Upload File

cse term paper

prev
next
out of 21
Download cse term paper

Upload: rahul-abhishek-mehra

Post on 02-Apr-2018

219 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 7/27/2019 cse term paper

    1/21

  • 7/27/2019 cse term paper

    2/21

  • 7/27/2019 cse term paper

    3/21

    In addition to such general-purpose systems, special-purpose operating systems run on

    small computers that control assembly lines, aircraft, and even home appliances. They arereal-time systems, designed to provide rapid response to sensors and to use their inputs to

    control machinery.

    From the standpoint of a user or an application program, an operating system providesservices. Some of these are simple user commands like dirshow the files on a disk

    while others are low-level system calls that a graphics program might use to display an

    image. In either case the operating system provides appropriate access to its objects, the

    tables of disk locations in one case and the routines to transfer data to the screen in theother. Some of its routines, those that manage the CPU and memory, are generally

    accessible only to other portions of the operating system.

    Contemporary operating systems for personal computers commonly provide agraphical

    user interface (GUI). The GUI may be an intrinsic part of the system, as in the olderApple OS and Microsoft's Windows OS; in others it is a set of programs that depend on

    an underlying system, as in the X Window system for UNIX and Apple's OS X.

    Operating systems also provide networkservices and file-sharing capabilitieseven theability to share resources between systems of different types, such as Windows and

    UNIX. Such sharing has become feasible through the introduction of network protocols

    (communication rules) such as theInternet's TCP/IP.

    Computer securityFrom Wikipedia, the free encyclopedia

    This article is about computer security through design and engineering. For computer

    security exploits and defenses, see computer insecurity.

    Computer security

    Secure operating systems

    http://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Secure_operating_systemshttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Secure_operating_systems

  • 7/27/2019 cse term paper

    4/21

    Security architecture

    Security by design

    Secure coding

    Computer insecurity

    Vulnerability Social engineering

    Eavesdropping

    Exploits Trojans

    Viruses and worms

    Denial of service

    Payloads Backdoors

    Rootkits

    Keyloggers

    vde

    This article needs additional citationsfor verification.Please helpimprove this articleby addingreliable references. Unsourced material may

    bechallengedandremoved.(September 2010)

    Computer security is a branch of computer technology known as information

    security as applied to computers and networks. The objective of computer security

    includes protection of information and property from theft, corruption, or natural

    disaster, while allowing the information and property to remain accessible and

    productive to its intended users. The term computer system security means the

    collective processes and mechanisms by which sensitive and valuable information

    and services are protected from publication, tampering or collapse by unauthorized

    activities or untrustworthy individuals and unplanned events respectively. The

    strategies and methodologies of computer security often differ from most other

    computer technologies because of its somewhat elusive objective of preventing

    unwanted computer behavior instead of enabling wanted computer behavior.

    Contents

    [hide]

    http://en.wikipedia.org/wiki/Security_architecturehttp://en.wikipedia.org/wiki/Security_by_designhttp://en.wikipedia.org/wiki/Secure_codinghttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Social_engineering_(security)http://en.wikipedia.org/wiki/Man-in-the-middle_attackhttp://en.wikipedia.org/wiki/Exploit_(computer_security)http://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Computer_virushttp://en.wikipedia.org/wiki/Computer_wormhttp://en.wikipedia.org/wiki/Denial_of_servicehttp://en.wikipedia.org/wiki/Payload_(software)http://en.wikipedia.org/wiki/Backdoor_(computing)http://en.wikipedia.org/wiki/Rootkithttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Template:Computer_securityhttp://en.wikipedia.org/wiki/Template:Computer_securityhttp://en.wikipedia.org/wiki/Template_talk:Computer_securityhttp://en.wikipedia.org/wiki/Template_talk:Computer_securityhttp://en.wikipedia.org/w/index.php?title=Template:Computer_security&action=edithttp://en.wikipedia.org/w/index.php?title=Template:Computer_security&action=edithttp://en.wikipedia.org/wiki/Wikipedia:Citing_sources#Inline_citationshttp://en.wikipedia.org/wiki/Wikipedia:Citing_sources#Inline_citationshttp://en.wikipedia.org/wiki/Wikipedia:Verifiabilityhttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edithttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edithttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edithttp://en.wikipedia.org/wiki/Wikipedia:Identifying_reliable_sourceshttp://en.wikipedia.org/wiki/Wikipedia:Identifying_reliable_sourceshttp://en.wikipedia.org/wiki/Template:Citation_neededhttp://en.wikipedia.org/wiki/Template:Citation_neededhttp://en.wikipedia.org/wiki/Template:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Verifiability#Burden_of_evidencehttp://en.wikipedia.org/wiki/Wikipedia:Verifiability#Burden_of_evidencehttp://en.wikipedia.org/wiki/Wikipedia:Verifiability#Burden_of_evidencehttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Computerhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/File:Question_book-new.svghttp://en.wikipedia.org/wiki/Security_architecturehttp://en.wikipedia.org/wiki/Security_by_designhttp://en.wikipedia.org/wiki/Secure_codinghttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Social_engineering_(security)http://en.wikipedia.org/wiki/Man-in-the-middle_attackhttp://en.wikipedia.org/wiki/Exploit_(computer_security)http://en.wikipedia.org/wiki/Trojan_horse_(computing)http://en.wikipedia.org/wiki/Computer_virushttp://en.wikipedia.org/wiki/Computer_wormhttp://en.wikipedia.org/wiki/Denial_of_servicehttp://en.wikipedia.org/wiki/Payload_(software)http://en.wikipedia.org/wiki/Backdoor_(computing)http://en.wikipedia.org/wiki/Rootkithttp://en.wikipedia.org/wiki/Keyloggerhttp://en.wikipedia.org/wiki/Template:Computer_securityhttp://en.wikipedia.org/wiki/Template_talk:Computer_securityhttp://en.wikipedia.org/w/index.php?title=Template:Computer_security&action=edithttp://en.wikipedia.org/wiki/Wikipedia:Citing_sources#Inline_citationshttp://en.wikipedia.org/wiki/Wikipedia:Verifiabilityhttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edithttp://en.wikipedia.org/wiki/Wikipedia:Identifying_reliable_sourceshttp://en.wikipedia.org/wiki/Template:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Verifiability#Burden_of_evidencehttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Computerhttp://en.wikipedia.org/wiki/Computer_security

  • 7/27/2019 cse term paper

    5/21

    1 Security by design

    2 Security architecture

    3 Hardware mechanisms that protect computers and data

    4 Secure operating systems

    5 Secure coding

    6 Capabilities and access control lists

    7 Applications

    o 7.1 Cloud computing Security

    o 7.2 In aviation

    7.2.1 Notable system accidents

    8 Computer security policy

    o 8.1 United States

    8.1.1 Cybersecurity Act of 2010

    8.1.2 International Cybercrime Reporting and Cooperation Act

    8.1.3 Protecting Cyberspace as a National Asset Act of 2010 ("Kill switch bill")

    9 Terminology

    10 Notes

    11 See also

    12 References

    13 External links

    [edit]Security by design

    Main article: Security by design

    The technologies of computer security are based on logic. As security is not

    necessarily the primary goal of most computer applications, designing a program with

    security in mind often imposes restrictions on that program's behavior.

    There are 4 approaches to securityincomputing, sometimes a combination of

    approaches is valid:

    1. Trust all the software to abide by a security policy but the software is not

    trustworthy (this is computer insecurity).

    2. Trust all the software to abide by a security policy and the software is

    validated as trustworthy (by tedious branch and path analysis for example).

    http://en.wikipedia.org/wiki/Computer_security#Security_by_designhttp://en.wikipedia.org/wiki/Computer_security#Security_architecturehttp://en.wikipedia.org/wiki/Computer_security#Hardware_mechanisms_that_protect_computers_and_datahttp://en.wikipedia.org/wiki/Computer_security#Secure_operating_systemshttp://en.wikipedia.org/wiki/Computer_security#Secure_codinghttp://en.wikipedia.org/wiki/Computer_security#Capabilities_and_access_control_listshttp://en.wikipedia.org/wiki/Computer_security#Applicationshttp://en.wikipedia.org/wiki/Computer_security#Cloud_computing_Securityhttp://en.wikipedia.org/wiki/Computer_security#In_aviationhttp://en.wikipedia.org/wiki/Computer_security#Notable_system_accidentshttp://en.wikipedia.org/wiki/Computer_security#Computer_security_policyhttp://en.wikipedia.org/wiki/Computer_security#United_Stateshttp://en.wikipedia.org/wiki/Computer_security#Cybersecurity_Act_of_2010http://en.wikipedia.org/wiki/Computer_security#International_Cybercrime_Reporting_and_Cooperation_Acthttp://en.wikipedia.org/wiki/Computer_security#Protecting_Cyberspace_as_a_National_Asset_Act_of_2010_.28.22Kill_switch_bill.22.29http://en.wikipedia.org/wiki/Computer_security#Terminologyhttp://en.wikipedia.org/wiki/Computer_security#Noteshttp://en.wikipedia.org/wiki/Computer_security#See_alsohttp://en.wikipedia.org/wiki/Computer_security#Referenceshttp://en.wikipedia.org/wiki/Computer_security#External_linkshttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=1http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=1http://en.wikipedia.org/wiki/Security_by_designhttp://en.wikipedia.org/wiki/Logichttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Computinghttp://en.wikipedia.org/wiki/Computinghttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Computer_security#Security_by_designhttp://en.wikipedia.org/wiki/Computer_security#Security_architecturehttp://en.wikipedia.org/wiki/Computer_security#Hardware_mechanisms_that_protect_computers_and_datahttp://en.wikipedia.org/wiki/Computer_security#Secure_operating_systemshttp://en.wikipedia.org/wiki/Computer_security#Secure_codinghttp://en.wikipedia.org/wiki/Computer_security#Capabilities_and_access_control_listshttp://en.wikipedia.org/wiki/Computer_security#Applicationshttp://en.wikipedia.org/wiki/Computer_security#Cloud_computing_Securityhttp://en.wikipedia.org/wiki/Computer_security#In_aviationhttp://en.wikipedia.org/wiki/Computer_security#Notable_system_accidentshttp://en.wikipedia.org/wiki/Computer_security#Computer_security_policyhttp://en.wikipedia.org/wiki/Computer_security#United_Stateshttp://en.wikipedia.org/wiki/Computer_security#Cybersecurity_Act_of_2010http://en.wikipedia.org/wiki/Computer_security#International_Cybercrime_Reporting_and_Cooperation_Acthttp://en.wikipedia.org/wiki/Computer_security#Protecting_Cyberspace_as_a_National_Asset_Act_of_2010_.28.22Kill_switch_bill.22.29http://en.wikipedia.org/wiki/Computer_security#Terminologyhttp://en.wikipedia.org/wiki/Computer_security#Noteshttp://en.wikipedia.org/wiki/Computer_security#See_alsohttp://en.wikipedia.org/wiki/Computer_security#Referenceshttp://en.wikipedia.org/wiki/Computer_security#External_linkshttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=1http://en.wikipedia.org/wiki/Security_by_designhttp://en.wikipedia.org/wiki/Logichttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/wiki/Computinghttp://en.wikipedia.org/wiki/Computer_insecurity

  • 7/27/2019 cse term paper

    6/21

    3. Trust no software but enforce a security policy with mechanisms that are not

    trustworthy (again this iscomputer insecurity).

    4. Trust no software but enforce a security policy with trustworthy hardware

    mechanisms.

    Many systems have unintentionally resulted in the first possibility. Since approach

    two is expensive and non-deterministic, its use is very limited. Approaches one and

    three lead to failure. Because approach number four is often based on hardware

    mechanisms and avoids abstractions and a multiplicity of degrees of freedom, it is

    more practical. Combinations of approaches two and four are often used in a layered

    architecture with thin layers of two and thick layers of four.

    There are various strategies and techniques used to design security systems.

    However there are few, if any, effective strategies to enhance security after design.One technique enforces the principle of least privilege to great extent, where an

    entity has only the privileges that are needed for its function. That way even if

    an attackergains access to one part of the system, fine-grained security ensures that

    it is just as difficult for them to access the rest.

    Furthermore, by breaking the system up into smaller components, the complexity of

    individual components is reduced, opening up the possibility of using techniques

    such as automated theorem proving to prove the correctness of crucial software

    subsystems. This enables a closed form solutionto security that works well when

    only a single well-characterized property can be isolated as critical, and that property

    is also assessible to math. Not surprisingly, it is impractical for generalized

    correctness, which probably cannot even be defined, much less proven. Where

    formal correctness proofs are not possible, rigorous use ofcode review and unit

    testing represent a best-effort approach to make modules secure.

    The design should use "defense in depth", where more than one subsystem needs to

    be violated to compromise the integrity of the system and the information it holds.

    Defense in depth works when the breaching of one security measure does not

    provide a platform to facilitate subverting another. Also, the cascading principle

    acknowledges that several low hurdles does not make a high hurdle. So cascading

    several weak mechanisms does not provide the safety of a single stronger

    mechanism.

    Subsystems should default to secure settings, and wherever possible should be

    designed to "fail secure" rather than "fail insecure" (see fail-safe for the equivalent in

    http://en.wikipedia.org/wiki/Protection_mechanismhttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Principle_of_least_privilegehttp://en.wikipedia.org/wiki/Attackerhttp://en.wikipedia.org/wiki/Automated_theorem_provinghttp://en.wikipedia.org/wiki/Closed_form_solutionhttp://en.wikipedia.org/wiki/Closed_form_solutionhttp://en.wikipedia.org/wiki/Code_reviewhttp://en.wikipedia.org/wiki/Unit_testinghttp://en.wikipedia.org/wiki/Unit_testinghttp://en.wikipedia.org/wiki/Defense_in_depth_(computing)http://en.wikipedia.org/wiki/Fail-safehttp://en.wikipedia.org/wiki/Protection_mechanismhttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Principle_of_least_privilegehttp://en.wikipedia.org/wiki/Attackerhttp://en.wikipedia.org/wiki/Automated_theorem_provinghttp://en.wikipedia.org/wiki/Closed_form_solutionhttp://en.wikipedia.org/wiki/Code_reviewhttp://en.wikipedia.org/wiki/Unit_testinghttp://en.wikipedia.org/wiki/Unit_testinghttp://en.wikipedia.org/wiki/Defense_in_depth_(computing)http://en.wikipedia.org/wiki/Fail-safe

  • 7/27/2019 cse term paper

    7/21

    safety engineering). Ideally, a secure system should require a deliberate, conscious,

    knowledgeable and free decision on the part of legitimate authorities in order to make

    it insecure.

    In addition, security should not be an all or nothing issue. The designers and

    operators of systems should assume that security breaches are inevitable. Fullaudit

    trailsshould be kept of system activity, so that when a security breach occurs, the

    mechanism and extent of the breach can be determined. Storing audit trails remotely,

    where they can only be appended to, can keep intruders from covering their tracks.

    Finally, full disclosurehelps to ensure that when bugs are found the "window of

    vulnerability" is kept as short as possible.

    [edit]Security architecture

    Main article: Security architecture

    Security Architecture can be defined as the design artifacts that describe how the

    security controls (security countermeasures) are positioned, and how they relate to

    the overall information technology architecture. These controls serve the purpose to

    maintain the system's quality attributes, among

    them confidentiality, integrity, availability, accountability and assurance."[1].

    [edit]Hardware mechanisms that protect computers and data

    Hardware based or assisted computer security offers an alternative to software-only

    computer security. Devices such as donglesmay be considered more secure due to

    the physical access required in order to be compromised[original research?].

    [edit]Secure operating systems

    Main article: Secure operating systems

    One use of the term computer security refers to technology to implement a

    secure operating system. Much of this technology is based on science developed in

    the 1980s and used to produce what may be some of the most impenetrable

    operating systems ever. Though still valid, the technology is in limited use today,

    primarily because it imposes some changes to system management and also

    because it is not widely understood. Such ultra-strong secure operating systems are

    based on operating system kernel technology that can guarantee that certain security

    policies are absolutely enforced in an operating environment. An example of such

    aComputer security policy is the Bell-LaPadula model. The strategy is based on a

    http://en.wikipedia.org/wiki/Audit_trailhttp://en.wikipedia.org/wiki/Audit_trailhttp://en.wikipedia.org/wiki/Audit_trailhttp://en.wikipedia.org/wiki/Audit_trailhttp://en.wikipedia.org/wiki/Full_disclosurehttp://en.wikipedia.org/wiki/Full_disclosurehttp://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=2http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=2http://en.wikipedia.org/wiki/Security_architecturehttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Integrityhttp://en.wikipedia.org/wiki/Availabilityhttp://en.wikipedia.org/wiki/Accountabilityhttp://en.wikipedia.org/wiki/Assurancehttp://en.wikipedia.org/wiki/Assurancehttp://en.wikipedia.org/wiki/Computer_security#cite_note-0http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=3http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=3http://en.wikipedia.org/wiki/Donglehttp://en.wikipedia.org/wiki/Donglehttp://en.wikipedia.org/wiki/Wikipedia:No_original_researchhttp://en.wikipedia.org/wiki/Wikipedia:No_original_researchhttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=4http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=4http://en.wikipedia.org/wiki/Secure_operating_systemshttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Operating_system_kernelhttp://en.wikipedia.org/wiki/Computer_security_policyhttp://en.wikipedia.org/wiki/Computer_security_policyhttp://en.wikipedia.org/wiki/Bell-LaPadula_modelhttp://en.wikipedia.org/wiki/Audit_trailhttp://en.wikipedia.org/wiki/Audit_trailhttp://en.wikipedia.org/wiki/Full_disclosurehttp://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=2http://en.wikipedia.org/wiki/Security_architecturehttp://en.wikipedia.org/wiki/Confidentialityhttp://en.wikipedia.org/wiki/Integrityhttp://en.wikipedia.org/wiki/Availabilityhttp://en.wikipedia.org/wiki/Accountabilityhttp://en.wikipedia.org/wiki/Assurancehttp://en.wikipedia.org/wiki/Computer_security#cite_note-0http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=3http://en.wikipedia.org/wiki/Donglehttp://en.wikipedia.org/wiki/Wikipedia:No_original_researchhttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=4http://en.wikipedia.org/wiki/Secure_operating_systemshttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Operating_system_kernelhttp://en.wikipedia.org/wiki/Computer_security_policyhttp://en.wikipedia.org/wiki/Bell-LaPadula_model

  • 7/27/2019 cse term paper

    8/21

  • 7/27/2019 cse term paper

    9/21

  • 7/27/2019 cse term paper

    10/21

    manners in which they can be exploited are too variegated. It is interesting to note,

    however, that such vulnerabilities often arise from archaic philosophies in which

    computers were assumed to be narrowly disseminated entities used by a chosen

    few, all of whom were likely highly educated, solidly trained academics with naught

    but the goodness of mankind in mind. Thus, it was considered quite harmless if, for

    (fictitious) example, a FORMAT string in a FORTRAN program could contain the J

    format specifier to mean "shut down system after printing." After all, who would use

    such a feature but a well-intentioned system programmer? It was simply beyond

    conception that software could be deployed in a destructive fashion.

    It is worth noting that, in some languages, the distinction between code (ideally, read-

    only) and data (generally read/write) is blurred. In LISP, particularly, there is no

    distinction whatsoever between code and data, both taking the same form: an S-

    expression can be code, or data, or both, and the "user" of a LISP program whomanages to insert an executable LAMBDA segment into putative "data" can achieve

    arbitrarily general and dangerous functionality. Even something as "modern" as Perl

    offers the eval() function, which enables one to generate Perl code and submit it to

    the interpreter, disguised as string data.

    [edit]Capabilities and access control lists

    Main articles:Access control listandCapability (computers)0

    Within computer systems, two security models capable of enforcing privilege

    separation are access control lists(ACLs) and capability-based security. The

    semantics of ACLs have been proven to be insecure in many situations, e.g.,

    the confused deputy problem. It has also been shown that the promise of ACLs of

    giving access to an object to only one person can never be guaranteed in practice.

    Both of these problems are resolved by capabilities. This does not mean practical

    flaws exist in all ACL-based systems, but only that the designers of certain utilities

    must take responsibility to ensure that they do not introduce flaws. [citation needed]

    Capabilities have been mostly restricted to research operating systems and

    commercial OSs still use ACLs. Capabilities can, however, also be implemented at

    the language level, leading to a style of programming that is essentially a refinement

    of standard object-oriented design. An open source project in the area is the E

    language.

    http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=6http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=6http://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Capability_(computers)http://en.wikipedia.org/wiki/Capability_(computers)http://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Capability-based_securityhttp://en.wikipedia.org/wiki/Confused_deputy_problemhttp://en.wikipedia.org/wiki/Confused_deputy_problemhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/E_programming_languagehttp://en.wikipedia.org/wiki/E_programming_languagehttp://en.wikipedia.org/wiki/E_programming_languagehttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=6http://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Capability_(computers)http://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Capability-based_securityhttp://en.wikipedia.org/wiki/Confused_deputy_problemhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/E_programming_languagehttp://en.wikipedia.org/wiki/E_programming_language

  • 7/27/2019 cse term paper

    11/21

    First the Plessey System 250 and then Cambridge CAP computerdemonstrated the

    use of capabilities, both in hardware and software, in the 1970s. A reason for the lack

    of adoption of capabilities may be that ACLs appeared to offer a 'quick fix' for security

    without pervasive redesign of the operating system and hardware.[citation needed]

    The most secure computers are those not connected to the Internet and shielded

    from any interference. In the real world, the most security comes fromoperating

    systems where security is not an add-on.

    [edit]Applications

    Computer security is critical in almost any technology-driven industry which operates

    on computer systems. Computer security can also be referred to as computer safety.

    The issues of computer based systems and addressing their countless vulnerabilities

    are an integral part of maintaining an operational industry.[3]

    [edit]Cloud computing Security

    Security in the cloud is challenging[citation needed], due to varied degree of security

    features and management schemes within the cloud entitites. In this connection one

    logical protocol base need to evolve so that the entire gamet of components operates

    synchronously and securely[original research?].

    [edit]In aviation

    The aviation industry is especially important when analyzing computer security

    because the involved risks include human life, expensive equipment, cargo, and

    transportation infrastructure. Security can be compromised by hardware and software

    malpractice, human error, and faulty operating environments. Threats that exploit

    computer vulnerabilities can stem from sabotage, espionage, industrial competition,

    terrorist attack, mechanical malfunction, and human error. [4]

    The consequences of a successful deliberate or inadvertent misuse of a computer

    system in the aviation industry range from loss of confidentiality to loss of system

    integrity, which may lead to more serious concerns such as data theft or loss,

    network and air traffic control outages, which in turn can lead to airport closures, loss

    of aircraft, loss of passenger life. Military systems that control munitions can pose an

    even greater risk.

    A proper attack does not need to be very high tech or well funded; for a power

    outage at an airport alone can cause repercussions worldwide. [5]. One of the easiest

    and, arguably, the most difficult to trace security vulnerabilities is achievable by

    http://en.wikipedia.org/wiki/System_250http://en.wikipedia.org/wiki/CAP_computerhttp://en.wikipedia.org/wiki/CAP_computerhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=7http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=7http://en.wikipedia.org/wiki/Computer_security#cite_note-FAA_Computer_Security-2http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=8http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=8http://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:No_original_researchhttp://en.wikipedia.org/wiki/Wikipedia:No_original_researchhttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=9http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=9http://en.wikipedia.org/wiki/Computer_security#cite_note-Computer_Security_in_Aviation-3http://en.wikipedia.org/wiki/Air_traffic_controlhttp://en.wikipedia.org/wiki/Militaryhttp://en.wikipedia.org/wiki/Computer_security#cite_note-4http://en.wikipedia.org/wiki/Computer_security#cite_note-4http://en.wikipedia.org/wiki/System_250http://en.wikipedia.org/wiki/CAP_computerhttp://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Operating_systemhttp://en.wikipedia.org/wiki/Securityhttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=7http://en.wikipedia.org/wiki/Computer_security#cite_note-FAA_Computer_Security-2http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=8http://en.wikipedia.org/wiki/Wikipedia:Citation_neededhttp://en.wikipedia.org/wiki/Wikipedia:No_original_researchhttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=9http://en.wikipedia.org/wiki/Computer_security#cite_note-Computer_Security_in_Aviation-3http://en.wikipedia.org/wiki/Air_traffic_controlhttp://en.wikipedia.org/wiki/Militaryhttp://en.wikipedia.org/wiki/Computer_security#cite_note-4

  • 7/27/2019 cse term paper

    12/21

  • 7/27/2019 cse term paper

    13/21

    on March 24, 2010[7]. The bill seeks to increase collaboration between the public and

    the private sector on cybersecurity issues, especially those private entities that own

    infrastructures that are critical to national security interests (the bill quotes John

    Brennan, the Assistant to the President for Homeland Security and Counterterrorism:

    "our nations security and economic prosperity depend on the security, stability, and

    integrity of communications and information infrastructure that are largely privately-

    owned and globally-operated" and talks about the country's response to a "cyber-

    Katrina"[8].), increase public awareness on cybersecurity issues, and foster and fund

    cybersecurity research. Some of the most controversial parts of the bill include

    Paragraph 315, which grants the President the right to "order the limitation or

    shutdown of Internet traffic to and from any compromised Federal Government or

    United States critical infrastructure information system or network[8]." The Electronic

    Frontier Foundation, an internationalnon-profitdigital rights advocacy and legal

    organization based in the United States, characterized the bill as promoting a

    "potentially dangerous approach that favors the dramatic over the sober response" [9].

    [edit]International Cybercrime Reporting and Cooperation Act

    On March 25, 2010, Representative Yvette Clarke(D-NY) introduced the

    "International Cybercrime Reporting and Cooperation Act - H.R.4962" (full text) in

    the House of Representatives; the bill, co-sponsored by seven other representatives

    (among whom only one Republican), was referred to three House committees[10] . The

    bill seeks to make sure that the administration keeps Congressinformed oninformation infrastructure,cybercrime, and end-user protection worldwide. It also

    "directs the President to give priority for assistance to improve legal, judicial, and

    enforcement capabilities with respect to cybercrime to countries with low information

    and communications technology levels of development or utilization in their critical

    infrastructure, telecommunications systems, and financial industries" [10] as well as to

    develop an action plan and an annual compliance assessment for countries of "cyber

    concern"[10].

    [edit]Protecting Cyberspace as a National Asset Act of 2010 ("Kill switch bill")

    On June 19, 2010, United States SenatorJoe Lieberman (I-CT) introduced a bill

    called "Protecting Cyberspace as a National Asset Act of 2010 - S.3480" (full text in

    pdf), which he co-wrote with SenatorSusan Collins (R-ME) and SenatorThomas

    Carper(D-DE). If signed into law, this controversial bill, which the American media

    dubbed the "Kill switch bill", would grant the President emergency powers over the

    http://en.wikipedia.org/wiki/Computer_security#cite_note-computerworldapproval-6http://en.wikipedia.org/wiki/Computer_security#cite_note-computerworldapproval-6http://en.wikipedia.org/wiki/John_Brennanhttp://en.wikipedia.org/wiki/John_Brennanhttp://en.wikipedia.org/wiki/Hurricane_Katrinahttp://en.wikipedia.org/wiki/Computer_security#cite_note-cybersecurity2010-7http://en.wikipedia.org/wiki/President_of_the_United_Stateshttp://en.wikipedia.org/wiki/Computer_security#cite_note-cybersecurity2010-7http://en.wikipedia.org/wiki/Electronic_Frontier_Foundationhttp://en.wikipedia.org/wiki/Electronic_Frontier_Foundationhttp://en.wikipedia.org/wiki/Electronic_Frontier_Foundationhttp://en.wikipedia.org/wiki/Non-profithttp://en.wikipedia.org/wiki/Non-profithttp://en.wikipedia.org/wiki/Digital_rightshttp://en.wikipedia.org/wiki/United_Stateshttp://en.wikipedia.org/wiki/Computer_security#cite_note-notsober-8http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=14http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=14http://en.wikipedia.org/wiki/Yvette_Clarkehttp://en.wikipedia.org/wiki/Yvette_Clarkehttp://www.opencongress.org/bill/111-h4962/texthttp://en.wikipedia.org/wiki/United_States_House_of_Representativeshttp://en.wikipedia.org/wiki/Republican_Party_(United_States)http://en.wikipedia.org/wiki/United_States_congressional_committeehttp://en.wikipedia.org/wiki/Computer_security#cite_note-reportingandcooperation-9http://en.wikipedia.org/wiki/Computer_security#cite_note-reportingandcooperation-9http://en.wikipedia.org/wiki/United_States_Congresshttp://en.wikipedia.org/wiki/United_States_Congresshttp://en.wikipedia.org/wiki/Cybercrimehttp://en.wikipedia.org/wiki/Cybercrimehttp://en.wikipedia.org/wiki/Computer_security#cite_note-reportingandcooperation-9http://en.wikipedia.org/wiki/Computer_security#cite_note-reportingandcooperation-9http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=15http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=15http://en.wikipedia.org/wiki/United_States_Senatehttp://en.wikipedia.org/wiki/United_States_Senatehttp://en.wikipedia.org/wiki/Joe_Liebermanhttp://hsgac.senate.gov/public/index.cfm?FuseAction=Files.View&FileStore_id=4ee63497-ca5b-4a4b-9bba-04b7f4cb0123http://hsgac.senate.gov/public/index.cfm?FuseAction=Files.View&FileStore_id=4ee63497-ca5b-4a4b-9bba-04b7f4cb0123http://en.wikipedia.org/wiki/Susan_Collinshttp://en.wikipedia.org/wiki/Thomas_Carperhttp://en.wikipedia.org/wiki/Thomas_Carperhttp://en.wikipedia.org/wiki/Kill_switch#Cybersecurity_policyhttp://en.wikipedia.org/wiki/President_of_the_United_Stateshttp://en.wikipedia.org/wiki/Computer_security#cite_note-computerworldapproval-6http://en.wikipedia.org/wiki/John_Brennanhttp://en.wikipedia.org/wiki/John_Brennanhttp://en.wikipedia.org/wiki/Hurricane_Katrinahttp://en.wikipedia.org/wiki/Computer_security#cite_note-cybersecurity2010-7http://en.wikipedia.org/wiki/President_of_the_United_Stateshttp://en.wikipedia.org/wiki/Computer_security#cite_note-cybersecurity2010-7http://en.wikipedia.org/wiki/Electronic_Frontier_Foundationhttp://en.wikipedia.org/wiki/Electronic_Frontier_Foundationhttp://en.wikipedia.org/wiki/Non-profithttp://en.wikipedia.org/wiki/Digital_rightshttp://en.wikipedia.org/wiki/United_Stateshttp://en.wikipedia.org/wiki/Computer_security#cite_note-notsober-8http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=14http://en.wikipedia.org/wiki/Yvette_Clarkehttp://www.opencongress.org/bill/111-h4962/texthttp://en.wikipedia.org/wiki/United_States_House_of_Representativeshttp://en.wikipedia.org/wiki/Republican_Party_(United_States)http://en.wikipedia.org/wiki/United_States_congressional_committeehttp://en.wikipedia.org/wiki/Computer_security#cite_note-reportingandcooperation-9http://en.wikipedia.org/wiki/United_States_Congresshttp://en.wikipedia.org/wiki/Cybercrimehttp://en.wikipedia.org/wiki/Computer_security#cite_note-reportingandcooperation-9http://en.wikipedia.org/wiki/Computer_security#cite_note-reportingandcooperation-9http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=15http://en.wikipedia.org/wiki/United_States_Senatehttp://en.wikipedia.org/wiki/Joe_Liebermanhttp://hsgac.senate.gov/public/index.cfm?FuseAction=Files.View&FileStore_id=4ee63497-ca5b-4a4b-9bba-04b7f4cb0123http://hsgac.senate.gov/public/index.cfm?FuseAction=Files.View&FileStore_id=4ee63497-ca5b-4a4b-9bba-04b7f4cb0123http://en.wikipedia.org/wiki/Susan_Collinshttp://en.wikipedia.org/wiki/Thomas_Carperhttp://en.wikipedia.org/wiki/Thomas_Carperhttp://en.wikipedia.org/wiki/Kill_switch#Cybersecurity_policyhttp://en.wikipedia.org/wiki/President_of_the_United_States

  • 7/27/2019 cse term paper

    14/21

    Internet. However, all three co-authors of the bill issued a statement claiming that

    instead, the bill "[narrowed] existing broad Presidential authority to take over

    telecommunications networks"[11].

    [edit]Terminology

    This section may requirecleanupto meet Wikipedia'squality

    standards. Pleaseimprove this sectionif you can. The talk pagemay contain

    suggestions. (November 2010)

    The following terms used in engineering secure systems are explained below.

    Authentication techniques can be used to ensure that communication end-

    points are who they say they are.

    Automated theorem proving and other verification tools can enable critical

    algorithms and code used in secure systems to be mathematically proven to meettheir specifications.

    Capability and access control list techniques can be used to ensure privilege

    separation and mandatory access control. This section discusses their use.

    Chain of trust techniques can be used to attempt to ensure that all software

    loaded has been certified as authentic by the system's designers.

    Cryptographic techniques can be used to defend data in transit between

    systems, reducing the probability that data exchanged between systems can be

    intercepted or modified.

    Firewalls can provide some protection from online intrusion.

    A microkernelis a carefully crafted, deliberately small corpus of software that

    underlies the operating systemper se and is used solely to provide very low-

    level, very precisely defined primitives upon which an operating system can be

    developed. A simple example with considerable didactic value is the early '90s

    GEMSOS (Gemini Computers), which provided extremely low-level primitives,

    such as "segment" management, atop which an operating system could be built.

    The theory (in the case of "segments") was thatrather than have the operatingsystem itself worry about mandatory access separation by means of military-style

    labelingit is safer if a low-level, independently scrutinized module can be

    charged solely with the management of individually labeled segments, be they

    memory "segments" or file system "segments" or executable text "segments." If

    software below the visibility of the operating system is (as in this case) charged

    with labeling, there is no theoretically viable means for a clever hacker to subvert

    http://en.wikipedia.org/wiki/Computer_security#cite_note-nokillswitch-10http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=16http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=16http://en.wikipedia.org/wiki/Wikipedia:Cleanuphttp://en.wikipedia.org/wiki/Wikipedia:Cleanuphttp://en.wikipedia.org/wiki/Wikipedia:Cleanuphttp://en.wikipedia.org/wiki/Wikipedia:Manual_of_Stylehttp://en.wikipedia.org/wiki/Wikipedia:Manual_of_Stylehttp://en.wikipedia.org/wiki/Wikipedia:Manual_of_Stylehttp://en.wikipedia.org/wiki/Wikipedia:Manual_of_Stylehttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edithttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edithttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edithttp://en.wikipedia.org/wiki/Talk:Computer_securityhttp://en.wikipedia.org/wiki/Talk:Computer_securityhttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Automated_theorem_provinghttp://en.wikipedia.org/wiki/Capability_(computers)http://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Computer_security#Capabilities_vs._ACLshttp://en.wikipedia.org/wiki/Chain_of_trusthttp://en.wikipedia.org/wiki/Chain_of_trusthttp://en.wikipedia.org/wiki/Cryptographyhttp://en.wikipedia.org/wiki/Firewall_(computing)http://en.wikipedia.org/wiki/Microkernel#Microkernelhttp://en.wikipedia.org/wiki/Microkernel#Microkernelhttp://en.wikipedia.org/wiki/Computer_security#cite_note-nokillswitch-10http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=16http://en.wikipedia.org/wiki/Wikipedia:Cleanuphttp://en.wikipedia.org/wiki/Wikipedia:Manual_of_Stylehttp://en.wikipedia.org/wiki/Wikipedia:Manual_of_Stylehttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edithttp://en.wikipedia.org/wiki/Talk:Computer_securityhttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Automated_theorem_provinghttp://en.wikipedia.org/wiki/Capability_(computers)http://en.wikipedia.org/wiki/Access_control_listhttp://en.wikipedia.org/wiki/Computer_security#Capabilities_vs._ACLshttp://en.wikipedia.org/wiki/Chain_of_trusthttp://en.wikipedia.org/wiki/Cryptographyhttp://en.wikipedia.org/wiki/Firewall_(computing)http://en.wikipedia.org/wiki/Microkernel#Microkernel

  • 7/27/2019 cse term paper

    15/21

  • 7/27/2019 cse term paper

    16/21

  • 7/27/2019 cse term paper

    17/21

    Pinging The ping application can be used by potential crackers to find if an IP

    address is reachable. If a cracker finds a computer, they can try a port scan to

    detect and attack services on that computer.

    Social engineering awareness keeps employees aware of the dangers of

    social engineering and/or having a policy in place to prevent social engineering

    can reduce successful breaches of the network and servers.

    File Integrity Monitors are tools used to detect changes in the integrity of

    systems and files.

    [edit]Notes

    1. ^ Definitions: IT Security Architecture. SecurityArchitecture.org, Jan, 2008

    2. ^ New hacking technique exploits common programming error. SearchSecurity.com, July 2007

    3. ^ J. C. Willemssen, "FAA Computer Security". GAO/T-AIMD-00-330. Presented at Committee on

    Science, House of Representatives, 2000.

    4. ^ P. G. Neumann, "Computer Security in Aviation," presented at International Conference on

    Aviation Safety and Security in the 21st Century, White House Commission on Safety and Security,

    1997.

    5. ^ J. Zellan, Aviation Security. Hauppauge, NY: Nova Science, 2003, pp. 6570.

    6. ^ Information Security. United States Department of Defense, 1986

    7. ^ Cybersecurity bill passes first hurdle, Computer World, March 24, 2010. Retrieved on June 26,

    2010.

    8. ^ abCybersecurity Act of 2009, OpenCongress.org, April 1, 2009. Retrieved on June 26, 2010.

    9. ^ Federal Authority Over the Internet? The Cybersecurity Act of 2009, eff.org, April 10, 2009.

    Retrieved on June 26, 2010.

    10. ^ abcH.R.4962 - International Cybercrime Reporting and Cooperation Act, OpenCongress.org.

    Retrieved on June 26, 2010.

    11. ^ Senators Say Cybersecurity Bill Has No 'Kill Switch', informationweek.com, June 24, 2010.

    Retrieved on June 25, 2010.

    [edit]See also

    Computer security portal

    Attack tree

    Authentication

    Authorization

    Human-computer interaction

    (security)

    Identity management

    http://en.wikipedia.org/wiki/Pinghttp://en.wikipedia.org/wiki/Social_engineering_(computer_security)http://en.wikipedia.org/w/index.php?title=File_Integrity_Monitor&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=17http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=17http://en.wikipedia.org/wiki/Computer_security#cite_ref-0http://opensecurityarchitecture.com/http://opensecurityarchitecture.com/http://en.wikipedia.org/wiki/Computer_security#cite_ref-1http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1265116,00.htmlhttp://en.wikipedia.org/wiki/Computer_security#cite_ref-FAA_Computer_Security_2-0http://en.wikipedia.org/wiki/Computer_security#cite_ref-Computer_Security_in_Aviation_3-0http://en.wikipedia.org/wiki/Computer_security#cite_ref-4http://en.wikipedia.org/wiki/Computer_security#cite_ref-5http://www.fas.org/irp/gao/aim96084.htmhttp://en.wikipedia.org/wiki/Computer_security#cite_ref-computerworldapproval_6-0http://www.computerworld.com/s/article/9174065/Cybersecurity_bill_passes_first_hurdlehttp://en.wikipedia.org/wiki/Computer_security#cite_ref-cybersecurity2010_7-0http://en.wikipedia.org/wiki/Computer_security#cite_ref-cybersecurity2010_7-1http://en.wikipedia.org/wiki/Computer_security#cite_ref-cybersecurity2010_7-1http://en.wikipedia.org/wiki/Computer_security#cite_ref-cybersecurity2010_7-1http://www.opencongress.org/bill/111-s773/texthttp://en.wikipedia.org/wiki/Computer_security#cite_ref-notsober_8-0http://www.eff.org/deeplinks/2009/04/cybersecurity-acthttp://en.wikipedia.org/wiki/Computer_security#cite_ref-reportingandcooperation_9-0http://en.wikipedia.org/wiki/Computer_security#cite_ref-reportingandcooperation_9-1http://en.wikipedia.org/wiki/Computer_security#cite_ref-reportingandcooperation_9-1http://en.wikipedia.org/wiki/Computer_security#cite_ref-reportingandcooperation_9-1http://en.wikipedia.org/wiki/Computer_security#cite_ref-reportingandcooperation_9-2http://www.opencongress.org/bill/111-h4962/showhttp://www.opencongress.org/bill/111-h4962/showhttp://www.opencongress.org/bill/111-h4962/showhttp://en.wikipedia.org/wiki/Computer_security#cite_ref-nokillswitch_10-0http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=225701368&subSection=Newshttp://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=225701368&subSection=Newshttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=18http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=18http://en.wikipedia.org/wiki/Portal:Computer_securityhttp://en.wikipedia.org/wiki/Attack_treehttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Authorizationhttp://en.wikipedia.org/wiki/Human-computer_interaction_(security)http://en.wikipedia.org/wiki/Human-computer_interaction_(security)http://en.wikipedia.org/wiki/Identity_managementhttp://en.wikipedia.org/wiki/File:Monitor_padlock.svghttp://en.wikipedia.org/wiki/Pinghttp://en.wikipedia.org/wiki/Social_engineering_(computer_security)http://en.wikipedia.org/w/index.php?title=File_Integrity_Monitor&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=17http://en.wikipedia.org/wiki/Computer_security#cite_ref-0http://opensecurityarchitecture.com/http://en.wikipedia.org/wiki/Computer_security#cite_ref-1http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1265116,00.htmlhttp://en.wikipedia.org/wiki/Computer_security#cite_ref-FAA_Computer_Security_2-0http://en.wikipedia.org/wiki/Computer_security#cite_ref-Computer_Security_in_Aviation_3-0http://en.wikipedia.org/wiki/Computer_security#cite_ref-4http://en.wikipedia.org/wiki/Computer_security#cite_ref-5http://www.fas.org/irp/gao/aim96084.htmhttp://en.wikipedia.org/wiki/Computer_security#cite_ref-computerworldapproval_6-0http://www.computerworld.com/s/article/9174065/Cybersecurity_bill_passes_first_hurdlehttp://en.wikipedia.org/wiki/Computer_security#cite_ref-cybersecurity2010_7-0http://en.wikipedia.org/wiki/Computer_security#cite_ref-cybersecurity2010_7-1http://www.opencongress.org/bill/111-s773/texthttp://en.wikipedia.org/wiki/Computer_security#cite_ref-notsober_8-0http://www.eff.org/deeplinks/2009/04/cybersecurity-acthttp://en.wikipedia.org/wiki/Computer_security#cite_ref-reportingandcooperation_9-0http://en.wikipedia.org/wiki/Computer_security#cite_ref-reportingandcooperation_9-1http://en.wikipedia.org/wiki/Computer_security#cite_ref-reportingandcooperation_9-2http://www.opencongress.org/bill/111-h4962/showhttp://en.wikipedia.org/wiki/Computer_security#cite_ref-nokillswitch_10-0http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=225701368&subSection=Newshttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=18http://en.wikipedia.org/wiki/Portal:Computer_securityhttp://en.wikipedia.org/wiki/Attack_treehttp://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Authorizationhttp://en.wikipedia.org/wiki/Human-computer_interaction_(security)http://en.wikipedia.org/wiki/Human-computer_interaction_(security)http://en.wikipedia.org/wiki/Identity_management

  • 7/27/2019 cse term paper

    18/21

    CAPTCHA

    CERT

    Cloud computing security

    Computer insecurity

    Computer security model

    Countermeasure (computer)

    Cryptography

    Cyber security standards

    Dancing pigs

    Disk encryption

    Data loss prevention products

    Data security

    Differentiated security

    Exploit (computer security)

    Fault tolerance

    Firewalls

    Full disclosure

    High Technology Crime Investigation

    Association

    Information Leak Prevention

    Information security

    Internet privacy

    IT risk

    ISO/IEC 15408

    Network Security Toolkit

    Network security

    OWASP

    Penetration test

    Physical information security

    Physical security

    Presumed security

    Proactive Cyber Defence

    Sandbox (computer security)

    Security Architecture

    Separation of protection and security

    Threat (computer)

    Vulnerability (computing)

    Privacy software

    [edit]References

    This section includes a list of references, related reading orexternal links,

    but its sources remain unclear because it lacksinlinecitations.Please improvethis article by introducing more precise citationswhereappropriate.(September 2010)

    Ross J. Anderson: Security Engineering: A Guide to Building Dependable

    Distributed Systems,ISBN 0-471-38922-6

    Morrie Gasser: Building a secure computer systemISBN 0-442-23022-2 1988

    Stephen Haag, Maeve Cummings, Donald McCubbrey,Alain

    Pinsonneault, Richard Donovan: Management Information Systems for the

    information age, ISBN 0-07-091120-7

    E. Stewart Lee: Essays about Computer SecurityCambridge, 1999

    Peter G. Neumann: Principled Assuredly Trustworthy Composable

    Architectures 2004

    Paul A. Karger, Roger R. Schell: Thirty Years Later: Lessons from the Multics

    Security Evaluation, IBM white paper.

    http://en.wikipedia.org/wiki/CAPTCHAhttp://en.wikipedia.org/wiki/CERT_Coordination_Centerhttp://en.wikipedia.org/wiki/Cloud_computing_securityhttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Computer_security_modelhttp://en.wikipedia.org/wiki/Countermeasure_(computer)http://en.wikipedia.org/wiki/Cryptographyhttp://en.wikipedia.org/wiki/Cyber_security_standardshttp://en.wikipedia.org/wiki/Dancing_pigshttp://en.wikipedia.org/wiki/Disk_encryptionhttp://en.wikipedia.org/wiki/Data_loss_prevention_productshttp://en.wikipedia.org/wiki/Data_securityhttp://en.wikipedia.org/wiki/Differentiated_securityhttp://en.wikipedia.org/wiki/Exploit_(computer_security)http://en.wikipedia.org/wiki/Fault_tolerancehttp://en.wikipedia.org/wiki/Firewall_(networking)http://en.wikipedia.org/wiki/Full_disclosurehttp://en.wikipedia.org/wiki/High_Technology_Crime_Investigation_Associationhttp://en.wikipedia.org/wiki/High_Technology_Crime_Investigation_Associationhttp://en.wikipedia.org/wiki/Information_Leak_Preventionhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Internet_privacyhttp://en.wikipedia.org/wiki/IT_riskhttp://en.wikipedia.org/wiki/ISO/IEC_15408http://en.wikipedia.org/wiki/Network_Security_Toolkithttp://en.wikipedia.org/wiki/Network_securityhttp://en.wikipedia.org/wiki/OWASPhttp://en.wikipedia.org/wiki/Penetration_testhttp://en.wikipedia.org/wiki/Physical_information_securityhttp://en.wikipedia.org/wiki/Physical_securityhttp://en.wikipedia.org/wiki/Presumed_securityhttp://en.wikipedia.org/wiki/Proactive_Cyber_Defencehttp://en.wikipedia.org/wiki/Sandbox_(computer_security)http://en.wikipedia.org/wiki/Security_Architecturehttp://en.wikipedia.org/wiki/Separation_of_protection_and_securityhttp://en.wikipedia.org/wiki/Threat_(computer)http://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Privacy_softwarehttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=19http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=19http://en.wikipedia.org/wiki/Wikipedia:Citing_sourceshttp://en.wikipedia.org/wiki/Wikipedia:Citing_sourceshttp://en.wikipedia.org/wiki/Wikipedia:External_linkshttp://en.wikipedia.org/wiki/Wikipedia:External_linkshttp://en.wikipedia.org/wiki/Wikipedia:Citing_sources#Inline_citationshttp://en.wikipedia.org/wiki/Wikipedia:Citing_sources#Inline_citationshttp://en.wikipedia.org/wiki/Wikipedia:Citing_sources#Inline_citationshttp://en.wikipedia.org/wiki/Wikipedia:Citing_sources#Inline_citationshttp://en.wikipedia.org/wiki/Wikipedia:WikiProject_Fact_and_Reference_Checkhttp://en.wikipedia.org/wiki/Wikipedia:WikiProject_Fact_and_Reference_Checkhttp://en.wikipedia.org/wiki/Wikipedia:When_to_citehttp://en.wikipedia.org/wiki/Wikipedia:When_to_citehttp://en.wikipedia.org/wiki/Wikipedia:When_to_citehttp://en.wikipedia.org/wiki/Wikipedia:When_to_citehttp://en.wikipedia.org/wiki/Ross_J._Andersonhttp://www.cl.cam.ac.uk/~rja14/book.htmlhttp://www.cl.cam.ac.uk/~rja14/book.htmlhttp://www.cl.cam.ac.uk/~rja14/book.htmlhttp://en.wikipedia.org/wiki/Special:BookSources/0471389226http://en.wikipedia.org/w/index.php?title=Morrie_Gasser&action=edit&redlink=1http://cs.unomaha.edu/~stanw/gasserbook.pdfhttp://cs.unomaha.edu/~stanw/gasserbook.pdfhttp://en.wikipedia.org/wiki/Special:BookSources/0442230222http://en.wikipedia.org/w/index.php?title=Stephen_Haag&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Maeve_Cummings&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Donald_McCubbrey&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Alain_Pinsonneault&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Alain_Pinsonneault&action=edit&redlink=1http://en.wikipedia.org/wiki/Richard_Donovanhttp://en.wikipedia.org/wiki/Special:BookSources/0070911207http://en.wikipedia.org/w/index.php?title=E._Stewart_Lee&action=edit&redlink=1http://www.cl.cam.ac.uk/~mgk25/lee-essays.pdfhttp://www.cl.cam.ac.uk/~mgk25/lee-essays.pdfhttp://en.wikipedia.org/wiki/Peter_G._Neumannhttp://www.csl.sri.com/neumann/chats4.pdfhttp://www.csl.sri.com/neumann/chats4.pdfhttp://en.wikipedia.org/w/index.php?title=Paul_A._Karger&action=edit&redlink=1http://en.wikipedia.org/wiki/Roger_R._Schellhttp://www.acsac.org/2002/papers/classic-multics.pdfhttp://www.acsac.org/2002/papers/classic-multics.pdfhttp://en.wikipedia.org/wiki/File:Text_document_with_red_question_mark.svghttp://en.wikipedia.org/wiki/CAPTCHAhttp://en.wikipedia.org/wiki/CERT_Coordination_Centerhttp://en.wikipedia.org/wiki/Cloud_computing_securityhttp://en.wikipedia.org/wiki/Computer_insecurityhttp://en.wikipedia.org/wiki/Computer_security_modelhttp://en.wikipedia.org/wiki/Countermeasure_(computer)http://en.wikipedia.org/wiki/Cryptographyhttp://en.wikipedia.org/wiki/Cyber_security_standardshttp://en.wikipedia.org/wiki/Dancing_pigshttp://en.wikipedia.org/wiki/Disk_encryptionhttp://en.wikipedia.org/wiki/Data_loss_prevention_productshttp://en.wikipedia.org/wiki/Data_securityhttp://en.wikipedia.org/wiki/Differentiated_securityhttp://en.wikipedia.org/wiki/Exploit_(computer_security)http://en.wikipedia.org/wiki/Fault_tolerancehttp://en.wikipedia.org/wiki/Firewall_(networking)http://en.wikipedia.org/wiki/Full_disclosurehttp://en.wikipedia.org/wiki/High_Technology_Crime_Investigation_Associationhttp://en.wikipedia.org/wiki/High_Technology_Crime_Investigation_Associationhttp://en.wikipedia.org/wiki/Information_Leak_Preventionhttp://en.wikipedia.org/wiki/Information_securityhttp://en.wikipedia.org/wiki/Internet_privacyhttp://en.wikipedia.org/wiki/IT_riskhttp://en.wikipedia.org/wiki/ISO/IEC_15408http://en.wikipedia.org/wiki/Network_Security_Toolkithttp://en.wikipedia.org/wiki/Network_securityhttp://en.wikipedia.org/wiki/OWASPhttp://en.wikipedia.org/wiki/Penetration_testhttp://en.wikipedia.org/wiki/Physical_information_securityhttp://en.wikipedia.org/wiki/Physical_securityhttp://en.wikipedia.org/wiki/Presumed_securityhttp://en.wikipedia.org/wiki/Proactive_Cyber_Defencehttp://en.wikipedia.org/wiki/Sandbox_(computer_security)http://en.wikipedia.org/wiki/Security_Architecturehttp://en.wikipedia.org/wiki/Separation_of_protection_and_securityhttp://en.wikipedia.org/wiki/Threat_(computer)http://en.wikipedia.org/wiki/Vulnerability_(computing)http://en.wikipedia.org/wiki/Privacy_softwarehttp://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=19http://en.wikipedia.org/wiki/Wikipedia:Citing_sourceshttp://en.wikipedia.org/wiki/Wikipedia:External_linkshttp://en.wikipedia.org/wiki/Wikipedia:Citing_sources#Inline_citationshttp://en.wikipedia.org/wiki/Wikipedia:Citing_sources#Inline_citationshttp://en.wikipedia.org/wiki/Wikipedia:WikiProject_Fact_and_Reference_Checkhttp://en.wikipedia.org/wiki/Wikipedia:When_to_citehttp://en.wikipedia.org/wiki/Wikipedia:When_to_citehttp://en.wikipedia.org/wiki/Ross_J._Andersonhttp://www.cl.cam.ac.uk/~rja14/book.htmlhttp://www.cl.cam.ac.uk/~rja14/book.htmlhttp://en.wikipedia.org/wiki/Special:BookSources/0471389226http://en.wikipedia.org/w/index.php?title=Morrie_Gasser&action=edit&redlink=1http://cs.unomaha.edu/~stanw/gasserbook.pdfhttp://en.wikipedia.org/wiki/Special:BookSources/0442230222http://en.wikipedia.org/w/index.php?title=Stephen_Haag&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Maeve_Cummings&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Donald_McCubbrey&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Alain_Pinsonneault&action=edit&redlink=1http://en.wikipedia.org/w/index.php?title=Alain_Pinsonneault&action=edit&redlink=1http://en.wikipedia.org/wiki/Richard_Donovanhttp://en.wikipedia.org/wiki/Special:BookSources/0070911207http://en.wikipedia.org/w/index.php?title=E._Stewart_Lee&action=edit&redlink=1http://www.cl.cam.ac.uk/~mgk25/lee-essays.pdfhttp://en.wikipedia.org/wiki/Peter_G._Neumannhttp://www.csl.sri.com/neumann/chats4.pdfhttp://www.csl.sri.com/neumann/chats4.pdfhttp://en.wikipedia.org/w/index.php?title=Paul_A._Karger&action=edit&redlink=1http://en.wikipedia.org/wiki/Roger_R._Schellhttp://www.acsac.org/2002/papers/classic-multics.pdfhttp://www.acsac.org/2002/papers/classic-multics.pdf

  • 7/27/2019 cse term paper

    19/21

    Bruce Schneier: Secrets & Lies: Digital Security in a Networked World, ISBN

    0-471-25311-1

    Robert C. Seacord: Secure Coding in C and C++. Addison Wesley,

    September, 2005.ISBN 0-321-33572-4

    Clifford Stoll: Cuckoo's Egg: Tracking a Spy Through the Maze of Computer

    Espionage, Pocket Books, ISBN 0-7434-1146-3

    Network Infrastructure Security, Angus Wong and Alan Yeung, Springer,

    2009.

    [edit]

    http://en.wikipedia.org/wiki/Bruce_Schneierhttp://en.wikipedia.org/wiki/Special:BookSources/0471253111http://en.wikipedia.org/wiki/Special:BookSources/0471253111http://en.wikipedia.org/wiki/Robert_C._Seacordhttp://en.wikipedia.org/wiki/Robert_C._Seacordhttp://en.wikipedia.org/wiki/Special:BookSources/0321335724http://en.wikipedia.org/wiki/Special:BookSources/0321335724http://en.wikipedia.org/wiki/Clifford_Stollhttp://en.wikipedia.org/wiki/Clifford_Stollhttp://en.wikipedia.org/wiki/Special:BookSources/0743411463http://www.springer.com/computer/communications/book/978-1-4419-0165-1http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=20http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=20http://en.wikipedia.org/wiki/Bruce_Schneierhttp://en.wikipedia.org/wiki/Special:BookSources/0471253111http://en.wikipedia.org/wiki/Special:BookSources/0471253111http://en.wikipedia.org/wiki/Robert_C._Seacordhttp://en.wikipedia.org/wiki/Special:BookSources/0321335724http://en.wikipedia.org/wiki/Clifford_Stollhttp://en.wikipedia.org/wiki/Special:BookSources/0743411463http://www.springer.com/computer/communications/book/978-1-4419-0165-1http://en.wikipedia.org/w/index.php?title=Computer_security&action=edit&section=20

  • 7/27/2019 cse term paper

    20/21

  • 7/27/2019 cse term paper

    21/21


Health and Human Services: cse working paper new

ugc cse syllabus paper 1

cse 1996 gate paper

2012 Cse Electrical Paper 2

Term Paper Cse 211

CSE 4080 PROJECT: SKEW HEAP, LEFTIST HEAP AND ALTERNATIVESaaw/Pourhashemi/Paper/Paper.pdf · 2007-05-02 · CSE 4080 PROJECT: SKEW HEAP, LEFTIST HEAP AND ALTERNATIVES Winter Term

CSE 2019 Law optional Paper 1 - INSIGHTSIAS

Term Paper and Seminar for M.tech CSE

JNU MTech CSE Question Paper-2012

2001 physics paper 1 CSE

CSE Working Paper

CSE 661 PAPER PRESENTATION

Program: B. Tech-CSE - Roorkee College of Engineeringrceroorkee.in/pdf/rcesyllabus/CSE/4th.pdf · Seminar (Term Paper) ... password file, Password security, Shadow file, Groups and

CSE ME Paper

CSE 306 –Computer Networking Class Notes before MID TERM · CSE 306 –Computer Networking Class Notes before MID TERM e 43 KIDS Labs INd_rasN . Author: Indrason Keywords: CSE 306

CSE Main Compulsory Paper 5 Ethics , Integrity and Aptitude10x10learning.com/.../2016/...CSE-Main-Value-and-Ethics-for-Governance.pdf · CSE Main Compulsory Paper 5 Ethics , Integrity

Physics Paper-2 CSE Questions

CSE Mains 2013 General Studies Paper II

General Studies Paper 3 , Section 3, CSE (Mains)10x10learning.com/wp-content/uploads/2016/06/CSE-Main-Paper-3.2... · General Studies Paper 3 , Section 3, CSE (Mains) Social Justice

cse 2003 gate paper

CSE Prelims 2010 Animal Husbandry Vet Sci Paper

Cse national conf 2013 (paper)

How to write research paper in cse

GATE 2006 PAPER CSE & IT

CSE Sociology Paper I - Topic IV -- Sociological Thinkers

Physics Paper-1 CSE Questions

Gate 2012 Cse Question Paper - Cse Set c

Term Paper Fo Term-Paper-font-pag1.docnt Pag1

Term Paper