Professional Documents
Culture Documents
امنیت تجارت الکترونیک
امنیت تجارت الکترونیک
:
http://ceit.aut.ac.ir
http://ceit.aut.ac.ir/~shahriari
:
o
http://ceit.aut.ac.ir/~shahriari
http://ceit.aut.ac.ir/~shahriari
100 20
100
100 100
!!
http://ceit.aut.ac.ir/~shahriari
-
o
Tiger Team
.
.
http://ceit.aut.ac.ir/~shahriari
-
o
4 :
n
.
.
http://ceit.aut.ac.ir/~shahriari
http://ceit.aut.ac.ir/~shahriari
-
o
) (vulnerability ) (flaw
) (fault ) (failure .
) (vulnerability ) (flaw :
http://ceit.aut.ac.ir/~shahriari
-
o
:
n
http://ceit.aut.ac.ir/~shahriari
10
-
o
http://ceit.aut.ac.ir/~shahriari
11
-
o
.
:
n
.
.
.
http://ceit.aut.ac.ir/~shahriari
12
:
n
n
:
n
n
n
n
n
n
:
:
:
http://ceit.aut.ac.ir/~shahriari
13
) (error
.
:
n
)(buffer overflow
)(incomplete mediation
)(time-of-check to time-of-use errors
http://ceit.aut.ac.ir/~shahriari
14
-
o
2 1
.
:
o
http://ceit.aut.ac.ir/~shahriari
15
-
:
]Char sample [10
o
10 ] sample [0
] sample [9 .
o
] sample [10 .
Sample [10] = B
http://ceit.aut.ac.ir/~shahriari
16
-
o
http://ceit.aut.ac.ir/~shahriari
17
18
http://ceit.aut.ac.ir/~shahriari
-
:
o
http://ceit.aut.ac.ir/~shahriari
19
-
:
o
http://ceit.aut.ac.ir/~shahriari
20
-
:
o
) (stack pointer .
http://ceit.aut.ac.ir/~shahriari
21
-
o
.
http://www.somesite.com/subpage/userinput.asp?parm1=(808)555-1212 &parm2=2009Jan17
1212-555 1 .
http://ceit.aut.ac.ir/~shahriari
22
:
o
2 .
. 2048Min32 .
!!
http://ceit.aut.ac.ir/~shahriari
23
:
o
Things .
URL .
.
http://www.things.com/order.asp?custID=101&part=555A&qy=20&price=10&ship=boat&shipcost=5
&total=205
205 25 .
http://ceit.aut.ac.ir/~shahriari
24
:
o
http://ceit.aut.ac.ir/~shahriari
25
my-file
change byte 4 to A .
your-file .
http://ceit.aut.ac.ir/~shahriari
26
:
o
.
:
n
http://ceit.aut.ac.ir/~shahriari
27
-
o
:
.
.
http://ceit.aut.ac.ir/~shahriari
28
http://ceit.aut.ac.ir/~shahriari
29
http://ceit.aut.ac.ir/~shahriari
30
.1 :
o
.
...
... .
http://ceit.aut.ac.ir/~shahriari
31
.2
o
http://ceit.aut.ac.ir/~shahriari
32
-
)(malicious code or rogue program
o
http://ceit.aut.ac.ir/~shahriari
33
-
)(virus
o
:
n
:
.
: .
http://ceit.aut.ac.ir/~shahriari
34
-
)(Trojan horse
o
:
.
http://ceit.aut.ac.ir/~shahriari
35
-
)(logic and time bomb
o
.
.
http://ceit.aut.ac.ir/~shahriari
36
-
)(worm
o
:
n
Rabbit
o rabbit
.
http://ceit.aut.ac.ir/~shahriari
37
-
o
.
: ...
http://ceit.aut.ac.ir/~shahriari
38
-
o
http://ceit.aut.ac.ir/~shahriari
39
-
o
.
.
http://ceit.aut.ac.ir/~shahriari
40
-
o
...
command
.
command
.
http://ceit.aut.ac.ir/~shahriari
41
-
o
) (V ) (T :
n
I am T
call me instead of T
invoke me
. :
n
http://ceit.aut.ac.ir/~shahriari
42
-
-
http://ceit.aut.ac.ir/~shahriari
43
) (back door
.
:
n
....
http://ceit.aut.ac.ir/~shahriari
44
salami
o
. .
timing
http://ceit.aut.ac.ir/~shahriari
45
covert channel
o
.
:
http://ceit.aut.ac.ir/~shahriari
46
rootkit
o
Rootkit
.
.
Sony XCP :
n
n
xcp.
Mark Russinovich .
.
http://ceit.aut.ac.ir/~shahriari
47
:
n
)(development
http://ceit.aut.ac.ir/~shahriari
48
module
.
.
.
encapsulation .
http://ceit.aut.ac.ir/~shahriari
49
modularization
. :
http://ceit.aut.ac.ir/~shahriari
50
- modularization
o
) (cohesion ) (coupling .
. :
http://ceit.aut.ac.ir/~shahriari
51
- modularization
o
. :
http://ceit.aut.ac.ir/~shahriari
52
-
o
:
n
. .
.
.
. .
http://ceit.aut.ac.ir/~shahriari
53
-
n
o :
n
.
http://ceit.aut.ac.ir/~shahriari
54
:
o
.
o
.
.
http://ceit.aut.ac.ir/~shahriari
55