- Secure Software
An overview of current problems with secure systems.
Secure Software and Safety
Secure Software and Safety in ppt format
- Input Valdidation, filtering and damage control from a theoretical point of view
Grammar, languages, application design, end-to-end dangers of multiple decodings
Attacks, Mitigation and Damage Control - examples and theory
Attacks, Mitigation and Damage Control - examples and theory in ppt format
- Basics of secure software and systems
Liveness, Isolation, Authority, Effects, Predictability
- Platform Security
Extension problem, privilege modes, closed processes and inversion of control principle.
Hardware-less isolation. Call propagation and small surfaces, concurrency algorithms and race conditions
, virtulization in software architecture. Singularity and correct installations. Closed processes vs. loader isolation - the problem
of devices and environment.
Slides on Platform Security
Slides on Platform Security in ppt format
- Java Language Security
Privileged mode as a design problem. Software design impact of sandboxes.
Confused deputy reasons. Avoidable? Memory safety, performance considerations. Liveness.
Closures for privileged operations. Type safety and dynamic languages (guards). Sandbox design and implications.
Stack-walk. Threads and security context.
- Enterprise Security
The role of infrastructure security. Secure code problems across software architectures (ending with
event-driven systems). Patterns for security as an aspect. end-to-end considerations (where to place checks).
Application Server Security
Framework-Architectures in application servers. Hardening software. Global directories. Subject Delegation
Namespace isolation with class-loader techniques
- Web-Service Security
Object based security - a form of capability use?
- Mechanisms for secure software construction
Functional languages and closures, object capabilities, security modules and patterns. Microarchitecture (assignment etc.)
anti-patterns (global, ambient), states and pairwise methods in software. Aspects?
- Failure Analysis
From failures to software architecture defects. Hobbles and patches. Tainting in software.
- Secure Application Architecture
Ideas for a new browser architecture without ambient authority. Software patterns for secure delegation
of authority. Powerbox and isolation. Object Capabilities in virtual reality.
- Usability and Security
Ideas for new User Interfaces for systems without ambient authority.
No secure software through admonition. Intentions and abstractions. Why address is a system object.
- Formal Approaches for secure software
ACLs and the halting problem. Modelling of take/grant systems. Model-checking and logic. Liveness