Post on 07-Feb-2016
description
Presented by Mohammed F. MokbelSecurity and Privacy on the Internet {0360564}Instructor: Dr. AggarwalFall 2007
10/4/200710/4/2007
Security-Privacy Abstraction
Presenting Security-Privacy at abstract level as a mean of Global Generalization rather than a specific example from real life (?)
Using universal (Abstract)) SP system to approach a satisfactory confidence level
Knowledge Division in terms of discrete SP evolution.
Presentation Layout Introduction Human Factor In SP Normal Vs. Competent end user
First Impression Knowledge acquisition A proposal for a new System PMBS
People equality at decoding info. stream Time + Relativity = %[Confidence * (StaticC/DynamicC)] Implementation breaches – Procedures , Techniques and the
system itself People & Technology := Mutual Interaction (Inseparable
Entities) Nothing what it seems People & people: Clear path POC: In the womb: revamping console code injection Some Advcies Future Work Conclusions
Introduction. Human Factor in SP In today world of computer security and internet
widespread usage an enormous amount of information is carried out using either a wire or a wireless devices
The normal user and the competent end user are those who has a different perspectives about internet and computer in general, they do really appreciate the elegance of how things performed at the bits level but mostly precaution and analytical thinking is more imaginable and accurate for the competent end user, because everything is computed with a reliable acquired knowledge about the subject under investigation.
Probabilistic Mathematical Behavioral System PMBS In which the magnitude of the
information required to meet ones’ expectations is proportional to the user fundamental knowledge in terms of time elapsed since the user start using the system and this to be determined stochastically.
People equality at decoding info. stream Are people equal at information demystification or is it just a
matter of time? As most of the theories suggest that exercising the knowledge
you have would achieve a satisfactory level of collective thinking.
Time Factor. Everything is relativistic The reason why most people ought to be confidence with the
information they have is probably due to the short experience they have with huge amount of resources (again time is the major factor). They may consider things perfect or less but the problem lies in the implementation process where most of the security breaches do not manipulate the system itself but rather reversing or annihilating the techniques and the procedures used to help embed the core system and in this case a plethora of holes and worms are taking its place for a very devious and nefarious attack.
Proof of Concept In the womb: Revamping console code
injection… modifying the internal structure of the
executable file using code injection technique.
Further works has to be done to link it to a more elusive malicious scenario by inserting a special area for network communication using Winsock API’s
Continue .A monitoring matrix of scattered random
modifications should be traced to control these set of alterations so that a meta-transformer tool could be designed to handle it in automated manner as a final revised edition.
The main purpose of this section is to demonstrate the validity of this approach following a case study scenario in which an absolute phase modulation is applied.
Some Advices I advice you to start using some of the best
special versions of Linux OS Such as, Hackin9, Damn Vulnerable Linux,
Black Track 2, Protech,… These editions are designed for a special
purposes so that you can exercise your theory in real time scenarios. But take care as these things are dangerous if you let it happen outside a controlled environment.
Preferably is to use a virtual machine software such as, VMWare, Virtual PC,…
Future Work Further work has to be done in the area
of code injection technique especially employing a stealthy connection and tricky behavior to the culprit binary file. In addition to that a more detailed case studies could be provided to make things easier to understand and less obstructive.
Conclusions This paper establishes a new dimension
of computer security vision by providing the security aspect in terms of philosophy and conceptual analysis. It does not gives an absolute approach for security problems as almost everything is relativistic based on the case under assessment.
?
Now bombard me with your Questions?