The Integritas System to enforce Integrity in Academic Environments - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

The Integritas System to enforce Integrity in Academic Environments

Description:

Cyber Security and Cyber Crime Different sides of the same coin? The Integritas System to enforce Integrity in Academic Environments – PowerPoint PPT presentation

Number of Views:148
Avg rating:3.0/5.0
Slides: 30
Provided by: lexisnexi
Category:

less

Transcript and Presenter's Notes

Title: The Integritas System to enforce Integrity in Academic Environments


1
The Integritas System to enforce Integrity in
Academic Environments
Cyber Security and Cyber Crime Different sides
of the same coin?
Prof Basie Von Solms Director Center for Cyber
Security Academy for Computer Science and
Software Engineering University of
Johannesburg basievs_at_uj.ac.za
  • Prof Basie von Solms
  • Mr Jaco du Toit

2
What is a Cyber Security? Cybersecurit
y is the body of technologies, processes and
practices designed to protect networks,
computers, programs and data from attack, damage
or unauthorized http//whatis.techtarget.com/def
inition/cybersecurity A major part of Cyber
Security is to fix broken software
3
What is a Cyber Crime? Cyber crime
encompasses any criminal act dealing with
computers and networks (called hacking).
Additionally, cyber crime also includes
traditional crimes conducted through the
Internet. http//www.webopedia.com/TERM/C/cyber_
crime.html A major attack vector of Cyber Crime
is to exploit broken software
4
A major part of Cyber Security is to fix broken
software
A major attack vector of Cyber Crime is to
exploit broken software
Common Factor Broken Software
5
  • Let us investigate two aspects related to
    creating software
  • Creating (and selling) broken software
  • Creating (and selling) massive untestable
  • big software systems

6
Let us investigate two aspects related to
creating software
  • Creating (and selling) broken software
  • Creating (and selling) massive untestable big
    software
  • systems

7
Software security vulnerabilities are caused by
defective specification, design, and
implementation. Unfortunately, common development
practices leave software with many
vulnerabilities. To have a secure US cyber
infrastructure, the supporting software must
contain few, if any, vulnerabilities.
http//www.cigital.com/papers/download/secure_s
oftware_process.pdf Public companies face
material cyber security risks from weaknesses in
the software applications they use to run their
businesses. http//www.veracode.com/images/pdf/so
ftware-related-cybersecurity-risks-public-companie
s.pdf?mkt_tok3RkMMJWWfF9wsRonuqTLZKXonjHpfsX87u0u
UK6g38431UFwdcjKPmjr1YIASMd0dvycMRAVFZl5nRpdCOGWc4
RF
8
More and more hackers are targeting the same
application vulnerabilities on Macs and Windows
PCs as a way to reap the financial benefits of
writing cross-platform malware. The trend
involves exploiting vulnerabilities that go as
far back as 2009 in Office documents. Other
cross-platform, third-party technologies favored
by hackers include Java, Adobe PDF and Adobe
Flash .. Microsoft security researcher Ferrer
said. http//www.csoonline.com/article/712640/h
ackers-increasingly-aim-for-cross-platform-vulnera
bilities
9
Although targeted vulnerabilities may have
already been patched by vendors, hackers bank on
user negligence when it comes to installing
software updates. As an example, people are
notoriously slow in installing Java patches to
Windows PCs and Macs. As much as 60 percent of
Java installations are never updated "All these
un-updated applications on the desktop, whatever
they may be, are low-hanging fruit. These are the
easiest things to attack. http//www.csoonline
.com/article/712640/hackers-increasingly-aim-for-c
ross-platform-vulnerabilities
10
  • Lets investigate a few examples
  • If a new application system is rolled out and
    customers suffer losses, in whatever form,
    because the system was not properly tested and
    inherent vulnerabilities were exploited by cyber
    criminals, have the developers and company
    officials committed cybercrime?
  • Is the process of rolling out systems software
    like operating systems, browser software etc. in
    which vulnerabilities appear which are exploited
    to the detriment of some user, an act of
    cybercrime?
  • Therefore, can the whole process of rolling out
    patches to existing software, i.e. repairing
    which was originally done wrong or bad, be seen
    as acts of cybercrime?
  • All 3 cases above resulted because of bad
    software design (engineering)
  • In all 3 cases Cyber Security must come to the
    rescue!

11
I believe that cyber security policy must focus
instead on solving the software security problem
fixing the broken stuff from the beginning (or
not creating broken stuff) instead of simply
watching the broken stuff and reporting when it
is attacked. We must refocus our energy on
fixing the glass house we find ourselves in. We
must begin to solve the software security
problem Frankly the target-rich environment
filled with broken software makes it far too
easy and tempting to misbehave criminally. In
the end, someone must pay for broken software
and someone must be rewarded for good
software http//searchsecurity.techtarget.com/op
inion/Congress-should-encourage-bug-fixes-reward-s
ecure-systems
12
VS Conclusion 1
Creating (and selling) broken software is as a
cyber crime!
13
  • Creating (and selling) broken software is a cyber
    crime
  • Creating (and selling) massive untestable big
    software
  • systems is a cyber crime

14
Lets investigate How is cyber crime advanced
by the complexity of software systems consisting
of millions of lines of code, too big to
comprehensively test?
15
It is tempting to believe that the only solution
is to redouble our efforts to control complexity.
True enough, we should continue to construct
better engineering solutions to each problem
reduce complexity, create more perfect firewalls,
and better structure the interactions between all
computers under our control. But we must also
understand that such measures are at best
stopgaps. As Tahar Elgamal points out, The hard
truth of network security is that while many
approaches are good, no individual effort makes
the network completely safe. Implement enough
fixes, and you only succeed at making your
network more complex and, hence, more
ungovernable, with solutions that wind up acting
at cross-purposes. The same can be said for
each of the other specialized tasks in managing
complex computing systems. To successfully
improve the security of our computing systems, we
will need to modify our systems at an
architectural level. http//www.evolutionofcomp
uting.org/Multicellular/OutOfControlComplexity.htm
l
16
Cybercriminals use the Web to serve malicious
content capable of compromising users' computers
and running arbitrary code on them. This has
been made possible largely by the increased
complexity of Web browsers and the resulting
vulnerabilities that come with complex
software. http//queue.acm.org/detail.cfm?id151
7412
17
Analogy The Strategic Defense Initiative
(SDI), commonly called Star Wars after the
popular science fiction series, was a system
proposed by U.S. President Ronald Reagan on March
23, 1983 to use space-based systems to protect
the United States from attack by strategic
nuclear missiles. It was never implemented and
research in the field tailed off after the end of
the Cold War.'
18

Analogy Prof David Parnas, one of the pioneers
in the development of Computer Science and
Software Engineering, was at that time a
consultant to the Office of Naval Research in
Washington, and was one of nine scientists asked
by the Strategic Defense Initiative Office to
serve on the panel on computing in support of
battle management".
19
Analogy Parnas resigned from this advisory
panel on antimissile defense, asserting that it
will never be possible to program a vast complex
of battle management computers reliably or to
assume they will work when confronted with a
salvo of nuclear missiles.
20

Analogy In his letter of resignation he said
that it would never be possible to
test realistically the large array of computers
that would link and control a system of sensors,
antimissile weapons, guidance and aiming devices,
and battle man- agement stations. Nor, he
protested, would it be possible to follow
orthodox computer program-writing practices in
which errors and bugs are detected and eliminated
in prolonged everyday use.
21

Analogy I believe," Professor Parnas said,
that it is our duty, as scientists
and engineers, to reply that we have no
technological magic that will accomplish that.
The President and the public should know that."
22

Analogy In 1984 (a year later) the ACM Council
passed and published an important resolution. It
begins Contrary to the myth that computer
systems are infallible, in fact computer systems
can and do fail. Consequently, the reliability of
computer-based systems cannot be taken for
granted. This reality applies to all
computer-based systems, but it is especially
critical for systems whose failure would result
in extreme risk to the public. Increasingly,
human lives depend upon the reliable operation
of systems such as air traffic and high-speed
ground transportation control systems, military
weapons delivery and defense systems, and health
care delivery and diagnostic systems.
23
VS Conclusion 2
  • Creating (and selling) massive untestable big
    software systems is a cyber crime

24
VS Conclusion 3
  • Cyber Security will be massively improved
  • if there are less broken software
  • Cyber Crime will be massively reduced if there
    are less broken software

25
VS Graph - two sides of the same coin
Cyber Security
Cyber Crime
Cyber Crime
Cyber Security
Decrease in broken software Increase in good
software
26
The Coin Broken/Complex Software Cyber
Security One side of the coin Cyber Crime
Other side of the coin
27
I believe that Government can and should play a
role in building more secure systems. The US
Government should develop incentives for vendors
to build security in (to software) and break the
endless loop. Perhaps the government should even
grant tax credits for creating better more
secure software.
http//searchsecurity.techtarget.com/opinion/Congr
ess-should-encourage-bug-fixes-reward-secure-syste
ms
28
We must penalize broken software and reward good
software That will decrease Cyber Crime and
increase Cyber Security!
29
Thanks
basievs_at_uj.ac.za adam.uj.ac.za/csi
Write a Comment
User Comments (0)
About PowerShow.com