Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PCSecurity_Barreto

mtinews
April 23, 2014

 PCSecurity_Barreto

Senior Project 2014
MTI News.org

mtinews

April 23, 2014
Tweet

More Decks by mtinews

Other Decks in Programming

Transcript

  1. Security by Correctness Security by Isolation Security by Obscurity Security

    by Correctness is where programmers attempt to have no flaws in the programs or applications. Security by Isolation is where every major computer component is separated from one another. Security by Obscurity is where pc owners make things complicated for attackers to target computers. This is like jamming radars in War situations. Three main approaches to a computer’s security.
  2.  Kernel is a computer program that manages the request

    of what you want the computer to do and translate the request to the point where the computer would understand. Think of the Kernel as the interpreter for computers. Kernel
  3. A Monolithic Kernel is a sub category for a Kernel.

    Monolithic Kernels have a very large attack surfaces due to very large source codes. Monolithic Kernel
  4.  A microkernel is a sub category for a Kernel.

     Microkernels have a very small attack surface because it has a very small source code.  These types of kernels are ideal for security focused Operating Systems, since it’s a lot easier to audit, and fix possible errors. Microkernel
  5. Source Codes are computer instructions written using some human –readable

    computer language. Think of the source code as a blueprint for software. Source Code
  6. If we can produce software that doesn’t have bugs then

    we don’t have security problems to begin with. The closest example to this approach is OpenBSD. -Keep in mind that its not always possible for automatic code verifiers to decide whether a given code behaves maliciously or not. Much like what is depicted in the image below. Security By Correctness
  7. The Open BSD is a Operating System was created by

    the University of California, Berkeley. Open BSD
  8. The idea with security by isolation is to separate a

    computer’s system into smaller piece so that if one piece gets compromised/malfunctions, then it cannot affect the other components in the system. One problem emerges, we’d still need security through correctness for the software that applies the security through isolation. I’d recommend a very small Source Code so the programming system will not have as many bugs. Security By Isolation
  9. A Denial-of-service or DOS makes a network resource unavailable to

    the targeted user. A DOS attack can also do other things such as giving out so many requests to your computer that your CPU gives in and overloads to the point that your computer may lag or perhaps even freeze. Denial-Of-Service (DOS)
  10. A system relying on security through obscurity may have security

    vulnerabilities, but the owners or designers believe that if the flaws are not known, then attackers will be unlikely to find them. This is based on the assumption that we cannot get rid of all the bugs much like the Security by Isolation approach. An example of this approach would be the Address Space Layout Randomization or ASLR. The ASLR program is present in Vista, Windows 7,Linux,Mac OSX. The disadvantage of this approach is that it doesn’t prevent the bugs from being exploited. Security by Obscurity only makes things harder to be exploited. Perhaps even impossible. But if one is concerned about DOS attacks, then Security by Obscurity will not prevent the attack in most cases. This approach may also slow down the computers performance. Security By Obscurity
  11.  If we take into account contemporary consumer Operating Systems,

    like Windows, Linux or Mac OSX, all have Monolithic Kernels.  Meaning that a simple bug in any of the kernel components (think: hundreds of 3rd party drivers running there), allows one to bypass of the isolation mechanisms provided by the Kernel to the rest of the system.  The problem is the Monolithic Kernel.  Now why not implement security by isolation on a Kernel then?  Well the industry simply took another course and decided that Monolithic Kernels are better than Micro-Kernel and enforce isolation between other components in the system. Modern Age Operating Systems
  12. What are the benefits of having good architecture?  Less

    updating  Less virus to perhaps no viruses at all.  Less possibilities to exploit the system. First of all having a good architecture means having a Microkernel.  Restricting the capabilities of a program much like apparmor or having full control of every program in the system.  Very few errors in the source code (security by correctness)  Having a very small source code,(so that fixing errors are easier and less likelihood of errors appear)  Also a security through isolation policy would be awesome. Good Architecture Benefits
  13.  A botnet can be described as Criminals distribute malware

    software that can turn your computer into a bot.  When this occurs, your computer can perform automated tasks over the internet, without you knowing it.  Criminals typically use bots to infect large numbers of computers.These computers form a network, known as a botnet.  Criminals use botnets to send out spam email messages, spread viruses, and commit other kinds of crime and fraud.  If your computer becomes part of a botnet your computer might slow down and you might accidentally be helping criminals. Botnet
  14.  Anti-virus can be part of computer security, but anti-virus

    is not a synonym for computer security. Anti-virus firewall synonym for computer security. Anti-virus role in security
  15.  How do most people get infected with malware? Not

    because of exploits and drive-by downloads. Its due to lack of knowledge.  Websites – People visit websites and the screen goes a bit darker and the website shows “warning from windows 7. Your computer is infected with a virus.”  Email attachments - Many people open unknown emails because it promises “sexy pictures” or “$$$”. The precaution with emails is to know about these scams and don’t buy into it.  Malware authors began to upgrade their botnets. Their botnet clients get an update everyday where they change the signature of the virus and all botnet clients have a different signature, so anti-virus companies have no chance to keep up.  The signature based virus scan also works less and is less reliable: Anti-virus companies also work on non-signature based detection methods which is heuristics, but they don’t work so well and lead to a lot of false alarms and issues . Anti-Virus vs. Precaution
  16.  At the end of the day there will never

    be perfect coding. There will always be a bug or an error somewhere. The best you can do is keep updating your PC, know how a virus works and be smart .  Thank you to Patrick Schleizer for some of the knowledge he shared with me about anti-viruses and Joanna Rutkowska for her knowledge on kernels.  Thank you for listening to my presentation! Conclusion and Credits