IBM I Security – Best Practices

Total Page:16

File Type:pdf, Size:1020Kb

IBM I Security – Best Practices Session: 500050 Agenda Key: 24FG IBM i Security – Best Practices Jeffrey Uehling IBM i security development [email protected] © 2015 International Business Machines Corporation 1 Best Practices - Outline Physical Security Staying Current on Fixes System security levels System value settings Security audit journal Resource security Network security © 2015 International Business Machines Corporation 2 Physical Security © 2015 International Business Machines Corporation 3 Physical Security – a Necessity • Physical Security, Server • Front panel • Power, cabling • Racks/Storage devices • Physical Security, Networking • Firewalls, routers, switches, cabling, power • Prevent configuration changes and sniffing equipment • Wireless poses a challenge, secure networks are necessary (WEP, WPA, WPA2 etc) • Physical Security, Peripherals • Tape drives/cartridges, Printers/output, Fax, etc. • SAN attached DASD • Mobile Devices © 2015 International Business Machines Corporation 4 Staying Current on Fixes © 2015 International Business Machines Corporation 5 Security Vulnerabilities Many security vulnerabilities are being reported… Heartbleed, Bash/Shellshock, Poodle, Ghost, Freak, Bar Mitzvah plus many, many more! What’s happening and why so many? Numerous independent researchers Lots of open source so easy to review code and look for issues Common OS in many products (Linux, Unix, Windows) – So when a vulnerability is found, it’s likely to be everywhere Tools are available to exploit technology (look for holes) – Hacker tools, penetration testing tools, code scanners High use technology, like Java, SSL, OpenSSL, is scrutinized Vendors are doing more penetration testing thus finding bugs © 2015 International Business Machines Corporation 6 Security Vulnerabilities – IBM i IBM i technology areas with multiple (recent) reported vulnerabilities Java (quarterly updates, you need to stay current) OpenSSL Web and Application Servers Samba Networking technology and (infrequently) cryptographic algorithms IBM i OS Typically, Apply the PTF/Fix/Product Update and the vulnerability is fixed, But, not always as additional actions may be required © 2015 International Business Machines Corporation 7 Security Vulnerabilities – Not just the OS Staying Current on Fixes – not just a client and server problem The vulnerabilities affect most everything in your enterprise IBM i OS, LIC and Products VIOS, IBM i, AIX, Linux partitions HMC & Firmware 3rd party (vendor) applications SAN/Storage, Tape, Printers Networking Switches, Firewalls & Routers Each and Every Server, Client (including mobile) and HW component in your Enterprise – Nearly everything includes an OS and/or FW (where there is code, a vulnerability is a possibility) © 2015 International Business Machines Corporation 8 Poodle & Bar Mitzvah – Vulnerabilities with no fix What are the Poodle/Bar Mitzvah Vulnerabilities SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack , which is a man-in-the-middle attack affecting Web browsers/applications. Bar Mitzvah is similar in that it is present when the RC4 Algorithm is used in SSL & TLS. There is NO fix for SSLv3 or for RC4. Customer must move to TLS and away from RC4 Applications connecting via SSLv3 to servers are exposed to the POODLE attack. As applications, servers, and browsers disable the use of SSLv3, many applications will fail because they don’t support the more secure and latest technology called TLS (Transaction Layer Security) or the app is written directly to SSLv3. Same with RC4. © 2015 International Business Machines Corporation 9 IBM Security Process - PSIRT Product Security Incident Response Team Global IBM Core Team (including IBM i representatives) xForce (IBM Wide Security Team, vulnerability assessment) – CVSS (vulnerability Scoring) Industry Affiliations – Vulnerability Reporting ICASI (Industry Consortium for Advancement of Security on the Internet) FIRST (Forum of Incident Response and Security Teams) IT-ISAC (Information Technology - Information Sharing and Analysis Center) FS-ISAC (Financial Services - Information Sharing and Analysis Center) PSIRT Process Output: • PTFs/Fixes • Security Bulletin – customer notification of problem and fix © 2015 International Business Machines Corporation 10 Security Fixes IBM i Security PTF Group Not all PTFs/Fixes can be added to the Security PTF Group because of installation requirements! Java updates iAccess Web and Application Servers Lotus etc. And fixes for areas such as HMC, FW, VIOS, Networking Equipment, Peripherals, Other Platforms, etc. © 2015 International Business Machines Corporation 11 Customer Awareness of Security Issues The “Press” IBM Support Center Typically after a public announcement of a vulnerability PSIRT publication of Security Bulletin URLs My Notifications (Customer Subscription) Security Bulletins Technotes The support for IBM i subscription via “My Notifications” for security bulletins is available. © 2015 International Business Machines Corporation 12 IBM i Server Security © 2015 International Business Machines Corporation 13 System Security Levels System Value: QSECURITY © 2015 International Business Machines Corporation 14 Security levels, why run at a high security level System security level 50... Good reasons to run there. 1. Object Domain Checking 2. Hardware storage protection 3. Parameter validation NOTE: System security level controlled via QSECURITY system value © 2015 International Business Machines Corporation 15 Security Level 30 – Not a secure environment • System interfaces perform appropriate authority checks but security exposures exist on this security level (examples will follow) • *USE required by DSPDTAARA • *CHANGE required by CHGDTAARA Security level 30 is NOT a secure security level! User written programs, running at security level 30, can gain “write” access to objects with minimal authority © 2015 International Business Machines Corporation 16 Object Domain attributes - Object integrity Every object: *CMD, *FILE, *PGM, etc. has a “domain” Every program has a “state” (*SYSTEM or *USER) Program state is compared against object Domain Program run state: *SYSTEM or *USER (DSPPGM/DSPSRVPGM) Object Domain: *SYSTEM or *USER (DSPOBJD) Programs running *SYSTEM state can access both *USER and *SYSTEM domain. Programs running *USER state can only access *USER domain objects. • Security level 30 ALLOWS access regardless of state/domain combination • Security level 40 and 50 enforce domain checking © 2015 International Business Machines Corporation 17 Object Domain, Program State Object Domain Program State © 2015 International Business Machines Corporation 18 Hardware Storage Protection (HSP) - Object integrity Program state is compared against object HSP to determine allowable access. Every object has a HSP value. Object HSP attributes: − Allow access from any state (no protection, *USRSPC, *USRQ, *USRIDX) − Read only in any state (*PGM, *SRVPGM) − No access in user state (Setting for most objects, 5.3 and prior) − Enhanced storage protection (5.4 and beyond) • Security level 30 ALLOWS access regardless of state/HSP combination • NOTE: Some HSP violations can occur on all security levels • Security level 40 and 50 enforce HSP checking © 2015 International Business Machines Corporation 19 Object attributes – Integrity Protection required MI object overview Encapsulated MI Object header, available to LIC –Object domain (Most objects are *SYSTEM domain) –Object owner –Public authority LIC Only –Hardware storage protection setting –Encapsulated object data Associated space, byte addressable area for use by above MI (user and OS) programs. The associated space is used to store operating OS & LIC system and user data for objects, i.e. *CMD, *DTAARA, *JOBD, *USRSPC, *USRPRF, etc. Encapsulated Data Segment, *FILE, *STMF, etc John Smith 111-33-5555 LIC Only Jeff Uehling 222-44-6666 © 2015 International Business Machines Corporation 20 Authority checking and integrity support at level 40 & 50 User written programs, running at security level 40 or 50, MUST use system interfaces (commands and APIs) to gain access to the objects. – Authority checking is enforced by the system interface – Parameter Validation is performed – Object Domain checking is performed – Object Hardware storage protection is performed Direct access by user programs to system objects is not allowed at Security level 40 and 50 due to domain and hardware storage protection attributes. © 2015 International Business Machines Corporation 21 Disclaimer This presentation contains programming examples ("Sample Code"). IBM grants you a nonexclusive copyright license to use the Sample Code to generate similar function tailored to your own specific needs. The Sample Code is provided by IBM for illustrative purposes only. The Sample Code has not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of the Sample Code. The Sample Code contained herein is provided to you "AS IS" without any warranties of any kind. THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGMENT ARE EXPRESSLY DISCLAIMED. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU. IN NO EVENT WILL IBM BE LIABLE TO ANY PARTY FOR ANY DIRECT, INDIRECT, SPECIAL OR OTHER CONSEQUENTIAL DAMAGES FOR ANY USE OF THE SAMPLE CODE INCLUDING, WITHOUT
Recommended publications
  • Automatic Classifying of Mac OS X Samples
    Automatic Classifying of Mac OS X Samples Spencer Hsieh, Pin Wu and Haoping Liu Trend Micro Inc., Taiwan TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information Contents and educational purposes only. It is not intended and should not be construed to constitute legal advice. The information contained herein may not be applicable to all situations and may not reflect the most current situation. Nothing contained herein should be relied on or acted 4 upon without the benefit of legal advice based on the particular facts and circumstances presented and nothing Introduction herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document at any time without prior notice. Translations of any material into other languages are intended solely as a convenience. Translation accuracy 6 is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to Mac OS X Samples Dataset the original language official version of the document. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes. 10 Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro makes no warranties or representations of any kind as Classification of Mach-O Files to its accuracy, currency, or completeness. You agree that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied. 11 Neither Trend Micro nor any party involved in creating, producing, or delivering this document shall be liable for any consequence, loss, or damage, including direct, Malware Families indirect, special, consequential, loss of business profits, or special damages, whatsoever arising out of access to, use of, or inability to use, or in connection with the use of this document, or any errors or omissions in the content 15 thereof.
    [Show full text]
  • Analyzing Android Adware
    San Jose State University SJSU ScholarWorks Master's Projects Master's Theses and Graduate Research Spring 2018 Analyzing Android Adware Supraja Suresh San Jose State University Follow this and additional works at: https://scholarworks.sjsu.edu/etd_projects Part of the Computer Sciences Commons Recommended Citation Suresh, Supraja, "Analyzing Android Adware" (2018). Master's Projects. 621. DOI: https://doi.org/10.31979/etd.7xqe-kdft https://scholarworks.sjsu.edu/etd_projects/621 This Master's Project is brought to you for free and open access by the Master's Theses and Graduate Research at SJSU ScholarWorks. It has been accepted for inclusion in Master's Projects by an authorized administrator of SJSU ScholarWorks. For more information, please contact [email protected]. Analyzing Android Adware A Project Presented to The Faculty of the Department of Computer Science San Jose State University In Partial Fulfillment of the Requirements for the Degree Master of Science by Supraja Suresh May 2018 ○c 2018 Supraja Suresh ALL RIGHTS RESERVED The Designated Project Committee Approves the Project Titled Analyzing Android Adware by Supraja Suresh APPROVED FOR THE DEPARTMENTS OF COMPUTER SCIENCE SAN JOSE STATE UNIVERSITY May 2018 Dr. Mark Stamp Department of Computer Science Dr. Katerina Potika Department of Computer Science Fabio Di Troia Department of Mathematics ABSTRACT Analyzing Android Adware by Supraja Suresh Most Android smartphone apps are free; in order to generate revenue, the app developers embed ad libraries so that advertisements are displayed when the app is being used. Billions of dollars are lost annually due to ad fraud. In this research, we propose a machine learning based scheme to detect Android adware based on static and dynamic features.
    [Show full text]
  • A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics
    UNIVERSIDAD POLITECNICA´ DE MADRID ESCUELA TECNICA´ SUPERIOR DE INGENIEROS INFORMATICOS´ A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics PH.D THESIS Platon Pantelis Kotzias Copyright c 2019 by Platon Pantelis Kotzias iv DEPARTAMENTAMENTO DE LENGUAJES Y SISTEMAS INFORMATICOS´ E INGENIERIA DE SOFTWARE ESCUELA TECNICA´ SUPERIOR DE INGENIEROS INFORMATICOS´ A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF: Doctor of Philosophy in Software, Systems and Computing Author: Platon Pantelis Kotzias Advisor: Dr. Juan Caballero April 2019 Chair/Presidente: Marc Dasier, Professor and Department Head, EURECOM, France Secretary/Secretario: Dario Fiore, Assistant Research Professor, IMDEA Software Institute, Spain Member/Vocal: Narseo Vallina-Rodriguez, Assistant Research Professor, IMDEA Networks Institute, Spain Member/Vocal: Juan Tapiador, Associate Professor, Universidad Carlos III, Spain Member/Vocal: Igor Santos, Associate Research Professor, Universidad de Deusto, Spain Abstract of the Dissertation Potentially unwanted programs (PUP) are a category of undesirable software that, while not outright malicious, can pose significant risks to users’ security and privacy. There exist indications that PUP prominence has quickly increased over the last years, but the prevalence of PUP on both consumer and enterprise hosts remains unknown. Moreover, many important aspects of PUP such as distribution vectors, code signing abuse, and economics also remain unknown. In this thesis, we empirically and sys- tematically analyze in both breadth and depth PUP abuse, prevalence, distribution, and economics. We make the following four contributions. First, we perform a systematic study on the abuse of Windows Authenticode code signing by PUP and malware.
    [Show full text]
  • Common Threats to Cyber Security Part 1 of 2
    Common Threats to Cyber Security Part 1 of 2 Table of Contents Malware .......................................................................................................................................... 2 Viruses ............................................................................................................................................. 3 Worms ............................................................................................................................................. 4 Downloaders ................................................................................................................................... 6 Attack Scripts .................................................................................................................................. 8 Botnet ........................................................................................................................................... 10 IRCBotnet Example ....................................................................................................................... 12 Trojans (Backdoor) ........................................................................................................................ 14 Denial of Service ........................................................................................................................... 18 Rootkits ......................................................................................................................................... 20 Notices .........................................................................................................................................
    [Show full text]
  • Rethinking Security
    RETHINKING SECURITY Fighting Known, Unknown and Advanced Threats kaspersky.com/business “Merchants, he said, are either not running REAL DANGERS antivirus on the servers managing point- of-sale devices or they’re not being updated AND THE REPORTED regularly. The end result in Home Depot’s DEMISE OF ANTIVIRUS case could be the largest retail data breach in U.S. history, dwarfing even Target.” 1 Regardless of its size or industry, your business is in real danger of becoming a victim of ~ Pat Belcher of Invincea cybercrime. This fact is indisputable. Open a newspaper, log onto the Internet, watch TV news or listen to President Obama’s recent State of the Union address and you’ll hear about another widespread breach. You are not paranoid when you think that your financial data, corporate intelligence and reputation are at risk. They are and it’s getting worse. Somewhat more controversial, though, are opinions about the best methods to defend against these perils. The same news sources that deliver frightening stories about costly data breaches question whether or not anti-malware or antivirus (AV) is dead, as reported in these articles from PC World, The Wall Street Journal and Fortune magazine. Reports about the death by irrelevancy of anti-malware technology miss the point. Smart cybersecurity today must include advanced anti-malware at its core. It takes multiple layers of cutting edge technology to form the most effective line of cyberdefense. This eBook explores the features that make AV a critical component of an effective cybersecurity strategy to fight all hazards targeting businesses today — including known, unknown and advanced cyberthreats.
    [Show full text]
  • A Poisoned Apple: the Analysis of Macos Malware Shlayer By: Minh D
    A Poisoned Apple: The Analysis of macOS Malware Shlayer by: Minh D. Nguyen Abstract Historically, the Microsoft Windows operating system family, which currently runs on more than 70 percent of computers in the world,7 has been the main target for malware. However, with the growing popularity of Apple’s MacBook products, the macOS operating system has become a new platform for attackers to target the general computer users. According to the 2016/2017 Security Report of AV-TEST, the number of malware samples for macOS detected in 2016 has increased by an astonishing 370 percent compared to the same figure in 2015.3 In order to address the rising interest of attackers in the macOS operating system, this project provides an analysis of a newly discovered malware for macOS, Shlayer, to reveal a well- known tactic that attackers can utilize to infect machines running on any operating system, and discusses possible countermeasures for this strategy. I. Introduction macOS is often hailed as a more secure operating system compared to its counterpart Microsoft Windows.2 However, in reality, many attacking techniques targeting Windows machines can also be applied to macOS machines. The analysis of the new Shlayer malware, discovered by researchers of Intego in February 2018,1 will reveal a familiar strategy that attackers often utilize to target victim machines without regards of the operating system. With the worldwide growth of macOS usage, it is important to recognize this attacking method and understand that in many cases, the success of an attack does not depend on the security of the operating system but on the awareness of the user.
    [Show full text]
  • Adobe Acrobat Pro Reset Document Password
    Adobe Acrobat Pro Reset Document Password Rutilated Hyman sometimes donned any uprises justled illatively. Mike springed his jillets frustrating third-class Ossieor tyrannically temp, but after Aziz Bogdan baldly overstaffsentitles and her denned cabernet. weakly, bracteal and anthroposophical. Quotidian and creepiest Learn safe to do when you grit your password. Need your PDFs on loan go? You reserved your sidewalk to the Adobe PDF format and Adobe Acrobat, the de facto standard for creating and managing PDF files. You did receive help directly from her article author. Discuss: How they disable Protected View in Microsoft Word associate in to comment. It often indicates a user profile. If error had bought PDF Expert before the app moved to a subscription model, you will be able provide access this feature great free. Open the Comments modal. Edit: is now have our desktop application too. Security concerns often arise beneath the conflict between security and functionality. To guard your minds in peace and gotten help you tactfully dodge any priest of your future purchase wheat have created this web blog. How those Change PDF Permissions. Most of us in our lifetime did change across password protected PDF at school once. The best for the layout similar issue and create the adobe acrobat pro reset document password from pdfs no contractual obligations are as. Moreover, erasing passwords from one file at a time unless both tiresome and troublesome. Open fire original PDF file. Lets users insert, delete, and rotate pages, and create bookmarks and thumbnails. Also removes printing restrictions from files. Adobe Acrobat Reader routinely receives a dozen to more security patches every month.
    [Show full text]
  • Ransomware and Cyber Risk Management
    Ransomware and Cyber Risk Management By Randy Werner Ransomware and cyber extortion represent one of the more malicious types of hacker attacks making the rounds today. It sneaks into computer systems, encrypts files, and demands a ransom before decrypting the files. A major problem is that ransomware does not always decrypt files even after the ransom is paid. Being prepared and taking precautions against cyber risk exposures such as ransomware is therefore essential. Otherwise, if not prepared, you are at the mercy of criminals who prey on unprepared and unsuspecting businesses and individuals. Ransom demands range from a few hundred dollars to several thousand, depending on the size of the victim. Not all ransomware attacks are reported to authorities, so estimates of the total amount paid over the past few years vary widely, ranging up to $300 million. The more notorious names among ransomware are CryptoLocker, CryptoWall, TorrentLocker and Locky, among others. Some attacks rely on software that now has known fixes, so a solution might be found online. However, other ransomware is technically advanced and has no known fix, except for the victim to rely on current backup files. The primary defense is to institute frequent backups of the files you do not want to lose. Some ransomware even seeks out backup copies of files, so best practices include creating multiple backups in different locations. Cloud services, or remote backup services, and external or USB hard drives are options to consider for multiple backups. Even with backup files in place, a firm may still spend many hours gathering, re-entering and reconstructing data.
    [Show full text]
  • Spyware/Adware the Quest for Consumer Desktops & How It Went Wrong
    Spyware/Adware The Quest for Consumer Desktops & How it Went Wrong Saumil Shah Dave Cole Agenda • The Adware & Spyware Business • Disputes, Lawyers & Legislation • The Technology • Looking Ahead How’d we get in this mess? 11stst freewarefreeware AntiSpywareAntiSpyware programsprograms 11stst industryindustry workingworking groupgroup (COAST)(COAST) Adware fromappearappear Direct (( OptOut,Revenue,OptOut, Spybot,Spybot, MediaAggressive MetrixAd-Aware)Ad-Aware) Installs AffiliateAffiliate marketingmarketing iscollapsesiscollapses born,born, courtesycourtesy amidstamidstAdwareAdwareAdware controversy,controversy, from companiescompanies Direct newnew Revenue, 180180 SolutionsSolutions Media &&Aggressive Metrix Installs found in BitTorrent streams • “Persistent” re-try ofof thethe adultadult entertainmententertainmentgroupgroup formedformed industry.industry.found Direct Directasas AntiSpywareAntiSpyware in RevenueRevenue BitTorrent (using(using streams manymany names)names)• “Persistent” re-try KazaaKazaa gainsgains inin popularity,popularity,• ActiveX bundlingbundling “Drive-by” LaterLater abandonedabandoned duedueCoalitionCoalition toto widespreadwidespreadjoinjoin thethe fray.fray. • ActiveX “Drive-by” FirstFirst adwareadwaremanymany adware adwareprogramsprograms programsprograms appearappear foronforon thefundingthefunding scene,scene, fraudfraud andand abuse.abuse. CometComet SystemsSystems embroiledembroiled inin classclass actionaction lawsuit,lawsuit, Aureate/Radiate & Conducent TimeSink. Aureate/Radiatespywarespyware & debatesdebates
    [Show full text]
  • Malware Primer Malware Primer
    Malware Primer Malware Primer Table of Contents Introduction Introduction ...........................................................................................................................................................................2 In The Art of War, Sun Tzu wrote, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” This certainly applies Chapter 1: A Brief History of Malware—Its Evolution and Impact ..............................3 to cyberwarfare. This primer will help you get to know cybercriminals by providing you with a solid foundation in one of their principle weapons: Chapter 2: Malware Types and Classifications ....................................................................................8 malware. Chapter 3: How Malware Works—Malicious Strategies and Tactics ........................11 Our objective here is to provide a baseline of knowledge about the different types of malware, what malware is capable of, and how it’s distributed. Chapter 4: Polymorphic Malware—Real Life Transformers .............................................14 Because effectively protecting your network, users, data, and company from Chapter 5: Keyloggers and Other Password Snatching Malware ...............................16 malware-based attacks requires an understanding of the various ways that the enemy is coming at you. Chapter 6: Account and Identity Theft Malware ...........................................................................19 Keep in mind, however, that we’re only able here
    [Show full text]
  • Cisco AMP for Endpoints: Exploit Prevention
    White Paper Cisco AMP for Endpoints: Exploit Prevention © 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 12 Contents What you will learn .................................................................................................................................................. 3 Introduction .............................................................................................................................................................. 3 AMP for Endpoints protection lattice ..................................................................................................................... 3 Exploit Prevention technology ............................................................................................................................... 5 How it works ............................................................................................................................................................. 5 Protected processes................................................................................................................................................ 7 Performance ............................................................................................................................................................. 8 Compatibility ............................................................................................................................................................ 8 Compare Exploit Prevention with ASLR ...............................................................................................................
    [Show full text]
  • A User Driven Cloud Based Multisystem Malware Detection System Brian Steven Cain Iowa State University
    Iowa State University Capstones, Theses and Graduate Theses and Dissertations Dissertations 2016 A user driven cloud based multisystem malware detection system Brian Steven Cain Iowa State University Follow this and additional works at: https://lib.dr.iastate.edu/etd Part of the Computer Engineering Commons Recommended Citation Cain, Brian Steven, "A user driven cloud based multisystem malware detection system" (2016). Graduate Theses and Dissertations. 15112. https://lib.dr.iastate.edu/etd/15112 This Thesis is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Graduate Theses and Dissertations by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. A user driven cloud based multisystem malware detection system by Brian Steven Cain A thesis submitted to the graduate faculty in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE Major: Information Assurance Program of Study Committee: Doug Jacobson, Major Professor Manimaran Govindarasu Diane Thiede Rover Iowa State University Ames, Iowa 2016 Copyright © Brian Steven Cain, 2016. All rights reserved. ii TABLE OF CONTENTS LIST OF FIGURES .................................................................................................................. v LIST OF TABLES ..................................................................................................................
    [Show full text]