CS406: Information Security

Unit 8: Malicious Software and Software Security

• Unit 8 Learning Outcomes Page

• 8.1: Malicious Web

  • University of Washington: Giovanni Vigna's "From Badware to Malware: Taming the Malicious Web" Page

    Watch this video to learn about how malicious actors leverage legitimate websites for the delivery of attacks that target vulnerabilities in client-side software.
    

• 8.2: Internet Security Issues

  • Talks at Google: "Vint Cerf" Page

    Watch this video to learn about security issues on the Internet, and what could have been done differently had we realized this was going to be the global information exchange infrastructure of the 21st century.

• 8.3: Types of Internet Security Issues

  • Carnegie Mellon University: "Denial of Service" URL

    Read this page. While you read, try to explain the modes of DoS attacks, such as consumption of scarce resources, configuration information alternation, and physical destruction. For DDoS attacks, describe the tools that are used for DDoS, why the DDoS attacks are possible, and the protocol vulnerabilities that are used in DDoS attacks.

  • Bennett Todd's "Distributed Denial of Service Attacks" URL

    Read this page.
    

• 8.4: Secure Coding

  • Carnegie Mellon University: Robert Seacord's "Top Ten Secure Coding Practices" URL

    Read this page. After you read, describe the top 10 best practices for secure coding and describe the principles for secure coding (e.g., separation of duties, least privilege).
    

  • Open Web Application Security Project: "Secure Coding Principles" URL

    Read this page.
    

• 8.5: Electronic and Information Warfare

  • University of Cambridge: Ross Anderson's "Electronic and Information Warfare" URL

    Read this chapter. After you read, describe the different attacks on communication systems and how one could use these attacks to carry out information warfare (in particular, based on the interaction between civil and military uses).