www.malwareconference.org

Malware Conference News

Thank You Letter to Dr. Anthony Arrott and Prof. Arun Lakhotia

Malware 2016
Outstanding Contribution Award

and

Thank you

Presented to

Dr. Anthony Arrott and Prof. Arun Lakhotia

In recognition to their contributions to
the Field of Information and Systems Security
and their devotion in making the Malware Conference truly world class.

Malware Conference 2016 Best Paper Award

 Malware Conference 2016 Best Paper Award

Presented to

Dr. WILLIAM CASEY and Mr. AARON SHELMIRE ANOMALI

of the

SOFTWARE ENGINEERING INSTITUTE, CARNEGIE-MELLON UNIVERSIOTY

Pittsburg, Pennsylvania,  USA

Login Form

Malware Blog

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form

What is Security? - Definitions and a Common Language

Posted by on in Security 101
  • Font size: Larger Smaller
  • Hits: 3884
  • 3 Comments
  • Subscribe to this entry
  • Print

I am often surprised by the lack of understanding amongst security professionals, and so called "Security Experts", of the term System Security, Cyber Security or simply Security in general. More specifically, it is more often than not that their understanding can be described as incomplete at best. For example, in their minds, System Security relates solely to the prevention of unauthorized disclosure of confidential information.  In their Universe, the availability of the system hosting the sensitive information is often a reliability and not a Security issue, albeit, when confronted with the idea of a DDoS attack, they quickly change their minds. This collection of blogs, which I fondly refer to as "Security 101 - The fundamentals", has a single purpose. That of establishing a common framework for security discussions, and a common language so that we can attack some of the greatest challenges facing our industry today. This first blog is the result of many years of teaching Security courses at Worcester Polytechnic Institute and Brandeis University Computer Science Departments. It summarizes my first two lectures in the field of Computer Security, and draws heavily on seminal manuscripts published in 1976 by Leslie Lamport [1] and Butler Lampson [2] while addressing the important problems of "Protection" in Operating Systems.

Definitions

Secuirty  noun se·cu·ri·ty \si-ˈkyr-ə-tē\

In accordance to Miriam Webster dictionary, Security is the state of being protected or safe from harm. Specifically, when we refer to Computer Security we mean the ability of a set of devices, software and hardware, and operational procedures  to protect the following assets from harm:

Information and/or Data
System Software, Applications, and
Programs Services - both hardware and software

Protecting assets from harm (within this context) means:

Confidentiality – assets are used/access only by authorized parties (also refer to as secrecy or privacy)
Integrity – assets can be modified only by authorized parties and only in  specific ways (“insider threat”)
Availability – assets are available to authorize parties at time to.

Defn: a secure computer system, see Garfinkel and Spafford [3],” is a system that can be depended upon to behave as it is expected to.

Similarly, a security breach is:

“the exploitation by individuals who are using, or  attempting to use a computer system without authorization (i.e., crackers) and those who have legitimate access to the system but are abusing their privileges (i.e., the insider threat”).

For all practical purposes, all security breaches in systems are the result of system vulnerabilities – hardware, software, or data vulnerabilities. Namely defects in the design, implementation, and deployment of the system which result in a vulnerability.

 

 

References:

[1] http://en.wikipedia.org/wiki/Leslie_Lamport

[2] http://en.wikipedia.org/wiki/Butler_Lampson

Fernando C. Colon Osorio

_____________________________

"Failure is Feedback, and Feedback is the breakfast of Champions" - Anonymous

 

0








Fernando Cristino Colon Osorio is a Puerto Rican engineer, inventor, educator, and entrepreneur who is currently a Professor at the Computer Science Department of Brandeis University[1]. In 1975 he was the primary architect of Digital Equipment Corporation (DEC) PDP 11/60 floating point unit , the FP11E [2]. The design, for the first time in the history of floating point processors for minicomputers, incorporated the Newton-Raphson method[3] as a mechanism to accelerate floating point division by a factor of 6X. Later in his career at DEC he was the principal architect of the Vax 8650[4], the Vaxft series [5]of Fault Tolerant computers, as well as Centaurus, an out of order execution ECL implementation of the Vax architecture. In 1982, he proposed and designed the precursor to the MicroVax [6], a first implementation of a system on a chip utilizing 1 micron technology. The Project code





named  "System On A Chip", was the first attempt at DEC's semiconductor division to incorporate 1 million transistor on a single chip. In 2000. Colon Osorio changed fields, and focused his research efforts on what he considered at the time to be the next biggest challenged in the computer field, that of guaranteeing the security, privacy, and availability of systems and data. As a result of this new research direction, in 2006, Colon Osorio founded the Malware Conference[7], which celebrates its 10th Anniversary this year. The Malware Conference, one of the premier research conferences in the security field, seeks to advanced the knowledge as well as the state of practical applications of current research to the problem of "System Security". Of particular emphasis of the conference is the understanding of both Broad Spectrum Malware and Targeted Attacks, as they posed the predominant threat to large organizations, as well as governments today.


Colon Osorio received his bachelor's degree in Electrical Engineering at the University of Puerto Rico[8], Mayaguez Campus, his master's degree and doctorate degrees from the University of Massachusetts at Amherst[9] in Electrical and Computer Engineering.


Colon Osorio is also the co-author of the textbook, Engineering Intelligent Systems[10], published by Digital Press in 1981. In 2009 Colon Osorio created and became executive director of the Brandeis two-year master’s program in computer science and IT entrepreneurship. The program designed to go beyond a traditional graduate technology degree — teaches students how to form a business around their ideas in the IT sector, from IT research to software development. The program combines graduate level computer science coursework with electives that emphasize cutting-edge research and the special skills required for launching a successful business in the Technology Sector.

Comments

  • Guest
    Sam Fuller Tuesday, 05 April 2016

    Security

    Great Blog. Good start with the definitions. Keep on clarifying the issues/

  • Guest
    Mark D. Wheatley Saturday, 19 December 2015

    I really had a great time with your post! I am looking forward to read more blog post regarding this! Well written!

  • Guest
    website Wednesday, 16 September 2015

    Very nice!

Leave your comment

Guest
Guest Saturday, 11 March 2017
Powered by EasyBlog for Joomla!