User Account

All Pages

Explain any variants of the vulnerability

Assignment Help Management Information Sys
Reference no: EM131092573

In this assignment, your task is to review the software security literature to research a type of software vulnerability of your choice, the associated hacking techniques used to exploit it, and defensive techniques used to detect and/or mitigate this type of vulnerability.

Tasks

1. Chosen Vulnerability: Pick one software vulnerability that we have not covered in detail in our lectures or labs as your topic of investigation for this assignment. Example vulnerabilities include, but not limited to:

- Web server vulnerabilities (e.g. Heartbleed, Shellshock)
- Web browser vulnerabilities (e.g. web browser heap overflows)
- Side-channel leakage (e.g. Timing/Power/EM/Acoustic/Cross-VM...)
- Remote / Local File Inclusion
- Return-Oriented Programming (ROP)

- Privilege escalation attacks on operating systems (e.g. Windows, Linux, Android) Operating system vulnerabilities (for Windows, Android, or Linux)

- Cryptography-related vulnerabilities (e.g. TLS vulnerabilities such as: BEAST,
- CRIME, BREACH, POODLE, FREAK, or Logjam, Wireless protocol cryptographic vulnerabilities).

- Embedded software vulnerabilities (e.g. 'cold-boot' attacks, Stuxnet)
- Denial of service vulnerabilities
- You are not required to choose from the above list; you can choose your own topic (if you are unsure if a topic is suitable, ask your tutor or lecturer).

IMPORTANT NOTE: To avoid duplication of topics, each student in this unit will have to choose a different vulnerability as his/her chosen topic. Topics will be allocated by your tutor on a 'first come first serve' basis. Once you have decided on a chosen vulnerability, let your tutor know as soon as possible to avoid the possibility of another student choosing this vulnerability before you. If your chosen vulnerability was already 'taken' by another student, your tutor will ask you to choose a different topic.

2. Vulnerability Explanation: Explain what your chosen vulnerability is and how it can arise in software systems.

3. Vulnerability Exploitation: Investigate how your chosen vulnerability can be exploited, and provide detailed explanation of how the exploitation attacks work, illustrating your explanation with either a piece of real code (or, if this is not practical, an algorithm written in pseudocode) that demonstrates the vulnerability and its exploitation with some example data. Explain any variants of the vulnerability/attacks and their relative advantages and 2 limitations. Assess the current security implications of the attacks in terms of potential risk to software systems that have such vulnerabilities.

4. Vulnerability Detection: Investigate methods that can be used to test for and detect the vulnerability in software systems and assess their effectiveness.

5. Vulnerability Mitigation: Investigate mitigation approaches that could be used to eliminate such vulnerabilities from software or reduce the effectiveness of exploit attacks, and assess their effectiveness. Illustrate your explanation with example mitigation code (or, if this is not practical, an algorithm written in pseudocode), explaining how it resists previous exploitation attacks, why you think it is difficult to break the secure code with any other attack, along with any assumptions needed for the mitigation to be effective, and an assessment of the validity of these assumptions in typical applications.

6. Research Directions: Explain whether/how you think this type of vulnerability may be modified or extended in future, and identify possible directions for improving detection and/or mitigation of similar vulnerabilities in future systems.

Your research for this assignment should make use of, and your report should cite and discuss, at least 4 relevant research papers from the software security research literature.

Your report will graded with the following mark allocation:

- Quality/depth of explanation of vulnerability, its exploitation, detection, and mitigation.

- Clarity/correctness of demonstration insecure/secure code/pseudocode in Tasks 3 and 6.

- Evaluation of security implications and research directions of improvement for attacks/mitigation/detection techniques.

- Quality of answers to interview questions on report.

Submission:

Your report must answer all the 6 tasks. Submit a report of your findings with six sections. Section 1 will be an introduction to your report, introducing the chosen vulnerability and the summarizing the contents of the remaining sections. The following five sections should cover your findings with respect to tasks 2-6 above, respectively (e.g. Section 2 should be titled 'Vulnerability Explanation' and contain your findings for task 2 above). You may include screen shots and any long pieces of code used to demonstrate the task as an appendix. The page limit for the reports is 18 pages (not including references and appendix).

Reference no: EM131092573

Questions Cloud

What is the purpose of the exposure assessment : What is the purpose of the exposure assessment?
Identifying market segments and targets : Identifying Market Segments and Targets-At this writing, Bombardier is in the very late stages of bringing to market its new series of mid-sized, cost- and fuel-efficient line of C Series commercial airliners
Health hazards associated with exposures : As you prepare your paper, keep in mind that this should be a high-level overview that is understandable to all employees in the organization: from upper management to production workers. All sources used, including your textbook, should be cited ..
Marketing plan to sell booze at starbucks : Marketing Plan to sell "Booze" at Starbucks. Is this even something you can do or is there parts of the work you can do
Explain any variants of the vulnerability : Explain whether/how you think this type of vulnerability may be modified or extended in future, and identify possible directions for improving detection and/or mitigation of similar vulnerabilities in future systems.
Design & analysis of air conditioning system : Design & analysis of air conditioning system for heavy vehicles using their exhaust
Harvard style referencing required : A. Using relevant HRM theoretical frameworks, describe the core HR activities (as indicated below) s implemented in your organization and evaluate their effectiveness.
Cultural variables in the communication process : What are the cultural variables in the communication process and what are the different types of nonverbal communication?
Discuss errors in perception and selection : Write a 2000 words on Untrained interviewers can make mistakes that are very costly to the organization.” Discuss errors in perception and selection that interviewers can make and how to avoid them.

Reviews

Write a Review

Management Information Sys Questions & Answers

  Information systems role1 discuss the role of information

information systems role1. discuss the role of information systems in achieving excellence in healthcare service.2. in

  Federal information security management act

What were the advances in information technology that resulted in new ethical issues necessitating the creation of each act, Federal Information Security Management Act

  How will companies like aol survive

Dail-up Technology and Is dial-up a dying technology? If so, how will companies like AOL survive?

  What are business benefits of implementing strong it asset

What are the business benefits of implementing strong IT asset management programs? In what ways have the companies discussed in the case benefited? Provide several examples.

  Philosophical essay

Philosophical Essay: You will write a two-part 5-6 page essay, According to Socrates, must one heed popular opinion about moral matters? Does Socrates accept the fairness of the laws under which he was tried and convicted? Would Socrates have bee..

  What is the real exchange rate and what is stagflation

On a correctly labeled graph, show AD, SRAS, LRAS, actual GDP, potential GDP and the equilibrium price level -  government increases its spending by making three new Star Trek movies - On a graph, show the effect on AD, SRAS, LRAS, actual GDP, potent..

  Part-1question 1 provide an example real or imaginary of

part-1question 1. provide an example real or imaginary of firms in each of the subsequent three situations do not use

  Define trademarks and utilitarianism

Define each concept (5 points each) and use an example to explain it- Information privacy, Informed consent, Fair use doctrine, Patents and Trademarks

  Examples of software failure

Investigate examples of software failure and see if you can discern any trends.

  Develop information technology systems

Developing Information Technology Systems - Why do organizations develop IT systems?

  Create a diagram of the layout and navigation structure

Explain the effects that the Cascading Style Sheet (.css) will have on the Web page. There must be a minimum of two (2) changes. Be sure to include detail. (Example: The Cascading Style Sheet (.css) will make the background color grey and change a..

  Systems solution online travel agencybusiness situation

systems solution online travel agencybusiness situation that requires a systems solution i have selected a small online

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd