Quote: first computer virus (1971); self-propagating code which grabbed all available disk space [»daviA7_2006]

Quote: a survey and taxonomy of actual security flaws [»landCE9_1994]

Quote: easily attacked Multics security via hardware, software, and procedures; extracted or modified sensitive data without detection; 250 manhours of effort [»kargPA6_1974]

Quote: security violations are: unauthorized release of information, modification of information, and denial of resource usage [»satyM8_1989]

Quote: computer security concerns unauthorized disclosure, unauthorized alteration, and denial of service [»mcleJ1_1990]

Quote: risks for computational email--destruction of resources, theft of resources, and deprivation of resources [»boreNS11_1992]

Quote: a security leak occurs if secret data is sent on a public channel instead of a secret channel

Quote: secure the weakest link in the attack tree; look at the entire vulnerability landscape [»schnB_2000]

Quote: secure systems should be as simple as possible; complexity is the worst enemy of security [»schnB_2000]

Quote: storing the evidence of an attack on the computer under attack is mostly useless

Quote: cryptosystems fail because of organizational problems instead of high-tech attacks; blunders, insider information, or simplistic technical procedures [»andeRJ11_1994]

Quote: no matter what is done, small mistakes with large consequences will still occur; prolonged field testing is necessary for a payment system [»andeRJ5_1996]

Quote: most frauds were due to loopholes caused by design and management errors; exploited opportunistically by operators and customers; for example, shorting the 11 kV feeder to credit a meter [»andeRJ5_1996]

Quote: security setup constributes nothing to useful output; only noticed if audit or attack [»lampBW6_2004]

Quote: use PQL for runtime security protection; dynamically detect and correct SQL injection, cross-site scripting, and path traversal attacks [»martM10_2005]

Quote: URLs can leak authenticators through the Referer header, allows cross-site scripting attacks without eavesdropping [»fuK8_2001]

Quote: precise, sound, efficient analysis for SQL injection; tracks user input non-terminals of a context-free grammar for string variables; tested with PHP [»wassG6_2007]

Quote: an SQL injection attack changes the intended syntactic structure of generated queries

Quote: nearly all cryptographic failures due to protocol or password deficiences; e.g., using nine random characters to protect PGP's private keys [»lensAK9_2001]

Quote: Multics avoids buffer overflow -- PL/I strings have a fixed maximum length; data can not be executed; virtual addresses are segmented; stacks grew up instead of down [»kargPA12_2002]

Quote: NUL-terminated strings important for efficiency; allows fixed-length buffer that holds variable-length strings; problem of overrun [»jimT6_2002]

Quote: C allows pointer beyond end of array; leads to buffer overflow [»jimT6_2002]

Quote: tested reliability under system crash by injecting faults; random bit flips in kernel; imitate programming errors such as pointer corruption, copy overrun, off-by-one; most crashes happened within 15 seconds [»chenPM9_1996]

Quote: Java guarantees memory and type safety at runtime and compile time; programs cannot forge pointers, overrun arrays, or apply an operator to the wrong type [»hartPH12_2001]

Quote: disallow out-of-thin-air changes for incorrectly synchronized code; e.g., x,y=0; y=x and x=y; x==42 [»mansJ1_2005]

Quote: can circumvent a security system by out-of-channel signaling, e.g., by toggling use of a file [»dennPJ_1980]

Quote: secure file manager maintains a complete history of the last five minutes; prevents frequent versions of the same file for a pattern-of-use channel [»rushJ7_1983]

Quote: can use statistical methods to violate security of access-control systems [»dennPJ_1980]

Quote: a secure kernel still may prevent access due to poor scheduling, or communicate implementation via behavior under load [»robiL9_1975, OK]

Quote: covert channel analysis--bound the rate that high-level input can effect low-level output [»mcleJ1_1990]

Quote: covert channels easily leak a cryptographic key; created through a shared resource such as white space [»schnB_2000]

Quote: secure systems need to confine data to a domain; problems if share resource, e.g., channel of 'disk hits' allows 70baud

Quote: remotely-loaded code may have security flaws. For example, Java has many security flaws such as covert channels and lacking a formal security policy [»deanD5_1996]

Quote: Microsoft gave up on security by adding C and C++ to the CLR; unsafe regions in C# allow unrestricted pointer operations [»allmE7_2004]

Quote: Cyclone is a safe dialect of C; avoids buffer overflows, format string attacks, and memory management errors; static analysis plus run-time checks and annotations [»jimT6_2002]

Quote: Andrew does not guarantee resource denial; e.g., flooding network with packets has no clear solution

Quote: EROS truncates messages to undefined destinations; otherwise, fault handlers may lead to denial-of-service, buffering creates local state, and timeouts are not repeatable under load [»shapJS1_2002]

Quote: computer security concerns unauthorized disclosure, unauthorized alteration, and denial of service [»mcleJ1_1990]

Quote: survey of denial of service attacks, Internet vulnerabilities, defense mechanisms, and countermeasures [»pengT4_2007]

Quote: botnet software supports SYN flood, ICMP flood, HTTP flood, and denial of service configuration; update to maximize the similarity between attack trafic and normal traffic [»pengT4_2007]

Quote: denial of service defense requires cooperation between ISPs to block malicious traffic near its source [»pengT4_2007]

Quote: QA and ethical hacks are useless against trap doors triggered by a unique key [»kargPA12_2002]

Quote: easily demonstrated malicious software attacks; e.g., a trap door triggered by a password, not found by quality assurance [»kargPA12_2002]

Quote: invisible trap door in a compiler that installed trap doors into Multics; used by Ken Thompson [»kargPA12_2002]

Quote: can recompile the C compiler to introduce Trojan horse bugs invisibly [»thomK8_1984]

Quote: a compiler or assembler can insert a trap door when compiling a ring 0 module; hidden even when recompiling the compiler [»kargPA6_1974]

Quote: use system initialization code to insert trap doors as the system is booted; initialization is complex and poorly understood [»kargPA6_1974]

Quote: conventional computer systems do not enforce multilevel security; subverted by trap doors and trojan horses [»rushJ7_1983]

Quote: the World Wide Military Command and Control System was developed and deployed by uncleared personnel using an open time sharing system; vulnerable to trap door insertions [»kargPA6_1974]

Quote: verify the integrity of an embedded device by computing partial hash of its contents; problem of man in the middle attack [»spinD2_2000]

Quote: an active adversary can see and modify all communications traffic; e.g., a proxy service and man-in-the-middle attacks [»fuK8_2001]

Quote: public-key cryptosystems are vulnerable to forgery and man-in-the-middle attacks [»zimmPR_1995]

Quote: remotely-loaded code may have security flaws. For example, Java has many security flaws such as covert channels and lacking a formal security policy [»deanD5_1996]

Quote: an active security mechanism builds a security envelope between clients and storage; system administrators have full access

Quote: the Unix super-user has unrestricted access rights [»ritcDM7_1978a]

Quote: synchronized clocks in Kerberos reject replay attacks without cost of challenge-response protocols; every connection has a new session-key; uses a replay cache [»daviD6_1995]

Quote: an eavesdropping adversary can see, but not modify, traffic between users and server; can replay authenticators and act as an interrogative adversary [»fuK8_2001]

Quote: Andrew's authentication procedure depends on a shared, encrypted handshake key; randomized to prevent replay attacks [»satyM8_1989]

Quote: SSL establishes a secure connection between a browser and an unknown SSL server; users ought to check the SSL certificate that identifies the server [»schnB_2000]

Quote: fast public-key encryption based on modular squaring; secure against an adaptive chosen-ciphertext attack [»nishM12_2001]

Quote: a call-back, prevents a site from masquerading as another site [»nowiDA8_1978]

Quote: can catch masquerades if each machine maintains a sequence count with other machines and verifies the previous count [»nowiDA8_1978]

Quote: an attacker can bypass the auditing capabilities of a security system by erasing evidence [»kargPA12_2002]

Quote: guidelines for selecting the cryptographic key size; acceptable security for commercial applications [»lensAK9_2001]

Quote: the subverter frequently sampled the security sensitive hardware; identified code that allowed illegal access to a protected segment; was due to a field modification [»kargPA6_1974]

Quote: can write a Java or .NET program so that most memory errors break security of the virtual machine; defend with error-correcting memory [»goviS5_2003]

Quote: computers do not guarantee absence of hardware faults; breaks proof of soundness of link-time type-checking; e.g., cosmic rays or heat-induced faults [»goviS5_2003]