120 likes | 218 Views
Presented by Mohammed F. Mokbel Security and Privacy on the Internet {0360564} Instructor: Dr. Aggarwal Fall 2007. Achilles Heel in the Philosophy of Prometheus Boundless Security. 10/4/2007. Security-Privacy Abstraction.
E N D
Presented by Mohammed F. Mokbel Security and Privacy on the Internet {0360564} Instructor: Dr. Aggarwal Fall 2007 Achilles Heel in the Philosophy of Prometheus Boundless Security 10/4/2007
Security-Privacy Abstraction • Presenting Security-Privacy at abstract level as a mean of Global Generalization rather than a specific example from real life (?) • Using universal (Abstract)) SP system to approach a satisfactory confidence level • Knowledge Division in terms of discrete SP evolution.
Presentation Layout • Introduction • Human Factor In SP • Normal Vs. Competent end user • First Impression • Knowledge acquisition • A proposal for a new System PMBS • People equality at decoding info. stream • Time + Relativity = %[Confidence * (StaticC/DynamicC)] • Implementation breaches – Procedures , Techniques and the system itself • People & Technology := Mutual Interaction (Inseparable Entities) • Nothing what it seems • People & people: Clear path • POC: In the womb: revamping console code injection • Some Advcies • Future Work • Conclusions
Introduction. Human Factor in SP • In today world of computer security and internet widespread usage an enormous amount of information is carried out using either a wire or a wireless devices • The normal user and the competent end user are those who has a different perspectives about internet and computer in general, they do really appreciate the elegance of how things performed at the bits level but mostly precaution and analytical thinking is more imaginable and accurate for the competent end user, because everything is computed with a reliable acquired knowledge about the subject under investigation.
Probabilistic Mathematical Behavioral System PMBS • In which the magnitude of the information required to meet ones’ expectations is proportional to the user fundamental knowledge in terms of time elapsed since the user start using the system and this to be determined stochastically.
People equality at decoding info. stream • Are people equal at information demystification or is it just a matter of time? • As most of the theories suggest that exercising the knowledge you have would achieve a satisfactory level of collective thinking. • Time Factor. Everything is relativistic • The reason why most people ought to be confidence with the information they have is probably due to the short experience they have with huge amount of resources (again time is the major factor). They may consider things perfect or less but the problem lies in the implementation process where most of the security breaches do not manipulate the system itself but rather reversing or annihilating the techniques and the procedures used to help embed the core system and in this case a plethora of holes and worms are taking its place for a very devious and nefarious attack.
Proof of Concept • In the womb: Revamping console code injection… • modifying the internal structure of the executable file using code injection technique. • Further works has to be done to link it to a more elusive malicious scenario by inserting a special area for network communication using Winsock API’s
Continue • .A monitoring matrix of scattered random modifications should be traced to control these set of alterations so that a meta-transformer tool could be designed to handle it in automated manner as a final revised edition. • The main purpose of this section is to demonstrate the validity of this approach following a case study scenario in which an absolute phase modulation is applied.
Some Advices • I advice you to start using some of the best special versions of Linux OS • Such as, Hackin9, Damn Vulnerable Linux, Black Track 2, Protech,… • These editions are designed for a special purposes so that you can exercise your theory in real time scenarios. But take care as these things are dangerous if you let it happen outside a controlled environment. • Preferably is to use a virtual machine software such as, VMWare, Virtual PC,…
Future Work • Further work has to be done in the area of code injection technique especially employing a stealthy connection and tricky behavior to the culprit binary file. In addition to that a more detailed case studies could be provided to make things easier to understand and less obstructive.
Conclusions • This paper establishes a new dimension of computer security vision by providing the security aspect in terms of philosophy and conceptual analysis. It does not gives an absolute approach for security problems as almost everything is relativistic based on the case under assessment.
? Now bombard me with your Questions?