fred sam joe fred sam joe a brief history of
play

Fred Sam Joe Fred Sam Joe A BRIEF HISTORY OF COMMUNICATIONS - PowerPoint PPT Presentation

Oct 07, 2023 •126 likes •350 views

THERE AND BACK AGAIN BRIAN CHESS SEPTEMBER 2013 Fred Sam Joe Fred Sam Joe A BRIEF HISTORY OF COMMUNICATIONS SECURITY 6 COMPUTER SECURITY 7 THE PROGRAMMER "Programming is hard" Donald Knuth Programmers not historically

  1. THERE AND BACK AGAIN BRIAN CHESS SEPTEMBER 2013

  3. Fred Sam Joe

  4. Fred Sam Joe

  6. A BRIEF HISTORY OF COMMUNICATIONS SECURITY 6

  7. COMPUTER SECURITY 7

  8. THE PROGRAMMER "Programming is hard" Donald Knuth • Programmers not historically responsible for security. • Programmers already have one hard job to do. 8

  9. DEFENSIVE PROGRAMMING IS NOT ENOUGH Defensive programming: "Write the program to cope with small disasters." [Kernighan and Plauger] A C function with no error checking: void printMsg(FILE* file, char* msg) { fprintf(file, msg); } Crashes when file or msg is null. 9

  10. DEFENSIVE PROGRAMMING IS NOT ENOUGH Error checking added: void printMsg(FILE* file, char* msg) { if (file == NULL) { logError("attempt to print to null file"); } else if (msg == NULL) { logError("attempt to print null message"); } else { fprintf(file, msg); } No more crashes. Fixed? } Hint: AAA1_%08x.%08x.%08x.%08x.%08x.%n 10

  11. THIS IS ENOUGH Must also defend against format string attacks : void printMsg(FILE* file, char* msg) { if (file == NULL) { logError("attempt to print to null file"); } else if (msg == NULL) { logError("attempt to print null message"); } else { fprintf(file, "%.128s" , msg); } } 11

  12. SOFTWARE QUALITY VS. SOFTWARE SECURITY QUALITY SECURITY • Cannot be bolted on • Cannot be bolted on • Must be built in • Must be built in • Does the program do what • Does the program have it's supposed to do? “bonus” features? • Will the users be happy? • Will the attackers get what they want? • Are common cases smooth • Are there corner cases we and easy? haven't considered? • Will people pay for it? • What do we stand to lose? 12

  13. THE EXPLOITABILITY TRAP Trap Clearly Dangerous Clearly Safe “ I’ll fix it if you show me an exploit. ” 13

  14. CITI IPHONE INFO LEAK 14

  15. BER BERTRAND TRAND RUSSELL USSELL ’ S CHICKEN S CHICKEN Food Food Shelter Shelter Companions Companions 15

  16. Success is foreseeing failure. – Henry Petroski

  17. STATIC ANALYSIS IS GOOD

  18. STATIC ANALYSIS = GOOD = getInputFroNetwork(); buff newBuff copyBuffer( , ); buff exec( ); (command injection) newBuff

  19. CHAINSAW

  20. MEASURING PROCESS Building Security In Maturity Model (BSIMM) http://www.bsi-mm.com 20

  21. THERE AND BACK AGAIN BRIAN CHESS SEPTEMBER 2013

Recommend

www.instove.org Fred Colgan Co-founder and Executive Director fred@instove.org Office: +1 541

www.instove.org Fred Colgan Co-founder and Executive Director fred@instove.org Office: +1 541

www.instove.org Fred Colgan Co-founder and Executive Director fred@instove.org Office: +1 541 515 1330 Mobile: +1 541 514 3653 Our Mission: We are a humanitarian not-for-profit organization, dedicated to mass producing high quality

675 views • 29 slides
Planetesimal Collisions as Clues to the Early Dynamic History of the Solar System Fred Ciesla 1

Planetesimal Collisions as Clues to the Early Dynamic History of the Solar System Fred Ciesla 1

Planetesimal Collisions as Clues to the Early Dynamic History of the Solar System Fred Ciesla 1 Thomas Davison 2 Gareth Collins 2 David OBrien 3 1 University of Chicago 2 Imperial College London 3 Planetary Science Institute Bill Hartmann Art

607 views • 37 slides
@lunivore An Example of an Example Given Fred has bought a microwave And the microwave cost

@lunivore An Example of an Example Given Fred has bought a microwave And the microwave cost

Liz Keogh @lunivore An Example of an Example Given Fred has bought a microwave And the microwave cost 100 When we refund the microwave Then Fred should be refunded 100. Examples Given a context When an event happens Then an outcome

904 views • 73 slides
Turbomachinery Applications w ith STAR-CCM+ Fred Mendona Fred Mendona Turbomachinery Sector

Turbomachinery Applications w ith STAR-CCM+ Fred Mendona Fred Mendona Turbomachinery Sector

Turbomachinery Applications w ith STAR-CCM+ Fred Mendona Fred Mendona Turbomachinery Sector Manager An Integrated Solution The applications of the software A single integrated software g g seem to be infinite. The user-friendly

596 views • 20 slides
Contact data validation in FRED Jaromir Talir jaromir.talir@nic.cz 18.11.2013 Agenda

Contact data validation in FRED Jaromir Talir jaromir.talir@nic.cz 18.11.2013 Agenda

Contact data validation in FRED Jaromir Talir jaromir.talir@nic.cz 18.11.2013 Agenda FRED To validate or not to validate Other approaches Our way Keeping contacts data valid Conclusion FRED Open source

282 views • 17 slides
Research and Education on Power Electronics for Power Systems Fred Wang fred.wang@utk.edu NSF

Research and Education on Power Electronics for Power Systems Fred Wang fred.wang@utk.edu NSF

Research and Education on Power Electronics for Power Systems Fred Wang fred.wang@utk.edu NSF Workshop on Power Electronics- enabled Operation of Power Systems Chicago, IL October 31, 2019 CURENT at a Glance CURENT was established in

841 views • 22 slides
Bias Robert S. Chang Professor of Law and Director, Fred T. Korematsu Center for Law and

Bias Robert S. Chang Professor of Law and Director, Fred T. Korematsu Center for Law and

Bias Robert S. Chang Professor of Law and Director, Fred T. Korematsu Center for Law and Equality changro@seattleu.edu So far . . . History/context Disproportionalities throughout CJS Proffered causes Crime commission

613 views • 15 slides
Investor Presentation July 2020 Fred Liu, CFA Hayden Capital, LLC 1345 Avenue of the Americas,

Investor Presentation July 2020 Fred Liu, CFA Hayden Capital, LLC 1345 Avenue of the Americas,

Investor Presentation July 2020 Fred Liu, CFA Hayden Capital, LLC 1345 Avenue of the Americas, 33 rd Floor Managing Partner New York, NY. 10105 Office: (646) 883-8805 Mobile: (513) 304-3313 Email: fred.liu@haydencapital.com Disclaimer

156 views • 13 slides
FRED update ICANN61 TechDay Puerto Rico Jaromir Talir jaromir.talir@nic.cz

FRED update ICANN61 TechDay Puerto Rico Jaromir Talir jaromir.talir@nic.cz

FRED update ICANN61 TechDay Puerto Rico Jaromir Talir jaromir.talir@nic.cz 12.03.2018 What is FRED? Open source domain registry solution EPP, DNSSEC, WHOIS, RDAP Developed (and used) by CZ.NIC since 2006 Just

649 views • 18 slides
Building the Next Generation of Researchers: Why does it Matter? Prof. Fred Wabwire Mangen

Building the Next Generation of Researchers: Why does it Matter? Prof. Fred Wabwire Mangen

Building the Next Generation of Researchers: Why does it Matter? Prof. Fred Wabwire Mangen Lead Trainer Makerere University Overview o Ov of I Inter-University Child Focu cused Research ch Training Fred Wabwire-Ma Fr Mangen en MB

517 views • 36 slides
remote monitoring technology in extensive grazing industries @FMCentre Shawn McGrath Fred

remote monitoring technology in extensive grazing industries @FMCentre Shawn McGrath Fred

Proposals to develop/validate remote monitoring technology in extensive grazing industries @FMCentre Shawn McGrath Fred Morley Centre School of Animal and Veterinary Sciences Charles Sturt University Fred Morley Unit SCR applications in

495 views • 10 slides
Quad working point Fred Hartjes NIKHEF 1. False hits when using T2K gas 2. Reduction of the gas

Quad working point Fred Hartjes NIKHEF 1. False hits when using T2K gas 2. Reduction of the gas

Quad working point Fred Hartjes NIKHEF 1. False hits when using T2K gas 2. Reduction of the gas gain at high rate Both solvable in the MEMS technology LC-TPC Collaboration Meeting January 14, 2020 False hits when using T2K gas Fred Hartjes 2

706 views • 25 slides
BIM DELIVERABLES FOR MASON CONTRACTORS VOLUMES I & II Prepared by Fred Kinateder Kinateder

BIM DELIVERABLES FOR MASON CONTRACTORS VOLUMES I & II Prepared by Fred Kinateder Kinateder

BIM DELIVERABLES FOR MASON CONTRACTORS VOLUMES I & II Prepared by Fred Kinateder Kinateder Fred Kinateder Kinateder Consulting DELIVERABLES GUIDES I &II CONTRIBUTORS Adrian Siverson R & D Masonry Mike Kinateder, KMI

817 views • 58 slides
Best Practices for Recovery Houses Fred Way Pennsylvania Alliance of Recovery Residences

Best Practices for Recovery Houses Fred Way Pennsylvania Alliance of Recovery Residences

Best Practices for Recovery Houses Fred Way Pennsylvania Alliance of Recovery Residences National Alliance for Recovery Residences s HISTORY OF OAS RECOVERY HOUSE SYSTEM AND STANDARDS In Fisc scal al Year 1995 the Philad adelphia

1.15k views • 35 slides
Chris Savage, Bell Helicopter Infrastructure Operations Mgr Introductions Fred Devoir Chris

Chris Savage, Bell Helicopter Infrastructure Operations Mgr Introductions Fred Devoir Chris

NVIDIA GRID and Dassault Catia from Proof of Concept to Production April 5, 2016 Fred Devoir, Textron Mgr IT Infrastructure Chris Savage, Bell Helicopter Infrastructure Operations Mgr Introductions Fred Devoir Chris Savage Manager IT

460 views • 13 slides
Pr Prevention and Treatment of Osteoporosis (What more do we need to kn know?) Fred Saad MD

Pr Prevention and Treatment of Osteoporosis (What more do we need to kn know?) Fred Saad MD

Pr Prevention and Treatment of Osteoporosis (What more do we need to kn know?) Fred Saad MD FRCS Professor and Chairman of Urology Director of GU Oncology Raymond Garneau Chair in Prostate Cancer University of Montreal Hospital Center

573 views • 46 slides
Subnetwork Encapsulation and Adaptation Layer (SEAL) IETF76 INTAREA Meeting Fred L. Templin

Subnetwork Encapsulation and Adaptation Layer (SEAL) IETF76 INTAREA Meeting Fred L. Templin

Subnetwork Encapsulation and Adaptation Layer (SEAL) IETF76 INTAREA Meeting Fred L. Templin fred.l.templin@boeing.com Tunnel Maximum Transmission Unit (MTU) End-to-End Final Destination Marginal Link Tunnel (MTU=1500) MTU=1500 MTU=1KB

438 views • 11 slides
Selective Unification in Constraint Logic Programming Fred Mesnard University of R eunion

Selective Unification in Constraint Logic Programming Fred Mesnard University of R eunion

Selective Unification in Constraint Logic Programming Fred Mesnard University of R eunion Island Joint work with Etienne Payet (University of R eunion Island) and Germ an Vidal (Technical University of Valencia) Fred Mesnard (U. of

472 views • 36 slides
Club Captains Introduction Race Officials, Bosons, Parents Sailors and Coaches Jos Law Fred

Club Captains Introduction Race Officials, Bosons, Parents Sailors and Coaches Jos Law Fred

Club Captains Introduction Race Officials, Bosons, Parents Sailors and Coaches Jos Law Fred Allen Series Optimist 1 st Place: Charles Gray 2 nd Place: Elle Sankey 3 rd Place :Henry Stringer Fred Allen Series Results Lasers 1 st 4.7 Matt

517 views • 49 slides
CS4224/CS5424 Lecture 3 Storage & Indexing B + -tree Index Fred Bob Dave Hal Joe (Alice,

CS4224/CS5424 Lecture 3 Storage & Indexing B + -tree Index Fred Bob Dave Hal Joe (Alice,

CS4224/CS5424 Lecture 3 Storage & Indexing B + -tree Index Fred Bob Dave Hal Joe (Alice, ) (Carol, ) (Eve, ) (George, ) (Ivy, ) (Kathy, ) (Bob, ) (Dave, ) (Fred,

762 views • 38 slides
Hierarchical and Ensemble Clustering Ke Chen Reading: [7.8-7.10, EA], [25.5, KPM], [Fred &

Hierarchical and Ensemble Clustering Ke Chen Reading: [7.8-7.10, EA], [25.5, KPM], [Fred &

Hierarchical and Ensemble Clustering Ke Chen Reading: [7.8-7.10, EA], [25.5, KPM], [Fred & Jain, 2005] COMP24111 Machine Learning Outline Introduction Cluster Distance Measures Agglomerative Algorithm Example and

268 views • 26 slides
Patchwork is a hodgepodge, part patches, part bear. Patchwork's friend Fred is in need of repair.

Patchwork is a hodgepodge, part patches, part bear. Patchwork's friend Fred is in need of repair.

Patchwork is a hodgepodge, part patches, part bear. Patchwork's friend Fred is in need of repair. Can you help me help Fred? Patchwork asked Raccoon. Take this rag, its all yours--but Im busy this afternoon. Can you help me

360 views • 19 slides
1. Project Plan Factsheet Date of report: June 17, 2016 Revisions/comments: Authors: Fred

1. Project Plan Factsheet Date of report: June 17, 2016 Revisions/comments: Authors: Fred

1. Project Plan Factsheet Date of report: June 17, 2016 Revisions/comments: Authors: Fred Hartjes Begin and end date: July 4, 2016; June 5, 2017 Project Name Building Block Project leader Harry van der Graaf Deputy Fred Hartjes Program

335 views • 4 slides
Mcaniques Discursives AN INSTALLATION BY Fred Penelle & Yannick Jacquet I N T R O

Mcaniques Discursives AN INSTALLATION BY Fred Penelle & Yannick Jacquet I N T R O

is a visual label Mcaniques Discursives AN INSTALLATION BY Fred Penelle & Yannick Jacquet I N T R O Mcaniques Discursives AN INSTALLATION BY Fred Penelle & Yannick Jacquet While the passage of time seems to accelerate every day,

288 views • 13 slides

More recommend