欢迎来到天天文库
浏览记录
ID:40015944
大小:206.00 KB
页数:44页
时间:2019-07-17
《软体品质与资讯安全》由会员上传分享,免费在线阅读,更多相关内容在教育资源-天天文库。
1、軟體品質與資訊安全交通大學資訊工程系黃世昆OutlineBackgroundSoftwareAttackBasicSoftwareProcessVulnerabilitySoftwareExploitabilityDynamicandStaticDefenseConclusionSoftwareEngineeringandWorms1968(conferenceonsoftwarecrisisafterICinvention,withmorecomplexsoftware)1988(Nov2)Internet
2、Worm2001(July19)CodeRedWorm(after1988)2003(Aug11)BlasterWorm(impactMS)2005WormsAnywhereandAnytimeMicrosoftSoftwareauto-updatesmorefrequentlySoftwareAttackBasicTheStrengthofCryptography“128-bitkeysmeanstrongsecurity,while40-bitkeysareweak”“triple-DESismuchst
3、rongerthansingleDES”“2,048RSAisbetterthan1,024bitRSA”“lockyourfrontdoorwithfourmetalpins,eachofwhichinoneof10positions”.Therewillbe10,000possiblekeys…almostimpossibletobreakinNO!!!StrengthofCryptographyBurglarswon’ttryeverypossiblekeysorpickthelock.Theysmas
4、hwindows,kickindoors,andusechainsawtothehousewall.Mostofusdesign,analyzeandbreakcryptographicsystem.Fewtrytodoresearchonpublishedalgorithms,protocolsandactualproducts.FromBruceSchneierWedon’thavetotryeverypossiblekeyorevenfindflawsinthealgorithms.Weexploite
5、rrorsindesign,errorsinimplementation,anderrorsininstallation.Sometimesweinventanewtricktobreakasystem,butmostofthetimeweexploitthesameoldmistakesthatdesignersmakeoverandoveragain.SecurityAttackDynamicEventoccurduringtheexecutionofapieceofsoftware.Attackmade
6、possible:weaknessesmustexistinthesystemsequenceofweaknessexploitinginputsignalstothesystemisrequiredThreatthreat:anagentoutsideofasoftwaresystemtoexploitavulnerabilitythroughattacksVulnerabilitypotentialdefectorweaknessinaninformationsystemknowledgerequired
7、toexploitthedefectStateSpaceVulnerabilitySystemstate:currentconfigurationoftheentitiesinthesystemAuthorizedorunauthorizedstate:giveninitialstateusingasetofstatetransitionsdefinedbysecuritypolicyVulnerabilitystate:authorizedstatefromwhichanunauthorizedstatec
8、anbereachedusingauthorizedstateCompromisedstate:theauthorizedstateaboveAttack:beginsinvulnerabilitystateStateSpaceAttackVulnerabilityStateAuthorizedState(compromisedbytheattack)UnauthorizedStateAttack軟
此文档下载收益归作者所有