tailieunhanh - Vulnerabilities and Threats in Distributed Systems

Vulnerabilities and Threats in Distributed Systems includes about From Vulnerabilities to Losses, Vulnerabilities and Threats, Vulnerabilities, Threats, Mechanisms to Reduce Vulnerabilities and Threats (Applying Reliability and Fault Tolerance Principles to Security Research, Using Trust in Role-based Access Control,.). | Vulnerabilities and Threats in Distributed Systems* Prof. Bharat Bhargava Dr. Leszek Lilien Department of Computer Sciences and the Center for Education and Research in Information Assurance and Security (CERIAS ) Purdue University {bb, llilien} Presented by Prof. Sanjay Madria Department of Computer Science University of Missouri-Rolla * Supported in part by NSF grants IIS-0209059 and IIS-0242840 Prof. Bhargava thanks the organizers of the 1st International Conference on Distributed Computing & Internet Technology—ICDCIT 2004. In particular, he thanks: Prof. R. K. Shyamsunder Prof. Hrushikesha Mohanty Prof. . Ghosh Prof. Vijay Kumar Prof. Sanjay Madria He thanks the attendees, and regrets that he could not be present. He came to Bhubaneswar in 2001 and enjoyed it tremendously. He was looking forward to coming again. He will be willing to communicate about this research. Potential exists for research collaboration. Please send mail to bb@ He . | Vulnerabilities and Threats in Distributed Systems* Prof. Bharat Bhargava Dr. Leszek Lilien Department of Computer Sciences and the Center for Education and Research in Information Assurance and Security (CERIAS ) Purdue University {bb, llilien} Presented by Prof. Sanjay Madria Department of Computer Science University of Missouri-Rolla * Supported in part by NSF grants IIS-0209059 and IIS-0242840 Prof. Bhargava thanks the organizers of the 1st International Conference on Distributed Computing & Internet Technology—ICDCIT 2004. In particular, he thanks: Prof. R. K. Shyamsunder Prof. Hrushikesha Mohanty Prof. . Ghosh Prof. Vijay Kumar Prof. Sanjay Madria He thanks the attendees, and regrets that he could not be present. He came to Bhubaneswar in 2001 and enjoyed it tremendously. He was looking forward to coming again. He will be willing to communicate about this research. Potential exists for research collaboration. Please send mail to bb@ He will very much welcome your visit to Purdue University. ICDCIT 2004 From Vulnerabilities to Losses Growing business losses due to vulnerabilities in distributed systems Identity theft in 2003 – expected loss of $220 bln worldwide ; 300%(!) annual growth rate [, 5/23/03] Computer virus attacks in 2003 – estimated loss of $55 bln worldwide [, 1/16/04] Vulnerabilities occur in: Hardware / Networks / Operating Systems / DB systems / Applications Loss chain Dormant vulnerabilities enable threats against systems Potential threats can materialize as (actual) attacks Successful attacks result in security breaches Security breaches cause losses ICDCIT 2004 Vulnerabilities and Threats Vulnerabilities and threats start the loss chain Best to deal with them first Deal with vulnerabilities Gather in metabases and notification systems info on vulnerabilities and security incidents, then disseminate it Example vulnerability and incident metabases CVE (Mitre), ICAT .