Скачать презентацию Prolog to Lecture 13 CS 236 On-Line MS Скачать презентацию Prolog to Lecture 13 CS 236 On-Line MS

b4548e2815373c61a7b174aa989596c2.ppt

  • Количество слайдов: 9

Prolog to Lecture 13 CS 236 On-Line MS Program Networks and Systems Security Peter Prolog to Lecture 13 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher CS 236 Online Lecture 13 Page 1

Where Malware Lives • Most people expect malware in only one place – – Where Malware Lives • Most people expect malware in only one place – – Somewhere on your hard drive • Maybe also on flash drives, CDs, DVDs • Perhaps in boot sector • But that’s it, right? CS 236 Online Lecture 13 Page 2

Malware and Firmware • Proof of concept recently showed malware stored in peripherals – Malware and Firmware • Proof of concept recently showed malware stored in peripherals – In their firmware • Malware writes itself into their firmware • Virus detection stuff doesn’t look there – Nor does most cleaning code • So it’s unlikely to be found or removed CS 236 Online Lecture 13 Page 3

The Implications • Anything with writable memory might harbor malware • Need device specific The Implications • Anything with writable memory might harbor malware • Need device specific scanning and analysis code • If device has its own processing capabilities, problem is even worse • Obviously, much harder to clean devices this way CS 236 Online Lecture 13 Page 4

Let’s Look in Another Dimension • Spatial • We are moving to a world Let’s Look in Another Dimension • Spatial • We are moving to a world of embedded devices • They’re too small and weak to host virus detection software • What will be the problems there? CS 236 Online Lecture 13 Page 5

Malware Problems of the Ubiquitous Future • Millions of evil little nodes – All Malware Problems of the Ubiquitous Future • Millions of evil little nodes – All around us – Hard to detect – Hard to clean • But they are limited devices – Can we leverage that for protection? – Or at least to limit the damage? CS 236 Online Lecture 13 Page 6

Another Example • What if someone writes malware to live in a network device? Another Example • What if someone writes malware to live in a network device? – Like a printer • Recently, HP and Samsung had printer security problems • Doesn’t have to have large footprint in other machines • Printer software wakes up and takes over other machines when needed • Who’s going to bother checking the printer? CS 236 Online Lecture 13 Page 7

Malware in Our Smart Phones • Smart phones are essentially portable computers • Widely Malware in Our Smart Phones • Smart phones are essentially portable computers • Widely deployed • Poorly administered • With access to useful personal data • Criminals are very interested in them CS 236 Online Lecture 13 Page 8

Protecting the Ubiquitous Future • If computers are everywhere, how can we prevent malware Protecting the Ubiquitous Future • If computers are everywhere, how can we prevent malware from being everywhere? • The few advantages we have with classic computers don’t apply • What’s our strategy for keeping these machines safe? CS 236 Online Lecture 13 Page 9