Secure Coding and Software Vulnerability: Lect01

This document discusses computer security and defines its key goals and properties. It begins by defining what a computer system is, including both hardware and software, and how they are open to the outside world. It then defines three main goals of security: 1) Confidentiality - Ensuring that information is only disclosed to authorized people or systems. 2) Integrity - Preventing information from being tampered with in an unauthorized way. 3) Availability - Ensuring that information and services are accessible to authorized people or systems in a timely manner. The document explains that computer security aims to allow intended use of systems while preventing unintended use that could cause harm. It discusses how these goals relate to

Uploaded by

manju kakkar

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

34 views30 pages

Secure Coding and Software Vulnerability: Lect01

Uploaded by

manju kakkar

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 30

Secure Coding and Software Vulnerability

Lect01
What is a computer system ?

mobile device: phone, tablets,

(classical) computer: mainframe,
audio/video player, etc. . . . up to IoT,
server, desktop
smart cards, . . .

embedded (networked) systems:

cloud computing, virtual execution
inside a car, a plane, a washing-
environment
machine, etc.

also industrial networks (Scada), . . .

and certainly many more !
etc.
Computer system: characteristics
• → 2 main interesting characteristics:
o include hardware + software
o open/connected to the outside world . . .

smartcards & RFID

Security
Security is concerned with preventing undesirable behaviour

Undesirable behaviour

Stealing information: • Corporate secrets (product plans, source code, …)

Confidentiality • Personal information (credit card numbers, SSNs, …)

Modifying information or • Installing unwanted software (spyware, botnet client, …)

functionality: Integrity • Destroying records (accounts, logs, plans, …)

Denying access: • Unable to purchase products

Availability • Unable to access banking information
Security is about

software, bugs, verification,

hackers, viruses, testing, operating
systems, networks, databases,
hardware, access control, people (users, employees, sys-
passwords, smartcards, biometrics, admins, programmers,...), and their
cryptology, security protocols, laziness, mistakes, stupidity,
security policies & their incompetence, confusion,
enforcement, monitoring, auditing,
risk management
What is
Computer
Security?
Personal Data and Files
Banking Funds
Personal Privacy
Location Privacy
What is Computer Security?

Prevent
Allow intended
unintended use
use of computer
that may cause
systems
harm
Why Should we care?

• It impacts your day-‐to-‐day life

Why Should we care?

• It impactseverybody’s day-‐to-‐day life

– Millions of computers compromised
– Millions of passwords stolen
How Can You Make a Diﬀerence?

Be a more security-‐ Be a more security-‐ Be a security

aware user aware developer practitioner &
researcher
Make better security decisions Design & build more secure Identify security issues
systems Propose new security solutions
What is Computer Security?

Prevent
Allow intended
unintended use
use of computer
that may cause
systems
harm
Personal Data & Files

Grant authorized users access to read, create personal ﬁles

Prevent unauthorized users from reading, modify, or deleting personal
Banking Funds

Allow customer to view balance, transfer funds, make payments Prevent third party
access to account; customers defrauding bank Prevent other browser tabs,
applications from reading banking info
Personal Privacy

Allow friends to view status updates, photos, location data Prevent strangers,
advertisers from accessing proﬁle Prevent strangers, applications from posting
updates as you
What is Computer Security About?

General goals:

• Allow intended use of computer systems

• Prevent unintended use that may cause harm

More precisely…
Basic Security Properties:
CIA

CONFIDENTIALIT INTEGRITY AVAILABILITY

What is the
objective?
• Conﬁdentiality:
 Information is only
disclosed to authorized
Basic people or systems
Security  E.g., attackers cannot learn
Properties (I)
your banking info
• Integrity:
 Information cannot be
tampered with in an
unauthorized way
Basic  E.g., attacker cannot change the
Security balance of your bank account
Properties (II)  Installing unwanted software
(spyware, botnet client)
 Destroying records (accounts, logs,
plans)
• Availability:
 Information and services are
Basic accessible in a timely fashion to
Security authorized people or systems
Properties  E.g., you should be able to login
(III) and perform transactions on your
online banking account when you
want to
What is software?

27
Is software, web application and server same?

28
Task
• Where is our university Server?
• How many servers do we have in our university?
• What is our IP address range?
• How many routers, switch and hub we have in our university?

29
Two types of server
• Dedicated Servers
• Shared Servers