
Security of Vigenère Ciphers
• have multiple ciphertext letters for each
plaintext letter.
• hence letter frequencies are obscured.
• but not totally lost.
• start with letter frequencies
– see if look monoalphabetic or not
• if not, then need to determine number of
alphabets, since then can attach each
Autokey Cipher
• ideally want a key as long as the message
• Vigenère proposed the autokey cipher
• with keyword is prefixed to message as key
• knowing keyword can recover the first few letters
• use these in turn on the rest of the message
• but still have frequency characteristics to attack
key: initial key is 12 (M)
Key Stream: MATTACKSUCCESSFU
plaintext: ATTACK SUCCESSFUL
ciphertext: MTMTCMCMWEGWKXZF
Ci=(Pi+Ki)mod 26
One-Time Pad
• if a truly random key as long as the message is used,
the cipher will be secure
• called a One-Time pad
• is unbreakable since ciphertext bears no statistical
relationship to the plaintext
• since for any plaintext & any ciphertext there exists
a key mapping one to other
• can only use the key once though
• problems in generation & safe distribution of key
Transposition Ciphers
• now consider classical transposition or
permutation ciphers
• these hide the message by rearranging the
letter order
• without altering the actual letters used
• can recognise these since have the same
frequency distribution as the original text
Row Transposition Ciphers
• a more complex transposition
• write letters of message out in rows over a
specified number of columns
• then reorder the columns according to some
key before reading off the rows
Key: BACKIN
Plaintext: HELLOHOWAREYOUabcd
H E L L O H
Ciphertext: EWUHOOLAAOECLRBHYD
O W A R E Y
O U a b c d
B A C K I N
Product Ciphers
• ciphers using substitutions or transpositions are not
secure because of language characteristics
• hence consider using several ciphers in succession to
make harder, but:
– two substitutions make a more complex substitution
– two transpositions make more complex transposition
– but a substitution followed by a transposition makes a new
much harder cipher
• this is bridge from classical to modern ciphers
Rotor Machines
• before modern ciphers, rotor machines were most
common complex ciphers in use
• widely used in WW2
– German Enigma, Allied Hagelin, Japanese Purple
• implemented a very complex, varying substitution
cipher
• used a series of cylinders, each giving one
substitution, which rotated and changed after each
letter was encrypted
• with 3 cylinders have 263=17576 alphabets
Hagelin Rotor Machine
Steganography
• an alternative to encryption
• hides existence of message
– using only a subset of letters/words in a longer
message marked in some way
– using invisible ink
– hiding in LSB in graphic image or sound file
• has drawbacks
– high overhead to hide relatively few info bits
Summary
• have considered:
– classical cipher techniques and terminology
– monoalphabetic substitution ciphers
– cryptanalysis using letter frequencies
– Playfair cipher
– polyalphabetic ciphers
– transposition ciphers
– product ciphers and rotor machines
– stenography
Malicious Code
• Malicious code is software that performs unauthorized functions
causing the normal operation of an information system to be
abnormal.
• According to SPECTRIA InfoSec Services, malicious code is defined as
“software which interferes with the normal operation of a computer
system” or “software, which executes without the express consent of
the user.”
• The most sophisticated types of threats to computer systems are
presented by malicious codes that exploit vulnerabilities in computer
systems.
Malicious Code
• Any code which modifies or destroys data, steals data, allows
unauthorized access, exploits or damage a system, and does
something that user did not intend to do, is called malicious code.
• There are several types of malicious code such as viruses, worms,
Trojan horses, logic bombs, trapdoors/backdoors and programming
flaws.
• The programming flaws can be included with malicious intent or just

be bad programming practices.
Malicious Code
• Independents
are self contained program that can be scheduled and ran by the
operating system.
• Needs host program

are essentially fragments of programs that can not exist independently
of some actual application program, utility or system program.
Malicious Code
• Trap doors
A trap door is a secret entry point into a program that allows
someone that is aware at the trap door to gain access without going
through the usual security access procedure.
In many cases attacks using trap doors can give a great degree of
access to the application, important data, or given the hosting system.
Trap doors have been used legitimately by programmers to debug
and test programs.
Some of the legitimate reasons for trap doors are:
1. Intentionally leaves them for testing, and make testing easier
2. Intentionally leaves them for covert means of access. In the other words,
allows access in event of errors.
3. Intentionally leaves them for fixing bugs.
But they may use illegitimately, to provide future, illegal access. Trap doors
become threats when they are used by unscrupulous programmers to gain
unauthorized access.
• Back door
is another name for a trap door, back doors provide immediate access to a
system by passing employed authentication and security protocols, Attackers
can use back doors to bypass security control and gain control at a system
without time consuming hacking.
Malicious Code
• Logic Bombs
The logic bomb is code embedded in some legitimate program that
execute when a certain predefined events occurs.
These codes surreptitiously inserted into an application or operating
system that causes it to perform some destructive or security –
compromising activity whenever specified conditions are met.
A bomb may sent a note to an attacker when a user is logged on to
the internet and is using an specific program such as a word
processor, this message informs the attacker that the user is ready for
an attack.
1. Attacker implants logic bomb
2. Victim reports installation
3. Attacker sends attack message
4. Victim dose as logic bomb installation
Notice that this bomb dose not actually begin the attack but tells the attacker
that the victim has met needed state for an attack to begin.
Malicious Code
• Trojan Horses
A malicious, security–breaking program that is disguised as
something benign, such as directory lister, archiver, game, or a
program to find and destroy viruses!"
A Trojan horse is a useful, or apparently useful program or command
procedure containing hidden code that when invoked performs some
unwanted or harmful function.
Trojan Horses can be used to accomplish functions indirectly that an
unauthorized user could not accomplish directly.
for example, to gain access to the files of another user on a shared
system, a user could create a Trojan Horse program that when
executed, changed the invoking user’s file permissions so that the file
are readable by any user.
The program appears to be performing a useful function but it may
also be quietly deleting the victim’s files.
Malicious Code
• Zombie
A zombie is a program that secretly takes over another internet
attached computer and then uses that computer to launch attacks
that are difficult to trace to the zombie’s creator.
Zombies are used in Denial of service attacks, typically against
targeted web sites.
The zombie is planted on hundreds of computers belonging to
unsuspecting third parties and then used to overwhelm the target
website by launching on overwhelming onslaught of internet traffic.
Malicious Code
• Viruses
A cracker program that searches out other programs and 'infects‘
them by embedding a copy of itself in them so that they become
Trojan horses.
When these programs are executed, the embedded virus is executed
too, thus propagating the ' infection ' this normally happens invisibly
to the user.
Unlike a worm, a virus can not infect other computers without
assistance.
It is propagated by vectors such as humans trading programs with
their friends the virus may do nothing but propagate itself and then
allow the program to run normally.
Usually, however, after propagating silently for a while, it starts doing
things like writing cute messages on the terminal or playing strange
tricks with the display.
Many nasty viruses, written by particularly perversely minded
crackers, do irreversible damage, like nuking the entire user’s files...
During its lifetime a typical virus goes through the following four phases:
1- Dormant phase: The virus is idle the virus will eventually be activated by
some event, such as a date. The presence of another program or file, or the
capacity of the disk exceeding some limit, not all viruses have this stage.
2- Propagation phase: The virus places an identical copy of itself into other
programs or into certain system areas on the disk. Each infected program will
now contain a clone of the virus, which will itself enter a propagation phase.
3- Triggering phase: The virus is activated to perform the function for which
it was intended. As with the dormant phase, the triggering phase can be
caused by a variety of system events, including a count of the number of
times that this copy of the virus has made copies of itself.
4- Execution phase: The function is performed. The function may be
harmless, such as a message on the screen, or damaging, such as the
destruction of programs and data files.
• Virus Anatomy,
Virus Structure has four ports
1. Mark can prevent re-infection attempt.
2. Infection Mechanism causes spread to
other files
3. Trigger are conditions for delivering payload
4. Payload is the possible damage to infected
computer
• Program File Viruses
• Memory – resident virus
lodges in main memory as part of a resident system program. From that
point on, virus infects every program that executes.
• Polymorphic virus
creates copies during replication that are functionally equivalents but have
distinctly different bit patterns.
In this case the “signature “of the virus will vary with each copy. To achieve
this variation, the virus may randomly insert superfluous instructions or
interchange the order of independent in-generally called a mutation
engine, creates a random encryption key to encrypt the reminder of the
virus. The key is stored with the virus, and the mutation engine itself is
altered.
When an infected program is invoked, the virus uses the stored random
key to decrypt the virus, when the virus replicates, a different random key
is selected.
• Boot Sector Virus
Boot sector viruses infect the system area of the disk that is read when the
disk is initially accessed or booted. This area can include the master boot
record, the operation system’s boot sector or both.
A virus infecting these areas typically takes the system instructions it finds
and moves them to some other area on the disk. The virus is then free to
place its own code in the boot record.
When the system initializes, the virus loads into memory and simply points
to the new location for the system instructions. The system then boots in a
normal fashion except the virus is now resident in memory.
A boot sector virus can replicate without your executing any programs
from an infected disk. Simply accessing the disk is sufficient.
• Stealth Virus
A format virus explicitly designed to hide itself from detection by antivirus
software.
When the virus is loaded into memory, it monitors system calls to files and
disk sectors, when a call is trapped the, virus modifies the information
returned to the process making the call so that it sees the original
uninfected information. This aids the virus in avoiding detection.
For example many boot sector viruses contain stealth ability. If the infected
disk is booted, programs such as FDISK report a normal boot record. The
virus is intercepting sector calls from FDISK and returning the original boot
sector information.
If you boot the system from a clean floppy disk however, the drive is
inaccessible. If you run FDISK again, the program reports a corrupted boot
sector on the drive.
• Macro Virus
Macro Virus is set of macro commands, specific to an application, which
automatically executes in an unsolicited manner and spread to that application’s
documents.
According to the national computer security agency (www.ncsa.com), macro
viruses now make up two – thirds of all computer viruses.
Macro viruses are particularly threatening for a number of reasons:
1- A macro virus is platform independent. Virtually all of the macro viruses infect
Microsoft word documents. Any hardware platform and operating system that
supports word can be infected.
2- Macro viruses infect documents, not executable portions of code. Most of the
information introduced on to a computer system is in the form of a document
rather than a program.
3- Macro viruses are easily spread. A very common method is by electronic mail.
• Email Virus
A more recent development in malicious software is the e-mail virus.
The first rapidly spreading e-mail viruses, such as Melissa, made use
of a Microsoft word macro embedded in an attachment.
If the recipient opens the e-mail attachment, the word macro is
activated then:
1- The e-mail virus sends itself to everyone on the mailing list in the
user’s e-mail package
2- The virus does local damage
• Worms
A program that propagates itself over a network, reproducing itself as
it goes.
Worm is also self-replicating but a stand-alone program that exploits
security holes to compromise other computers and spread copies of
itself through the network.
Unlike viruses, worms do not need to parasitically attach to other
programs.
Because of the recursive structure of this propagation, the spread
rate of worms is very fast and poses a big threat on the Internet
infrastructure as a whole.
Worms Anatomy
- Mark structurally similar to viruses, except a

stand-alone program instead of program
fragment
- Infection Mechanism searches for weakly
protected computers through a network (i.e.,
worms are network based)
- Triggers are Conditions for delivering payload
- Payload might drop a Trojan horse or
parasitically infect files, so worms can have
Trojan horse or virus characteristics
Detecting and Removing
Malicious Code
Something wasn't right:
• sluggish performance
• too much network activity
• a missing file.
Detecting and Removing
Malicious Code
• Backups and Evidence
If you haven't rebuilt a cracked box.
Lost months worth of data.
Spent precious downtime reconfiguring.
• Detecting Malicious Code

What Do the Logs Say?
How's it Behaving?
Output from Unix command top:
Output from portscan tool nmap:
Simple tcpdump filter designed to ignore standard traffic
Netstat Output
Countermeasures
•
For Users
• For Developers
• Specifically for Security
• Countermeasures that don’t work
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043).
Countermeasures for Users
User Vigilance
• The easiest control against malicious code is hygiene: not engaging in
behavior that permits malicious code contamination.
• The two components of hygiene are avoiding points of contamination
and blocking avenues of vulnerability.
To avoid contamination,
Use only commercial software acquired from reliable, well-established
vendors.
Test all new software on an isolated computer.
Open attachments—and other potentially infected data files—only when
you know them to be safe.
Install software—and other potentially infected executable code files—
only when you really, really know them to be safe.
Recognize that any website can be potentially harmful.
Make a recoverable system image and store it safely.
Make and retain backup copies of executable system files.
For blocking system vulnerabilities,
As new vulnerabilities become known we should apply patches.
Zero-day attacks are especially problematic, because a vulnerability
presumably unknown to the software writers is now being exploited.
Systems run many different software products from different vendors, but
a vendor’s patch cannot and does not consider possible interactions with
other software.
We should apply all patches promptly except when doing so would cause
more harm than good, which of course you seldom know in advance.
Virus Detectors
• Virus scanners are tools that look for signs of malicious code infection.
Most such tools look for a signature or fingerprint, a telltale pattern in
program files/memory. Limitations of detection tools:
1. Detection tools are necessarily retrospective, looking for patterns of
known infections. As new infectious code types are developed, tools
need to be updated frequently with new patterns.
2. Patterns are necessarily static. If malicious code always begins with, or
even contains, the same four instructions, the binary code of those
instructions may be the invariant pattern for which the tool searches.
Because tool writers want to avoid misclassifying good code as malicious,
they seek the longest pattern they can.
Virus Signatures
• A virus cannot be completely invisible. Code must be stored somewhere,
and the code must be in memory to execute.
• The virus executes in a particular way, using certain methods to spread.
Each of these characteristics yields a telltale pattern, called a signature,
that can be found by a program that looks for it.
• The virus’s signature is important for creating a program, called a virus
scanner, that can detect and, in some cases, remove viruses.
• The scanner searches memory and long-term storage, monitoring
execution and watching for the telltale signatures of viruses.
Code Analysis
• To determine what it does, how it propagates and where it originated.
Compilation and Decompilation Process

• In case of an infestation, an analyst may be called in.
• The analyst starts with code that was actually executing, active in
computer memory, but that may represent only a portion of the
actual malicious package.
• In any event, analysis starts from machine instructions. Using a tool
called a disassembler, the analyst can convert machine-language
binary instructions to their assembly language equivalents, but the
trail stops there.
• These assembly language instructions have none of the informative
documentation, variable names, structure, labels or comments, and
the assembler language representation of a program is much less
easily understood than its higher-level language counterpart.
Storage Patterns
• Most viruses attach to programs that are stored on media such as disks.
The attached virus piece is invariant, so the start of the virus code becomes
a detectable signature.
Countermeasures for Developers
• Software Engineering Techniques
To create a design or code in small, self-contained units, called
components or modules (modular).
If a component is isolated from the effects of other components, then the
system is designed in a way that limits the damage any fault causes
(encapsulation).
When information is hidden, each component hides its precise
implementation or some other design decision from the others. Thus,
when a change is needed, the overall design can remain intact while only
the necessary changes are made to particular components (information
Hiding).
Modularity
Coupling
Encapsulation and Information Hiding

Mutual Suspicion
• Describe the relationship between two programs.
• Mutually suspicious programs operate as if other routines in the
system were malicious or incorrect.
• A calling program cannot trust its called subprocedures to be correct,
and a called subprocedure cannot trust its calling program to be
correct.
• Each protects its interface data so that the other has only limited
access.
• Confinement
Used by an operating system on a suspected program to help ensure that
possible damage does not spread to other parts of a system. A confined
program is strictly limited in what system resources it can access.
• Simplicity
The case for simplicity—of both design and implementation—should be self-
evident:. simple solutions are easier to understand, leave less room for error,
and are easier to review for faults
• Generic Diversity
It reduces the number of targets susceptible to one attack type.
Address-space-layout randomization
Testing
• A process activity that concentrates on product quality: It seeks to locate
potential product failures before they actually occur.
• Security testing tries to anticipate the hundreds of ways a program can fail.
Types:
 Module testing, component testing, or unit testing
 Integration Testing
 Function Testing
 Performance Testing
 Acceptance Testing
 Installation Testing
 Regression Testing
Black box vs White box Testing
• Black-box testing treats a system or its components as black boxes;
testers cannot “see inside” the system, so they apply particular inputs
and verify that they get the expected output.
• White-box testing allows visibility. Here, testers can examine the
design and code directly, generating test cases based on the code’s
actual construction.
Countermeasures Specifically for
Security
• Design Principles for Security
Least privilege
Economy of mechanism
Open design
Complete mediation
Permission based
Separation of privilege
Least common mechanism
Ease of use
• Penetration Testing (Ethical hacking) for Security
It involves the use of a team of experts trying to crack the system being
tested (as opposed to trying to break into the system for unethical
reasons).
Penetration testing is both an art and science. The artistic side requires
careful analysis and creativity in choosing the test cases. But the
scientific side requires rigor, order, precision, and organization.
• A system that fails penetration testing is known to have faults; one
that passes is known only not to have the faults tested for.
• Proofs of Program Correctness
A security specialist wants to be certain that a given program computes
a particular result, computes it correctly, and does nothing beyond
what it is supposed to do.
• Validation
Assuring that the system developers have implemented all
requirements. Different ways:
Requirements checking
Design and code reviews
System testing
• Defensive Programming
Program designers must not only write correct code but must also
anticipate what could go wrong.
value inappropriate for data type
value out of range for given use
value unreasonable
value out of scale or proportion
incorrect number of parameters
incorrect order of parameters
• Trustworthy Computing Initiative
Microsoft company case study of security problem. The analysis and
progress plan became known as the Trusted Computing Initiative. In this
effort all developers underwent security training, and secure software
development practices were instituted throughout the company.
• Design by Contract
Can assist in identifying potential sources of error. The trademarked form
of this technique involves a formal program development approach and
refer to documenting for each program module its preconditions,
postconditions, and invariants.
Countermeasures that don’t
work
• Penetrate-and-Patch
Fails because it is hurried, misses the context of the fault, and focuses on
one failure, not the complete system.
• Security by Obscurity
Things meant to stay hidden seldom do. Attackers find and exploit many
hidden things.
What approaches an attacker can use in case of passwords?

• A Perfect Good-Bad Code Separator
Every program uses memory, activates certain machine hardware, takes
a particular amount of time, additional activities such as reordering a
list or even presenting an output in a particular color.
Halting problem, which asks whether a computer program stops

execution or runs forever.
It is impossible to write a program to solve the halting problem for
any possible program and any possible stream of input.
If we could identify all good programs we would solve the halting
problem, which is provably unsolvable.
Browser
Attacks
Types
• Man-in-the-Browser
Eg. Trojan horse that intercepts data passing through the browser. Code
inserted into the browser can read, copy, and redistribute anything the user
enters in a browser.
• Keystroke Logger
It is either hardware or software that records all keystrokes entered. The
logger either retains these keystrokes for future use by the attacker or sends
them to the attacker across a network connection.
• Page-in-the-Middle
A user is redirected to another page. A page attack might wait until a user
has gone to a particular web site and present a fictitious page for the user.
• Program Download Substitution
Attacker presents a page with a desirable and seemingly innocuous program
for the user to download, for example, a browser toolbar or a photo
organizer utility. A user agreeing to install a program has no way to know
what that program will actually do.
• User-in-the-Middle
A CAPTCHA is a puzzle that supposedly only a human can solve, so a server
application can distinguish between a human who makes a request and an
automated program generating the same request repeatedly.
Eg. web sites that request votes to determine the popularity of television
programs. To avoid being fooled by bogus votes from automated program
scripts, the voting sites sometimes ensure interaction with an active
human by using CAPTCHAs.
How Browser Attacks Succeed:
Failed Identification and
Authentication
• Human Authentication
Driver’s license or identity card, a letter of introduction from a mutual
acquaintance or trusted third party, a picture (for recognition of a face),
a shared secret, or a word.
• Computer Authentication
If a computer’s address or a component’s serial number cannot be
spoofed, that is a reliable authenticator. Computers do not innately
“know” anything, but they can remember or store many things and
derive many more.
• When a user communicates online with a bank, the communication is
really user-to-browser and computer-to-bank’s computer. Your bank
takes steps to authenticate you, but how can you authenticate your
bank?
What are points

where authentication
is vulnerable?
Successful Identification and
Authentication
Shared Secret
• The basic concept is that something only the two entities on the end
should know. To be effective, a shared secret must be something no
malicious middle agent can know.
• Banks and credit card companies struggle to find new ways to make
sure the holder of a credit card number is authentic. The first secret
was mother’s maiden name, which is something a bank might have
asked when someone opened an account. However, when all financial
institutions started to use this same secret, it was no longer as secret.
One-Time Password
• It is good for only one use. To use a one-time password scheme, the
two end parties need to have a shared secret list of passwords.
• When one password is used, both parties mark the word off the list
and use the next word the next time.
Out-of-Band Communication
• Transferring one fact along a communication path separate from that
of another fact. Eg. bank card PINs are always mailed separately from
the bank card so that if the envelope containing the card is stolen, the
thief cannot use the card without the PIN.
Continuous Authentication
• Encryption can provide continuous authentication, but care must be
taken to set it up properly and guard the end points.
• If two parties carry on an encrypted communication, an interloper
wanting to enter into the communication must break the encryption
or cause it to be reset with a new key exchange between the
interceptor and one end. (This latter technique is known as a session
hijack).
Q1: The SilentBanker man-in-the-browser attack depends on malicious
code that is integrated into the browser. These browser helpers are
essentially unlimited in what they can do.
Suggest a design by which such helpers are more rigorously controlled.
Does your approach limit the usefulness of such helpers?
A1:
If a computer responds to a prompt with a user’s password, software can
direct that computer to save the password and later reuse it or repeat it to
another process, as was the case with the SilentBanker man-in-the-
browser attack.
If authentication involves computing a cryptographic result, the encryption
key has to be placed somewhere during the computing, and it might be
susceptible to copying by another malicious process.
Or on the other end, if software can interfere with the authentication-
checking code to make any value succeed, authentication is compromised.
Thus, vulnerabilities in authentication include not just the authentication
data but also the processes used to implement authentication
Q2:A cryptographic nonce is important for confirming that a party is
active and fully participating in a protocol exchange. One reason
attackers can succeed with many web-page attacks is that it is relatively
easy to craft authentic-looking pages that spoof actual sites.
Suggest a technique by which a user can be assured that a page is both
live and authentic from a particular site. That is, design a mark, data
interchange, or some other device that shows the authenticity of a web
page.
A2:
Before giving any information to a website, you should make sure it is
secure. Below are some quick tips that you can use to tell if a site is
secure.
Check the SSL Certificate. Look at the URL of the website. If it begins
with “https” instead of “http” it means the site is secured using an SSL
Certificate (the s stands for secure). SSL Certificates secure all of your
data as it is passed from your browser to the website’s server.
To get an SSL Certificate, the company must go through a validation
process.
Web Attacks
targeting Users
 False or Misleading Content
• Defaced Web Site
Occurs when an attacker replaces or modifies the content of a
legitimate web site.
For example, in January 2010, BBC reported that the web site of
the incoming president of the European Union was defaced to
present a picture of British comic actor Rowan Atkinson (Mr. Bean)
instead of the president.
How nature and objectives of attack varies?

• Fake Website
• Fake Code
Protecting Web Sites Against
Change
• Integrity Checksums
A checksum is hash code, or error detection code is a
mathematical function that reduces a block of data (including an
executable program) to a small number of bits.
Changing the data affects the function’s result in mostly
unpredictable ways, meaning that it is difficult to change the
data in such a way that the resulting function value is not
changed.
• Signed Code or Data
A partial approach to reducing the risk of false code is signed
code. Users can hold downloaded code until they inspect the
seal. After verifying that the seal is authentic and covers the
entire code file being downloaded, users can install the code
obtained.
A digital signature can vouch for the authenticity of a program,
update, or dataset. The problem is, trusting the legitimacy of the
signer.
 Malicious Web Content
• Substitute Content on a Real Web Site
• Web Bug
A web page is made up of many files: some text, graphics,
executable code, and scripts.
When the web page is loaded, files are downloaded from a
destination and processed; during the processing they may
invoke other files (perhaps from other sites) which are in turn
downloaded and processed, until all invocations have been
satisfied.
When a remote file is fetched for inclusion, the request also
sends the IP address of the requester, the type of browser, and
the content of any cookies stored for the requested site.
• Clickjacking
Tricking a user into clicking a link by disguising what the link points
to.
Why this Attack succeeds? Facebook Clickjack Attack

• Drive-By Download
An attack in which code in downloaded, installed, and executed
on a computer without the user’s permission and usually without
the user’s knowledge.
Example - In April 2011, a web page from the U.S. Postal Service
was compromised with the Blackhole commercial malicious-
exploit kit. Clicking a link on the postal service web site
redirected the user to a web site in Russia, which presented what
looked like a familiar “Error 404— Page Not Found” message, but
instead the Russian site installed malicious code carefully
matched to the user’s browser and operating system type
Protecting Against Malicious
Web Pages
• Access control accomplishes separation, keeping two classes of
things apart.
• Users download code to add new applications, update old ones, or
improve execution. Additionally, often without the user’s
knowledge or consent, applications, including browsers, can
download code either temporarily or permanently to assist in
handling a data type.
• The relevant measures here would include least privilege, user
training, and visibility.
• Responsibility of the web page owner
Ensure that code on a web page is good, clean, or suitable.
Code on web pages can come from many sources: libraries,
reused modules, third parties, contractors, and original
programming.
Website owners focus on site development, not maintenance.
Even if code on a site was good when the code was first made
available for downloads, few site managers monitor over time to
be sure the code stays good.
Obtaining User or
Website Data and
Email Attacks
Obtaining User or Website Data
Code Within Data
1. Cross-Site Scripting
• Executable code is included in the interaction between client and
server and executed by the client or server.
• Eg., a Google search on the string “cross site scripting” becomes
http://www.google.com/search?q=cross+site+scripting
&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official
&client=firefox-a&lr=lang_enent or server.
2. SQL Injection
• Operates by inserting code into an exchange between a client and
database server. Eg., Bank application
3. Dot-Dot-Slash
• Enter the dot-dot. In both Unix and Windows, ‘..’ is the directory
indicator for “predecessor.” And ‘../..’ is the grandparent of the current
location.
• So someone who can enter file names can travel back up the
directory tree one .. at a time.
• Eg., passing the following URL causes the server to return the
requested file, autoexec.nt, enabling an attacker to modify or delete
it.
4. Sever-Side Include
• Web pages can be organized to invoke a particular function
automatically. For example, many pages use web commands to send
an email message in the “contact us” part of the displayed page.
• One of the server-side include commands is exec, to execute an
arbitrary file on the server.
 Website Data: A User’s Problem, Too
• Some website data affect users significantly. Consider one of the most
common data items that web sites maintain: user IDs and passwords.
• Faced with many passwords to remember, users skimp by reusing the
same password on multiple sites. Even that reuse would be of only
minor consequence if websites protected IDs and corresponding
passwords.
• Websites’ ID and password tables are both valuable to attackers and
frequently obtained. Even if it is the website that is attacked, it is the
users who suffer the loss.
 Foiling Data Attacks
• Depend on passing commands disguised as input. Countermeasures:

• An input preprocessor could watch for and filter out specific
inappropriate string forms, such as < and > in data expected to
contain only letters and numbers.
• Access control on the part of backend servers that might receive and
execute these data attacks. For example, a database of names and
telephone numbers might support queries for a single person.
Email Attacks
Fake Email
Fake Email Messages as Spam
• False messages try to get people to click to download a browser
enhancement or even just click for more detail. Spammers use more
realistic topics for false messages to entice recipients to follow a
malicious link. Types:
fake “nondelivery” messages
false social networking messages, especially attempts to obtain login
details
current events messages
shipping notices
• Volume of Spam
• Why Send Spam?
• Pump and Dump
• Advertising
• Malicious Payload
• Links to Malicious Web Sites
• The Price Is Right
• How to eliminate/reduce spams: Legal, Source Addresses, Screeners,
Volume Limitations, Postage
Fake (Inaccurate) Email Header Data
• Headers on email are easy to spoof, and thus recipients believe the
email has come from a safe source.
• The header form is standardized, but within the Internet email
network as a message is forwarded to its destination, each receiving
node trusts the sending node to deliver accurate content.
• However, a malicious, or even faulty, email transfer agent may send
messages with inaccurate headers, specifically in the “from” fields.
Phishing
Protecting Against Email
Attacks
• PGP (Pretty Good Privacy)
It addresses the key distribution problem with a “ring of trust” or a
user’s “keyring.”
One user directly gives a public key to another, or the second user
fetches the first’s public key from a server.
And one person can give a second person’s key to a third (and a fourth,
and so on).
Thus, the key association problem becomes one of caveat emptor. If I
trust you, I may also trust the keys you give me for other people.
PGP performs following:
1. Create a random session key for a symmetric algorithm.

2. Encrypt the message, using the session key (for message
confidentiality).
3. Encrypt the session key under the recipient’s public key.
4. Generate a message digest or hash of the message; sign the hash by
encrypting it with the sender’s private key (for message integrity and
authenticity).
5. Attach the encrypted session key to the encrypted message and digest.
6. Transmit the message to the recipient.
• S/MIME (Secure Multipurpose Internet Mail
Extensions)
Uses hierarchically validated certificates, usually represented in X.509
format, for key exchange.
Thus, with S/MIME, the sender and recipient do not need to have
exchanged keys in advance as long as they have a common certifier they
both trust.
S/MIME handles (secures) all sorts of attachments, such as data files
(for example, spreadsheets, graphics, presentations, movies, and
sound).
Security in
Operating System
 Operating System Structure
OS functions that involve computer
security
1. Enforced sharing
2. Interprocess communication and synchronization
3. Protection of critical operating system data
4. Guaranteed fair service
5. Interface to hardware
6. User authentication
7. Memory protection
8. File and I/O device access control
9. Allocation and access control to general objects
 A Bit of History
Single Users
Multiprogramming and Shared Use
Multitasking
 Protected Objects
The rise of multiprogramming meant that several aspects of a
computing system required protection:
memory
sharable I/O devices, such as disks
serially reusable I/O devices, such as printers and tape drives
sharable programs and subprocedures
networks
sharable data
Operating System Design to Protect Objects
Figure: Layered Operating System

Authentication Functions Spanning Layers in an
Operating System
Operating System Modules
Operating System Design for Self-Protection
• The operating system must protect itself in order to protect its users
and resources.
Figure: OS loaded in stages

 Operating System Tools to
Implement Security Functions
• Audit
Audit logs show what happened in an incident; analysis of logs can
guide prevention of future successful strikes.
• Virtualization
Virtual Machine
Presenting a user the appearance of a system with only the resources
the user is entitled to use.
• Hypervisor
software that implements a virtual machine.
• Sandbox
An environment from which a process can have only limited, controlled
impact on outside resources.
• Honeypot
System to lure an attacker into an environment that can be both
controlled and monitored.
How OS can control sharing?
• Separation and Sharing
Separation occurs by space (physical), time (temporal), access control
(logical), or cryptography. So, OS offer protection at any of several
levels:
Do not protect
Isolate
Share all or share nothing
Share but limit access
Limit use of an object
Hardware Protection of Memory
• Fence
• Base/Bound Register
When two pairs of base/bound registers are used?

• Tagged Architecture
• Virtual Memory - Segmentation
Segment Address Translation
Advantages of hiding
addresses?
Security benefits of
Segmentation?
• Virtual Memory - Paging
• Combined Paging with Segmentation
Security in
design of OS
• Simplicity of Design
• Layered Design
 Layered Trust
Separation: physical, temporal, logical, and cryptographic
Encapsulation: Each layer uses the more central layers as services,
and each layer provides a certain level of functionality to the
layers farther out
Damage control: possible with hierarchical structuring
• Kernelized Design
Security kernel: locus of all security enforcement
Coverage
Separation
Unity
Modifiability
Compactness
• Reference Monitor
• Correctness and Completeness
• Secure Design Principles
least privilege
economy of mechanism
open design
complete mediation
permission based
separation of privilege
least common mechanism
ease of use
• Trusted system
one with evidence to substantiate the claim it implements some
function or policy. To trust any program, we looking for certain key
characteristics:
Functional correctness
Enforcement of integrity
Limited privilege
Appropriate confidence level
• Trusted System Functions
Trusted Computing Base (TCB)
Everything necessary for a system to enforce its security policy. It
constitute:
hardware, including processors, memory, registers, a clock, and I/O devices
some notion of processes, so that we can separate and protect security-
critical processes
primitive files, such as the security access control database and
identification and authentication data
protected memory, so that the reference monitor can be protected against
tampering
some interprocess communication
System separated into TCB and non-TCB sections
• TCB Design and Implementation
• Secure Startup
Secure startup ensures no malicious code can block or interfere with
security enforcement.
• Trusted Path
A trusted path precludes interference between a user and the security
enforcement mechanisms of the operating system.
• Object Reuse
Object sanitization ensures no leakage of data if a subject uses a
memory object released by another subject.
• Audit
Trusted systems must also track any security relevant changes, such as
installation of new programs or modification to the operating system.
Rootkit
• Root: most privileged subject (in a Unix system)
• Rootkit: Tool or script that obtains privileges of root
Phone Rootkit
Rootkit Evades Detection
 Antivirus tools (and most programs) do not contain code to query the disk,
determine the disk format, identify files and where they are stored, find the file
names and properties from an index table, or structure the results for use and
display.
 Instead the tools call builtin functions through an application programming
interface (API) to get this information. What if malicious code intruded on that
sequence of calls?
OS Security Exercise
• If two users share access to a segment, they must do so
by the same name. Must their protection rights to it be
the same? Why or why not?
• No.
For example, a data table might have shared access by

many users. To facilitate maintenance of integrity, all
table modifications may be done by one user. However,
many other users could have read access to the table.
• What are some other modes of access that users might
want to apply to code or data, in addition to the
common read, write, and execute permission?
• Limit the number of concurrent accesses;
• Limit types of processes that can access;
• Limit times of day for access.
• Which approach is used to restricting system access to
authorized users.
a) Role-based access control

b) Process-based access control
c) Job-based access control
d) None of the mentioned
• The protection domain of a process contains
_____________
a) object name
b) rights-set
c) both object name and rights-set
d) none of the mentioned
• Explain how a fence register is used for relocation of a
user’s program.
• The address in the fence register is the starting address
of the user space. Thus, the user program can be
written relative to address 0. Adding the fence register’s
contents will properly relocate the user’s address
references.
• Give an example of an object whose sensitivity may
change during execution.
• One example is a printer that is used to print both
confidential and non-confidential data.
• Another example is a portion of unused disk space that
would initially have low sensitivity. However, once the
space is assigned to an active file, it would acquire a
different sensitivity value, depending on the sensitivity
of the data in the file.
• Why should the directory of one user not be generally
accessible to other users (not even for read-only
access)?
• The knowledge of the existence of certain objects should
not be available to unauthorized users.
• For example, a knowledge that Jones and Smith are
working together on a project (as evidenced by shared
access to many files) might be sensitive.
• Sometimes, testing or development versions of hardware
components or software systems should not be known by
all users.
• List two disadvantages of using physical separation in a
computing system. List two disadvantages of using
temporal separation in a computing system.
• Disadvantages (of both forms of separation):
Inability to share
Inconvenience to users
Record keeping burden
Inefficient resource utilization
TOP
Web Security Issues and
Solutions
Issue 1:
SQL
Injections
• Restrict searches for users.
• Don’t allow freeform input by users.
• Validate all data server-side.
• Clearly define who can and can’t access the data.
Issue 2:
Cross-Site
Scripting (XSS)
Attacks
• Validate all client-side inputs.
• Use properly configured firewalls.
• Update your software and anti-malware.
• Use a strong content security policy.
Issue 3:
Secure
Authentication
• Require use of strong passwords (which should never
be shared).
• Use passwordless authentication.
• Implement stringent session management.
• Set unique session keys.
• Don’t use session IDs in URLs.
• Limit login attempts.
• Don’t open links from unknown sources.
Issue 4: Sensitive data
Exposure
The sensitive data you need to protect includes but is not limited to:
 Personally identifiable information (PII) of employees, customers,

and partners
 Financial information of the organization or customers
 Trade secrets, intellectual property, and other sensitive company
documents
 Customer and supplier lists
• Use strong TLS certificates for data in motion.
• Protect data at rest.
• Secure your network.
• Implement a zero-trust model for information
sharing.
• Use security automation.
PRIVACY
 Privacy Concepts
• Aspects of Information Privacy
1. Controlled Disclosure
2. Sensitive Data
3. Affected Subject
Controlled Disclosure
• Privacy is the right to control who knows certain things about you.
• People may ask you for your telephone number: your auto mechanic,
a shop clerk, your tax authority, a new business contact, or a new
friend.
• In each case, you consider why the person wants the number and
then decide whether to give it out.
• But the key point is that you decide.
Sensitive Data
• Identity
• Finances
• Legal
• Health
• Opinions, preferences, and membership
• Biometrics
• Documentary evidence
• Privileged communications
• Academic and employment information
• Location data
• Digital footprint
Affected Subject
• Companies may have data they consider private or sensitive: product
plans, key customers, profit margins, and newly discovered
technologies, as examples.
• For private enterprise, privacy usually relates to gaining and
maintaining an edge over the competition.
• Other organizations, such as schools, hospitals, or charities, may need
to protect personal data about their students, patients, or donors.
Computer-Related Privacy
Problems
1. Information collection
2. Information usage
3. Information retention
4. Information disclosure
5. Information security
6. Access control
7. Monitoring
8. Policy changes
Data Collection
• Capacities of computer storage devices continue to grow, driving the
cost per byte down.
• Availability of massive, inexpensive storage encourages collecting and
saving data.
Google had 17 data centers in 2014, accounting for 0.01 percent of the
world’s total energy usage.
Microsoft has over a billion users and over 100,000 servers.
Notice and Consent
• Notice of collection and consent to allow collection of data are
foundations of privacy.
Telephone companies record the date, time, duration, source, and
destination of each telephone call.
ISPs track sites visited.
Some sites keep the IP address of each visitor to the site.
The user is not necessarily aware of this third category of data collection and
thus cannot be said to have given informed consent to the collection.
Control and Ownership of Data
• Disseminated data are almost impossible to get back.
• In many instances, you are asked to provide data (with proper notice)
and you consent to do so, explicitly or implicitly. But what happens
when the data are transferred to the requesting person or system?
• Having collected data with your permission, others may keep the data
you give them; you have ceded control (and sometimes ownership,
depending on the law in your region) of that copy of the data to
them.
 Privacy Principles and Policies
• Fair Information Practices
• U.S. Privacy Laws
• Controls on U.S. Government Websites
• Controls on Commercial Websites
• Non-U.S. Privacy Principles
• Individual Actions to Protect Privacy
• Governments and Privacy
• Identity Theft
Fair Information Practices
• Collection limitation.
• Data quality.
• Purpose specification.
• Use limitation.
• Security safeguards.
• Openness.
• Individual participation.
• Accountability.
Ways to protect stored data?

U.S. Privacy Laws
• 1974 Privacy Act: It is the strongest U.S. privacy law because of its breadth:
It applies to all personal data held anywhere in the federal government.
• Privacy laws in the United States vary by municipality and state; few
national laws exist.
consumer credit is addressed in the Fair Credit Reporting Act,

healthcare information in the Health Insurance Portability and Accountability Act
(HIPAA),
financial service organizations in the Gramm–Leach–Bliley Act (GLBA),
children’s web access in the Children’s Online Privacy Protection Act (COPPA),
student records in the Federal Educational Rights and Privacy Act
Controls on U.S. Government
Websites
• The Federal Trade Commission (FTC) has jurisdiction over websites,
including those of the U.S. government, that solicit potentially private
data.
• The FTC determined that, in order to obey the Privacy Act,
government websites would have to address five privacy factors:
Notice. Choice. Access. Security. Enforcement.
• What need to be disclosed by privacy policies of federal government

agencies as per e-Government Act of 2002 by U.S. Congress ?
Controls on Commercial Websites
No Deceptive Practices
• Privacy notices are enforceable: A site that says it will not release data
must abide by that rule, but a site that says nothing is not
constrained.
• This approach can lead to bizarre results, however. A company is
allowed to collect personal information and pass it in any form to
anyone, as long as the company’s privacy policy said it would do so, or
at least if the policy does not say it would not do so. Vowing to
maintain privacy and intentionally not doing so is an illegal deceptive
practice.
Non-U.S. Privacy Principles
• European Privacy Directive
provides strong protection for privacy rights, binding on governments,
businesses, and other organizations.
• Privacy in Other Countries

http://www.informationshield.com/intprivacylaws.html
• Conflicting Laws
Different laws in different jurisdictions will inevitably clash.
Individual Actions to Protect
Privacy
• Anonymity
For example, a rock star buying a beach house might want to avoid
unwanted attention from neighbors.
• Multiple Identities—Linked or Not
To your bank, you are your account number. To your motor vehicles bureau,
you are your driver’s license number. And to your credit card company, you
are your credit card number.
• Pseudonymity
Multiple identities can also be convenient; Similarly, disposable identities
(that you use for a while and then stop using) can be convenient.
Governments and Privacy
• Authentication
• Data Access Risks
• Steps to Protect Against Privacy Loss
Data minimization. Data anonymization. Auditing. Security and controlled
access. Training. Quality. Restricted usage. Data left in place. Policy.
State laws require notification of loss of personal data as a result of a

computer incident.
Identity Theft
• Taking or assuming another person’s identity.
• Example, using another person’s credit card without permission is
fraud.
• It occurs in many ways:
1. unauthorized opening of an account in someone else’s name,
2. changing account information to enable the thief to take over and
use someone else’s account or service,
3. perpetration of fraud by obtaining identity documents in the stolen
name.
PRIVACY
Authentication, Data Mining, Web, Email Security, Emerging

Technologies, Where the Field Is Headed
 Authentication and Privacy
• Individual Authentication
When you are born, your birth is registered at a government records office, and the
office issues a birth certificate to your parents. A few years later, your parents enroll
you in school, presenting the birth certificate so that the school can issue you a
school identity card.
• Identity Authentication
We use many different identities. There may or may not be ways to connect all
these different identities. A credit card links to the name and address of the card
payer, who may be you, your spouse, or anyone else willing to pay your expenses.
• Anonymized Records
Sometimes, individual data elements are not sensitive, but the linkages
among them are.
For instance, some person is named Erin, some person has the medical
condition diabetes; neither of those facts is sensitive. The linkage that Erin
has diabetes becomes sensitive.
Medical researchers want to study populations to determine incidence of

diseases, common factors, trends, and patterns. To preserve privacy,
researchers often deal with anonymized records: records from which
identifying information has been removed. If those records can be
reconnected to the identifying information, privacy suffers.
 Data Mining
• Private sector data mining is a lucrative and rapidly growing industry. The
more data are collected, the more opportunities open for learning from
various aggregations.
• Determining trends, market preferences, and characteristics may be good
because they lead to an efficient and effective market.
• Government Data Mining

• Privacy-Preserving Data Mining
1. Privacy for Correlation
2. Privacy for Aggregation
 Privacy on the Web
• Understanding the Online Environment
The Internet is like a big, unregulated bazaar. Every word you speak can be
heard by many others.
• Payments on the Web

Credit Card Payments
Payment Schemes
• Site and Portal Registrations

• Whose Page Is This?
Third-Party Ads
Contests and Offers
• Precautions for Web Surfing

Cookies are files of data put in place by a website. Third-party cookies permit
an aggregator to link information from a user’s visit to websites of different
organizations. There is online profiling. Sensitive information, such as credit
card number or even name and address, should be encrypted or otherwise
protected in the cookie.
Web Bugs invisible graphics embedded in an image that resides on a web page.
Solution is not to restrict the image but to restrict the action the bug can invoke.
However, restricting web bugs also restricts the richness of content display.
Spyware collects and reports activity by web users. Keystroke loggers
can seriously compromise privacy by obtaining passwords, bank account
numbers, contact names, and web-search arguments.
Hijackers Another category of spyware is software that hijacks a
program installed for a different purpose. The privacy issue for a service
such as Altnet is that even if a user authorizes use of spare computing
power or sharing or files or other resources, there may be no control
over access to other sensitive data on the user’s computer.
Adware displays selected advertisements in pop-up windows or in the
main browser window. Writers of adware software are paid to get their
clients’ ads in front of users. It is usually installed as part of another
piece of software without notice.
• Shopping on the Internet
Web merchants are under no obligation to price products the same for all
customers, or the same as other sellers price the same product.
Example is Amazon.com, which priced a DVD at 30 percent, 35 percent,

and 40 percent off list price concurrently to different customers.
A fair market occurs when seller and buyer have complete knowledge: If
both can see and agree with the basis for a decision, each knows the
other party is playing fairly.
 Email Security
• Where Does Email Go, and Who Can Access It?
Mail from Janet to Scott can easily involve at least six parties: (a) Janet and her computer,
(b) Janet’s organization’s SMTP server, (c) Janet’s organization’s ISP, (d) the ISP
connecting to Scott’s POP server, (e) Scott’s POP server, and (f) Scott and his computer.
Any of them can log the fact it was sent or can even keep a copy of the message .
• Interception of Email
Email is subject to interception and modification at many points from sender to recipient.
S/MIME and PGP are two widely used email protection programs. A virtual private
network can protect data on the connection between a client’s workstation and some
edge point, usually a router or firewall, at the organization to which the client belongs.
• Monitoring Email
In many countries, companies and government agencies can legitimately
monitor their employees’ email use. Similarly, schools and libraries can
monitor their students’ or patrons’ computer use. Network administrators
and ISPs can monitor traffic for normal business purposes, such as to
measure traffic patterns or to detect spam.
• Anonymous, Pseudonymous, and Disappearing Email

1. Simple Remailers
2. Multiple Remailers
3. Disappearing Email
• Spoofing and Spamming
Spoofing the source address of an email message is not difficult. This
limitation facilitates the sending of spam because it is impossible to
trace the real sender of a spam message.
Phishing is a form of spam in which the sender attempts to convince

the receiver to reveal personal data, such as banking details. The
sender enhances the credibility of a phishing message by spoofing a
convincing source address or using a deceptive domain name.
User awareness is the best defense.

 Privacy Impacts of Emerging
Technologies
• Radio Frequency Identification (RFID)
Consumer Products
Your shirt, shoes, pen, wallet, credit card, mobile phone, media player, and candy bar
wrapper might each have an RFID tag. One tag from an employee ID might reveal for
whom you work, another from a medicine bottle might disclose a medical condition.
RFID Tags for Individuals
Some people with an unusual medical condition have already had an RFID tag
permanently implanted on their bodies. This way, even if a patient is brought
unconscious to a hospital, the doctors can scan for a tag, receive the person’s unique
number, and look up the person’s medical record by that number.
• Electronic Voting
Privacy and the Voting Process
Generating and counting ballots is the most obvious step in the election
process; building and maintaining the list of eligible voters, recording who
has voted, supporting absentee ballots, and transmitting election results to
election headquarters are other important steps. Each of these has obvious
privacy implications.
Privacy-Preserving Technology
Encrypting a vote with the public key of the election board, could preserve
confidentiality. The difficulty is in ensuring that only authorized people can
vote and that an authorized person can vote only once .
• VoIP and Skype
Cellular telephony and Internet-based phone service have significantly
changed the situation of traditional telephony. Voice over IP (VoIP) is a
protocol for transmission of voice traffic over the Internet.
Major VoIP carriers include Skype, Google Talk, and Vonage.
Privacy can be sacrificed even if the voice traffic is solidly encrypted,
the source and destination of the phone call will be somewhat exposed
through packet headers.
• Privacy in Cloud
 Where the Field Is Headed
• Various privacy rights organizations, such as the Center for Democracy and Technology,
the Electronic Privacy Information Center (EPIC), Privacy.Org, and Privacy International,
and professional computing societies, such as IEEE and ACM, must continue their efforts.
• The Johns Hopkins Information Security Institute, of which Rubin is Technical Director,
has produced several good studies of privacy vulnerabilities.
• Annie Antón of Georgia Institute of Technology has developed tools to analyze privacy
policies.
• Bob Gellman is a well-respected consultant on privacy issues.
• IEEE Security & Privacy magazine has at least one article about privacy in every issue, in
its Privacy Interests department.
CLOUD
COMPUTING
INTRODUCTION
 What is a Cloud Service?
 Risks to consider when choosing cloud
Services
 Security tools
CLOUD COMPUTING
 A model “for enabling convenient, on-demand
network access to a shared pool of configurable
computing resources.”
 Consists of Networks, servers, storage, applications,
and services that are connected in
 Loose
 Easily configurable
CHARACTERISTICS
 On-demand self-service: If you are a cloud customer,
you can automatically ask for computing resources
(such as server time and network storage) as you
need them.
 Broad network access: You can access these services
with a variety of technologies, such as mobile phones,
laptops, desktops, and mainframe computers.
 Resource pooling: The cloud provider can put
together a large number of multiple and varied
resources to provide your requested services. This
“multitenant model” permits a single resource (or
collection of resources) to be accessed by multiple
customers, and a particular resource (such as
storage, processing or memory) can be assigned and
reassigned dynamically, according to the customers’
demands.
 Rapid elasticity: Services can quickly and
automatically be scaled up or down to meet a
customer’s need. To the customer, the system’s
capabilities appear to be unlimited.
 Measured service: Like water, gas, or telephone
service, use of cloud services and resources can be
monitored, controlled, and reported to both provider
and customer.
SERVICE MODELS
SOFTWARE AS A SERVICE
(SAAS)
 Software as a service (SaaS) is a software distribution model in which a
third-party provider hosts applications and makes them available to
customers over the Internet.
 SaaS is closely related to the application service provider (ASP) and on
demand computing software delivery models.
 the provider gives customers network-based access to a single copy of an
application that the provider created specifically for SaaS distribution.
 The application’s source code is the same for all customers and when new
features or functionalities are rolled out, they are rolled out to all customers
 There are SaaS applications for fundamental business
technologies, such as email, sales management, customer
relationship management (CRM), financial management,
human resource management (HRM), billing and collaboration.
Leading SaaS providers include Salesforce, Oracle, SAP, Intuit
and Microsoft.
 Advantages
ADVANTAGES
 removes the need for organizations to install and run
applications on their own computers or in their own data
centres.
 eliminates the expense of hardware acquisition, provisioning
and maintenance, as well as software licensing, installation
and support
 Flexible payments: Rather than purchasing software to install,
or additional hardware to support it, customers subscribe to a
SaaS offering. Generally, they pay for this service on a
monthly basis using a pay-as-you-go model
ADVANTAGES
 Scalable usage: Cloud services like SaaS offer high vertical scalability,
which gives customers the option to access more, or fewer, services or
features on-demand.
 Automatic updates: Rather than purchasing new software, customers
can rely on a SaaS provider to automatically perform updates and
patch management. This further reduces the burden on in-house IT staff.
 Accessibility and persistence: Since SaaS applications are delivered over
the Internet, users can access them from any Internet-enabled device and
location.
DISADVANTAGES
 Businesses must rely on outside vendors to provide the
software, keep that software up and running, track and report
accurate billing and facilitate a secure environment for the
business' data.
 Providers that experience service disruptions, impose
unwanted changes to service offerings, experience a security
breach or any other issue can have a profound effect on the
customers' ability to use those SaaS offerings.
PLATFORM AS A SERVICE
 cloud computing model in which a third-party provider delivers
hardware and software tools over the Internet.
 A PaaS provider hosts the hardware and software on its own
infrastructure.
 does not typically replace a business's entire IT infrastructure
 a business relies on PaaS providers for key services, such as
application hosting or Java development.
 Users can focus on creating and running applications rather
than constructing and maintaining the underlying
infrastructure and services.
ADVANTAGES
 The principal benefit of PaaS is simplicity and convenience for users -- the
PaaS provider supplies much of the infrastructure and other IT services,
which users can access anywhere via a web browser.
 providers then charge for that access on a per-use basis -- a model that
many enterprises prefer, as it eliminates the capital expenses they
traditionally have for on-premises hardware and software. Some PaaS
providers charge a flat monthly fee to access their service, as well as the
apps hosted within it.
DISADVANTAGES
 Service availability or resilience can be a concern with PaaS.
 If provider experiences a service outage or other infrastructure disruption,
this can adversely affect customers and result in costly lapses of
productivity.
 since users cannot easily migrate many of the services and much of the
data produced through one PaaS product to another competing product.,
evaluation of business risk is involved.
 Internal changes to a PaaS product : if a PaaS provider stops supporting a
certain programming language or opts to use a different set of
development tools, the impact on users can be difficult and disruptive.
 Eg:Google App Engine( supports distributed web applications using Java,
Python, PHP and Go), Heroku PaaS, Heroku PaaS etc.
INFRASTRUCTURE AS A
SERVICE (IAAS
 Infrastructure as a service (IaaS) is a service model that
delivers computer infrastructure on an outsourced basis to
support enterprise operations. Typically, IaaS provides
hardware, storage, servers and data center space or network
components
 Infrastructure as a service (IaaS) is also known as hardware as
a service (HaaS).
 IaaS provider provides policy-based services and is responsible
for housing, operating and maintaining the equipment it
provides for a client. Clients usually pay on a per-use or utility
computing basis.
CHARACTERISTICS OF IAAS
 Automated administrative tasks
 Dynamic scaling
 Platform virtualization
 Internet connectivity
ADVANTAGES
 it is often easier, faster and more cost-efficient to operate a
workload without having to buy, manage and support the
underlying infrastructure.
 a business can simply rent or lease that infrastructure from
another business.
 effective model for workloads that are temporary,
experimental or that change unexpectedly.
 business is developing a new software product, it might be
more cost-effective to host and test the application using an
IaaS provider.
DISADVANTAGES
 Cloud billing is extremely granular, and it is broken out to reflect the
precise usage of services.
 users to experience sticker shock -- or finding costs to be higher than
expected -- when reviewing the bills for every resource and service
involved in an application deployment.
 Insight is another common problem for IaaS users. Because IaaS providers
own the infrastructure, the details of their infrastructure configuration and
performance are rarely transparent to IaaS users.
 service resilience, availability and performance is highly dependent on the
provider.
 Egs :Amazon EC2, Windows Azure, Rackspace, Google Compute Engine
Cloud Computing
and Security
Cloud Computing Concepts, Moving to the Cloud, Cloud
Security Tools and Techniques, Cloud Identity Management,
Securing IaaS
Cloud Computing Concepts
• On-demand self-service.
• Broad network access.
• Resource pooling.
• Rapid elasticity.
• Measured service.
Service Models
Deployment Models
• Cloud computing implies export of processor, storage, applications,
or other resources. Sharing resources increases security risk.
• Private cloud has infrastructure that is operated exclusively by and for
the organization that owns it, but cloud management may be
contracted out to a third party.
• Community cloud is shared by several organizations and is usually
intended to accomplish a shared goal.
• Public cloud, available to the general public, is owned by an
organization that sells cloud services.
Moving to the Cloud
• Risk Analysis
Moving to a cloud model entails risks that must be accounted for.
• Cloud Provider Assessment
Cloud providers vary widely in terms of how much information they divulge about
security architecture.
Larger providers are likely to divulge more detail than smaller ones, and IaaS providers
are likely to divulge more detail than PaaS or SaaS providers.
 Large providers generally have more funding and staff available to address such
issues. IaaS services are so complex and customizable that customers need to know
how the services are architected, in order to understand how to configure them.
• Switching Cloud Providers
Vendor lock-in inhibits your switching providers.

Many potential security- and reliability-related events might drive a change
in providers:
1. major security vulnerability
2. changes its features or API specification
3. purchased by another company that is somehow incompatible with your needs
4. moved operations to a foreign country where you are prohibited from
maintaining your data
5. your provider goes out of business
 Different types of cloud services represent different migration
challenges.
1. SaaS offerings are often incompatible with competing services.
2. PaaS providers offer customers the tools to build hosted cloud
applications to program using cloud-based compilers (or scripting
engines), APIs, and databases.
3. IaaS offerings must maintain compatibility with common operating
systems and network protocols.
• Cloud as a Security Control
Cloud computing mitigates the risk of single points of failure.
Geographic diversity.
Platform diversity.
Infrastructure diversity.
In addition to mainstream cloud services providing redundancy and diversity to

business operation, other cloud services have sprung up to focus specifically on
security operations like
Email filtering.
DDoS protection.
Network monitoring.
Cloud Security Tools and
Techniques
• Data Protection in the Cloud
If the cloud service is a SaaS or PaaS, communication will likely take
place over HTTP, so you will want to choose a provider that requires
TLS by default and configures it well.
While well-configured TLS will be important for IaaS, it is unlikely to
be your only form of encrypted communication.
For services that communicate outside a protected enclave but do
not support TLS, SSH and VPNs are the standard protection
mechanisms.
• Cloud Storage
Storage is integral to SaaS offerings that allow customers to upload,
share, and sell photos, for instance, as well as to SaaS office suites
that let customers create, edit, and share documents.
PaaS offerings generally include cloud-hosted databases for storing
application data.
IaaS providers store customer VMs, network configuration
information, and any other data customers might upload.
 Shared storage involves a threat of access from sharing neighbors.
 Sharing cryptographic keys with cloud storage providers potentially
exposes sensitive data.
• Data Loss Prevention
1. Force users to go through the company network to get there. Many
cloud services give customer companies options to restrict users by
source IP address. If a user attempts to log in to the cloud service from
home or elsewhere without having an open VPN connection to the
company network (that is, without having a company-owned source IP
address), the login fails.
2. Insert the DLP capability at the network boundaries of the cloud

environment. This solution is generally only an option for IaaS
deployments because they are usually flexible enough to allow
customers to deploy DLP as a VM, as well as to configure their VM
networks so that all outgoing traffic must route through that DLP VM.
Cloud Application Security
• Writing secure software is no different in a cloud environment than in any
other, so Chapter 3 (programs and programming) serves as an excellent
starting point for this topic.
Logging and Incident Response

• The primary way that Security Operations Center (SOC) analysts identify
and investigate security incidents is with system log data.
• Most important thing a public cloud customer can do to prepare for
incident detection and response is to address logging and forensics when
writing SLAs with providers.
Cloud Identity Management
• Each user individually sign up for a user account at each cloud
provider. This approach, is fraught with problems.
• Solution to problems is a concept called federated identity
management (FIdM).
• FIdM “enables identity information to be developed and shared
among several entities and across trust domains…providing ‘single
sign-on’ convenience and efficiencies to identified individuals, identity
providers and relying parties.”
Security Assertion Markup
Language
• Security Assertion Markup Language (SAML) makes such exchanges possible.
It is an XML-based standard that defines a way for systems to securely
exchange user identity and privilege information.
• SAML defines three parties who participate in identity exchanges
The Service Provider (SP) or Relying Party: A SAML-enabled service, such as
the LMS, that needs to obtain identity information from a third party.
The Subject: The entity, be it user or system, that is attempting to log in to the
SP.
The Identity Provider (IdP) or Asserting Party: A SAML-enabled system that
can authenticate the Subject and make assertions about the Subject’s identity.
OAuth
• SAML is designed to handle authentication, authorization, and single
sign-on for users and systems, OAuth was built to handle a different
aspect of FIdM: API access.
• OAuth does not exchange identity information, just authorization.
• OAuth provides a nice security benefit by allowing users to give third-
party applications access to only the account resources they need,
and doing so without sharing passwords.
OAuth defines four roles:
1. The Resource Owner, analogous to the SAML subject, is the user
with a password-protected online account.
2. The Resource Server is the server on which the APIs reside.
3. The Client, analogous to the SAML SP, is the application that is
attempting to access the account APIs.
4. The Authorization Server, analogous to the SAML IdP, is the server
that can authenticate the resource owner and grant the client
access to the resource server.
Securing IaaS
• IaaS supports rapid elasticity at an infrastructure level, allowing you to
quickly stand up as many or as few servers as you need to meet demand,
paying only for the servers you actually use.
• IaaS is almost always built on virtualization: Service providers have large
networks of servers, each of which has a hypervisor that manages its VMs.
• Those hypervisors, in turn, are controlled by a cloud computing platform
—a software system that provisions, monitors, and manages workload on
a shared computing infrastructure.
5-step IaaS security checklist for
cloud customers
1. Understand the provider's security model
2. Encrypt data at rest
3. Patch consistently
4. Monitor and inventory
5. Manage access
Public IaaS Versus Private Network
Security
1. Shared infrastructure in IaaS incurs new threats that you need to
address.
2. There are typically more ways to access and control IaaS hosts than
traditional hosts, including via APIs.
3. IaaS removes many of the traditional constraints on network
security by making new VMs and private networks easy and cheap
to deploy.
 Shared Infrastructure
• Two threats - shared storage and shared network.
1. When you delete a file in the cloud, the file system deallocates it—
that is, forgets it exists—but the file stays on a hard drive
somewhere until it is overwritten.
2. IaaS providers use logical access controls to make sure that users
cannot sniff one another’s network traffic within the IaaS
environment.
 Host Access
1. Require multifactor authentication for the console interface.

2. Do not share accounts, and do not give any account more privileges
than necessary.
3. Use OAuth rather than passwords to give applications access to API
interfaces, and limit those applications’ privileges as much as
possible.
4. Use FIdM wherever possible so you manage only one set of user
accounts.
 Virtual Infrastructure
• In an IaaS environment, having every VM be as specialized as

possible is an excellent, if expensive, security practice.
• Run application whitelisting software that limits the OS to running
only the executables that you list, which should be the bare minimum
necessary.
• Configure a host-based firewall to limit network traffic—incoming
and outgoing—to whatever is absolutely necessary for running FTP,
maintaining the OS, and maintaining security.
• Turn off every unneeded privilege.
IaaS Security Enclaves
1. What is Cloud Computing?
a) Cloud Computing means providing services like storage, servers,

database, networking, etc
b) Cloud Computing means storing data in a database
c) Cloud Computing is a tool used to create an application
a) Cloud Computing means providing services like storage, servers,
database, networking, etc
b) Cloud Computing means storing data in a database
c) Cloud Computing is a tool used to create an application
2. Which of the following is not a type of cloud server?
a) Public Cloud Servers

b) Private Cloud Servers
c) Dedicated Cloud Servers
d) Merged Cloud Servers
a) Public Cloud Servers
b) Private Cloud Servers
c) Dedicated Cloud Servers
d) Merged Cloud Servers
3. Which of the following are the features of cloud computing?
a) Security
b) Availability
c) Large Network Access
d) All of the mentioned
a) Security
b) Availability
c) Large Network Access
4. Which of the following is the application of cloud computing?
a) Adobe
b) Paypal
c) Google G Suite
d) All of the above
a) Adobe
b) Paypal
c) Google G Suite
d) All of the above
5. Which of the following is an example of the cloud?
a) Amazon Web Services (AWS)

b) Dropbox
c) Cisco WebEx
d) All of the above
a) Amazon Web Services (AWS)
b) Dropbox
c) Cisco WebEx
d) All of the above
6. Applications and services that run on a distributed network using
virtualized resources is known as ___________
a) Parallel computing
b) Soft computing
c) Distributed computing
d) Cloud computing
a) Parallel computing
b) Soft computing
c) Distributed computing
d) Cloud computing
7. Which of the following is an example of a PaaS cloud service?
a) Heroku
b) AWS Elastic Beanstalk
c) Windows Azure
d) All of the above
a) Heroku
b) AWS Elastic Beanstalk
c) Windows Azure
d) All of the above
8. Which of the following is an example of an IaaS Cloud service?
a) DigitalOcean
b) Linode
c) Rackspace
d) All of the above
a) DigitalOcean
b) Linode
c) Rackspace
d) All of the above
9. Which of the following is the correct statement about cloud
computing?
a) Cloud computing abstracts systems by pooling and sharing resources

b) Cloud computing is nothing more than the Internet
c) The use of the word “cloud” makes reference to the two essential
concepts
a) Cloud computing abstracts systems by pooling and sharing resources
b) Cloud computing is nothing more than the Internet
c) The use of the word “cloud” makes reference to the two essential
concepts
10. Which of the following architectural standards is working with
cloud computing industry?
a) Web-application frameworks
b) Service-oriented architecture
c) Standardized Web services
a) Web-application frameworks
b) Service-oriented architecture
c) Standardized Web services
11. Which of the following is the correct statement?
a) Cloud computing presents new opportunities to users and

developers
b) Service Level Agreements (SLAs) is small aspect of cloud computing
c) Cloud computing does not have impact on software licensing
a) Cloud computing presents new opportunities to users and
developers
b) Service Level Agreements (SLAs) is small aspect of cloud computing
c) Cloud computing does not have impact on software licensing
12. Identify the wrong statement about cloud computing.
a) Virtualization assigns a logical name for a physical resource and then

provides a pointer to that physical resource when a request is made
b) Virtual appliances are becoming a very important standard cloud
computing deployment object
c) Cloud computing requires some standard protocols
a) Virtualization assigns a logical name for a physical resource and then
provides a pointer to that physical resource when a request is made
b) Virtual appliances are becoming a very important standard cloud
computing deployment object
c) Cloud computing requires some standard protocols
13. Which of the following is required by Cloud Computing?
a) That the identity be authenticated

b) That the authentication be portable
c) That you establish an identity
a) That the identity be authenticated
b) That the authentication be portable
c) That you establish an identity
14. Cloud computing is a concept that involves pooling physical
resources and offering them as which sort of resource?
a) cloud
b) real
c) virtual
a) cloud
b) real
c) virtual
15. Which of the following is the Cloud Platform provided by Amazon?
a) AWS
b) Cloudera
c) Azure
a) AWS
b) Cloudera
c) Azure
16. SaaS providers manage and secure all the following except:
a) Infrastructure
b) OS
c) Application stack
d) Access controls
a) Infrastructure
b) OS
c) Application stack
d) Access controls
17. In which environment do admins have the most control over cloud
app security?
a) SaaS
b) PaaS
c) IaaS
a) SaaS
b) PaaS
c) IaaS
• Does Access Control & Authentication is Necessary in cloud?
Yes, Both Access control and Authentication control are necessary with
proper password policy, Two-factor authentication, and Identity Access
Management Controls
• How will you make sure data stored in the cloud is secured?
1. Make sure the cloud server's data is stored encrypted

2. Determine algorithms to encrypt the data
• Name a Few Cloud Computing Attacks
1. Service Hijacking Using Social Engineering Attacks

2. Session Hijacking
3. DOS & DDOS Attack
4. MITM Attack
• What are the security controls we can implement in Cloud?
1. Monitoring the Client’s traffic for any malicious activities

2. Risk Assessment
3. Employ IDS/IPS
4. Enforce Strict Supply chain management
5. Enforce Legal Contracts
6. Enforce SLAs
Network Security
Network Concepts, Threats to Network Communications,

Wireless Network Security
 Network Concepts
• Network Transmission Media
Cable
Packet Sniffing
Radiation
Cable Splicing
Optical Fiber
Microwave
Satellite Communication
• Protocol Layers
Network communications are performed through a virtual concept
called the Open System Interconnection (or OSI) model.
This seven-layer model starts with an application that prepares data

to be transmitted through a network.
The data move down through the layers, being transformed and
repackaged; at the lower layers, control information is added in
headers and trailers.
Finally, the data are ready to travel on a physical medium, such as a
cable or through the air on a microwave or satellite link.
The interaction between layers in the
OSI model
An exchange using the OSI model
Summary of layers
• Protocols
• Addressing and Routing
At the network layer, a hardware device called a router actually sends the message
from your network to a router on the network somewhere.net. The network layer adds
two headers to show your computer’s address as the source and somewhere.net’s
address as the destination.
Packet: Smallest individually addressable data unit

transmitted
• Routing
• Ports
 Threats to Network
Communications
1. interception, or unauthorized viewing
2. modification, or unauthorized change
3. fabrication, or unauthorized creation
4. interruption, or preventing authorized access
Interception: Eavesdropping and
Wiretapping
• Wiretapping is the name given to data interception, often covert and
unauthorized. Encryption is the strongest and most commonly used
countermeasure against interception.
• What Makes a Network Vulnerable to Interception?
Anonymity: An attacker can mount an attack from thousands of miles
away and never come into direct contact with the system, its
administrators, or users. The potential attacker is thus safe behind an
electronic shield.
• Many Points of Attack: Sharing, System Complexity, Unknown Perimeter,
Unknown path
Modification, Fabrication: Data
Corruption
• Network data corruption occurs naturally because of minor failures of
transmission media. Corruption can also be induced for malicious
purposes. Both must be controlled.
1. Sequencing Attack
2. Substitution Attack
3. Insertion Attack
4. Replay Attack
5. Physical Replay Attack
6. Modification Attacks in General
Interruption: Loss of Service
Network design incorporates redundancy to counter hardware failures.
• Routing
Routing supports efficient resource use and quality of service. Misused, it can
cause denial of service.
• Excessive Demand
Denial-of-service attacks usually try to flood a victim with excessive demand.
• Component Failure
Being hardware devices, components fail; these failures tend to be sporadic,
individual, unpredictable, and nonmalicious.
Port Scanning
• A port scan maps the topology, hardware and software components
of a network segment.
• Port Scanning Tools (Nmap scanner, netcat, Nessus, CyberCop
Scanner, Secure Scanner, and Internet Scanner)
• Port Scanning Results (next slide)
• Harm from Port Scanning

Network and vulnerability scanners can be used positively for
management and administration and negatively for attack planning.
POP Server Session
Creation
Nmap Scanner
Output
 Wireless Network Security
• WiFi Background
Wireless traffic uses a section of the radio spectrum, so the signals are available to anyone with
an effective antenna within range.
Wireless Communication
Wireless (and also wired) data communications are implemented through an orderly set of
exchanges called a protocol. 802.11 Protocol Suite:
1. Describe how devices communicate in the 2.4 GHz radio signal band (essentially 2.4 GHz–2.5
GHz) allotted to WiFi.
2. The band is divided into 14 channels or subranges within the band; these channels overlap to
avoid interference with nearby devices.
3. WiFi devices are designed to use only a few channels, often channels 1, 6, and 11. Wireless
signals can travel up to 100 meters although the quality of the signal diminishes with distance.
• WiFi Access Range
• WiFi Frames
Each WiFi data unit is called a frame. Each frame contains three fields: MAC
header, payload, and FCS (frame check sequence).
• Management Frames
They control the establishment and handling of a series of data flows.
Management Frames Types
1. Beacon. Each access point periodically sends a beacon frame to
announce its presence and relay information, such as timestamp,
identifier, and other parameters regarding the access point.
2. Authentication. A NIC initiates a request to interact with an access
point by sending its identity in an authentication frame.
3. Association request and response. Following authentication, a NIC
requests an access point to establish a session, meaning that the
NIC and access point exchange information about their capabilities
and agree on parameters of their interaction.
A Service Set Identifier (SSID), is the identification of an access point; it is a

string of up to 32 characters chosen by the access point’s administrator.
• Vulnerabilities in Wireless Networks
1. Confidentiality
2. Integrity
3. Availability
• Wireless attacks
 Unauthorized WiFi Access
 WiFi Protocol Weaknesses
 Picking Up the Beacon
 SSID in All Frames
• Authentication in Wireless Networks
Access points can manage lists of MAC addresses of devices with which
they will accept connections. Thus, authentication in step 2 could be
accomplished by accepting only devices on the positive accept list.
• Changeable MAC Addresses
An operating system can send any address as if it were the MAC
address of a NIC. Changing the NIC’s MAC address not only undermines
MAC-based authentication on an access point, it can lead to a larger
attack called MAC spoofing, in which one device impersonates another,
thereby assuming another device’s communication session.
• Stealing the Association
• Preferred Associations
Failed Countermeasure: WEP (Wired
Equivalent Privacy)
WEP Security Weaknesses
Weak Encryption Key
Static Key
Weak Encryption Process
Weak Encryption Algorithm
Initialization Vector Collisions
Faulty Integrity Check
No Authentication
Bottom Line: WEP Security Is Unacceptable
Stronger Protocol Suite: WPA (WiFi
Protected Access)
• Strengths
1.Non-Static Encryption Key
2.Authentication
3.Strong Encryption
4.Integrity Protection
5.Session Initiation
• Attacks on WPA
Man-in-the-Middle, Incomplete Authentication, Exhaustive Key Search
Internet Control Message Protocol
(ICMP)
1
Overview
• The IP (Internet Protocol) relies on several other protocols to

perform necessary control and routing functions:
• Control functions (ICMP)
• Multicast signaling (IGMP)
• Setting up routing tables (RIP, OSPF, BGP, PIM, …)
Routing
RIP OSPF BGP PIM
ICMP IGMP Control
2
Overview
• The Internet Control Message Protocol (ICMP) is a

helper protocol that supports IP with facility for
– Error reporting
– Simple queries
• ICMP messages are encapsulated as IP datagrams:
IP header ICMP message
IP payload
3
ICMP message format
bit # 0 7 8 15 16 23 24 31
type code checksum
additional information
or
0x00000000
4 byte header:
• Type (1 byte): type of ICMP message
• Code (1 byte): subtype of ICMP message
• Checksum (2 bytes): similar to IP header checksum.
Checksum is calculated over entire ICMP message
If there is no additional data, there are 4 bytes set to zero.
 each ICMP messages is at least 8 bytes long
4
ICMP Query message
ICMP Request
ICMP Reply
Host Host or router
ICMP query:
• Request sent by host to a router or host
• Reply sent back to querying host
5
Example of ICMP Queries
Type/Code: Description
8/0 Echo Request

0/0 Echo Reply
13/0 Timestamp Request

14/0 Timestamp Reply
10/0
9/0
Router Solicitation
Router Advertisement The ping command
uses Echo Request/
Echo Reply
6
Example of a Query:
Echo Request and Reply
• Ping’s are handled directly by the kernel

• Each Ping is translated into an ICMP Echo Request
• The Ping’ed host responds with an ICMP Echo Reply
ICMP ECH
O REQUES
T
Host Host
or or
Router router
RE PLY
M P ECHO
IC
7
Example of a Query:
ICMP Timestamp
• A system (host or router) asks Sender
Timestamp
Request
another system for the current time.
• Time is measured in milliseconds Receiver
after midnight UTC (Universal

Timestamp
Coordinated Time) of the current Reply
day
• Sender sends a request, receiver
responds with reply
Type Code
Checksum
(= 17 or 18) (=0)
identifier sequence number
32-bit sender timestamp
32-bit receive timestamp
32-bit transmit timestamp
8
ICMP Error message
IP datagram IP datagram
is discarded
ICMP Error
Message
Host Host or router
• ICMP error messages report error conditions

• Typically sent when a datagram is discarded
• Error message is often passed from ICMP to the
application program
9
ICMP Error message
ICMP Message
from IP datagram that triggered the error
IP header ICMP header IP header 8 bytes of payload
type code checksum
Unused (0x00000000)
• ICMP error messages include the complete IP header and

the first 8 bytes of the payload (typically: UDP, TCP)
10
Frequent ICMP Error message
Type Code Description
3 0–15 Destination Notification that an IP datagram could not be

unreachable forwarded and was dropped. The code field
contains an explanation.
5 0–3 Redirect Informs about an alternative route for the
datagram and should result in a routing table
update. The code field explains the reason for
the route change.
11 0, 1 Time Sent when the TTL field has reached zero
exceeded (Code 0) or when there is a timeout for the
reassembly of segments (Code 1)
12 0, 1 Parameter Sent when the IP header is invalid (Code 0) or
problem when an IP header option is missing (Code 1)
11
Some subtypes of the “Destination Unreachable”
Code Description Reason for Sending

0 Network No routing table entry is available for the destination
Unreachable network.
1 Host Destination host should be directly reachable, but
Unreachable does not respond to ARP Requests.
2 Protocol The protocol in the protocol field of the IP header is
Unreachable not supported at the destination.
3 Port The transport protocol at the destination host cannot
Unreachable pass the datagram to an application.
4 Fragmentation IP datagram must be fragmented, but the DF bit in the
Needed IP header is set.
and DF Bit Set
12
Example: ICMP Port Unreachable
• RFC 792: If, in the destination host, the IP module cannot deliver the datagram because the indicated protocol module or process port is not
active, the destination host may send a destination unreachable message to the source host.
• Scenario:
Request
a
service
No process
at a por
t 80 is waiting
at port 80
Client Server
t e
Por achabl
e
Unr
13
IP Packet
• Version - A 4-bit field that identifies the IP version being used. The current
version is 4, and this version is referred to as IPv4.
• Length - A 4-bit field containing the length of the IP header in 32-bit
increments. The minimum length of an IP header is 20 bytes, or five 32-bit
increments. The maximum length of an IP header is 24 bytes, or six 32-bit
increments. Therefore, the header length field should contain either 5 or 6.
• Type of Service (ToS) - The 8-bit ToS uses 3 bits for IP Precedence, 4 bits for
ToS with the last bit not being used. The 4-bit ToS field, although defined,
has never been used.
• IP Precedence - A 3-bit field used to identify the level of service a packet
receives in the network.
• Differentiated Services Code Point (DSCP) - A 6-bit field used to identify
the level of service a packet receives in the network. DSCP is a 3-bit
expansion of IP precedence with the elimination of the ToS bits.
• Total Length - Specifies the length of the IP packet that includes the IP
header and the user data. The length field is 2 bytes, so the maximum size
of an IP packet is 216 – 1 or 65,535 bytes.
• Identifier, Flags, and Fragment Offset - As an IP packet moves through the
Internet, it might need to cross a route that cannot handle the size of the
packet. The packet will be divided, or fragmented, into smaller packets
and reassembled later. These fields are used to fragment and reassemble
packets.
• Time to Live (TTL) - It is possible for an IP packet to roam aimlessly
around the Internet. If there is a routing problem or a routing loop, then
you don't want packets to be forwarded forever. A routing loop is when a
packet is continually routed through the same routers over and over. The
TTL field is initially set to a number and decremented by every router
that is passed through. When TTL reaches 0 the packet is discarded.
• Protocol - In the layered protocol model, the layer that determines which
application the data is from or which application the data is for is
indicated using the Protocol field. This field does not identify the
application, but identifies a protocol that sits above the IP layer that is
used for application identification.
• Header Checksum - A value calculated based on the contents of the IP
header. Used to determine if any errors have been introduced during
transmission.
• Source IP Address - 32-bit IP address of the sender.
• Destination IP Address - 32-bit IP address of the intended recipient.
• Options and Padding - A field that varies in length from 0 to a multiple
of 32-bits. If the option values are not a multiple of 32-bits, 0s are
added or padded to ensure this field contains a multiple of 32 bits.
Network Security
Denial of Service, Distributed Denial-of-Service Strategic

Defenses: Security Countermeasures, Cryptography in
Network Security
 Denial of Service
• A denial-of-service, or DoS, attack is an attempt to defeat availability,
a user is denied access to authorized services or data. Confidentiality
and integrity are concerned with preventing unauthorized access;
while availability is concerned with preserving authorized access.
• How Service Is Denied?

DOS can occur from excessive volume, a failed application, a severed
link, or hardware or software failure.
• Flooding
An attacker can try for the same overloading effect by presenting commands more
quickly than a server can handle them; if the commands continue to come too quickly,
the server eventually runs out of space to store the demand. Such an attack is called an
overload or flood.
• Blocked Access
An attacker may simply prevent a service from functioning, could exploit a software
vulnerability in an application and cause the application to crash. Or the attacker could
interfere with the network routing mechanisms, preventing access requests from getting
to the server.
• Access Failure
Hardware and software fail from time to time; of course, it always seems that such
nonmalicious failures occur only at critical times. Software stops working due to a flaw,
or a hardware device wears out or inexplicably stops.
Flooding Attacks in Detail
Insufficient Resources
Insufficient Capacity
twork Flooding Caused by Malicious Code

ICMP (Internet Control Message Protocol) include:
1. ping, which requests a destination to return a reply, intended to show that the destination
system is reachable and functioning.
2. echo, which requests a destination to return the data sent to it, intended to show that the
connection link is reliable (ping is actually a version of echo)
3. destination unreachable, which indicates that a destination address cannot be accessed.
4. source quench, which means that the destination is becoming saturated and the source
should suspend sending packets for a while.
1. Ping of Death Attack
It is a simple attack, using the ping command that is ordinarily used to test
response time from a host. Since ping requires the recipient to respond to the
packet, all the attacker needs to do is send a flood of pings to the intended victim.
The attack is limited by the smallest bandwidth on the attack route.
2. Smurf Attack
Attacker chooses a network of unwitting victims that become accomplices. The
attacker spoofs the source address in the ping packet so that it appears to come
from the victim, which means a recipient will respond to the victim. Then, the
attacker sends this request to the network in broadcast mode by setting the last
byte of the address to all 1s.
3. Echo-chargen Attack
This attack works between two hosts. Chargen is an ICMP protocol that generates a
stream of packets to test the network’s capacity. Echo is another ICMP protocol
used for testing; a host receiving an echo returns everything it receives to the
sender.
4. SYN Flood Attack
• This attack uses the TCP protocol suite, making the session-oriented nature of
these protocols work against the victim.
• For a protocol such as Telnet or SMTP, the protocol peers establish a virtual
connection, called a session, to synchronize the back-and-forth, command–
response nature of the interaction. A session is established with a three-way TCP
handshake.
Network Flooding by Resource Exhaustion
• IP Fragmentation: Teardrop
Denial of Service by Addressing Failures
• DNS Spoofing
• Rerouting Routing
Router Advertises Its Subnet Router Advertises Its Own Subnet and Its Neighbor’s
Router Propagates Routing Information More Complex Router Connectivity Diagram
• Router Takes Over a Network
Routers communicate available paths by the BGP (Border Gateway Protocol),
which is complex, so attacks against it are sophisticated but certainly feasible.
Details such as timing and sequence numbers must be captured and used
correctly.
A successful attacker, however, can redirect, read, copy, modify, or delete all
traffic of the network under attack.
• Source Routing and Address Spoofing

A more vicious use of source routing is to force data to flow through a
malicious router or network link.
• Traffic Redirection
DNS Attacks
1. Name Server Application Software Flaws
By overtaking a name server or causing it to cache spurious entries, an
attacker can redirect the routing of any traffic, with an obvious implication
for denial of service.
2. Top-Level Domain Attacks
In 2002 attack, a massive flood of traffic inundated the Internet’s top-level
domain DNS servers (.com,.edu, .fr, .uk, .org, or .biz). In 2005, attackers used
a flaw in a Symantec firewall to allow a change in the DNS records used on
Windows machines.
3. DNS Cache Poisoning
In cache poisoning an incorrect name-to-address DNS conversion is placed in
and remains in a translation cache.
4. Session Hijack
IP Header
TCP Header
TCP Session Hijack
Exploiting Known Vulnerabilities
Hacker tools often begin with a known vulnerability, sometimes a well-
known one for which a patch has long been available; A zero-day exploit
is one for which an exploitation occurs before the vulnerability is publicly
known and hence before a patch is available.
Physical Disconnection
A network consists of appliances, connectors, and transmission media,
any of which can fail. A broken cable, faulty circuit board, or
malfunctioning switch or router can cause a denial of service just as
harmful as a hacker attack.
1. Transmission Failure
2. Component Failure
 Distributed Denial-of-Service
Distributed denial-of-service attacks change the balance between
adversary and victim by marshalling many forces on the attack side.
• Scripted Denial-of-Service Attacks
Compromised zombies to augment an attack are located by scanning
random computers for unpatched vulnerabilities.
• Bots and Botnets
• Botnet Command and Control Update
Bots coordinate with each other and with their

master through ordinary network channels,
such as Internet Relay Chat (IRC) channels, peer-
to-peer networking (which has been used for
sharing music over the Internet) or other
network protocols (including HTTP).
• Rent-A-Bot
• Opt-In Botnets
Malicious Autonomous Mobile Agents

Bots belong to a class of code known more generally as malicious
autonomous mobile agents.
1. Working largely on their own, these programs can infect computers
anywhere they can access, causing denial of service as well as other kinds
of harm.
2. Code does not develop, appear, or mutate on its own; there has to be a
developer involved initially to set up the process and, usually, to establish
a scheme for updates.
3. Such an agent is sometimes called an inoculation agent.
Autonomous Mobile Protective Agents
In the same way that attackers have developed networks for harm, security researchers
have postulated how good agents could help heal after a malicious code infection.
Example: A German teenager, Sven Jaschen, wrote and released a worm called NetSky in
February 2004. He claimed his intention was to remove infections of the widespread
MyDoom and Bagle worms from infected computers by closing the vulnerabilities those
worms exploit.
Coping with DDoS Attacks

Administrators can address ordinary DoS attacks by means of techniques such as:
tuning (adjusting the number of active servers), load balancing (evening the computing
load across available servers), shunning (reducing service given to traffic from certain
address ranges), and blacklisting (rejecting connections from certain addresses).
These same techniques are used against DDoS attacks, applied on a larger scale and at
the network perimeter.
 Cryptography in Network
Security
• Network Encryption
1. Encryption protects only what is encrypted. Recognize that data are
exposed between a user’s fingertips and the encryption process
before they are transmitted, and they are exposed again once they
have been decrypted on the remote end.
2. Designing encryption algorithms is best left to professionals.
3. Encryption is no more secure than its key management.
4. Encryption is not a panacea or silver bullet. A flawed system design
with encryption is still a flawed system design.
Modes of Network Encryption
1. Link Encryption
2. End-to-End Encryption
Comparison of Encryption Methods
• Browser Encryption
1. SSH Encryption
SSH provides an authenticated and encrypted path to the shell or operating
system command interpreter. SSH protects against spoofing attacks and
modification of data in communication.
2. SSL and TLS Encryption
SSL encryption covers communication between a browser and the remote web
host.
3. Cipher Suite
 Client and server negotiate encryption algorithms, called the cipher suite, for
authentication, session encryption, and hashing.
 The Internet Assigned Numbers Authority (IANA) globally coordinates the DNS
Root, IP addressing, and other Internet protocol resources, including cipher
suites.
4. SSL Session
• Onion Routing
To send untraceable data from Source to Destination, Source picks some number
of forwarding hosts, call them A, B and C.
Source begins by encrypting the communication (message) under Destination’s
public key. Source then appends a header from C to Destination, and encrypts
the result under C’s public key. Source then puts a header on that from B to C
and encrypts that under B’s public key. Source then puts a header on that
communication from A to B and encrypts that under A’s public key. Finally,
Source puts on a header to send the package to A.
Upon receiving the package, A decrypts it and finds instructions to forward the
inner package to B. B then decrypts it and finds instructions to forward the inner
package to C. C then decrypts it and finds instructions to forward the inner
package to Destination.
IP Security Protocol Suite
(IPsec)
• IPsec Security Association
Set of security parameters for a secured communication channel. Includes
1. encryption algorithm and mode (for example, AES)
2. encryption key
3. encryption parameters, such as the initialization vector
4. authentication protocol and key
5. life span of the association, to permit long-running sessions to select a
new cryptographic key as often as needed
6. address of the opposite end of association
7. sensitivity level of protected data (usable for classified data)
• Headers and Data
Figure: IPsec Encapsulated Security Payload (ESP)
Figure: Protection of ESP in IPsec

• Key Management
Ipsec uses the Internet Security Association Key Management Protocol (ISAKMP)
which requires that a distinct key be generated for each security association .
• Modes of Operation
Virtual Private Networks
System Architecture
(a) Visible Devices (b) Less Visible Devices

Multiple Protected Subnets
Network Security
Firewalls
Intrusion Detection and Prevention Systems
Network Management
 Firewalls
A firewall is a computer traffic cop that permits or blocks data flow
between two parts of a network architecture.
It is the only link between parts.
Design of Firewalls
Policy
Trust
OSI Reference Model
Types of Firewalls
1. Packet filtering gateways (or screening routers)

2. Stateful inspection firewalls
3. Application-level gateways (or proxies)
4. Circuit-level gateways
5. Guards
6. Personal firewalls
1. Packet filtering gateways (or screening routers)
A packet filter that blocks access from (or to) addresses in one network; the
filter allows HTTP traffic but blocks traffic by using the Telnet protocol.
Packet filters operate at OSI level 3.
2. Stateful Inspection Firewall
Maintains state information from one packet to another in the input stream.
3. Application Proxy
Application proxy gateway (also called a bastion host) is a two-headed
device: From inside, the gateway appears to be the outside (destination)
connection, while to outsiders the proxy host responds just as the insider
would.
4. Circuit-Level Gateway
A circuit is a logical connection that is maintained for a period of time, then
torn down or disconnected. The firewall verifies the circuit when it is first
created. After the circuit has been verified, subsequent data transferred over
the circuit are not checked.
5. Guard
The guard determines what services to perform on the user’s behalf in
accordance with its available information, such as whatever it can reliably
ascertain of the (outside) user’s identity, previous interactions, and so
forth.
1. A university wants to allow its students to use email up to a limit of so many

messages or so many characters of email in the last so many days. Although this result
could be achieved by modifying email handlers, it is more easily done by monitoring
the common point through which all email flows, the mail transfer protocol.
2. A school wants its students to be able to access the World Wide Web but, because of
the capacity of its connection to the web, it will allow only so many bytes per second
(that is, allowing text mode and simple graphics but disallowing complex graphics,
video, music, or the like).
6. Personal Firewall
It is a program that runs on a single host to monitor and control traffic to
that host. It can only work in conjunction with support from the operating
system.
It is configured to enforce some policy. For example, the user may decide
that certain sites, such as computers on the company network, are highly
trustworthy, but most other sites are not.
Combining a malware scanner with a personal firewall is both effective and
efficient. With the combination of a virus scanner and a personal firewall,
the firewall directs all incoming email to the virus scanner, which examines
every attachment the moment it reaches the target host and before it is
opened.
Comparison of Firewall Types
Example Firewall Configurations
Screening Router
Firewall on separate LAN
Application Proxy
Demilitarized Zone
What Firewalls Can—and Cannot—Block
• Firewalls can protect an environment only if the firewalls control the
entire perimeter. They do not protect data outside the perimeter.
• Firewalls are the most visible part of an installation to the outside, so
they are the most attractive target for attack.
• Firewalls must be correctly configured, that configuration must be
updated as the internal and external environment changes.
• Firewalls are targets for penetrators.
• Firewalls exercise only minor control over the content admitted to the
inside.
Network Address Translation
(NAT)
Data Loss Prevention (DLP)
• A set of technologies designed to detect and possibly prevent
attempts to send data where it is not allowed to go.
• Typical data of concern are classified documents, proprietary
information, and private personal information (e.g., social security
numbers, credit card numbers).
• DLP can be implemented in a number of ways: Agent-based systems,
Network-based solutions, other solutions may be application-specific.
• DLP solutions will generally look for a variety of indicators: Keywords,
Traffic patterns, Encoding/encryption.
 Intrusion Detection and
Prevention Systems
An intrusion detection system (IDS) is a device, typically another separate
computer, that monitors activity to identify malicious or suspicious events.
An IDS is a sensor, like a smoke detector, that raises an alarm if specific
things occur.
Types of IDSs
• Signature-based intrusion detection systems perform simple pattern-
matching and report situations that match a pattern (signature)
corresponding to a known attack type. Signature-based IDSs are limited to
known patterns.
• Heuristic intrusion detection systems, also known as anomaly based, build

a model of acceptable behavior and flag exceptions to that model; It learn
characteristics of unacceptable behavior over time. This learning occurs as
an artificial intelligence component of the tool, the inference engine,
identifies pieces of attacks and rates the degree to which these pieces are
associated with malicious behavior.
Stateful Protocol Analysis
• Front End Versus Internal IDSs
A front-end device monitors traffic as it enters the network and thus can
inspect all packets; it can take as much time as needed to analyze them,
and if it finds something that it classifies as harmful, it can block the packet
before the packet enters the network.
An internal device monitors activity within the network. if one computer
begins sending threatening packets to another internal computer, for
example, an echo–chargen stream, the internal IDS would be able to detect
that.
• Network based or Host based IDSs

A HIDS monitors host traffic; a NIDS analyzes activity across a whole network
to detect attacks on any network host.
• IDS is Protocol level inspection technology
1. Ping and echo commands require the IDS to inspect the individual
packets to determine packet type.
2. Malformed packets require the IDS to detect an error in the general
structure of the packet.
3. Fragmentation requires the IDS to recognize over time that the
separate pieces of the data unit cannot be reassembled correctly.
4. Buffer overflow attacks require the IDS to monitor applications.
• intrusion prevention system (IPS) extend IDS technology with built-in
protective response. IPS, tries to block or stop harm.
• Intrusion Response
Responding to Alarms
Responses fall into three major categories :
Monitor, collect data, perhaps increase amount of data collected.
Protect, act to reduce exposure.
Signal an alert to other protection components.
Call a human.
Adaptive Behavior
1. Continue to monitor the network.
2. Block the attack by redirecting attack traffic to a monitoring host, discarding the
traffic, or terminating the session.
3. Reconfigure the network by bringing other hosts online (to increase capacity) or
adjusting load balancers.
4. Adjust performance to slow the attack, for example, by dropping some of the
incoming traffic.
5. Deny access to particular network hosts or services.
6. Shut down part of the network.
7. Shut down the entire network.
Counterattack
Offensive action must be taken with great caution for several reasons:
1. The apparent attacker may not be the real attacker. Determining the true
source and sender of Internet traffic is not foolproof. Taking action against
the wrong party only makes things worse.
2. A counterattack can lead to a real-time battle in which both the defenses
and offenses must be implemented with little time to assess the situation.
3. Retaliation in anger is not necessarily well thought out.
4. Legality can shift. Measured, necessary action to protect one’s resources is
a well-established legal principle. Taking offensive action opens one to
legal jeopardy, comparable to that of the attacker.
5. Provoking the attacker can lead to escalation. The attacker can take the
counterattack as a challenge.
Goals for Intrusion Detection
Systems
• Filter on packet headers and packet content.
• Maintain connection state.
• Use complex, multipacket signatures.
• Use minimal number of signatures with maximum effect.
• Filter in real time, online.
• Hide its presence.
• Use optimal sliding-time window size to match signatures
Stealth Mode
Accurate Situation Assessment
 Network Management
Management to Ensure Service
Network activity is dynamic, administrators need to monitor network
performance and adjust characteristics as necessary.
Capacity Planning
Load balancing
Network Tuning
Network Addressing
Shunning
Blacklisting and Sinkholing
Security Information and Event
Management (SIEM)
• A Security Operations Center (SOC)
• Data Collection
• SIEM Challenges
1. Cost
2. Data portability
3. Log-source compatibility
4. Deployment complexity
5. Customization
6. Data storage
7. Segregation and access control
8. Full-time maintenance
9. User training
Network Security
Exercise
• Identify sequence number, window length, source port number and
destination port number from the following TCP header in
hexadecimal format:
05320017 00000001 000000000 500207FF 00000000

• since each hex = 4 bits , we need to first split the above hex as such
05 32 00 17 00 00 00 01 00 00 00 00 50 02 07 FF 00 00 00 00
• source port is 2 bytes take 05 32 = 1330

• next 2 bytes as destination address 00 17 == 23 (default TCP port)
• next 4 bytes as sequence number 00 00 00 01 ==1
• next 4 bytes as ack 00 00 00 00 == 0
• next 4 bits as HLEN 5 ==5 -- this indicates number of sets of 4 bytes which makes the header
lenght = 20bytes..
• next 6 bits are reserved i.e.0 =0000and 2 bits from hex 0
• next 6 bits are control bits = remaining 2 bits from hex 0 and 4 bits of 2
• next 2 bytes indicate the window length 07 FF == 2047 bytes
• Checksum 2 bytes 00 00 = 0
• Urgent pointer 2 bytes 00 00 =0
• A TCP machine is sending windows of 65535B over a 1 Gbps channel
that has a 10 msec one way delay.
What is the maximum throughput achievable?
What is the line efficiency?
• Window size = 65535 bytes, Bandwidth = 1 Gbps, One way delay = 10
msec
• Maximum Achievable Throughput

= Number of bits sent per second
= 65535 B / 20 msec
= (65535 x 8 bits) / (20 x 10-3 sec)
= 26.214 Mbps
• Line Efficiency
= Throughput / Bandwidth
= 26.214 Mbps / 1 Gbps
= 26.214 x 10-3
= 0.026214
= 2.62%
• If WAN link is 2 Mbps and RTT between source and destination is
300 msec, what would be the optimal TCP window size needed to
fully utilize the line?
i. 60,000 bits
ii. 75,000 bytes
iii. 75,000 bits
iv. 60,000 byte
• Given- Bandwidth = 2 Mbps, RTT = 300 msec
• Optimal TCP window size
= Maximum amount of data that can be sent in 1 RTT
= 2 Mbps x 300 msec
= 600 x 103 bits
= 60,0000 bits
= 75,000 bytes
• Thus, Option (ii) is correct.

IP Address in Networking
• IP Address is a unique address assigned to each computing device in
an IP network.
• For any given IP Address,
If the range of first octet is [1, 126], then IP Address belongs to class A.
If the range of first octet is [128, 191], then IP Address belongs to class B.
If the range of first octet is [192, 223], then IP Address belongs to class C.
If the range of first octet is [224, 239], then IP Address belongs to class D.
If the range of first octet is [240, 254], then IP Address belongs to class E.
• For any given IP Address,
• IP Address of its network is obtained by setting all its Host ID part bits to 0.
• Direct Broadcast Address is obtained by setting all its Host ID part bits to 1.
• For any network, its limited broadcast address is always

255.255.255.255
• Class D IP Addresses are not divided into Net ID and Host ID parts.
• Class E IP Addresses are not divided into Net ID and Host ID parts.
• Identify the Class, Network IP Address, Direct broadcast address and
Limited broadcast address of each IP Address
1.2.3.4
130.1.2.3
200.1.10.100
250.0.1.2
• How many bits are allocated for Network ID and Host ID in
23.192.157.234 address?
Given IP Address belongs to class A.

Thus,
Number of bits reserved for Network ID = 8
Number of bits reserved for Host ID = 24
• A host with IP Address 200.100.1.1 wants to send a packet to all the
hosts in the same network. What will be-
Source IP Address
Destination IP Address
• What is the difference between hub and switch?
• What are the factors that affect the performance of the network?
• Which layers are referred to as network support layers?

• What are the different types of network security
tools?
Management and
Incidents
• Security planning
• Incident response and business continuity planning
• Risk analysis
• Handling natural and human-caused disasters
Handling Incidents
• Incident Response Plans
Details how to address security incidents of all types. It should
define what constitutes an incident
identify who is responsible for taking charge of the situation
describe the plan of action
• The plan usually has three phases: advance planning, triage, and
running the incident. A fourth phase, review, is useful after the
situation abates.
Advance Planning
An incident response plan tells whom to contact in the event of an Incident,
which may be just an unconfirmed, unusual situation.
Responding
Response team is the set of people charged with responding to the incident.
May include – director, technician(s), advisor(s).
To develop policy and identify a response team, consider certain matters like
Legal issues, Preserving evidence, Records, Public relations.
After the Incident Is Resolved
Is any security control action to be taken?
Did the incident response plan work?
• Incident Response Teams
computer security incident response teams (CSIRTs) or computer emergency
response teams (CERTs) are standard at large private and government
organizations, as well as many smaller ones.
Types of CSIRTs:
a full organizational response team
coordination centers
national CSIRTs
sector CSIRTs
vendor CSIRTs
outsourced CSIRT teams
CSIRT Activity: Reporting, Detection, Triage, Response, Post-mortem,
Education
Team Membership
Response teams need a variety of skills, including the ability to
• collect, analyze, and preserve digital forensic evidence
• analyze data to infer trends
• analyze the source, impact, and structure of malicious code
• help manage installations and networks by developing defences
• perform penetration testing and vulnerability analysis
• understand current technologies used in attacks
Information Sharing and Determining Incident Scope

Risk Analysis
A loss associated with an event.
The likelihood that the event will occur.
The degree to which we can change the outcome.
• Risk control is a set of actions to reduce or manage risk.
• we can quantify the effects of a risk by multiplying the risk impact by
the risk probability, yielding the risk exposure.
• Risk leverage is the difference in risk exposure divided by the cost of
reducing the risk.
Strategies
• avoid the risk by changing requirements for security or other system
characteristics.
• transfer the risk by allocating the risk to other systems, people,
organizations, or assets; or by buying insurance to cover any financial
loss should the risk become a reality.
• assume the risk by accepting it, controlling it with available resources
and preparing to deal with the loss if it occurs.
Steps of a Risk Analysis
1. Identify assets
2. Determine vulnerabilities
3. Estimate likelihood of exploitation
4. Compute expected annual loss
5. Survey applicable controls and their costs
6. Project annual savings of control
• Identify Assets: hardware, software, data, people, documentation,
supplies, reputation and availability
• Determine Vulnerabilities: confidentiality, integrity and

availability of assets and security properties
Attributes Contributing to Vulnerabilities? Techniques (HAZOP, FMEA, FTA)
• Estimate Likelihood of Exploitation

Likelihood of occurrence relates to the stringency of the existing
controls and the likelihood that someone or something will evade the
existing controls
Comparing Quantitative to Qualitative Risk Assessment
• Compute Expected Loss
legal obligations?
business requirements and agreements? Does the organization have to pay a penalty?
could release of a data item cause harm to a person or organization?
could unauthorized access to a data item cause the loss of future business opportunity?
 psychological effect of lack of computer service? Embarrassment? Loss of credibility?
Loss of business? How many customers would be affected? their value as customers?
 value of access to data or programs? Could this computation be deferred? Could this
computation be performed elsewhere? How much would it cost to have a third?
value to someone else of having access to data or programs?
other problems would arise from loss of data? data be replaced or reconstructed?
• Survey and Select New Controls
Choosing Controls
Controls can overlap
Controls have positive and negative effects
Controls are not perfect
Which Controls Are Best?

There is no single best set of controls. One control is stronger, another
is more usable, another prevents harm instead of detecting it
afterwards, and still another protects against several types of
vulnerabilities
• Project Costs and Savings
The effective cost of a given control is the actual cost of the control
(such as purchase price, installation costs, and training costs) minus
any expected loss from using the control (such as administrative or
maintenance costs).
Thus, the true cost of a control may be positive if the control is
expensive to administer or introduces new risk in another area of
the system.
Or the cost can even be negative if the reduction in risk is greater
than the cost of the control.
Arguments For and Against Risk Analysis
• Improve awareness
• Relate security mission to management objectives
• Identify assets, vulnerabilities, and controls
• Improve basis for decisions
• Justify expenditures for security
• False sense of precision and confidence

• Hard to perform
• Immutability
• Lack of accuracy
 Dealing with Disasters
• Natural Disasters
Natural disasters can neither be predicted nor prevented; that does not excuse
failing to prepare for them.
Flood, Fire and others (wind storms, earthquakes, volcanoes, and similar
events).
Prevention:
1. developing contingency plans so that people know how to react in
emergencies and business can continue
2. insuring physical assets—computers, buildings, devices, supplies—
against harm
3. preserving sensitive data by maintaining copies in physically separated
locations
• Power Loss
Uninterruptible Power Supply
Surge Suppressor
• Human Vandals
Unauthorized Access and Use
Theft
o Preventing Access
o Preventing Portability
o Detecting Theft
• Interception of Sensitive Information
Shredding
Overwriting Magnetic Data
Degaussing
 Protecting Against Emanation: Tempest
Solution to preventing emanations is to trap the signals before they can
be picked up.
Enclosing a device in a conductive case, such as copper, diffuses all the
waves by conducting them throughout the case.
• Contingency Planning
Backup
- permits recovery from loss or failure of a computing device.
- Revolving backup and selective backup
Offsite Backup
A backup copy is useless if it is destroyed in the crisis, too. Many major
computing installations rent warehouse space some distance from the
computing system, far enough away that a crisis is not likely to affect
the offsite location at the same time.
• Networked Storage
• Cloud Backup
• Cold Site
• Hot Site
• Physical Security Recap
The primary physical controls are strength and duplication. Strength means
overlapping controls implementing a defense-in-depth approach so that if
one control fails, the next one will protect. Duplication means eliminating
single points of failure. Redundant copies of data protect against harm to
one copy from any cause.
Legal Issues and
Ethics
Protecting Programs and Data, Information and the Law, Rights of
Employees and Employers, Redress for Software Failures, Computer
Crime, Ethical Issues in Computer Security, Incident Analysis with Ethics
 Protecting programs and data
• Copyrights
• Patents
• Trade secrets
Copyrights protects expression of a creative work and promotes
exchange of ideas. It applies to a creative work, such as a story,
photograph, song.
 Definition of Intellectual Property

Refers to creations of the mind, such as inventions; literary and artistic works;
designs; and symbols, names and images used in commerce.
 Originality of Work
A work can be copyrighted even if it contains some public domain material, as long
as there is some originality, too.
 Fair Use of Material
Allows copies for scholarship and research. Unfair use of a copyrighted item is
called piracy.
 Requirements for Registering a Copyright
Any potential user must be made aware that the work is copyrighted. Each copy must be
marked with the copyright symbol ©, the word Copyright, the year, and the author’s name.
The order of the elements can be changed, and either © or Copyright can be omitted (but
not both). Each copy distributed must be so marked. The copyright filing must be done
within 3 months after first distribution of work.
 Copyright Infringement
Use or production of copyright-protected material without permission of copyright holder.
 Copyrights for Computer Software
Application of copyright in law to machine-readable software. It is used by software
developers and proprietary software companies to prevent the unauthorized copying of
their software.
 Copyrights for Digital Objects
Copyright laws apply to Internet. The various information resources on the web are
copyright protected so long as they fulfill the originality criterion.
Patents are unlike copyrights in that they protect inventions, tangible objects, or ways
to make them, not works of the mind (i.e. ideas).
 Requirement of Novelty
If two inventors devise the same invention, the patent goes to the person who invented it
first, regardless of who first filed the patent. A patent can be valid only for something that is
truly novel or unique, so there can be only one patent for a given invention .
 Procedure for Registering a Patent
Assemble the concept and ideas, Make visual illustrations, Check whether the invention falls
under the patentable category, Patentability criteria, Writing the application of patent,
Application publication, Examination request, Responding and clearing all objections, Patent
grant.
 Patent Infringement
Commission of a prohibited act with respect to a patented invention without permission from
the patent holder.
 Applicability of Patents to Computer Objects
Software can be patented, and the courts increasingly recognize the patentability of a novel
technique, that is, an algorithm.
A trade secret is a secret valuable to a business owner.
 Characteristics of Trade Secrets
A trade secret is information that gives one company a competitive edge over others. For
example, the formula for a soft drink is a trade secret, as is a mailing list of customers or
information about a product due to be announced in a few months. it must always be kept
secret. If someone obtains a trade secret improperly and profits from it, the owner can
recover profits, damages, lost revenues, and legal costs.
 Reverse Engineering
One studies a finished object to determine how it is manufactured or how it works.
 Applicability to Computer Objects
Trade secret protection allows distribution of the result of a secret (the executable program)
while still keeping the program design hidden .
 Difficulty of Enforcement
The confidentiality of a trade secret must be ensured with adequate safeguards. If source
code is distributed loosely or if the owner fails to impress on people (such as employees) the
importance of keeping the secret, any prosecution of infringement will be weakened.
 Information and the Law
• Information as an Object
1. Information Is Not Depletable
2. Information Can Be Replicated
3. Information Has a Minimal Marginal Cost
4. The Value of Information Is Often Time Dependent
5. Information Is Often Transferred Intangibly
• Legal Issues Relating to Information

1. Information Commerce
2. Electronic Publishing
3. Protecting Data in a Database
4. Electronic Commerce
• The Legal System
Criminal and Civil Law

Criminal law involves a wrongful action against society.
Civil law involves harm to an individual or a corporation.
Tort Law
Tort law is the unwritten body of standards of proper behavior, documented in
prior court decisions.
Contract Law
Contract law involves agreed written conditions between two parties.
 Rights of Employees and Employers
1. Ownership of Products
2. Ownership of a Patent
3. Ownership of a Copyright
4. Work for Hire
5. Licenses
6. Trade Secret Protection
• Employment Contracts
It is a signed agreement between an individual employee and an employer or a labor
union. It establishes both the rights and responsibilities of the two parties: the worker
and the company.
 Redress for Software Failures
• Selling Correct Software

1. I Want a Refund
2. I Want It to Be Good
• Reporting Software Flaws

What You Don’t Know Can Hurt You
Vendor’s Interests
Users’ Interests
“Responsible” Vulnerability Reporting
Quality Software
 “Responsible” Vulnerability Reporting
• The vendor must acknowledge a vulnerability report confidentially to the reporter.

• The vendor must agree that the vulnerability exists confidentially to the reporter.
• The vendor must inform users of the vulnerability and any available
countermeasures within 30 days or request additional time from the reporter as
needed.
• After informing users, the vendor may request from the reporter a 30-day quiet
period to allow users time to install patches.
• At the end of the quiet period the vendor and reporter should agree upon a date at
which time the vulnerability information may be released to the general public.
• The vendor should credit the reporter with having located the vulnerability.
• If the vendor does not follow these steps, the reporter should work with a
coordinator to determine a responsible way to publicize the vulnerability.
 Computer Crime
• Why a Separate Category for Computer Crime Is Needed
Rules of Property
The legal system has explicit rules about what constitutes property. Generally, property is tangible, unlike
magnetic impulses.
Rules of Evidence
Courts prefer the best version of a piece of evidence. An original document is preferable to a copy, but the
original may be unavailable.
Threats to Integrity and Confidentiality
Eg. a trespasser gained remote access to a computing system. The computing system contained
confidential records about people, and the integrity of the data was important.
Value of Data
Eg. a person was found guilty of having stolen a substantial amount of data from a computer data bank.
However, the court determined that the “value” of that data was the cost of the paper on which it was
printed, which was only a few dollars.
• Why Computer Crime Is Hard to Define

Why Computer Crime Is Hard to Prosecute
1. Lack of understanding
2. Lack of physical evidence
3. Lack of political impact
4. Complexity of case
5. Age of defendant
Examples of Statutes
1. U.S. Computer Fraud and Abuse Act

2. U.S. Economic Espionage Act
3. U.S. Freedom of Information Act
4. U.S. Privacy Act
5. U.S. Electronic Communications Privacy Act
6. Gramm–Leach–Bliley Act
7. Health Insurance Portability and Accountability Act (HIPPA)
8. USA Patriot Act
9. The CAN SPAM Act
10. California Breach Notification
• US Computer Fraud and Abuse Act
• Prohibits computer fraud, trafficking in passwords, transmitting code that
damages a system, unauthorized access to systems.
• US Economic Espionage Act
• Outlaws use of a computer for foreign espionage.
• US Freedom of Information Act
• Provides public access to information collective by the executive branch of
the US government.
• US Privacy Act
• Protects privacy of personal data collected by the government.
• US Electronic Communications Privacy Act
• Protects against electronic wiretapping.
• Gramm-Leach-Bliley Act
• Requires financial institutions to undergo security risk assessments, adopt a
program to protect customers’ nonpublic personal information, and provide
customers with privacy policies.
• Health Insurance Portability and Accountability Act
• Requires protection of the privacy of individuals’ medical records.
• USA Patriot Act
• Gave law enforcement an easier path to obtaining wiretaps on potential foreign
agents and made damaging computer systems a felony.
• The CAN SPAM Act
• Bans deceptive email advertising, requires opt-out options.
• California Breach Notification
• Requires any company doing business in California to notify individuals of any
breach that is reasonably believed to have compromised personal information of a
California resident.
International Dimensions
1. Council of Europe Agreement on Cybercrime

2. E.U. Data Protection Act
3. Restricted Content
• Why Computer Criminals Are Hard to Catch

Computer attacks affecting many people tend to be complex, involving
people and facilities in several countries, thus complicating prosecution.
• What Computer Crime Does Not Address
 Ethical Issues in Computer Security
• Differences Between the Law and Ethics

• Studying Ethics
Ethics and Religion
Two people with different religious backgrounds may develop the same ethical
philosophy, while two exponents of the same religion might reach opposite
ethical conclusions in a particular situation.
Ethical Principles Are Not Universal
Ethical values vary by society, and from person to person within a society. For
example, the concept of privacy is important in Western cultures. But in
Eastern cultures, privacy is not desirable because people associate privacy with
having something to hide.
Ethics Does Not Provide Answers
More than one position may be ethically justifiable in any given situation.
• Ethical Reasoning
 Examining a Situation for Ethical Issues
Understand the situation, Know several theories of ethical reasoning, List the ethical
principles involved, Determine which principles outweigh others, Make and defend an
ethical choice.
 Examples of Ethical Principles
1. Consequence-Based Principles
The teleological theory of ethics focuses on the consequences of an action.
 Egoism is the form that says a moral judgment is based on the positive benefits to
the person taking the action.
 The principle of utilitarianism is also an assessment of good and bad results, but the
reference group is the entire universe.
2. Rule-Based Principles
Bases of Ethical Theories
 Incident Analysis with Ethics
Situation I: Use of Computer Services
• Dave works as a programmer for a large software company. He writes and
tests utility programs such as compilers. His company operates two
computing shifts: During the day, program development and online
applications are run; at night, batch production jobs are completed.
• Dave has access to workload data and learns that the evening batch runs
are complementary to daytime programming tasks; that is, adding
programming work during the night shift would not adversely affect
performance of the computer to other users.
• Dave comes back after normal hours to develop a program to manage his
own stock portfolio. His drain on the system is minimal, and he uses very
few expendable supplies, such as printer paper. Is Dave’s behavior ethical?
Situation II: Privacy Rights
• Donald works for the county records department as a computer
records clerk, where he has access to files of property tax records.
For a scientific study, a researcher, Ethel, has been granted access to
the numerical portion—but not the corresponding names—of some
records.
• Ethel finds some information that she would like to use, but she needs
the names and addresses corresponding with certain properties. Ethel
asks Donald to retrieve the names and addresses so she can contact
these people for more information and for permission to do further
study.
• Should Donald release the names and addresses?
Situation III: Denial of Service
• Charlie and Carol are students at a university in a computer science program. Each writes a
program for a class assignment. Charlie’s program happens to uncover a flaw in a compiler that
ultimately causes the entire computing system to fail; all users lose the results of their current
computation. Charlie’s program uses acceptable features of the language; the compiler is at
fault. Charlie did not suspect his program would cause a system failure. He reports the program
to the computing center and tries to find ways to achieve his intended result without exercising
the system flaw.
• The system continues to fail periodically, for a total of 10 times (beyond the first failure). When
the system fails, sometimes Charlie is running a program, but sometimes Charlie is not. The
director contacts Charlie, who shows all his program versions to the computing center staff. The
staff concludes that Charlie may have been inadvertently responsible for some, but not all, of the
system failures, but that his latest approach to solving the assigned problem is unlikely to lead to
additional system failures.
• On further analysis, the computing center director notes that Carol has had programs running
each of the first eight (of 10) times the system failed. The director uses administrative privilege
to inspect Carol’s files and finds a file that exploits the same vulnerability as did Charlie’s
program. The director immediately suspends Carol’s account, denying Carol access to the
computing system. Because of this, Carol is unable to complete her assignment on time; she
receives a D in the course, and she drops out of school.
Situation IV: Ownership of Programs
• Greg is a programmer working for a large aerospace firm, Star Computers, which works on
many government contracts; Cathy is Greg’s supervisor. Greg is assigned to program various
kinds of simulations. To improve his programming abilities, Greg writes some programming
tools, such as a cross-reference facility and a program that automatically extracts
documentation from source code. These are not assigned tasks for Greg; he writes them
independently and uses them at work, but he does not tell anyone about them. Greg has
written them in the evenings, at home, on his personal computer.
• Greg decides to market these programming aids by himself. When Star’s management hears of
this, Cathy is instructed to tell Greg that he has no right to market these products since, when he
was employed, he signed a form stating that all inventions become the property of the company.
Cathy does not agree with this position because she knows that Greg has done this work on his
own. She reluctantly tells Greg that he cannot market these products. She also asks Greg for a copy
of the products.
• Cathy quits working for Star and takes a supervisory position with Purple Computers, a competitor
of Star. She takes with her a copy of Greg’s products and distributes it to the people who work with
her. These products are so successful that they substantially improve the effectiveness of her
employees, and Cathy is praised by her management and receives a healthy bonus. Greg hears of
this, and contacts Cathy, who contends that because the product was determined to belong to Star
and because Star worked largely on government funding, the products were really in the public
domain and therefore they belonged to no one in particular.
Situation V: Proprietary Resources
• Suzie owns a copy of G-Whiz, a proprietary software package she
purchased legitimately. The software is copyrighted, and the
documentation contains a license agreement that says that the
software is for use by the purchaser only.
• Suzie invites Luis to look at the software to see if it will fit his needs.
Luis goes to Suzie’s computer and she demonstrates the software to
him. He says he likes what he sees, but he would like to try it in a
longer test.
Situation VI: Fraud
• Alicia works as a programmer in a corporation. Ed, her supervisor, tells
her to write a program to allow people to post entries directly to the
company’s accounting files (“the books”). Alicia knows that ordinarily
programs that affect the books involve several steps, all of which have to
balance. Alicia realizes that with the new program, it will be possible for
one person to make changes to crucial amounts, and there will be no
way to trace who made these changes, with what justification, or when.
• Alicia raises these concerns to Ed, who tells her not to be concerned, that
her job is simply to write the programs as he specifies. He says that he is
aware of the potential misuse of these programs, but he justifies his
request by noting that periodically a figure is mistakenly entered in the
books and the company needs a way to correct the inaccurate figure.
Situation VII: Accuracy of Information
• Emma is a researcher at an institute where Paul is a statistical
programmer. Emma wrote a grant request to a cereal manufacturer to
show the nutritional value of a new cereal, Raw Bits. The manufacturer
funded Emma’s study. Emma is not a statistician. She has brought all of
her data to Paul to ask him to perform appropriate analyses and to print
reports for her to send to the manufacturer. Unfortunately, the data
Emma has collected seem to refute the claim that Raw Bits is nutritious,
and, in fact, they may indicate that Raw Bits is harmful.
• Paul presents his analyses to Emma but also indicates that some other
correlations could be performed that would cast Raw Bits in a more
favorable light. Paul makes a facetious remark about his being able to
use statistics to support either side of any issue.
Situation VIII: Ethics of Hacking or Cracking
• Goli is a computer security consultant; she enjoys the challenge of
finding and fixing security vulnerabilities. Independently wealthy, she
does not need to work, so she has ample spare time in which to test the
security of systems.
• In her spare time, Goli does three things: First, she aggressively attacks
commercial products for vulnerabilities. She is quite proud of the tools
and approach she has developed, and she is quite successful at finding
flaws. Second, she probes accessible systems on the Internet, and when
she finds vulnerable sites, she contacts the owners to offer her services
repairing the problems.
• Finally, she is a strong believer in high-quality pastry, and she plants small
programs to slow performance in the websites of pastry shops that do
not use enough butter in their pastries.
SUMMARY
• Copyrights, patents, and trade secrets all have roles to play in
providing legal protection for software.
• Important legal intricacies determine relationships among employees,
employers, software vendors, and customers.
• Statutes in a variety of overlapping jurisdictions may determine what
computer crimes are, how they are investigated, and how they may
be enforced.
• Unlike legal issues, ethical issues have both personal and
philosophical elements and therefore often lack clear answers.
Management and
Incidents
• Security planning
• Incident response and business continuity planning
• Risk analysis
• Handling natural and human-caused disasters
 Security Planning
• Organizations and Security Plans
A good security plan is an official record of current security practices,

plus a blueprint for orderly change to improve those practices.
By following the plan, developers and users can measure the effect of
proposed changes, leading eventually to further improvements.
Contents of a Security Plan
• policy, indicating the goals of a computer security effort and the
willingness of the people involved to work to achieve those goals
• current state, describing the status of security at the time of the plan
• requirements, recommending ways to meet the security goals
• recommended controls, mapping controls to the vulnerabilities identified
in the policy and requirements
• accountability, documenting who is responsible for each security activity
• timetable, identifying when different security functions are to be done
• maintenance, specifying a structure for periodically updating the security
plan
Policy
• A security policy documents an organization’s security needs and
priorities.
• The policy statement must answer three essential questions:
Who should be allowed access?
To what system and organizational resources should access be allowed?
What types of access should each user be allowed for each resource?
• Policy statement should specify organization’s goals on security,

where the responsibility for security lies, the organization’s
commitment to security.
Assessment of Current Security
Status
• Organization can determine the vulnerabilities by performing a risk
analysis: a systematic investigation of the system, its environment,
and the things that might go wrong.
• The risk analysis forms the basis for describing the current status of
security.
• The status portion of the plan also defines the limits of responsibility
for security. It describes not only which assets are to be protected but
also who is responsible for protecting them.
Security Requirements
• Security requirements document organizational and external
demands.
• Requirements have these characteristics:
 Correctness
 Consistency
 Completeness
 Realism
 Need
 Verifiability
 Traceability
Recommended Controls
• The security plan must recommend what controls should be
incorporated into the system to meet those requirements.
• Recommended controls address implementation issues: how the
system will be designed and developed to meet stated security
requirements.
• Responsibility for Implementation: A security plan documents who is
responsible for implementing security. No one responsible implies no
action.
Timetable
• A timetable shows how and when the elements of the plan will be
performed. These dates also set milestones so that management can track
the progress of implementation.
Plan Maintenance
• Security plans must be revisited periodically to adapt them to changing
conditions.
Security Planning Team Members
A security planning team should represent each of the following
groups.
 computer hardware group
 system administrators
 systems programmers
 applications programmers
 data entry personnel
 physical security personnel
 representative users
Assuring Commitment to a Security
Plan
• Three groups of people must contribute to making the plan a success.
The planning team must be sensitive to the needs of each group affected
by the plan.
Those affected by the security recommendations must understand what
the plan means for the way they will use the system and perform their
business activities. In particular, they must see how what they do can affect
other users and other systems.
Management must be committed to using and enforcing the security
aspects of the system.
 Business Continuity Plan
• It documents how a business will continue to function during or after
a computer security incident. Deals with situations having two
characteristics: catastrophic situations and long duration.
• Steps in business continuity planning are:
Assess the business impact of a crisis
Develop a strategy to control impact
Develop and implement a plan for the strategy
Assess Business Impact
• To assess the impact of a failure on your business, two key questions:
What are the essential assets? What are the things that if lost will
prevent the business from doing business?
What could disrupt use of these assets? For example, whether
destroyed by a fire or zapped in an electrical storm.
Develop Strategy
• The continuity strategy investigates how the key assets can be
safeguarded. Business continuity planning forces a company to set
base priorities.
Develop the Plan

• Focuses on business needs. Specifies several important things:
who is in charge when an incident occurs
what to do
who does it
Emerging Topics
The Internet of Things
Economics
Computerized Elections
Cyber Warfare
 The Internet of Things (IoT)
• IoT refers to the connection of everyday devices to the Internet, making a world of so-
called smart devices.
• Examples:
 Smart appliances, such as refrigerators and dishwashers
 Smart home, such as thermostats and alarm systems
 Smart health, such as fitness monitors and insulin pumps
 Smart transportation, such as driverless cars
 Smart entertainment, such as video recorders
• Potential downsides:
 Loss of privacy
 Loss of control of data
 Potential for subversion
 Mistaken identification
 Uncontrolled access
Medical Devices
• The Internet of Things allows healthcare providers to practice beyond the
confines of a clinic or hospital.
• IoT devices remotely monitor patients’ vital signs; safely send and receive
sensitive data; monitor equipment such as MRIs; and even, via wearable
devices, help people track their own health.
1. Remote patient monitoring
2. Glucose monitoring
3. Heart-rate monitoring
4. Hand hygiene monitoring
5. Depression and mood monitoring
6. Parkinson’s disease monitoring
Smartphones
• Smartphones are the control hub of the IoT.

• In 2013, Kaspersky Labs identified 143,211 distinct new forms of
malware against mobile devices.
• 98% targeted Android devices, far in excess of its market share
• Android, unlike its competitors, does not limit the software users are allowed
to install and is thus an easier target.
• Apple, in contrast, only allows apps from its app store to be installed
on its smartphones
• All apps go through an approval process, which includes some security review.
• Once approved, apps are signed, using a certificate approach.
Security in the Internet of Things
• IoT device developers, managers and healthcare providers must ensure that
they adequately secure data collected by IoT devices.
• Much of the data collected by medical devices qualifies as protected health
information under HIPAA and similar regulations. As a result, IoT devices
could be used as gateways for stealing sensitive data if not properly secured.
• Security Issues: Unauthorized access, Distributed denial of service (DDoS),
Device hijack, Disclosure of Personal Health Information (PHI), Privacy
violations.
• Best Security Practices for Embedded Healthcare: Network segmentation,
AI-driven security systems, IoT aggregation hubs, Inventory tracking systems,
Hardware protection, Data encryption, Authentication
 Economics
• Cybersecurity planning includes deciding how to allocate scarce
resources for investing in security controls.
• Making a business case:
A description of the problem or need to be addressed
A list of possible solutions
A list of constraints on solving the problem
A list of underlying assumptions
An analysis of the risks, costs, and benefits of each alternative
A summary of why the proposed investment is a good idea
Influences on Cybersecurity Investment
Quantifying Security
• Cybersecurity threats are impossible to accurately quantify and estimate

• How do you predict the likelihood that a hacker will attack a network, and how do
you know the precise value of the assets the hacker will compromise?
• While many industrial surveys collect cybersecurity incident data, they are
inconsistent on key issues:
• No standards for defining or categorizing security incidents
• Disagreements about sources of attack
• Selection bias among respondents
• Useful data for decision making, such as rates and severity of attacks, cost
of damage and recovery, and cost of security measures, are not yet known
with any accuracy
Current Research and Future Directions
• Current research in cybersecurity economics focuses on the

interaction between information technology and the marketplace.
• When we buy or use software, we are involved in the market in
several ways. First, the price we pay for software may depend on how
much we trust it; some consumers trust freeware far less than they
trust a branded, proprietary product for which they pay a substantial
price. Second, some companies use the “softness” of software to
charge more or less, depending on trade-offs involving personal
information. Third, the marketplace can be manipulated to encourage
vendors to reduce the number of flaws in their products.
 Electronic Voting
• Confidentiality
• We want to be able to cast a ballot without revealing our votes to others.
• Integrity
• We want votes to represent our actual choices and not be changed between the time we
mark the ballot and the time our vote is counted. We also want every counted ballot to
reflect one single vote of an authorized person. That is, we want to be able to ensure that
our votes are authentic and that the reported totals accurately reflect the votes cast.
• Availability
• Usually, votes are cast during an approved pre-election period or on a designated
election day, so we must be able to vote when voting is allowed. If we miss the chance to
vote or if voting is suspended during the designated period, we lose the opportunity to
cast a vote in the given election.
Fair Election
• Each voter’s choices must be kept secret.

• Each voter may vote only once and only for allowed offices.
• The voting system must be tamperproof, and the election officials
must be prevented from allowing it to be tampered with.
• All votes must be reported accurately.
• The voting system must be available for use throughout the election
period.
• An audit trail must be kept to detect irregularities in voting but
without disclosing how any individual voted.
Critical Issues
• Technology adds more steps to the process and thus increases the possibility of error with
each additional step, all of which are largely unseen by the voter. Put Murphy’s Law of
‘whatever can go wrong, will go wrong’ into play, and one can surmise that technology will
most likely falter. The voters can also commit mistakes due to confusion with the user
interface.
• There also comes the higher possibilities of fraudulent machines and practices. First of all,
the technology is “black box software,” meaning that the public is not allowed access into
the software that controls the voting machines. It would be simple for the company to
manipulate the software to produce fraudulent results. Also, the vendors who market the
machines are in competition with each other, and there is no guarantee that they are
producing the machines in the best interest of the voters and the accuracy of the ballots.
• Lastly, vote accuracy is also an issue, because voters have no way of confirming there vote,
and there is also no way of conducting a recount with direct-recording electronic (DRE)
voting. With DRE, there is no paper trail, no verification, and thus no scrutiny of the
processes. Voter anonymity is also a problem.
 Cyber Warfare
• Open questions:
When is an attack on cyber infrastructure considered an act of warfare?
Is cyberspace different enough to be considered a separate domain for
war, or is it much like any other domain (e.g., land, sea, or air)?
What are the different ways of thinking about cyber war offense and
defense?
What are the benefits and risks of strategic cyber warfare and tactical
cyber warfare?
Critical Issues
• Open questions:
When Is It Warfare?
How Likely Is It?
What Are Appropriate Reactions to Cyber War?
Other Policy, Ethical, and Legal Issues
Does a “Kill Switch” Make Sense?
Do Existing National Compacts Apply to Cyber Warfare?
Does Release of Defensive Information Help the Attackers?
Is Cyber Warfare Only a Military Problem?
Possible Examples of Cyber Warfare
• Estonia
• Beginning in April 2007, the websites of a variety of Estonian government departments were shut down
by multiple DDoS attacks immediately after a political altercation with Russia.
• Iran
• The Stuxnet worm attacked a particular model of computer used for many production control systems,
and all the infections could be traced back to domains within Iran linked to industrial processing.
• Israel and Syria
• Missiles fired in 2007 by Israeli planes did not show up on Syrian radar screens because software had
replaced live images with fake, benign ones.
• Canada
• In January 2011, the Canadian government revealed that several of its national departments had been
the victims of a cyber attack traced back to servers in China.
• Russia
• According to the New York Times, Russian hackers infiltrated the computers of various national
governments, NATO, and the Ukraine.
Summary
• Vulnerabilities are weaknesses in a system; threats exploit those weaknesses; controls
protect those weaknesses from exploitation.
• Confidentiality, integrity, and availability are the three basic security primitives.
• Different attackers pose different kinds of threats based on their capabilities and motivations.
• Different controls address different threats; controls come in many flavors and can exist at
various points in the system.
• The IoT has resulted in a flood of new devices connecting our private and personal lives to
the Internet but is far from mature from a security and privacy perspective.
• Cybersecurity investment decision making remains challenged by our inability to accurately
measure risk and vulnerability.
• After over a decade of research and practice, electronic voting remains an unsolved research
problem.
• Cyber warfare continues to lack clear definition and presents critical challenges, including
attribution.
Emerging Topics
Sample questions
• What is IoT?
a) network of physical objects embedded with sensors

b) network of virtual objects
c) network of objects in the ring structure
d) network of sensors
• Which of the following is false about IoT devices?
a) IoT devices use the internet for collecting and sharing data
b) IoT devices need microcontrollers
c) IoT devices use wireless technology
d) IoT devices are completely safe
• Which of the following is not an IoT platform?
a) Amazon Web Services

b) Microsoft Azure
c) Salesforce
d) Flipkart
• Which layer is used for wireless connection in IoT devices?
a) Application layer
b) Network layer
c) Data link layer
d) Transport layer
• What is the full form of IIOT?
a) Index Internet of Things

b) Incorporate Internet of Things
c) Industrial Internet of Things
d) Intense Internet of Things
• Which of the following is false about the IoT components?
a) A light sensor (photoresistor) is an analog sensor

b) A microphone is a digital sensor
c) A push button is a digital sensor
d) A keyboard is a digital sensor
• Which of the following protocol is used to link all the devices in the
IoT?
a) HTTP
b) UDP
c) Network
d) TCP/IP
• What is the component of an IoT system that executes a program?
a) A sensor
b) A microcontroller
c) An actuator
d) A digital to analog converter
1. Who has devised the EVMs?
2. How can EVMs be used in areas where there is no electricity?
3. What is the maximum number of votes, which can be cast in
EVMs?
4. What is the maximum number of candidates, which EVMs can
cater to?
• What are the most common targets of cyberwarfare
attacks?
• What are the most common kinds of cyberwar attacks and
how do they work?

Cyber Security

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber Security

Uploaded by

Copyright:

Available Formats

Introduction to Cyber

• Threat to a computing system is a set of circumstances that has the potential to

• A human (criminal) who exploits a vulnerability perpetrates an attack on the system.

• How do we address these problems?

The fact that the violation might occur

• In an interruption, an asset of the system becomes lost, unavailable, or unusable.

• Finally, an unauthorized party might create a fabrication of counterfeit objects on

• opportunity: the time and access to accomplish the attack

• motive: a reason to want to perform this attack against this system

• Encryption clearly addresses the need for confidentiality of data.

• Additionally, it can be used to ensure integrity;

• Weak encryption can actually be worse than no encryption at all,

• Therefore, we must understand those situations in which encryption is most

• Program controls include the following:

• Independent control programs: application programs,

• Software controls frequently affect users directly ?

• hardware or smart card implementations of encryption

• This principle implies that computer security controls

Details of one round in DES

• One of the main problems of symmetric key

• The Diffie-Hellman Key Exchange protocol

• In practice, the shared encryption key relies

• Let’s see though is we can explain the Diffie-

• The first thing we require is a simple real-world

• In our example we will use Mixing Colors.

• Eve never has knowledge of the secret colors of

• Unmixing a color into its component colors is a

• We will rely on the formula below being an

• Alice selects a secret key, which we will call a.

• Alice shares her combined value, A, with Bob.

Final Plaintext = THE SCHEME REALLY WORKS

hide the gold in the tree stump

hide the gold in the tree stump

Final Ciphertext = bmodzbxdnabekudmuixmmouvif

Ei = (Pi + Ki) mod 26

Decryption Di = (Ei - Ki) mod 26

• The plaintext is "JAVATPOINT", and the key is "BEST".

Cipher text: EXXEGOEXSRGI,

Plain text: ATTACK SUCCESSFUL

• Program flaws can have two kinds of security implications:

• These three properties combine to give us solid, complete mediation.

Unchecked change to work descriptor

• The likelihood of a race condition increases with this increasing

• Track users’ access

Disadvantages  Low diff usion  Slowness of

– type of encryption operations used

56 255 µs = 1142 years 10.01 hours

• or if plaintext is viewed as a sequence of bits,

• Mathematically, give each letter a number

• then have Caesar cipher as:

• human languages are redundant.

• First, a plaintext message is split into pairs of

• was widely used for many years

• This scheme of cipher uses a text string (say, a

• Here, each plaintext character has been shifted by a

• The programming flaws can be included with malicious intent or just

• Needs host program

- Mark structurally similar to viruses, except a

• Detecting Malicious Code

Compilation and Decompilation Process

Encapsulation and Information Hiding

What approaches an attacker can use in case of passwords?

Halting problem, which asks whether a computer program stops

What are points