User. Role. Privilege. Environment. Checkpoint. System
|
|
- Kerry Cunningham
- 7 years ago
- Views:
Transcription
1 8. Security Features Motivation Viruses, spam, trojan horses have become increasingly common in PC environment In mobile environment, new kinds of opportunities offered for malicious software Potentially more personal information (e.g. calendar, phonebook, etc) Potentially more opportunities for harm (e.g. exhausting the battery, causing a loss of money) Installation-time time vs. run-time control Installation time control is easier to implement Run-time control is what is actually needed Who defines what should be allowed and what not? How to provide good enough support? 1 2 Mindset for secure design Assess risks and threats What bad things might happen and how? Adopt a mitigation strategy How to manage the identified risks? Construct a mental model to support development Sandbox, jail, safe, honeypot, etc. Settle high-level technical issues Stateless vs. stateful, use of privileges, etc. Select suitable security technologies Resolve operational issues E.g. synchronization with other devices 3 4 Design Pattern: Checkpoint Design Pattern: Roles/profiles/user types An object encapsulates the common security algorithm and policy. Determination on what is acceptable and what is not Definition of exception procedures Possibility to have uniform treatment for occasional mistakes Possibility to offer variant treatment if necessary Done at e.g. ing Set up the system so that there is only one way to log onto the system, which is via the checkpoint (single access point) Environment Checkpoint System Managing user-privilege associations becomes problematic when the number of users and privileges increase Solution: Create one or more objects that define access rights and permissions Addition of indirection Used also for program privileges User Role Privilege 5 6
2 Design Pattern: Secure access layer Design Pattern: Wrapping Existing infrastructure should be used whenever possible If not available, build your own low-level level security system Build a high-level secure access layer in and out of your application Application Secure access layer Network system Database system Operating system Sanity checks for parameters to guard against overflows etc. Option to create a more restricted runtime environment for a less capable mode Starting the system for the first time, allowing the wrapper to perform some extra activities Logging information Adding pre and post executed code to the system Intercepting the startup of an application for e.g. additional checks 7 8 How much of the system to reveal? Full view with errors Managing the available operations in different situations may be difficult to accomplish beforehand. Solution: Reveal everything by default. When an operation is executed, perform necessary checks. Requires a checking mechanism for the different resources that are to be used May require operating system support Limited views Getting error messages from all the different parts of the system may be frustrating for the user; designing all the error messages can be frustrating for the designer Solution: Only let the user see what he has an access to Dynamic generation of e.g. menu options In practice, one should have a common policy on how to handle the different situations; some issues might be revealed in full, whereas in some other cases limiting the options might be more natural 9 10 Goals for security features Goals for security features (cont d) Confidentiality What can be read? Often implemented with cryptographic transformations Communication User and application data Integrity Keeping information intact Often implemented with cryptographic transformations or checksums Down, installation, and startup Communication Run-time executaibles User and application data Authentication Convincing identity Often implemented with digital signatures Authorization Getting permission to act Often implemented with digital signatures Non-repudiation Impossible denial Implemented with a combination of above technologies : 11 12
3 Supporting hw and sw facilities in mobile devices Secure boot and software integrity checks Secure control of debug and trace capabilities Digital rights management IMEI protection and SIM lock Hardware cryptographics accelerators Hardware-based random number generator Cryptographic algorithm service Public key infrastructure (PKI) support Secure communication protocols GSM/GPRS/WCDMA security TLS/SSL IPsec Bluetooth/WLAN Security Implementation Levels of Security Three security levels Low-level ~ virtual machine level security Application-level level ~ applications do not escape sandbox End-to-end ~ Security in all phases of e.g. a connection via e.g. encryption Digital signature to enable trusted applications (only after CLDC 1.1) Manufacturer, operator, trusted 3 rd party, untrusted Needed for phone calls, push networking features, etc User authorization may also be used if the trust level is not enough for certain feature End-to-end security: - Security in all phases of e.g. a connection via e.g. encryption Application-level security: - Virtual machine level Low-level security: - Virtual machine level Low-level Classfile verification An application running in the virtual machine must not be able to harm the device or crash virtual machine Standard mechanism: Class file verifier that ensures that bytecode Does not include illegal instructions Cannot be executed in an illegal order Cannot contain references to illegal memory space Addition: CLDC specification states that the virtual machine must be able to reject invalid class files Enhanced class file verification required Development workstation MyApp.java javac MyApp.class preverifier MyApp.class down Target device (KVM runtime) runtime verifier interpreter 17 18
4 Application-level: level: Sandbox metaphor Class files to be properly verified and guaranteed to be valid Java applications Closed, predefined set of JAVA APIs available to the application programmer (CLDC, profiles (MIDP), OEM (original equipment manufacturer)) Management of Java applications at native code level inside VM, with no user-definable class ers Set of native functions offered is closed No overriding of some system classes Restrictions on dynamic class ing Levels of Trust Levels of Trust Higher-level applications Trusted environment Trusted programming base Trusted hardware base High-level applications Common applications Trusted environment Use of communication, user interface, data base, security libraries Trusted computing base Safe saving of data, identification and authorization of software. Automatic trust in different TCB components Includes THB Trusted hardware base Installation Time Control Run-time Control Checkpoint scheme Installation warnings can be overridden by the user No separation between installed and built-in in applications In old versions, when in the device, everything can be accessed New versions (v.9) provide support for run-time security features Capability based security Capabilities holding priviledges assigned to components Capability checks performed, whenever... a is ed IPC is performed 23 24
5 and Capabilities IPC and Capabilities Capability B ing failure run with Illegal IPC call requiring Capability B for IPC Capabilities B and C Capabilities C and D Data Security Some data security related features have been implemented Disc locations can be made private to applications Binaries of applications cannot be read by normal applications Implemented in terms of capabilities [Optional] Summary Security requires consideration at several levels of abstraction Network Device s resources Data Install-time time vs. run-time control of priviledges to perform operations Number of security related patterns Checkpoint and single access point Layered security for communications Wrapping Practical implementations in place Java and sandbox Symbian and capabilities 29
WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise
WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise WICKSoft Corporation http://www.wicksoft.com Copyright WICKSoft 2007. WICKSoft Mobile Documents
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationA Perspective on the Evolution of Mobile Platform Security Architectures
A Perspective on the Evolution of Mobile Platform Security Architectures Kari Kostiainen Nokia Research Center, Helsinki TIW, June 2011 Joint work with N. Asokan, Jan-Erik Ekberg and Elena Reshetova 1
More informationRestraining Execution Environments
Restraining Execution Environments Segurança em Sistemas Informáticos André Gonçalves Contents Overview Java Virtual Machine: Overview The Basic Parts Security Sandbox Mechanisms Sandbox Memory Native
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More informationMobile Operating Systems. Week I
Mobile Operating Systems Week I Overview Introduction Mobile Operating System Structure Mobile Operating System Platforms Java ME Platform Palm OS Symbian OS Linux OS Windows Mobile OS BlackBerry OS iphone
More informationPatterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de
More informationHomeland Security Red Teaming
Homeland Security Red Teaming Directs intergovernmental coordination Specifies Red Teaming Viewing systems from the perspective of a potential adversary Target hardening Looking for weakness in existing
More informationCS 4803 Computer and Network Security
Network layers CS 4803 Computer and Network Security Application Transport Network Lower level Alexandra (Sasha) Boldyreva IPsec 1 2 Roughly Application layer: the communicating processes themselves and
More informationCloud Computing. Up until now
Cloud Computing Lecture 11 Virtualization 2011-2012 Up until now Introduction. Definition of Cloud Computing Grid Computing Content Distribution Networks Map Reduce Cycle-Sharing 1 Process Virtual Machines
More informationThreat Model for Software Reconfigurable Communications Systems
Threat Model for Software Reconfigurable Communications Systems Presented to the Management Group 6 March 007 Bernard Eydt Booz Allen Hamilton Chair, SDR Security Working Group Overview Overview of the
More informationAnalysis of advanced issues in mobile security in android operating system
Available online atwww.scholarsresearchlibrary.com Archives of Applied Science Research, 2015, 7 (2):34-38 (http://scholarsresearchlibrary.com/archive.html) ISSN 0975-508X CODEN (USA) AASRC9 Analysis of
More informationOperating System Structures
COP 4610: Introduction to Operating Systems (Spring 2015) Operating System Structures Zhi Wang Florida State University Content Operating system services User interface System calls System programs Operating
More informationCSE331: Introduction to Networks and Security. Lecture 1 Fall 2006
CSE331: Introduction to Networks and Security Lecture 1 Fall 2006 Basic Course Information Steve Zdancewic lecturer Web: http://www.cis.upenn.edu/~stevez E-mail: stevez@cis.upenn.edu Office hours: Tues.
More informationPlain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75
Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.
More informationAgent Languages. Overview. Requirements. Java. Tcl/Tk. Telescript. Evaluation. Artificial Intelligence Intelligent Agents
Agent Languages Requirements Overview Java Tcl/Tk Telescript Evaluation Franz J. Kurfess, Cal Poly SLO 211 Requirements for agent Languages distributed programming large-scale (tens of thousands of computers)
More informationA Perspective on the Evolution of Mobile Platform Security Architectures
A Perspective on the Evolution of Mobile Platform Security Architectures N. Asokan Nokia Research Center Joint work with Kari Kostiainen, Jan-Erik Ekberg, Elena Reshetova (Intel) Padova, July 2012 1 Introduction
More informationSecurity Goals Services
1 2 Lecture #8 2008 Freedom from danger, risk, etc.; safety. Something that secures or makes safe; protection; defense. Precautions taken to guard against crime, attack, sabotage, espionage, etc. An assurance;
More informationJAVA 2 Network Security
JAVA 2 Network Security M A R C O PISTOIA DUANE F. RELLER DEEPAK GUPTA MILIND NAGNUR ASHOK K. RAMANI PTR, UPPER http://www.phptr.com PRENTICE HALL SADDLE RIVER, NEW JERSEY 07458 Contents Foreword Preface
More informationSecurity Evaluation of J2ME CLDC Embedded Java Platform
Vol. 5, No. 2, March April 2006 Security Evaluation of J2ME CLDC Embedded Java Platform Mourad Debbabi, Mohamed Saleh, Chamseddine Talhi and Sami Zhioua Computer Security Laboratory Concordia Institute
More informationAs simple as e-mail and as secure as postal mail.
Stay up-to-date Page 1 The advantages of De-Mail for individuals, businesses and Page 2 government agencies Unencrypted, unprotected, unverified what does that mean? Page 3 Encrypted, protected, verified
More informationCPS221 Lecture: Operating System Structure; Virtual Machines
Objectives CPS221 Lecture: Operating System Structure; Virtual Machines 1. To discuss various ways of structuring the operating system proper 2. To discuss virtual machines Materials: 1. Projectable of
More informationTHE IMPORTANCE OF CODE SIGNING TECHNICAL NOTE 02/2005
THE IMPORTANCE OF CODE SIGNING TECHNICAL NOTE 02/2005 13 DECEMBER 2005 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationE-BUSINESS THREATS AND SOLUTIONS
E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-business has forever revolutionized the way business is done. Retail has now a long way from the days of physical transactions that were
More informationKerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su
Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o Presented by: Smitha Sundareswaran Chi Tsong Su Introduction Kerberos: An authentication protocol based on
More informationChapter 3: Operating-System Structures. Common System Components
Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation 3.1
More informationOracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data
Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Will Fiveash presenter, Darren Moffat author Staff Engineer Solaris Kerberos Development Safe Harbor Statement The following
More informationOMAP platform security features
SWPT008 - July 2003 White Paper OMAP platform security features By Harini Sundaresan Applications Engineer, OMAP Security Texas Instruments, Wireless Terminal Business Unit This white paper introduces
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls
More informationObjectives. Chapter 2: Operating-System Structures. Operating System Services (Cont.) Operating System Services. Operating System Services (Cont.
Objectives To describe the services an operating system provides to users, processes, and other systems To discuss the various ways of structuring an operating system Chapter 2: Operating-System Structures
More informationCrashPlan Security SECURITY CONTEXT TECHNOLOGY
TECHNICAL SPECIFICATIONS CrashPlan Security CrashPlan is a continuous, multi-destination solution engineered to back up mission-critical data whenever and wherever it is created. Because mobile laptops
More information86-10-15 The Self-Hack Audit Stephen James Payoff
86-10-15 The Self-Hack Audit Stephen James Payoff As organizations continue to link their internal networks to the Internet, system managers and administrators are becoming increasingly aware of the need
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationDigital signature in insecure environments
Digital signature in insecure environments Janne Varjus Helsinki University of Technology jvarjus@cc.hut.fi Abstract Due to current legislation the digital signatures can be as valid as the hand written
More informationSecure web transactions system
Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends
More informationMobile Platform Security Architectures A perspective on their evolution
Mobile Platform Security Architectures A perspective on their evolution N. Asokan Kari Kostiainen 1 NA, KKo, JEE, Nokia Resarch Center 2011-2012 Introduction Recent interest in smartphone security 2 NA,
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationThreat Modeling. Frank Piessens (Frank.Piessens@cs.kuleuven.be ) KATHOLIEKE UNIVERSITEIT LEUVEN
Threat Modeling Frank Piessens (Frank.Piessens@cs.kuleuven.be ) Secappdev 2007 1 Overview Introduction Key Concepts Threats, Vulnerabilities, Countermeasures Example Microsoft s Threat Modeling Process
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationA SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1
A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile
More informationE-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)
E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system
More informationPost-Class Quiz: Software Development Security Domain
1. A step-by-step implementation instruction is called A. Policy B. Standard C. Procedure D. Guideline 2. An approved configuration of software packages that describes how and what components are assembled
More informationSENSE Security overview 2014
SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2
More information{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com
{ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling
More informationLectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003
Lectures 9 Advanced Operating Systems Fundamental Security Computer Systems Administration TE2003 Lecture overview At the end of lecture 9 students can identify, describe and discuss: Main factors while
More informationOPC UA vs OPC Classic
OPC UA vs OPC Classic By Paul Hunkar Security and Communication comparison In the world of automation security has become a major source of discussion and an important part of most systems. The OPC Foundation
More informationFirewalls, Tunnels, and Network Intrusion Detection. Firewalls
Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationOhio Supercomputer Center
Ohio Supercomputer Center Intrusion Prevention and Detection No: Effective: OSC-12 5/21/09 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationEnd User Devices Security Guidance: Apple ios 8
GOV.UK Guidance End User Devices Security Guidance: Apple ios 8 Published Contents 1. Changes since previous guidance 2. Usage scenario 3. Summary of platform security 4. How the platform can best satisfy
More informationSecurity Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2
BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution
More informationSSL VPN vs. IPSec VPN
SSL VPN vs. IPSec VPN White Paper 254 E. Hacienda Avenue Campbell, CA 95008 www.arraynetworks.net (408) 378-6800 1 SSL VPN vs. IPSec VPN Copyright 2002 Array Networks, Inc. SSL VPN vs. IPSec VPN White
More informationIPsec Details 1 / 43. IPsec Details
Header (AH) AH Layout Other AH Fields Mutable Parts of the IP Header What is an SPI? What s an SA? Encapsulating Security Payload (ESP) ESP Layout Padding Using ESP IPsec and Firewalls IPsec and the DNS
More informationExample of Standard API
16 Example of Standard API System Call Implementation Typically, a number associated with each system call System call interface maintains a table indexed according to these numbers The system call interface
More informationSystem Structures. Services Interface Structure
System Structures Services Interface Structure Operating system services (1) Operating system services (2) Functions that are helpful to the user User interface Command line interpreter Batch interface
More informationCS420: Operating Systems OS Services & System Calls
NK YORK COLLEGE OF PENNSYLVANIA HG OK 2 YORK COLLEGE OF PENNSYLVAN OS Services & System Calls James Moscola Department of Physical Sciences York College of Pennsylvania Based on Operating System Concepts,
More informationM-Shield mobile security technology
Technology for Innovators TM M-Shield mobile security technology making wireless secure Overview As 3G networks are successfully deployed worldwide, opportunities are arising to deliver to end-users a
More informationHow we keep harmful apps out of Google Play and keep your Android device safe
How we keep harmful apps out of Google Play and keep your Android device safe February 2016 Bad apps create bad experiences, so we work hard to keep them off your device and out of Google Play. In 2015,
More informationSummary of the SEED Labs For Authors and Publishers
SEED Document 1 Summary of the SEED Labs For Authors and Publishers Wenliang Du, Syracuse University To help authors reference our SEED labs in their textbooks, we have created this document, which provides
More informationSmartphone Security. A Holistic view of Layered Defenses. David M. Wheeler, CISSP, CSSLP, GSLC. (C) 2012 SecureComm, Inc. All Rights Reserved
Smartphone Security A Holistic view of Layered Defenses David M. Wheeler, CISSP, CSSLP, GSLC 1 The Smartphone Market The smartphone security market is expected to grow at a rate of 44 percent annually
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationDo "standard tools" meet your needs when it comes to providing security for mobile PCs and data media?
Product Insight Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media? Author Version Document Information Utimaco Product Management Device Security 4.30.00
More informationUsing Remote Desktop Clients
CYBER SECURITY OPERATIONS CENTRE December 2011 Using Remote Desktop Clients INTRODUCTION 1. Remote access solutions are increasingly being used to access sensitive or classified systems from homes and
More informationLecture 12: Software protection techniques. Software piracy protection Protection against reverse engineering of software
Lecture topics Software piracy protection Protection against reverse engineering of software Software piracy Report by Business Software Alliance for 2001: Global economic impact of software piracy was
More informationAssessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives
Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives Main Line / Date / Etc. June May 2008 2nd Line 80-11-01583 xx-xx-xxxx Revision 1.0 Tagline Here Table of Contents
More informationIntroduction to Information Security
Introduction to Information Security Chapter 1 Information Security Basics Winter 2015/2016 Stefan Mangard, www.iaik.tugraz.at What is Information Security? 2 Security vs. Safety The German word Sicherheit
More informationSECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014
SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz 08.05.2014, ICSG 2014 Table of Contents Introduction AMI Communication Architecture Security Threats Security
More informationNetwork Defense Tools
Network Defense Tools Prepared by Vanjara Ravikant Thakkarbhai Engineering College, Godhra-Tuwa +91-94291-77234 www.cebirds.in, www.facebook.com/cebirds ravikantvanjara@gmail.com What is Firewall? A firewall
More informationCycurHSM An Automotive-qualified Software Stack for Hardware Security Modules
CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded
More informationSEZ SEZ Online Manual- DSC Signing with Java Applet. V Version 1.0 ersion 1.0
SEZ SEZ Online Manual- V Version 1.0 ersion 1.0 Table of Contents 1 Introduction...2 2 DSC signing functionality with java applet...2 3 Troubleshooting...5 4 Annexure I: JAVA Console Setting... 13 5 Annexure
More informationMovieLabs Specification for Enhanced Content Protection Version 1.0
MovieLabs Specification for Enhanced Content Protection Version 1.0 Introduction Digital content distribution technologies are evolving and advancing at a rapid pace. Content creators are using these technologies
More informationSecurity aspects of e-tailing. Chapter 7
Security aspects of e-tailing Chapter 7 1 Learning Objectives Understand the general concerns of customers concerning security Understand what e-tailers can do to address these concerns 2 Players in e-tailing
More informationAsheville-Buncombe Technical Community College Department of Networking Technology. Course Outline
Course Number: SEC 150 Course Title: Security Concepts Hours: 2 Lab Hours: 2 Credit Hours: 3 Course Description: This course provides an overview of current technologies used to provide secure transport
More informationSECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES
SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES Contents Introduction... 3 DRM Threat Model... 3 DRM Flow... 4 DRM Assets... 5 Threat Model... 5 Protection of
More informationCSCI E 98: Managed Environments for the Execution of Programs
CSCI E 98: Managed Environments for the Execution of Programs Draft Syllabus Instructor Phil McGachey, PhD Class Time: Mondays beginning Sept. 8, 5:30-7:30 pm Location: 1 Story Street, Room 304. Office
More informationMOBILE GAMING SYSTEM POLICIES
MOBILE GAMING SYSTEM POLICIES This document is intended to provide further clarification on applicable mobile gaming Technical Standards and additionally to define policies associated with the manufacturing
More informationThat Point of Sale is a PoS
SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach
More informationWindows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org
Windows 7 Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org 1 Overview 1. Financial Institution s Preliminary Steps 2. User Interface 3. Data Protection 4. User and Group Changes
More informationFIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design Learning Objectives Identify common misconceptions about firewalls Explain why a firewall
More informationCHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS
CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS Prof. Dr.-Ing. Georg Sigl Institute for Security in Information Technology Technical University Munich sigl@tum.de Fraunhofer Research Institution
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationKaspersky Endpoint Security 8 for Smartphone for Android OS
Kaspersky Endpoint Security 8 for Smartphone for Android OS User Guide PROGRAM VERSION: 8.0 Dear User! Thank you for choosing our product. We hope that this documentation will help you in your work and
More informationProgramming for Security*
Programming for Security* M. E. Kabay, PhD, CISSP Assoc. Prof. Information Assurance Program Director, MSIA Division of Business and Management, Norwich University Gregory E. Borter, Systems Coordinator
More informationSHORT MESSAGE SERVICE SECURITY
SHORT MESSAGE SERVICE SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationSecond year review WP2 overview SW-based Method. Trento - October 17th, 2008
Second year review WP2 overview SW-based Method Trento - October 17th, 2008 1 Goal To investigate software-only methodologies for remote entrusting implementation 2 Tasks D2.3 D2.4 M0 M3 M6 M9 M12 M15
More informationHow To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)
Security principles Firewalls and NAT These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Host vs Network
More informationPacket Level Authentication Overview
Packet Level Authentication Overview Dmitrij Lagutin, Dmitrij.Lagutin@hiit.fi Helsinki Institute for Information Technology HIIT Aalto University School of Science and Technology Contents Introduction
More informationESET Mobile Security Business Edition for Windows Mobile
ESET Mobile Security Business Edition for Windows Mobile Installation Manual and User Guide Click here to download the most recent version of this document Contents 1. Installation...3 of ESET Mobile Security
More informationBYOD AND NEXT- GENERATION MOBILE SECURITY
BYOD AND NEXT- GENERATION MOBILE SECURITY Joseph Gan V-Key Inc Session ID: MBS-W02 Session Classification: General Interest Next-Generation Computing Mobile enterprise apps Mobile payments Mobile authentication
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationUNCLASSIFIED CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION. Version 1.1. Crown Copyright 2011 All Rights Reserved
11590282 CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION Version 1.1 Crown Copyright 2011 All Rights Reserved CPA Security Characteristics for software full disk encryption Document History [Publish
More informationTechnical Note. Micron Flash Data Integrator (FDI) Support for Java Applications. Introduction. Definition
Technical Note TN-13-09: FDI Support for Java Applications Introduction Micron Flash Data Integrator (FDI) Support for Java Applications Introduction This document provides an instructional reference to
More informationARIZONA CTE CAREER PREPARATION STANDARDS & MEASUREMENT CRITERIA SOFTWARE DEVELOPMENT, 15.1200.40
SOFTWARE DEVELOPMENT, 15.1200.40 1.0 APPLY PROBLEM-SOLVING AND CRITICAL THINKING SKILLS TO INFORMATION TECHNOLOGY 1.1 Describe methods and considerations for prioritizing and scheduling software development
More informationSSL Tunnels. Introduction
SSL Tunnels Introduction As you probably know, SSL protects data communications by encrypting all data exchanged between a client and a server using cryptographic algorithms. This makes it very difficult,
More informationSitefinity Security and Best Practices
Sitefinity Security and Best Practices Table of Contents Overview The Ten Most Critical Web Application Security Risks Injection Cross-Site-Scripting (XSS) Broken Authentication and Session Management
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More informationCPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT
26579500 CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT Version 2.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 About this document This document describes the features, testing and deployment
More informationGuidance End User Devices Security Guidance: Apple ios 7
GOV.UK Guidance End User Devices Security Guidance: Apple ios 7 Updated 10 June 2014 Contents 1. Changes since previous guidance 2. Usage Scenario 3. Summary of Platform Security 4. How the Platform Can
More informationUnderstanding and evaluating risk to information assets in your software projects
Understanding and evaluating risk to information assets in your software projects ugh.. what a mouthful Dana Epp Windows Security MVP Who am I? Microsoft Windows Security MVP Information Security Professional
More information