cse term paper
TRANSCRIPT
-
7/27/2019 cse term paper
1/21
-
7/27/2019 cse term paper
2/21
-
7/27/2019 cse term paper
3/21
In addition to such general-purpose systems, special-purpose operating systems run on
small computers that control assembly lines, aircraft, and even home appliances. They arereal-time systems, designed to provide rapid response to sensors and to use their inputs to
control machinery.
From the standpoint of a user or an application program, an operating system providesservices. Some of these are simple user commands like dirshow the files on a disk
while others are low-level system calls that a graphics program might use to display an
image. In either case the operating system provides appropriate access to its objects, the
tables of disk locations in one case and the routines to transfer data to the screen in theother. Some of its routines, those that manage the CPU and memory, are generally
accessible only to other portions of the operating system.
Contemporary operating systems for personal computers commonly provide agraphical
user interface (GUI). The GUI may be an intrinsic part of the system, as in the olderApple OS and Microsoft's Windows OS; in others it is a set of programs that depend on
an underlying system, as in the X Window system for UNIX and Apple's OS X.
Operating systems also provide networkservices and file-sharing capabilitieseven theability to share resources between systems of different types, such as Windows and
UNIX. Such sharing has become feasible through the introduction of network protocols
(communication rules) such as theInternet's TCP/IP.
Computer securityFrom Wikipedia, the free encyclopedia
This article is about computer security through design and engineering. For computer
security exploits and defenses, see computer insecurity.
Computer security
Secure operating systems
http://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Secure_operating_systemshttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Secure_operating_systems -
7/27/2019 cse term paper
4/21
Security architecture
Security by design
Secure coding
Computer insecurity
Vulnerability Social engineering
Eavesdropping
Exploits Trojans
Viruses and worms
Denial of service
Payloads Backdoors
Rootkits
Keyloggers
vde
This article needs additional citationsfor verification.Please helpimprove this articleby addingreliable references. Unsourced material may
bechallengedandremoved.(September 2010)
Computer security is a branch of computer technology known as information
security as applied to computers and networks. The objective of computer security
includes protection of information and property from theft, corruption, or natural
disaster, while allowing the information and property to remain accessible and
productive to its intended users. The term computer system security means the
collective processes and mechanisms by which sensitive and valuable information
and services are protected from publication, tampering or collapse by unauthorized
activities or untrustworthy individuals and unplanned events respectively. The
strategies and methodologies of computer security often differ from most other
computer technologies because of its somewhat elusive objective of preventing
unwanted computer behavior instead of enabling wanted computer behavior.
Contents
[hide]
http://en.wikipedia.org/wiki/Security_architecturehttp://en.wikipedia.org/wiki/Security_by_designhttp://en.wikipedia.org/wiki/Secure_codinghttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Social_engineering_(security)http://en.wikipedia.org/wiki/Man-in-the-middle_attackhttp://en.wikipedia.org/wiki/Exploit_(computer_security)http://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Computer_virushttp://en.wikipedia.org/wiki/Computer_wormhttp://en.wikipedia.org/wiki/Denial_of_servicehttp://en.wikipedia.org/wiki/Payload_(software)http://en.wikipedia.org/wiki/Backdoor_(computing)http://en.wikipedia.org/wiki/Rootkithttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Template:Computer_securityhttp://en.wikipedia.org/wiki/Template:Computer_securityhttp://en.wikipedia.org/wiki/Template_talk:Computer_securityhttp://en.wikipedia.org/wiki/Template_talk:Computer_securityhttp://en.wikipedia.org/w/index.php?title=Template:Computer_security&action=edithttp://en.wikipedia.org/w/index.php?title=Template:Computer_security&action=edithttp://en.wikipedia.org/wiki/Wikipedia:Citing_sources#Inline_citationshttp://en.wikipedia.org/wiki/Wikipedia:Citing_sources#Inline_citationshttp://en.wikipedia.org/wiki/Wikipedia:Verifiabilityhttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edithttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edithttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edithttp://en.wikipedia.org/wiki/Wikipedia:Identifying_reliable_sourceshttp://en.wikipedia.org/wiki/Wikipedia:Identifying_reliable_sourceshttp://en.wikipedia.org/wiki/Template:Citation_neededhttp://en.wikipedia.org/wiki/Template:Citation_neededhttp://en.wikipedia.org/wiki/Template:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Verifiability#Burden_of_evidencehttp://en.wikipedia.org/wiki/Wikipedia:Verifiability#Burden_of_evidencehttp://en.wikipedia.org/wiki/Wikipedia:Verifiability#Burden_of_evidencehttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Computerhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/File:Question_book-new.svghttp://en.wikipedia.org/wiki/Security_architecturehttp://en.wikipedia.org/wiki/Security_by_designhttp://en.wikipedia.org/wiki/Secure_codinghttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Social_engineering_(security)http://en.wikipedia.org/wiki/Man-in-the-middle_attackhttp://en.wikipedia.org/wiki/Exploit_(computer_security)http://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Computer_virushttp://en.wikipedia.org/wiki/Computer_wormhttp://en.wikipedia.org/wiki/Denial_of_servicehttp://en.wikipedia.org/wiki/Payload_(software)http://en.wikipedia.org/wiki/Backdoor_(computing)http://en.wikipedia.org/wiki/Rootkithttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Template:Computer_securityhttp://en.wikipedia.org/wiki/Template_talk:Computer_securityhttp://en.wikipedia.org/w/index.php?title=Template:Computer_security&action=edithttp://en.wikipedia.org/wiki/Wikipedia:Citing_sources#Inline_citationshttp://en.wikipedia.org/wiki/Wikipedia:Verifiabilityhttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edithttp://en.wikipedia.org/wiki/Wikipedia:Identifying_reliable_sourceshttp://en.wikipedia.org/wiki/Template:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Verifiability#Burden_of_evidencehttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Computerhttp://en.wikipedia.org/wiki/Computer_security -
7/27/2019 cse term paper
5/21
1 Security by design
2 Security architecture
3 Hardware mechanisms that protect computers and data
4 Secure operating systems
5 Secure coding
6 Capabilities and access control lists
7 Applications
o 7.1 Cloud computing Security
o 7.2 In aviation
7.2.1 Notable system accidents
8 Computer security policy
o 8.1 United States
8.1.1 Cybersecurity Act of 2010
8.1.2 International Cybercrime Reporting and Cooperation Act
8.1.3 Protecting Cyberspace as a National Asset Act of 2010 ("Kill switch bill")
9 Terminology
10 Notes
11 See also
12 References
13 External links
[edit]Security by design
Main article: Security by design
The technologies of computer security are based on logic. As security is not
necessarily the primary goal of most computer applications, designing a program with
security in mind often imposes restrictions on that program's behavior.
There are 4 approaches to securityincomputing, sometimes a combination of
approaches is valid:
1. Trust all the software to abide by a security policy but the software is not
trustworthy (this is computer insecurity).
2. Trust all the software to abide by a security policy and the software is
validated as trustworthy (by tedious branch and path analysis for example).
http://en.wikipedia.org/wiki/Computer_security#Security_by_designhttp://en.wikipedia.org/wiki/Computer_security#Security_architecturehttp://en.wikipedia.org/wiki/Computer_security#Hardware_mechanisms_that_protect_computers_and_datahttp://en.wikipedia.org/wiki/Computer_security#Secure_operating_systemshttp://en.wikipedia.org/wiki/Computer_security#Secure_codinghttp://en.wikipedia.org/wiki/Computer_security#Capabilities_and_access_control_listshttp://en.wikipedia.org/wiki/Computer_security#Applicationshttp://en.wikipedia.org/wiki/Computer_security#Cloud_computing_Securityhttp://en.wikipedia.org/wiki/Computer_security#In_aviationhttp://en.wikipedia.org/wiki/Computer_security#Notable_system_accidentshttp://en.wikipedia.org/wiki/Computer_security#Computer_security_policyhttp://en.wikipedia.org/wiki/Computer_security#United_Stateshttp://en.wikipedia.org/wiki/Computer_security#Cybersecurity_Act_of_2010http://en.wikipedia.org/wiki/Computer_security#International_Cybercrime_Reporting_and_Cooperation_Acthttp://en.wikipedia.org/wiki/Computer_security#Protecting_Cyberspace_as_a_National_Asset_Act_of_2010_.28.22Kill_switch_bill.22.29http://en.wikipedia.org/wiki/Computer_security#Terminologyhttp://en.wikipedia.org/wiki/Computer_security#Noteshttp://en.wikipedia.org/wiki/Computer_security#See_alsohttp://en.wikipedia.org/wiki/Computer_security#Referenceshttp://en.wikipedia.org/wiki/Computer_security#External_linkshttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=1http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=1http://en.wikipedia.org/wiki/Security_by_designhttp://en.wikipedia.org/wiki/Logichttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Computinghttp://en.wikipedia.org/wiki/Computinghttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Computer_security#Security_by_designhttp://en.wikipedia.org/wiki/Computer_security#Security_architecturehttp://en.wikipedia.org/wiki/Computer_security#Hardware_mechanisms_that_protect_computers_and_datahttp://en.wikipedia.org/wiki/Computer_security#Secure_operating_systemshttp://en.wikipedia.org/wiki/Computer_security#Secure_codinghttp://en.wikipedia.org/wiki/Computer_security#Capabilities_and_access_control_listshttp://en.wikipedia.org/wiki/Computer_security#Applicationshttp://en.wikipedia.org/wiki/Computer_security#Cloud_computing_Securityhttp://en.wikipedia.org/wiki/Computer_security#In_aviationhttp://en.wikipedia.org/wiki/Computer_security#Notable_system_accidentshttp://en.wikipedia.org/wiki/Computer_security#Computer_security_policyhttp://en.wikipedia.org/wiki/Computer_security#United_Stateshttp://en.wikipedia.org/wiki/Computer_security#Cybersecurity_Act_of_2010http://en.wikipedia.org/wiki/Computer_security#International_Cybercrime_Reporting_and_Cooperation_Acthttp://en.wikipedia.org/wiki/Computer_security#Protecting_Cyberspace_as_a_National_Asset_Act_of_2010_.28.22Kill_switch_bill.22.29http://en.wikipedia.org/wiki/Computer_security#Terminologyhttp://en.wikipedia.org/wiki/Computer_security#Noteshttp://en.wikipedia.org/wiki/Computer_security#See_alsohttp://en.wikipedia.org/wiki/Computer_security#Referenceshttp://en.wikipedia.org/wiki/Computer_security#External_linkshttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=1http://en.wikipedia.org/wiki/Security_by_designhttp://en.wikipedia.org/wiki/Logichttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Computinghttp://en.wikipedia.org/wiki/Computer_insecurity -
7/27/2019 cse term paper
6/21
3. Trust no software but enforce a security policy with mechanisms that are not
trustworthy (again this iscomputer insecurity).
4. Trust no software but enforce a security policy with trustworthy hardware
mechanisms.
Many systems have unintentionally resulted in the first possibility. Since approach
two is expensive and non-deterministic, its use is very limited. Approaches one and
three lead to failure. Because approach number four is often based on hardware
mechanisms and avoids abstractions and a multiplicity of degrees of freedom, it is
more practical. Combinations of approaches two and four are often used in a layered
architecture with thin layers of two and thick layers of four.
There are various strategies and techniques used to design security systems.
However there are few, if any, effective strategies to enhance security after design.One technique enforces the principle of least privilege to great extent, where an
entity has only the privileges that are needed for its function. That way even if
an attackergains access to one part of the system, fine-grained security ensures that
it is just as difficult for them to access the rest.
Furthermore, by breaking the system up into smaller components, the complexity of
individual components is reduced, opening up the possibility of using techniques
such as automated theorem proving to prove the correctness of crucial software
subsystems. This enables a closed form solutionto security that works well when
only a single well-characterized property can be isolated as critical, and that property
is also assessible to math. Not surprisingly, it is impractical for generalized
correctness, which probably cannot even be defined, much less proven. Where
formal correctness proofs are not possible, rigorous use ofcode review and unit
testing represent a best-effort approach to make modules secure.
The design should use "defense in depth", where more than one subsystem needs to
be violated to compromise the integrity of the system and the information it holds.
Defense in depth works when the breaching of one security measure does not
provide a platform to facilitate subverting another. Also, the cascading principle
acknowledges that several low hurdles does not make a high hurdle. So cascading
several weak mechanisms does not provide the safety of a single stronger
mechanism.
Subsystems should default to secure settings, and wherever possible should be
designed to "fail secure" rather than "fail insecure" (see fail-safe for the equivalent in
http://en.wikipedia.org/wiki/Protection_mechanismhttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Principle_of_least_privilegehttp://en.wikipedia.org/wiki/Attackerhttp://en.wikipedia.org/wiki/Automated_theorem_provinghttp://en.wikipedia.org/wiki/Closed_form_solutionhttp://en.wikipedia.org/wiki/Closed_form_solutionhttp://en.wikipedia.org/wiki/Code_reviewhttp://en.wikipedia.org/wiki/Unit_testinghttp://en.wikipedia.org/wiki/Unit_testinghttp://en.wikipedia.org/wiki/Defense_in_depth_(computing)http://en.wikipedia.org/wiki/Fail-safehttp://en.wikipedia.org/wiki/Protection_mechanismhttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Principle_of_least_privilegehttp://en.wikipedia.org/wiki/Attackerhttp://en.wikipedia.org/wiki/Automated_theorem_provinghttp://en.wikipedia.org/wiki/Closed_form_solutionhttp://en.wikipedia.org/wiki/Code_reviewhttp://en.wikipedia.org/wiki/Unit_testinghttp://en.wikipedia.org/wiki/Unit_testinghttp://en.wikipedia.org/wiki/Defense_in_depth_(computing)http://en.wikipedia.org/wiki/Fail-safe -
7/27/2019 cse term paper
7/21
safety engineering). Ideally, a secure system should require a deliberate, conscious,
knowledgeable and free decision on the part of legitimate authorities in order to make
it insecure.
In addition, security should not be an all or nothing issue. The designers and
operators of systems should assume that security breaches are inevitable. Fullaudit
trailsshould be kept of system activity, so that when a security breach occurs, the
mechanism and extent of the breach can be determined. Storing audit trails remotely,
where they can only be appended to, can keep intruders from covering their tracks.
Finally, full disclosurehelps to ensure that when bugs are found the "window of
vulnerability" is kept as short as possible.
[edit]Security architecture
Main article: Security architecture
Security Architecture can be defined as the design artifacts that describe how the
security controls (security countermeasures) are positioned, and how they relate to
the overall information technology architecture. These controls serve the purpose to
maintain the system's quality attributes, among
them confidentiality, integrity, availability, accountability and assurance."[1].
[edit]Hardware mechanisms that protect computers and data
Hardware based or assisted computer security offers an alternative to software-only
computer security. Devices such as donglesmay be considered more secure due to
the physical access required in order to be compromised[original research?].
[edit]Secure operating systems
Main article: Secure operating systems
One use of the term computer security refers to technology to implement a
secure operating system. Much of this technology is based on science developed in
the 1980s and used to produce what may be some of the most impenetrable
operating systems ever. Though still valid, the technology is in limited use today,
primarily because it imposes some changes to system management and also
because it is not widely understood. Such ultra-strong secure operating systems are
based on operating system kernel technology that can guarantee that certain security
policies are absolutely enforced in an operating environment. An example of such
aComputer security policy is the Bell-LaPadula model. The strategy is based on a
http://en.wikipedia.org/wiki/Audit_trailhttp://en.wikipedia.org/wiki/Audit_trailhttp://en.wikipedia.org/wiki/Audit_trailhttp://en.wikipedia.org/wiki/Audit_trailhttp://en.wikipedia.org/wiki/Full_disclosurehttp://en.wikipedia.org/wiki/Full_disclosurehttp://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=2http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=2http://en.wikipedia.org/wiki/Security_architecturehttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Integrityhttp://en.wikipedia.org/wiki/Availabilityhttp://en.wikipedia.org/wiki/Accountabilityhttp://en.wikipedia.org/wiki/Assurancehttp://en.wikipedia.org/wiki/Assurancehttp://en.wikipedia.org/wiki/Computer_security#cite_note-0http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=3http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=3http://en.wikipedia.org/wiki/Donglehttp://en.wikipedia.org/wiki/Donglehttp://en.wikipedia.org/wiki/Wikipedia:No_original_researchhttp://en.wikipedia.org/wiki/Wikipedia:No_original_researchhttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=4http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=4http://en.wikipedia.org/wiki/Secure_operating_systemshttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Operating_system_kernelhttp://en.wikipedia.org/wiki/Computer_security_policyhttp://en.wikipedia.org/wiki/Computer_security_policyhttp://en.wikipedia.org/wiki/Bell-LaPadula_modelhttp://en.wikipedia.org/wiki/Audit_trailhttp://en.wikipedia.org/wiki/Audit_trailhttp://en.wikipedia.org/wiki/Full_disclosurehttp://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=2http://en.wikipedia.org/wiki/Security_architecturehttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Integrityhttp://en.wikipedia.org/wiki/Availabilityhttp://en.wikipedia.org/wiki/Accountabilityhttp://en.wikipedia.org/wiki/Assurancehttp://en.wikipedia.org/wiki/Computer_security#cite_note-0http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=3http://en.wikipedia.org/wiki/Donglehttp://en.wikipedia.org/wiki/Wikipedia:No_original_researchhttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=4http://en.wikipedia.org/wiki/Secure_operating_systemshttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Operating_system_kernelhttp://en.wikipedia.org/wiki/Computer_security_policyhttp://en.wikipedia.org/wiki/Bell-LaPadula_model -
7/27/2019 cse term paper
8/21
-
7/27/2019 cse term paper
9/21
-
7/27/2019 cse term paper
10/21
manners in which they can be exploited are too variegated. It is interesting to note,
however, that such vulnerabilities often arise from archaic philosophies in which
computers were assumed to be narrowly disseminated entities used by a chosen
few, all of whom were likely highly educated, solidly trained academics with naught
but the goodness of mankind in mind. Thus, it was considered quite harmless if, for
(fictitious) example, a FORMAT string in a FORTRAN program could contain the J
format specifier to mean "shut down system after printing." After all, who would use
such a feature but a well-intentioned system programmer? It was simply beyond
conception that software could be deployed in a destructive fashion.
It is worth noting that, in some languages, the distinction between code (ideally, read-
only) and data (generally read/write) is blurred. In LISP, particularly, there is no
distinction whatsoever between code and data, both taking the same form: an S-
expression can be code, or data, or both, and the "user" of a LISP program whomanages to insert an executable LAMBDA segment into putative "data" can achieve
arbitrarily general and dangerous functionality. Even something as "modern" as Perl
offers the eval() function, which enables one to generate Perl code and submit it to
the interpreter, disguised as string data.
[edit]Capabilities and access control lists
Main articles:Access control listandCapability (computers)0
Within computer systems, two security models capable of enforcing privilege
separation are access control lists(ACLs) and capability-based security. The
semantics of ACLs have been proven to be insecure in many situations, e.g.,
the confused deputy problem. It has also been shown that the promise of ACLs of
giving access to an object to only one person can never be guaranteed in practice.
Both of these problems are resolved by capabilities. This does not mean practical
flaws exist in all ACL-based systems, but only that the designers of certain utilities
must take responsibility to ensure that they do not introduce flaws. [citation needed]
Capabilities have been mostly restricted to research operating systems and
commercial OSs still use ACLs. Capabilities can, however, also be implemented at
the language level, leading to a style of programming that is essentially a refinement
of standard object-oriented design. An open source project in the area is the E
language.
http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=6http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=6http://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Capability_(computers)http://en.wikipedia.org/wiki/Capability_(computers)http://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Capability-based_securityhttp://en.wikipedia.org/wiki/Confused_deputy_problemhttp://en.wikipedia.org/wiki/Confused_deputy_problemhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/E_programming_languagehttp://en.wikipedia.org/wiki/E_programming_languagehttp://en.wikipedia.org/wiki/E_programming_languagehttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=6http://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Capability_(computers)http://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Capability-based_securityhttp://en.wikipedia.org/wiki/Confused_deputy_problemhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/E_programming_languagehttp://en.wikipedia.org/wiki/E_programming_language -
7/27/2019 cse term paper
11/21
First the Plessey System 250 and then Cambridge CAP computerdemonstrated the
use of capabilities, both in hardware and software, in the 1970s. A reason for the lack
of adoption of capabilities may be that ACLs appeared to offer a 'quick fix' for security
without pervasive redesign of the operating system and hardware.[citation needed]
The most secure computers are those not connected to the Internet and shielded
from any interference. In the real world, the most security comes fromoperating
systems where security is not an add-on.
[edit]Applications
Computer security is critical in almost any technology-driven industry which operates
on computer systems. Computer security can also be referred to as computer safety.
The issues of computer based systems and addressing their countless vulnerabilities
are an integral part of maintaining an operational industry.[3]
[edit]Cloud computing Security
Security in the cloud is challenging[citation needed], due to varied degree of security
features and management schemes within the cloud entitites. In this connection one
logical protocol base need to evolve so that the entire gamet of components operates
synchronously and securely[original research?].
[edit]In aviation
The aviation industry is especially important when analyzing computer security
because the involved risks include human life, expensive equipment, cargo, and
transportation infrastructure. Security can be compromised by hardware and software
malpractice, human error, and faulty operating environments. Threats that exploit
computer vulnerabilities can stem from sabotage, espionage, industrial competition,
terrorist attack, mechanical malfunction, and human error. [4]
The consequences of a successful deliberate or inadvertent misuse of a computer
system in the aviation industry range from loss of confidentiality to loss of system
integrity, which may lead to more serious concerns such as data theft or loss,
network and air traffic control outages, which in turn can lead to airport closures, loss
of aircraft, loss of passenger life. Military systems that control munitions can pose an
even greater risk.
A proper attack does not need to be very high tech or well funded; for a power
outage at an airport alone can cause repercussions worldwide. [5]. One of the easiest
and, arguably, the most difficult to trace security vulnerabilities is achievable by
http://en.wikipedia.org/wiki/System_250http://en.wikipedia.org/wiki/CAP_computerhttp://en.wikipedia.org/wiki/CAP_computerhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=7http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=7http://en.wikipedia.org/wiki/Computer_security#cite_note-FAA_Computer_Security-2http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=8http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=8http://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:No_original_researchhttp://en.wikipedia.org/wiki/Wikipedia:No_original_researchhttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=9http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=9http://en.wikipedia.org/wiki/Computer_security#cite_note-Computer_Security_in_Aviation-3http://en.wikipedia.org/wiki/Air_traffic_controlhttp://en.wikipedia.org/wiki/Militaryhttp://en.wikipedia.org/wiki/Computer_security#cite_note-4http://en.wikipedia.org/wiki/Computer_security#cite_note-4http://en.wikipedia.org/wiki/System_250http://en.wikipedia.org/wiki/CAP_computerhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=7http://en.wikipedia.org/wiki/Computer_security#cite_note-FAA_Computer_Security-2http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=8http://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:No_original_researchhttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=9http://en.wikipedia.org/wiki/Computer_security#cite_note-Computer_Security_in_Aviation-3http://en.wikipedia.org/wiki/Air_traffic_controlhttp://en.wikipedia.org/wiki/Militaryhttp://en.wikipedia.org/wiki/Computer_security#cite_note-4 -
7/27/2019 cse term paper
12/21
-
7/27/2019 cse term paper
13/21
on March 24, 2010[7]. The bill seeks to increase collaboration between the public and
the private sector on cybersecurity issues, especially those private entities that own
infrastructures that are critical to national security interests (the bill quotes John
Brennan, the Assistant to the President for Homeland Security and Counterterrorism:
"our nations security and economic prosperity depend on the security, stability, and
integrity of communications and information infrastructure that are largely privately-
owned and globally-operated" and talks about the country's response to a "cyber-
Katrina"[8].), increase public awareness on cybersecurity issues, and foster and fund
cybersecurity research. Some of the most controversial parts of the bill include
Paragraph 315, which grants the President the right to "order the limitation or
shutdown of Internet traffic to and from any compromised Federal Government or
United States critical infrastructure information system or network[8]." The Electronic
Frontier Foundation, an internationalnon-profitdigital rights advocacy and legal
organization based in the United States, characterized the bill as promoting a
"potentially dangerous approach that favors the dramatic over the sober response" [9].
[edit]International Cybercrime Reporting and Cooperation Act
On March 25, 2010, Representative Yvette Clarke(D-NY) introduced the
"International Cybercrime Reporting and Cooperation Act - H.R.4962" (full text) in
the House of Representatives; the bill, co-sponsored by seven other representatives
(among whom only one Republican), was referred to three House committees[10] . The
bill seeks to make sure that the administration keeps Congressinformed oninformation infrastructure,cybercrime, and end-user protection worldwide. It also
"directs the President to give priority for assistance to improve legal, judicial, and
enforcement capabilities with respect to cybercrime to countries with low information
and communications technology levels of development or utilization in their critical
infrastructure, telecommunications systems, and financial industries" [10] as well as to
develop an action plan and an annual compliance assessment for countries of "cyber
concern"[10].
[edit]Protecting Cyberspace as a National Asset Act of 2010 ("Kill switch bill")
On June 19, 2010, United States SenatorJoe Lieberman (I-CT) introduced a bill
called "Protecting Cyberspace as a National Asset Act of 2010 - S.3480" (full text in
pdf), which he co-wrote with SenatorSusan Collins (R-ME) and SenatorThomas
Carper(D-DE). If signed into law, this controversial bill, which the American media
dubbed the "Kill switch bill", would grant the President emergency powers over the
http://en.wikipedia.org/wiki/Computer_security#cite_note-computerworldapproval-6http://en.wikipedia.org/wiki/Computer_security#cite_note-computerworldapproval-6http://en.wikipedia.org/wiki/John_Brennanhttp://en.wikipedia.org/wiki/John_Brennanhttp://en.wikipedia.org/wiki/Hurricane_Katrinahttp://en.wikipedia.org/wiki/Computer_security#cite_note-cybersecurity2010-7http://en.wikipedia.org/wiki/President_of_the_United_Stateshttp://en.wikipedia.org/wiki/Computer_security#cite_note-cybersecurity2010-7http://en.wikipedia.org/wiki/Electronic_Frontier_Foundationhttp://en.wikipedia.org/wiki/Electronic_Frontier_Foundationhttp://en.wikipedia.org/wiki/Electronic_Frontier_Foundationhttp://en.wikipedia.org/wiki/Non-profithttp://en.wikipedia.org/wiki/Non-profithttp://en.wikipedia.org/wiki/Digital_rightshttp://en.wikipedia.org/wiki/United_Stateshttp://en.wikipedia.org/wiki/Computer_security#cite_note-notsober-8http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=14http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=14http://en.wikipedia.org/wiki/Yvette_Clarkehttp://en.wikipedia.org/wiki/Yvette_Clarkehttp://www.opencongress.org/bill/111-h4962/texthttp://en.wikipedia.org/wiki/United_States_House_of_Representativeshttp://en.wikipedia.org/wiki/Republican_Party_(United_States)http://en.wikipedia.org/wiki/United_States_congressional_committeehttp://en.wikipedia.org/wiki/Computer_security#cite_note-reportingandcooperation-9http://en.wikipedia.org/wiki/Computer_security#cite_note-reportingandcooperation-9http://en.wikipedia.org/wiki/United_States_Congresshttp://en.wikipedia.org/wiki/United_States_Congresshttp://en.wikipedia.org/wiki/Cybercrimehttp://en.wikipedia.org/wiki/Cybercrimehttp://en.wikipedia.org/wiki/Computer_security#cite_note-reportingandcooperation-9http://en.wikipedia.org/wiki/Computer_security#cite_note-reportingandcooperation-9http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=15http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=15http://en.wikipedia.org/wiki/United_States_Senatehttp://en.wikipedia.org/wiki/United_States_Senatehttp://en.wikipedia.org/wiki/Joe_Liebermanhttp://hsgac.senate.gov/public/index.cfm?FuseAction=Files.View&FileStore_id=4ee63497-ca5b-4a4b-9bba-04b7f4cb0123http://hsgac.senate.gov/public/index.cfm?FuseAction=Files.View&FileStore_id=4ee63497-ca5b-4a4b-9bba-04b7f4cb0123http://en.wikipedia.org/wiki/Susan_Collinshttp://en.wikipedia.org/wiki/Thomas_Carperhttp://en.wikipedia.org/wiki/Thomas_Carperhttp://en.wikipedia.org/wiki/Kill_switch#Cybersecurity_policyhttp://en.wikipedia.org/wiki/President_of_the_United_Stateshttp://en.wikipedia.org/wiki/Computer_security#cite_note-computerworldapproval-6http://en.wikipedia.org/wiki/John_Brennanhttp://en.wikipedia.org/wiki/John_Brennanhttp://en.wikipedia.org/wiki/Hurricane_Katrinahttp://en.wikipedia.org/wiki/Computer_security#cite_note-cybersecurity2010-7http://en.wikipedia.org/wiki/President_of_the_United_Stateshttp://en.wikipedia.org/wiki/Computer_security#cite_note-cybersecurity2010-7http://en.wikipedia.org/wiki/Electronic_Frontier_Foundationhttp://en.wikipedia.org/wiki/Electronic_Frontier_Foundationhttp://en.wikipedia.org/wiki/Non-profithttp://en.wikipedia.org/wiki/Digital_rightshttp://en.wikipedia.org/wiki/United_Stateshttp://en.wikipedia.org/wiki/Computer_security#cite_note-notsober-8http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=14http://en.wikipedia.org/wiki/Yvette_Clarkehttp://www.opencongress.org/bill/111-h4962/texthttp://en.wikipedia.org/wiki/United_States_House_of_Representativeshttp://en.wikipedia.org/wiki/Republican_Party_(United_States)http://en.wikipedia.org/wiki/United_States_congressional_committeehttp://en.wikipedia.org/wiki/Computer_security#cite_note-reportingandcooperation-9http://en.wikipedia.org/wiki/United_States_Congresshttp://en.wikipedia.org/wiki/Cybercrimehttp://en.wikipedia.org/wiki/Computer_security#cite_note-reportingandcooperation-9http://en.wikipedia.org/wiki/Computer_security#cite_note-reportingandcooperation-9http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=15http://en.wikipedia.org/wiki/United_States_Senatehttp://en.wikipedia.org/wiki/Joe_Liebermanhttp://hsgac.senate.gov/public/index.cfm?FuseAction=Files.View&FileStore_id=4ee63497-ca5b-4a4b-9bba-04b7f4cb0123http://hsgac.senate.gov/public/index.cfm?FuseAction=Files.View&FileStore_id=4ee63497-ca5b-4a4b-9bba-04b7f4cb0123http://en.wikipedia.org/wiki/Susan_Collinshttp://en.wikipedia.org/wiki/Thomas_Carperhttp://en.wikipedia.org/wiki/Thomas_Carperhttp://en.wikipedia.org/wiki/Kill_switch#Cybersecurity_policyhttp://en.wikipedia.org/wiki/President_of_the_United_States -
7/27/2019 cse term paper
14/21
Internet. However, all three co-authors of the bill issued a statement claiming that
instead, the bill "[narrowed] existing broad Presidential authority to take over
telecommunications networks"[11].
[edit]Terminology
This section may requirecleanupto meet Wikipedia'squality
standards. Pleaseimprove this sectionif you can. The talk pagemay contain
suggestions. (November 2010)
The following terms used in engineering secure systems are explained below.
Authentication techniques can be used to ensure that communication end-
points are who they say they are.
Automated theorem proving and other verification tools can enable critical
algorithms and code used in secure systems to be mathematically proven to meettheir specifications.
Capability and access control list techniques can be used to ensure privilege
separation and mandatory access control. This section discusses their use.
Chain of trust techniques can be used to attempt to ensure that all software
loaded has been certified as authentic by the system's designers.
Cryptographic techniques can be used to defend data in transit between
systems, reducing the probability that data exchanged between systems can be
intercepted or modified.
Firewalls can provide some protection from online intrusion.
A microkernelis a carefully crafted, deliberately small corpus of software that
underlies the operating systemper se and is used solely to provide very low-
level, very precisely defined primitives upon which an operating system can be
developed. A simple example with considerable didactic value is the early '90s
GEMSOS (Gemini Computers), which provided extremely low-level primitives,
such as "segment" management, atop which an operating system could be built.
The theory (in the case of "segments") was thatrather than have the operatingsystem itself worry about mandatory access separation by means of military-style
labelingit is safer if a low-level, independently scrutinized module can be
charged solely with the management of individually labeled segments, be they
memory "segments" or file system "segments" or executable text "segments." If
software below the visibility of the operating system is (as in this case) charged
with labeling, there is no theoretically viable means for a clever hacker to subvert
http://en.wikipedia.org/wiki/Computer_security#cite_note-nokillswitch-10http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=16http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=16http://en.wikipedia.org/wiki/Wikipedia:Cleanuphttp://en.wikipedia.org/wiki/Wikipedia:Cleanuphttp://en.wikipedia.org/wiki/Wikipedia:Cleanuphttp://en.wikipedia.org/wiki/Wikipedia:Manual_of_Stylehttp://en.wikipedia.org/wiki/Wikipedia:Manual_of_Stylehttp://en.wikipedia.org/wiki/Wikipedia:Manual_of_Stylehttp://en.wikipedia.org/wiki/Wikipedia:Manual_of_Stylehttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edithttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edithttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edithttp://en.wikipedia.org/wiki/Talk:Computer_securityhttp://en.wikipedia.org/wiki/Talk:Computer_securityhttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Automated_theorem_provinghttp://en.wikipedia.org/wiki/Capability_(computers)http://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Computer_security#Capabilities_vs._ACLshttp://en.wikipedia.org/wiki/Chain_of_trusthttp://en.wikipedia.org/wiki/Chain_of_trusthttp://en.wikipedia.org/wiki/Cryptographyhttp://en.wikipedia.org/wiki/Firewall_(computing)http://en.wikipedia.org/wiki/Microkernel#Microkernelhttp://en.wikipedia.org/wiki/Microkernel#Microkernelhttp://en.wikipedia.org/wiki/Computer_security#cite_note-nokillswitch-10http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=16http://en.wikipedia.org/wiki/Wikipedia:Cleanuphttp://en.wikipedia.org/wiki/Wikipedia:Manual_of_Stylehttp://en.wikipedia.org/wiki/Wikipedia:Manual_of_Stylehttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edithttp://en.wikipedia.org/wiki/Talk:Computer_securityhttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Automated_theorem_provinghttp://en.wikipedia.org/wiki/Capability_(computers)http://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Computer_security#Capabilities_vs._ACLshttp://en.wikipedia.org/wiki/Chain_of_trusthttp://en.wikipedia.org/wiki/Cryptographyhttp://en.wikipedia.org/wiki/Firewall_(computing)http://en.wikipedia.org/wiki/Microkernel#Microkernel -
7/27/2019 cse term paper
15/21
-
7/27/2019 cse term paper
16/21
-
7/27/2019 cse term paper
17/21
Pinging The ping application can be used by potential crackers to find if an IP
address is reachable. If a cracker finds a computer, they can try a port scan to
detect and attack services on that computer.
Social engineering awareness keeps employees aware of the dangers of
social engineering and/or having a policy in place to prevent social engineering
can reduce successful breaches of the network and servers.
File Integrity Monitors are tools used to detect changes in the integrity of
systems and files.
[edit]Notes
1. ^ Definitions: IT Security Architecture. SecurityArchitecture.org, Jan, 2008
2. ^ New hacking technique exploits common programming error. SearchSecurity.com, July 2007
3. ^ J. C. Willemssen, "FAA Computer Security". GAO/T-AIMD-00-330. Presented at Committee on
Science, House of Representatives, 2000.
4. ^ P. G. Neumann, "Computer Security in Aviation," presented at International Conference on
Aviation Safety and Security in the 21st Century, White House Commission on Safety and Security,
1997.
5. ^ J. Zellan, Aviation Security. Hauppauge, NY: Nova Science, 2003, pp. 6570.
6. ^ Information Security. United States Department of Defense, 1986
7. ^ Cybersecurity bill passes first hurdle, Computer World, March 24, 2010. Retrieved on June 26,
2010.
8. ^ abCybersecurity Act of 2009, OpenCongress.org, April 1, 2009. Retrieved on June 26, 2010.
9. ^ Federal Authority Over the Internet? The Cybersecurity Act of 2009, eff.org, April 10, 2009.
Retrieved on June 26, 2010.
10. ^ abcH.R.4962 - International Cybercrime Reporting and Cooperation Act, OpenCongress.org.
Retrieved on June 26, 2010.
11. ^ Senators Say Cybersecurity Bill Has No 'Kill Switch', informationweek.com, June 24, 2010.
Retrieved on June 25, 2010.
[edit]See also
Computer security portal
Attack tree
Authentication
Authorization
Human-computer interaction
(security)
Identity management
http://en.wikipedia.org/wiki/Pinghttp://en.wikipedia.org/wiki/Social_engineering_(computer_security)http://en.wikipedia.org/w/index.php?title=File_Integrity_Monitor&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=17http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=17http://en.wikipedia.org/wiki/Computer_security#cite_ref-0http://opensecurityarchitecture.com/http://opensecurityarchitecture.com/http://en.wikipedia.org/wiki/Computer_security#cite_ref-1http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1265116,00.htmlhttp://en.wikipedia.org/wiki/Computer_security#cite_ref-FAA_Computer_Security_2-0http://en.wikipedia.org/wiki/Computer_security#cite_ref-Computer_Security_in_Aviation_3-0http://en.wikipedia.org/wiki/Computer_security#cite_ref-4http://en.wikipedia.org/wiki/Computer_security#cite_ref-5http://www.fas.org/irp/gao/aim96084.htmhttp://en.wikipedia.org/wiki/Computer_security#cite_ref-computerworldapproval_6-0http://www.computerworld.com/s/article/9174065/Cybersecurity_bill_passes_first_hurdlehttp://en.wikipedia.org/wiki/Computer_security#cite_ref-cybersecurity2010_7-0http://en.wikipedia.org/wiki/Computer_security#cite_ref-cybersecurity2010_7-1http://en.wikipedia.org/wiki/Computer_security#cite_ref-cybersecurity2010_7-1http://en.wikipedia.org/wiki/Computer_security#cite_ref-cybersecurity2010_7-1http://www.opencongress.org/bill/111-s773/texthttp://en.wikipedia.org/wiki/Computer_security#cite_ref-notsober_8-0http://www.eff.org/deeplinks/2009/04/cybersecurity-acthttp://en.wikipedia.org/wiki/Computer_security#cite_ref-reportingandcooperation_9-0http://en.wikipedia.org/wiki/Computer_security#cite_ref-reportingandcooperation_9-1http://en.wikipedia.org/wiki/Computer_security#cite_ref-reportingandcooperation_9-1http://en.wikipedia.org/wiki/Computer_security#cite_ref-reportingandcooperation_9-1http://en.wikipedia.org/wiki/Computer_security#cite_ref-reportingandcooperation_9-2http://www.opencongress.org/bill/111-h4962/showhttp://www.opencongress.org/bill/111-h4962/showhttp://www.opencongress.org/bill/111-h4962/showhttp://en.wikipedia.org/wiki/Computer_security#cite_ref-nokillswitch_10-0http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=225701368&subSection=Newshttp://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=225701368&subSection=Newshttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=18http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=18http://en.wikipedia.org/wiki/Portal:Computer_securityhttp://en.wikipedia.org/wiki/Attack_treehttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Authorizationhttp://en.wikipedia.org/wiki/Human-computer_interaction_(security)http://en.wikipedia.org/wiki/Human-computer_interaction_(security)http://en.wikipedia.org/wiki/Identity_managementhttp://en.wikipedia.org/wiki/File:Monitor_padlock.svghttp://en.wikipedia.org/wiki/Pinghttp://en.wikipedia.org/wiki/Social_engineering_(computer_security)http://en.wikipedia.org/w/index.php?title=File_Integrity_Monitor&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=17http://en.wikipedia.org/wiki/Computer_security#cite_ref-0http://opensecurityarchitecture.com/http://en.wikipedia.org/wiki/Computer_security#cite_ref-1http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1265116,00.htmlhttp://en.wikipedia.org/wiki/Computer_security#cite_ref-FAA_Computer_Security_2-0http://en.wikipedia.org/wiki/Computer_security#cite_ref-Computer_Security_in_Aviation_3-0http://en.wikipedia.org/wiki/Computer_security#cite_ref-4http://en.wikipedia.org/wiki/Computer_security#cite_ref-5http://www.fas.org/irp/gao/aim96084.htmhttp://en.wikipedia.org/wiki/Computer_security#cite_ref-computerworldapproval_6-0http://www.computerworld.com/s/article/9174065/Cybersecurity_bill_passes_first_hurdlehttp://en.wikipedia.org/wiki/Computer_security#cite_ref-cybersecurity2010_7-0http://en.wikipedia.org/wiki/Computer_security#cite_ref-cybersecurity2010_7-1http://www.opencongress.org/bill/111-s773/texthttp://en.wikipedia.org/wiki/Computer_security#cite_ref-notsober_8-0http://www.eff.org/deeplinks/2009/04/cybersecurity-acthttp://en.wikipedia.org/wiki/Computer_security#cite_ref-reportingandcooperation_9-0http://en.wikipedia.org/wiki/Computer_security#cite_ref-reportingandcooperation_9-1http://en.wikipedia.org/wiki/Computer_security#cite_ref-reportingandcooperation_9-2http://www.opencongress.org/bill/111-h4962/showhttp://en.wikipedia.org/wiki/Computer_security#cite_ref-nokillswitch_10-0http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=225701368&subSection=Newshttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=18http://en.wikipedia.org/wiki/Portal:Computer_securityhttp://en.wikipedia.org/wiki/Attack_treehttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Authorizationhttp://en.wikipedia.org/wiki/Human-computer_interaction_(security)http://en.wikipedia.org/wiki/Human-computer_interaction_(security)http://en.wikipedia.org/wiki/Identity_management -
7/27/2019 cse term paper
18/21
CAPTCHA
CERT
Cloud computing security
Computer insecurity
Computer security model
Countermeasure (computer)
Cryptography
Cyber security standards
Dancing pigs
Disk encryption
Data loss prevention products
Data security
Differentiated security
Exploit (computer security)
Fault tolerance
Firewalls
Full disclosure
High Technology Crime Investigation
Association
Information Leak Prevention
Information security
Internet privacy
IT risk
ISO/IEC 15408
Network Security Toolkit
Network security
OWASP
Penetration test
Physical information security
Physical security
Presumed security
Proactive Cyber Defence
Sandbox (computer security)
Security Architecture
Separation of protection and security
Threat (computer)
Vulnerability (computing)
Privacy software
[edit]References
This section includes a list of references, related reading orexternal links,
but its sources remain unclear because it lacksinlinecitations.Please improvethis article by introducing more precise citationswhereappropriate.(September 2010)
Ross J. Anderson: Security Engineering: A Guide to Building Dependable
Distributed Systems,ISBN 0-471-38922-6
Morrie Gasser: Building a secure computer systemISBN 0-442-23022-2 1988
Stephen Haag, Maeve Cummings, Donald McCubbrey,Alain
Pinsonneault, Richard Donovan: Management Information Systems for the
information age, ISBN 0-07-091120-7
E. Stewart Lee: Essays about Computer SecurityCambridge, 1999
Peter G. Neumann: Principled Assuredly Trustworthy Composable
Architectures 2004
Paul A. Karger, Roger R. Schell: Thirty Years Later: Lessons from the Multics
Security Evaluation, IBM white paper.
http://en.wikipedia.org/wiki/CAPTCHAhttp://en.wikipedia.org/wiki/CERT_Coordination_Centerhttp://en.wikipedia.org/wiki/Cloud_computing_securityhttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Computer_security_modelhttp://en.wikipedia.org/wiki/Countermeasure_(computer)http://en.wikipedia.org/wiki/Cryptographyhttp://en.wikipedia.org/wiki/Cyber_security_standardshttp://en.wikipedia.org/wiki/Dancing_pigshttp://en.wikipedia.org/wiki/Disk_encryptionhttp://en.wikipedia.org/wiki/Data_loss_prevention_productshttp://en.wikipedia.org/wiki/Data_securityhttp://en.wikipedia.org/wiki/Differentiated_securityhttp://en.wikipedia.org/wiki/Exploit_(computer_security)http://en.wikipedia.org/wiki/Fault_tolerancehttp://en.wikipedia.org/wiki/Firewall_(networking)http://en.wikipedia.org/wiki/Full_disclosurehttp://en.wikipedia.org/wiki/High_Technology_Crime_Investigation_Associationhttp://en.wikipedia.org/wiki/High_Technology_Crime_Investigation_Associationhttp://en.wikipedia.org/wiki/Information_Leak_Preventionhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Internet_privacyhttp://en.wikipedia.org/wiki/IT_riskhttp://en.wikipedia.org/wiki/ISO/IEC_15408http://en.wikipedia.org/wiki/Network_Security_Toolkithttp://en.wikipedia.org/wiki/Network_securityhttp://en.wikipedia.org/wiki/OWASPhttp://en.wikipedia.org/wiki/Penetration_testhttp://en.wikipedia.org/wiki/Physical_information_securityhttp://en.wikipedia.org/wiki/Physical_securityhttp://en.wikipedia.org/wiki/Presumed_securityhttp://en.wikipedia.org/wiki/Proactive_Cyber_Defencehttp://en.wikipedia.org/wiki/Sandbox_(computer_security)http://en.wikipedia.org/wiki/Security_Architecturehttp://en.wikipedia.org/wiki/Separation_of_protection_and_securityhttp://en.wikipedia.org/wiki/Threat_(computer)http://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Privacy_softwarehttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=19http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=19http://en.wikipedia.org/wiki/Wikipedia:Citing_sourceshttp://en.wikipedia.org/wiki/Wikipedia:Citing_sourceshttp://en.wikipedia.org/wiki/Wikipedia:External_linkshttp://en.wikipedia.org/wiki/Wikipedia:External_linkshttp://en.wikipedia.org/wiki/Wikipedia:Citing_sources#Inline_citationshttp://en.wikipedia.org/wiki/Wikipedia:Citing_sources#Inline_citationshttp://en.wikipedia.org/wiki/Wikipedia:Citing_sources#Inline_citationshttp://en.wikipedia.org/wiki/Wikipedia:Citing_sources#Inline_citationshttp://en.wikipedia.org/wiki/Wikipedia:WikiProject_Fact_and_Reference_Checkhttp://en.wikipedia.org/wiki/Wikipedia:WikiProject_Fact_and_Reference_Checkhttp://en.wikipedia.org/wiki/Wikipedia:When_to_citehttp://en.wikipedia.org/wiki/Wikipedia:When_to_citehttp://en.wikipedia.org/wiki/Wikipedia:When_to_citehttp://en.wikipedia.org/wiki/Wikipedia:When_to_citehttp://en.wikipedia.org/wiki/Ross_J._Andersonhttp://www.cl.cam.ac.uk/~rja14/book.htmlhttp://www.cl.cam.ac.uk/~rja14/book.htmlhttp://www.cl.cam.ac.uk/~rja14/book.htmlhttp://en.wikipedia.org/wiki/Special:BookSources/0471389226http://en.wikipedia.org/w/index.php?title=Morrie_Gasser&action=edit&redlink=1http://cs.unomaha.edu/~stanw/gasserbook.pdfhttp://cs.unomaha.edu/~stanw/gasserbook.pdfhttp://en.wikipedia.org/wiki/Special:BookSources/0442230222http://en.wikipedia.org/w/index.php?title=Stephen_Haag&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Maeve_Cummings&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Donald_McCubbrey&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Alain_Pinsonneault&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Alain_Pinsonneault&action=edit&redlink=1http://en.wikipedia.org/wiki/Richard_Donovanhttp://en.wikipedia.org/wiki/Special:BookSources/0070911207http://en.wikipedia.org/w/index.php?title=E._Stewart_Lee&action=edit&redlink=1http://www.cl.cam.ac.uk/~mgk25/lee-essays.pdfhttp://www.cl.cam.ac.uk/~mgk25/lee-essays.pdfhttp://en.wikipedia.org/wiki/Peter_G._Neumannhttp://www.csl.sri.com/neumann/chats4.pdfhttp://www.csl.sri.com/neumann/chats4.pdfhttp://en.wikipedia.org/w/index.php?title=Paul_A._Karger&action=edit&redlink=1http://en.wikipedia.org/wiki/Roger_R._Schellhttp://www.acsac.org/2002/papers/classic-multics.pdfhttp://www.acsac.org/2002/papers/classic-multics.pdfhttp://en.wikipedia.org/wiki/File:Text_document_with_red_question_mark.svghttp://en.wikipedia.org/wiki/CAPTCHAhttp://en.wikipedia.org/wiki/CERT_Coordination_Centerhttp://en.wikipedia.org/wiki/Cloud_computing_securityhttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Computer_security_modelhttp://en.wikipedia.org/wiki/Countermeasure_(computer)http://en.wikipedia.org/wiki/Cryptographyhttp://en.wikipedia.org/wiki/Cyber_security_standardshttp://en.wikipedia.org/wiki/Dancing_pigshttp://en.wikipedia.org/wiki/Disk_encryptionhttp://en.wikipedia.org/wiki/Data_loss_prevention_productshttp://en.wikipedia.org/wiki/Data_securityhttp://en.wikipedia.org/wiki/Differentiated_securityhttp://en.wikipedia.org/wiki/Exploit_(computer_security)http://en.wikipedia.org/wiki/Fault_tolerancehttp://en.wikipedia.org/wiki/Firewall_(networking)http://en.wikipedia.org/wiki/Full_disclosurehttp://en.wikipedia.org/wiki/High_Technology_Crime_Investigation_Associationhttp://en.wikipedia.org/wiki/High_Technology_Crime_Investigation_Associationhttp://en.wikipedia.org/wiki/Information_Leak_Preventionhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Internet_privacyhttp://en.wikipedia.org/wiki/IT_riskhttp://en.wikipedia.org/wiki/ISO/IEC_15408http://en.wikipedia.org/wiki/Network_Security_Toolkithttp://en.wikipedia.org/wiki/Network_securityhttp://en.wikipedia.org/wiki/OWASPhttp://en.wikipedia.org/wiki/Penetration_testhttp://en.wikipedia.org/wiki/Physical_information_securityhttp://en.wikipedia.org/wiki/Physical_securityhttp://en.wikipedia.org/wiki/Presumed_securityhttp://en.wikipedia.org/wiki/Proactive_Cyber_Defencehttp://en.wikipedia.org/wiki/Sandbox_(computer_security)http://en.wikipedia.org/wiki/Security_Architecturehttp://en.wikipedia.org/wiki/Separation_of_protection_and_securityhttp://en.wikipedia.org/wiki/Threat_(computer)http://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Privacy_softwarehttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=19http://en.wikipedia.org/wiki/Wikipedia:Citing_sourceshttp://en.wikipedia.org/wiki/Wikipedia:External_linkshttp://en.wikipedia.org/wiki/Wikipedia:Citing_sources#Inline_citationshttp://en.wikipedia.org/wiki/Wikipedia:Citing_sources#Inline_citationshttp://en.wikipedia.org/wiki/Wikipedia:WikiProject_Fact_and_Reference_Checkhttp://en.wikipedia.org/wiki/Wikipedia:When_to_citehttp://en.wikipedia.org/wiki/Wikipedia:When_to_citehttp://en.wikipedia.org/wiki/Ross_J._Andersonhttp://www.cl.cam.ac.uk/~rja14/book.htmlhttp://www.cl.cam.ac.uk/~rja14/book.htmlhttp://en.wikipedia.org/wiki/Special:BookSources/0471389226http://en.wikipedia.org/w/index.php?title=Morrie_Gasser&action=edit&redlink=1http://cs.unomaha.edu/~stanw/gasserbook.pdfhttp://en.wikipedia.org/wiki/Special:BookSources/0442230222http://en.wikipedia.org/w/index.php?title=Stephen_Haag&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Maeve_Cummings&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Donald_McCubbrey&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Alain_Pinsonneault&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Alain_Pinsonneault&action=edit&redlink=1http://en.wikipedia.org/wiki/Richard_Donovanhttp://en.wikipedia.org/wiki/Special:BookSources/0070911207http://en.wikipedia.org/w/index.php?title=E._Stewart_Lee&action=edit&redlink=1http://www.cl.cam.ac.uk/~mgk25/lee-essays.pdfhttp://en.wikipedia.org/wiki/Peter_G._Neumannhttp://www.csl.sri.com/neumann/chats4.pdfhttp://www.csl.sri.com/neumann/chats4.pdfhttp://en.wikipedia.org/w/index.php?title=Paul_A._Karger&action=edit&redlink=1http://en.wikipedia.org/wiki/Roger_R._Schellhttp://www.acsac.org/2002/papers/classic-multics.pdfhttp://www.acsac.org/2002/papers/classic-multics.pdf -
7/27/2019 cse term paper
19/21
Bruce Schneier: Secrets & Lies: Digital Security in a Networked World, ISBN
0-471-25311-1
Robert C. Seacord: Secure Coding in C and C++. Addison Wesley,
September, 2005.ISBN 0-321-33572-4
Clifford Stoll: Cuckoo's Egg: Tracking a Spy Through the Maze of Computer
Espionage, Pocket Books, ISBN 0-7434-1146-3
Network Infrastructure Security, Angus Wong and Alan Yeung, Springer,
2009.
[edit]
http://en.wikipedia.org/wiki/Bruce_Schneierhttp://en.wikipedia.org/wiki/Special:BookSources/0471253111http://en.wikipedia.org/wiki/Special:BookSources/0471253111http://en.wikipedia.org/wiki/Robert_C._Seacordhttp://en.wikipedia.org/wiki/Robert_C._Seacordhttp://en.wikipedia.org/wiki/Special:BookSources/0321335724http://en.wikipedia.org/wiki/Special:BookSources/0321335724http://en.wikipedia.org/wiki/Clifford_Stollhttp://en.wikipedia.org/wiki/Clifford_Stollhttp://en.wikipedia.org/wiki/Special:BookSources/0743411463http://www.springer.com/computer/communications/book/978-1-4419-0165-1http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=20http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=20http://en.wikipedia.org/wiki/Bruce_Schneierhttp://en.wikipedia.org/wiki/Special:BookSources/0471253111http://en.wikipedia.org/wiki/Special:BookSources/0471253111http://en.wikipedia.org/wiki/Robert_C._Seacordhttp://en.wikipedia.org/wiki/Special:BookSources/0321335724http://en.wikipedia.org/wiki/Clifford_Stollhttp://en.wikipedia.org/wiki/Special:BookSources/0743411463http://www.springer.com/computer/communications/book/978-1-4419-0165-1http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit§ion=20 -
7/27/2019 cse term paper
20/21
-
7/27/2019 cse term paper
21/21