The design step in developing software has some unique characteristics. First of all, it’s the only step where drawing pictures of things is the norm. Why is that? What do pictures do that other representations cannot do? Pictures have varying levels of detail; pictures have context. Pictures…paint a picture. Why are these things important? In this course, too, we begin looking at other disciplines (building architecture is a favorite one) for lessons on design.
Medical analogies
Loading...
From the course by Система университетов штата Колорадо
Software Design Threats and Mitigations
3 ratings
Система университетов штата Колорадо
3 ratings
Course 4 of 4 in the Specialization Secure Software Design
From the lesson
Common Vulnerabilities and Weaknesses
How to use the CVE and CWE on-line databases to assess threats and mitigations
Meet the Instructors
Albert GlockInstructor
Computer Science
Hi and welcome back.
Last time we talked a bit about ways of finding out about attacks on computer systems.
These are called vulnerabilities.
More commonly, we talk about viruses.
There's a taxonomy of maladies that infect
computer systems and the broadest division is between viruses and worms.
To be sure there is ongoing discussion about the boundaries between the two
but the biological distinction between viruses and cellular life is important.
A worm is a program which is able to live on its own.
It is an executable which is loaded by the loader into memory and it's executed.
The worm may be sophisticated enough to mask its presence to
the user but it operates as an independent computer program.
In the biological world,
a virus is genetic code without a metabolism or without an energy source.
A virus injects itself into a cell and hijacks
its metabolism to provide energy for the replication of the viral DNA.
A virus therefore can't live on its own like a worm.
A virus needs a host.
At this point, I have to relate
an amusing story about my son who is in the fourth grade at the time.
At school students were allowed to use computers if they and
their parents sign the user agreement and
the students went to a lecture on computer security.
Sometime perhaps a few months later,
one of us in the family got sick and the doctor said it was a virus.
My son's eyes got big,
"You mean people can get viruses too? "
I was initially amused by his naive but insightful comment.
The analogy holds.
But what good does it, the analogy, do?
Let's look at the plague, the Black Death,
which ravaged Western Europe from 1346 to 1353 and several times afterwards.
A lot of interesting literature has appeared recently on the subject.
An article in Nature Genetics in October 2010 presented
a genetic analysis of the yersinia pestis bacterium.
The evolutionary branch which produced the strain that
infected Europe appeared in the record about 18,000 years ago.
So it's been around for a while.
The origin of the bacteria is in China.
It caused moderate trouble there but nothing like the pandemic recorded in Europe.
The disease traveled west along two main routes.
One was the Silk Road a trade route that ended in the Middle East.
The other was the route that the Mongols took when invading Eastern Europe.
Now, the Silk Road had been in use for
a long time and there weren't any plagues of size before the plague of
1346 although the plague of Justinian in Constantinople
in 541 was a precursor to that great plague.
So what else happened that made the plague of 1346 spread?
Well the plague arrived on Europe's doorsteps via the trade routes.
It was trade, commerce,
and population density that created the medium in which it could propagate.
Aiding the plague however was a huge misunderstanding of its causes and propagation.
In fact, this wasn't well understood for hundreds of years afterwards.
But, in the meantime,
about half Europe's population and in some places up to 70% of the population died.
Grim for sure.
What does this say about computer viruses,
worms, and the like?
Well, like the plague,
we already have the infections running around.
Like the plague too,
there's a certain degree of isolation.
Not everyone runs the same operating system.
Some modern advantages are anti-virus software and design techniques such as address
space layout randomization which help us a bit in defenses against computer viruses.
Nevertheless, we're flirting with that perfect storm,
the combination of conditions that can cause computer viruses to be especially disabling.
We've seen hints of these.
The recent Mirai botnet took advantage of
millions of things on the Internet that were unsecured.
A majority of these were webcams but printers and routers were also included.
Badly engineered software plus unchanged default password settings
allow these devices to be compromised.
And as is the nature of botnets most of the infected machines
showed no signs of infection until they were commanded into action.
In the case of Mirai,
hundreds of billions of requests were launched per second on the Internet bringing down
the Internet Domain Name Service effectively blocking or restricting
Internet access for entire continents of users.
More recently, the WannaCry worm
exploited older unpatched operating systems still in use to find
enough hosts to spread through
some 150 countries and affecting
large medical service providers by installing ransomware on their machines.
The message here is simply that the viruses and the worms exist.
The devastating attack is simply waiting for the right conditions.
Of course, you are asking,
what does this say about secure software design?
It's simply this, secure software design
is for all sectors of the industry from hardware,
to firmware, to software manufacturers.
From those designing, writing,
and maintaining operating systems,
to those working in applications.
Secure software design, is in short, your problem.
Next time, we'll talk about how secure software design can simply
be good software design. Thanks.
Coursera делает лучшее в мире образование доступным каждому, предлагая онлайн-курсы от ведущих университетов и организаций.
© Coursera Inc., 2018 Все права защищены.
