Towards Automated Privilege Separation
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Mobile Telemedicine and Wireless Remote Monitoring Applications
İSTANBUL TECHNICAL UNIVERSITY INSTITUTE OF SCIENCE AND TECHNOLOGY MOBILE TELEMEDICINE AND WIRELESS REMOTE MONITORING APPLICATIONS M.Sc. Thesis by Taner SOYUGENÇ, B.Sc. Department : Electronics and Communication Engineering Programme : Biomedical Engineering NOVEMBER 2006 PREFACE In this project, my main goal is to implement a mobile sample application by defining the related global standards for telemedicine. The work is focused on recommendations of technology associated with a feasibility study. First of all, I would like to thank Assoc. Prof. Dr. Selçuk PAKER for his valuable advice, support and encouragement to accomplish the project. Besides, I would like to thank my family who is always with me giving support at every step of my life. November 2006 Taner SOYUGENÇ iii CONTENTS ACRONYMS vi LIST OF TABLES viii LIST OF FIGURES ix SUMMARY xi ÖZET xii 1. INTRODUCTION 1 1.1. Technology Overview 2 1.1.1. Communication Infrastructure 5 1.1.2. Overview of GSM-GPRS 6 1.1.2.1. Brief History of GSM 8 1.1.2.2. GPRS 12 1.1.3. Mobile Solutions 14 1.1.4. Wireless Medical Sensors 15 1.2. Aim of the Project 16 2. WORLDWIDE APPLICATIONS, VENDORS AND STANDARDS 18 2.1. Available Products 19 2.1.1. ECG 19 2.1.2. Pulse Oximeter 20 2.1.3. Blood Pressure Sensor 23 2.1.4. Various Sensor Brands 24 2.1.5. Advanced Research 27 2.1.6. Home Care Monitoring Systems 31 2.2. Medical Information Standards and Organizations 35 2.2.1. ASTM 39 2.2.2. CEN/TC251 Health Informatics 39 2.2.3. -
Network Administration IP Addresses
Introduction IP addresses Toward IPv6 Host name Routing Services Integration between different OS Introduction IP addresses Toward IPv6 Host name Routing Services Integration between different OS Outline Introduction Network Administration IP addresses Toward IPv6 Grégory Mounié Host name SCCI - Master-2 Routing <2013-09-17 mar.> Services Integration between different OS 1 / 75 2 / 75 Introduction IP addresses Toward IPv6 Host name Routing Services Integration between different OS Introduction IP addresses Toward IPv6 Host name Routing Services Integration between different OS Challenge Introduction IP addresses For people with sufficient background: Toward IPv6 easy Chat on google talk (or facebook) with XMPP on wifi-campus/eduroam of the campus Host name hard Surf on ipv6.google.com on wifi-campus/eduroam of the campus Routing Services Integration between different OS 3 / 75 3 / 75 Introduction IP addresses Toward IPv6 Host name Routing Services Integration between different OS Introduction IP addresses Toward IPv6 Host name Routing Services Integration between different OS Networks Networks of networks Definition (network) group of interconnected machines Definition (Internet) • network of networks • based on TCP (Transmission Control Protocol) and IP (Internet Protocol) protocols Figure : Interconnection of networks 4 / 75 5 / 75 Introduction IP addresses Toward IPv6 Host name Routing Services Integration between different OS Introduction IP addresses Toward IPv6 Host name Routing Services Integration between different OS TCP/IP IP address • unique number identifying a Network interface • eg. IPv6: 2a00:1450:4009:804::1007; Internet Protocol • IPv4: 74.125.230.130 • identifies network interfaces • eg. IPv6: fe80::2677:3ff:fe2e:22c0/64; • handles routing • IPv4: 192.168.0.1 • eg. -
Next Generation Web Scanning Presentation
Next generation web scanning New Zealand: A case study First presented at KIWICON III 2009 By Andrew Horton aka urbanadventurer NZ Web Recon Goal: To scan all of New Zealand's web-space to see what's there. Requirements: – Targets – Scanning – Analysis Sounds easy, right? urbanadventurer (Andrew Horton) www.morningstarsecurity.com Targets urbanadventurer (Andrew Horton) www.morningstarsecurity.com Targets What does 'NZ web-space' mean? It could mean: •Geographically within NZ regardless of the TLD •The .nz TLD hosted anywhere •All of the above For this scan it means, IPs geographically within NZ urbanadventurer (Andrew Horton) www.morningstarsecurity.com Finding Targets We need creative methods to find targets urbanadventurer (Andrew Horton) www.morningstarsecurity.com DNS Zone Transfer urbanadventurer (Andrew Horton) www.morningstarsecurity.com Find IP addresses on IRC and by resolving lots of NZ websites 58.*.*.* 60.*.*.* 65.*.*.* 91.*.*.* 110.*.*.* 111.*.*.* 113.*.*.* 114.*.*.* 115.*.*.* 116.*.*.* 117.*.*.* 118.*.*.* 119.*.*.* 120.*.*.* 121.*.*.* 122.*.*.* 123.*.*.* 124.*.*.* 125.*.*.* 130.*.*.* 131.*.*.* 132.*.*.* 138.*.*.* 139.*.*.* 143.*.*.* 144.*.*.* 146.*.*.* 150.*.*.* 153.*.*.* 156.*.*.* 161.*.*.* 162.*.*.* 163.*.*.* 165.*.*.* 166.*.*.* 167.*.*.* 192.*.*.* 198.*.*.* 202.*.*.* 203.*.*.* 210.*.*.* 218.*.*.* 219.*.*.* 222.*.*.* 729,580,500 IPs. More than we want to try. urbanadventurer (Andrew Horton) www.morningstarsecurity.com IP address blocks in the IANA IPv4 Address Space Registry Prefix Designation Date Whois Status [1] ----- -
Least Privilege and Privilege Separation
CSE 127: Computer Security Least privilege and privilege separation Deian Stefan Slides adopted from John Mitchell, Dan Boneh, and Stefan Savage This week… • How to build secure systems ➤ Least privilege and privilege separation ➤ Sandboxing and isolation • Key is underlying principles not mechanisms ➤ We’re going to look at systems techniques ➤ Other ways to achieve similar goals: language-based Principles of secure design • Principle of least privilege • Privilege separation • Defense in depth ➤ Use more than one security mechanism ➤ Fail securely/closed • Keep it simple Principles of secure design • Principle of least privilege • Privilege separation • Defense in depth ➤ Use more than one security mechanism ➤ Fail securely/closed • Keep it simple Principle of Least Privilege Defn: A system should only have the minimal privileges needed for its intended purposes • What’s a privilege? ➤ Ability to access (e.g., read or write) a resource Principle of Least Privilege Defn: A system should only have the minimal privileges needed for its intended purposes • What’s a privilege? ➤ Ability to access (e.g., read or write) a resource Principle of Least Privilege Defn: A system should only have the minimal privileges needed for its intended purposes • What’s a privilege? ➤ Ability to access (e.g., read or write) a resource What’s the problem with this defn? • Talking about a huge, monolith system is not really useful • Why? Network Network User input User device File system File system Breaking a system into components • Compartmentalization and isolation ➤ Separate the system into isolated compartments ➤ Limit interaction between compartments • Why is this more meaningful? Network Network User input User device File system File system How dow we break things apart? Map compartment to user ids! • Recall: permissions in UNIX granted according to UID ➤ A process may access files, network sockets, …. -
New Concept of the Android Keystore Service with Regard to Security and Portability
University of Bremen Department of Mathematics and Computer Science New concept of the Android keystore service with regard to security and portability. Master’s Thesis by Fritjof Bornebusch reviewed by Dr. Karsten Sohr Prof. Dr. Jan Peleska supervised by Dipl. Inf. Florian Junge 2016 Confirmation I hereby confirm that I wrote this master thesis on my own and that I have used only the indicated references, resources, and aids. In German: Hiermit bestätige ich, dass ich die vorliegende Masterthesis selbstständig verfasst, und keine anderen als die angegebenen Quellen und Hilfsmittel verwendet habe. Bremen, 1/13/2016 Fritjof Bornebusch “Any fool can write code that a computer can understand. Good programmers write code that humans can understand.” – Martin Fowler – Bornebusch, Fritjof New concept of the Android keystore service with regard to security and portability. Master’s thesis, Department 3 - Mathematics / Computer Science University of Bremen, 2015 This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0). To view a copy of this license, send an email to [email protected], visit http://creativecommons.org/licenses/by-nc-sa/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, California, 94042, USA. Table of Contents Acknowledgements 7 List of Figures 9 List of Listings 10 Acronyms 13 Glossary 15 1 Introduction 19 2 Background 24 2.1 Android System Architecture . 24 2.1.1 Security-Enhanced Linux . 28 2.1.2 Capabilities . 31 2.2 Memory Vulnerabilities . 32 2.2.1 Buffer Overflow Protection . 33 2.2.2 Dead Store Elimination . -
Integration of Security Measures and Techniques in an Operating System (Considering Openbsd As an Example)
Motivation Security Solutions and Techniques Summary Integration of Security Measures and Techniques in an Operating System (considering OpenBSD as an example) Igor Boehm Institute for Information Processing and Microprocessor Technology Johannes Kepler University Linz, Austria Igor Boehm Integration of Security Measures and Techniques in an OS Motivation Security Solutions and Techniques Summary Outline 1 Motivation The Basic Problem Being Studied Preliminary Solution Ideas and Goals 2 Security Solutions and Techniques Secure Software Design Techniques Memory Protection Techniques Relevance of Random Numbers for Security Igor Boehm Integration of Security Measures and Techniques in an OS Motivation The Basic Problem Being Studied Security Solutions and Techniques Preliminary Solution Ideas and Goals Summary Outline 1 Motivation The Basic Problem Being Studied Preliminary Solution Ideas and Goals 2 Security Solutions and Techniques Secure Software Design Techniques Memory Protection Techniques Relevance of Random Numbers for Security Igor Boehm Integration of Security Measures and Techniques in an OS Motivation The Basic Problem Being Studied Security Solutions and Techniques Preliminary Solution Ideas and Goals Summary The Basic Problem Being Studied The Clever Attacker: . finds a bug . knows how to craft an exploit . the exploit grants the attacker an advantage . the exploit is likely to work on many systems because of the strict regularity of the system environment Is there a way to solve this problem? Igor Boehm Integration of Security -
Defense and Detection Strategies Against Internet Worms
Defense and Detection Strategies against Internet Worms For quite a long time, computer security was a rather narrow field of study that was populated mainly by theoretical computer scientists, electri- cal engineers, and applied mathematicians. With the proliferation of open systems in general, and of the Internet and the World Wide Web (WWW) in particular, this situation has changed fundamentally. Today, computer and network practitioners are equally interested in computer security, since they require technologies and solutions that can be used to secure applications related to electronic commerce. Against this background, the field of com- puter security has become very broad and includes many topics of interest. The aim of this series is to publish state-of-the-art, high standard technical books on topics related to computer security. Further information about the series can be found on the WWW at the following URL: http://www.esecurity.ch/serieseditor.html Also, if you’d like to contribute to the series by writing a book about a topic related to computer security, feel free to contact either the Commissioning Editor or the Series Editor at Artech House. For a listing of recent titles in the Artech House Computer Security Series, turn to the back of this book. Defense and Detection Strategies against Internet Worms Jose Nazario Artech House Boston • London www.artechhouse.com Library of Congress Cataloging-in-Publication Data A catalog record of this book is available from the U.S. Library of Congress. British Library Cataloguing in Publication Data Nazario, Jose Defense and detection strategies against Internet worms. — (Artech House computer security library) 1. -
VULNERABLE by DESIGN: MITIGATING DESIGN FLAWS in HARDWARE and SOFTWARE Konoth, R.K
VU Research Portal VULNERABLE BY DESIGN: MITIGATING DESIGN FLAWS IN HARDWARE AND SOFTWARE Konoth, R.K. 2020 document version Publisher's PDF, also known as Version of record Link to publication in VU Research Portal citation for published version (APA) Konoth, R. K. (2020). VULNERABLE BY DESIGN: MITIGATING DESIGN FLAWS IN HARDWARE AND SOFTWARE. General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal ? Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. E-mail address: [email protected] Download date: 07. Oct. 2021 VULNERABLE BY DESIGN: MITIGATING DESIGN FLAWS IN HARDWARE AND SOFTWARE PH.D. THESIS RADHESH KRISHNAN KONOTH VRIJE UNIVERSITEIT AMSTERDAM, 2020 Faculty of Science The research reported in this dissertation was conducted at the Faculty of Science — at the Department of Computer Science — of the Vrije Universiteit Amsterdam This work was supported by the MALPAY consortium, consisting of the Dutch national police, ING, ABN AMRO, Rabobank, Fox-IT, and TNO. -
공개sw 솔루션 목록(2015.6.30)
OS/DBMS/WEB/WAS 공개SW 솔루션 목록(2015.6.30) 순번 분류 솔루션명 라이선스 기술지원 홈페이지 제품개요 1 DBMS C-JDBC LGPL community http://c-jdbc.ow2.org/ 데이터베이스 클러스터 2 DBMS DB4 오브젝트(db4o) GPL & dOCL prof/community http://www.db4o.com 객체지향 메모리 데이터베이스 엔진 GPL v2, GPL v3, 3 DBMS Drizzle community http://www.drizzle.org/ MySQL 6.0에서 파생된 RDBMS BSD 4 DBMS H2 EPL, MPL community http://www.h2database.com/ 자바기반 RDBMS HSQLDB 5 DBMS (Hyper Structured Query BSD community http://www.hsqldb.org 경량의 Java 기반 관계형 데이터베이스 Language Database) 데이터 웨어하우스, OLAP서버, BI 시스템 운용을 목적으 6 DBMS LucidDB GPL v2, LGPL v2 community http://luciddb.sourceforge.net 로 개발된 오픈소스 DBMS GPL v3, AGPL v3, 7 DBMS Neo4j community http://www.neo4j.org 그래프 데이터베이스 commercial AGPL v3, 8 DBMS VoltDB Proprietary prof/community http://voltdb.com/ 인메모리기반 RDBMS License 오픈소스 관계형 데이터베이스 관리 시스템. 9 DBMS 마리아DB(MariaDB) GPLv2, LGPL prof/community https://mariadb.org/ MySQL과 동일한 소스 코드를 기반 세계에서 가장 널리 사용되고 있는 대표적인 10 DBMS 마이에스큐엘(MySQL) GPL v2 prof/community http://www.mysql.com 관계형 데이터베이스 ※ prof : Professional Support(전문업체 기술지원) ※ community : Community Support(커뮤니티 기술지원) OS/DBMS/WEB/WAS 공개SW 솔루션 목록(2015.6.30) 순번 분류 솔루션명 라이선스 기술지원 홈페이지 제품개요 IBM에서 기증한 cloudscape 소스 기반으로 11 DBMS 아파치 더비(Apache Derby) Apache v2 community http://db.apache.org/derby/ 개발된 Java 기반의 관계형 데이터베이스 Berkeley 오라클 버클리 DB Database License http://www.oracle.com/kr/products/database/ 슬리피캣을 인수한 오라클에서 제공하는 12 DBMS prof/community (Oracle Berkeley DB) or berkeley-db/index.html 고성능 임베디드 데이터베이스 Sleepycat License GPL or Postgresql 데이터베이스의 기반으로 상용화된 13 DBMS 잉그레스(Ingres) prof/community -
Openbsd Ports...What the Heck?!
OpenBSD ports...what the heck?! Jasper Lievisse Adriaanse [email protected] pkgsrcCon, Basel, May 2010 Agenda 1 Introduction 2 Hackathons 3 pkg add(1) 4 Recent developments 5 Differences with pkgsrc 6 Conclusion Agenda 1 Introduction 2 Hackathons 3 pkg add(1) 4 Recent developments 5 Differences with pkgsrc 6 Conclusion Who am I? Jasper Lievisse Adriaanse (jasper@). Developer since 2006. Code in all parts of the system. Terminology Port Platform OpenBSD... Unix-like, multi-platform operating system. Derived from 4.4BSD, NetBSD fork. Kernel + userland + documentation maintained together. 3rd party applications available via the ports system. Anoncvs, OpenSSH, strlcpy(3)/strlcat(3). One release every 6 months, regardless. OpenBSD... (cont.) 16 platforms: alpha, amd64, armish, hp300, hppa, i386, landisk, loongson, mvme68k, mvme88k, sgi, socppc, sparc, sparc64, vax, zaurus. OpenBSD... (cont.) 13 binary architectures: alpha, amd64, arm, hppa, i386, m68k, mips64, mips64el, powerpc, sh, sparc, sparc64, vax. OpenBSD... (cont.) W.I.P. platforms aviion, hppa64, palm, solbourne. Agenda 1 Introduction 2 Hackathons 3 pkg add(1) 4 Recent developments 5 Differences with pkgsrc 6 Conclusion What is...a Heckethun? Hackathons do not have talks, or a specific schedule. People hack and discuss... ...and drink (Humppa!). Hackathons General hackathon Mini hackathons Hardware, network, ports, filesystem/uvm, routing. Heckethuns ere-a fur sterteeng sumetheen oor feenishing sumetheeng, nut but. Su dun’t bork zee tree-a! Bork bork bork! Ports hackathons Ports hackathons Yearly event. Very creative and productive atmosphere. No presentations. Just hacking, fun and beer... ...and wine! Agenda 1 Introduction 2 Hackathons 3 pkg add(1) 4 Recent developments 5 Differences with pkgsrc 6 Conclusion µ history Common ancestor; the FreeBSD ape. -
Pipenightdreams Osgcal-Doc Mumudvb Mpg123-Alsa Tbb
pipenightdreams osgcal-doc mumudvb mpg123-alsa tbb-examples libgammu4-dbg gcc-4.1-doc snort-rules-default davical cutmp3 libevolution5.0-cil aspell-am python-gobject-doc openoffice.org-l10n-mn libc6-xen xserver-xorg trophy-data t38modem pioneers-console libnb-platform10-java libgtkglext1-ruby libboost-wave1.39-dev drgenius bfbtester libchromexvmcpro1 isdnutils-xtools ubuntuone-client openoffice.org2-math openoffice.org-l10n-lt lsb-cxx-ia32 kdeartwork-emoticons-kde4 wmpuzzle trafshow python-plplot lx-gdb link-monitor-applet libscm-dev liblog-agent-logger-perl libccrtp-doc libclass-throwable-perl kde-i18n-csb jack-jconv hamradio-menus coinor-libvol-doc msx-emulator bitbake nabi language-pack-gnome-zh libpaperg popularity-contest xracer-tools xfont-nexus opendrim-lmp-baseserver libvorbisfile-ruby liblinebreak-doc libgfcui-2.0-0c2a-dbg libblacs-mpi-dev dict-freedict-spa-eng blender-ogrexml aspell-da x11-apps openoffice.org-l10n-lv openoffice.org-l10n-nl pnmtopng libodbcinstq1 libhsqldb-java-doc libmono-addins-gui0.2-cil sg3-utils linux-backports-modules-alsa-2.6.31-19-generic yorick-yeti-gsl python-pymssql plasma-widget-cpuload mcpp gpsim-lcd cl-csv libhtml-clean-perl asterisk-dbg apt-dater-dbg libgnome-mag1-dev language-pack-gnome-yo python-crypto svn-autoreleasedeb sugar-terminal-activity mii-diag maria-doc libplexus-component-api-java-doc libhugs-hgl-bundled libchipcard-libgwenhywfar47-plugins libghc6-random-dev freefem3d ezmlm cakephp-scripts aspell-ar ara-byte not+sparc openoffice.org-l10n-nn linux-backports-modules-karmic-generic-pae -
Comparison of Web Server Software from Wikipedia, the Free Encyclopedia
Create account Log in Article Talk Read Edit ViewM ohrisetory Search Comparison of web server software From Wikipedia, the free encyclopedia Main page This article is a comparison of web server software. Contents Featured content Contents [hide] Current events 1 Overview Random article 2 Features Donate to Wikipedia 3 Operating system support Wikimedia Shop 4 See also Interaction 5 References Help 6 External links About Wikipedia Community portal Recent changes Overview [edit] Contact page Tools Server Developed by Software license Last stable version Latest release date What links here AOLserver NaviSoft Mozilla 4.5.2 2012-09-19 Related changes Apache HTTP Server Apache Software Foundation Apache 2.4.10 2014-07-21 Upload file Special pages Apache Tomcat Apache Software Foundation Apache 7.0.53 2014-03-30 Permanent link Boa Paul Phillips GPL 0.94.13 2002-07-30 Page information Caudium The Caudium Group GPL 1.4.18 2012-02-24 Wikidata item Cite this page Cherokee HTTP Server Álvaro López Ortega GPL 1.2.103 2013-04-21 Hiawatha HTTP Server Hugo Leisink GPLv2 9.6 2014-06-01 Print/export Create a book HFS Rejetto GPL 2.2f 2009-02-17 Download as PDF IBM HTTP Server IBM Non-free proprietary 8.5.5 2013-06-14 Printable version Internet Information Services Microsoft Non-free proprietary 8.5 2013-09-09 Languages Jetty Eclipse Foundation Apache 9.1.4 2014-04-01 Čeština Jexus Bing Liu Non-free proprietary 5.5.2 2014-04-27 Galego Nederlands lighttpd Jan Kneschke (Incremental) BSD variant 1.4.35 2014-03-12 Português LiteSpeed Web Server LiteSpeed Technologies Non-free proprietary 4.2.3 2013-05-22 Русский Mongoose Cesanta Software GPLv2 / commercial 5.5 2014-10-28 中文 Edit links Monkey HTTP Server Monkey Software LGPLv2 1.5.1 2014-06-10 NaviServer Various Mozilla 1.1 4.99.6 2014-06-29 NCSA HTTPd Robert McCool Non-free proprietary 1.5.2a 1996 Nginx NGINX, Inc.