Scribd Logo
Upload

Welcome to Scribd!

  • امنیت تجارت الکترونیک

    Uploaded by

    Arash Nekouymehr (آرش نکوئی مهر )
    222 views55 pages
    E commerce Security

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    E commerce Security

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    222 views55 pages

    امنیت تجارت الکترونیک

    Uploaded by

    Arash Nekouymehr (آرش نکوئی مهر )
    E commerce Security

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 55

    :

    :


    http://ceit.aut.ac.ir

    Security in computing; fourth edition


    By Charles P.Pfleeger et al.

    http://ceit.aut.ac.ir/~shahriari

    :
    o

    http://ceit.aut.ac.ir/~shahriari

    http://ceit.aut.ac.ir/~shahriari

    100 20

    100
    100 100
    !!

    http://ceit.aut.ac.ir/~shahriari


    -
    o

    Tiger Team
    .


    .
    http://ceit.aut.ac.ir/~shahriari


    -
    o

    4 :
    n

    .

    .

    http://ceit.aut.ac.ir/~shahriari

    http://ceit.aut.ac.ir/~shahriari


    -
    o

    ) (vulnerability ) (flaw
    ) (fault ) (failure .

    ) (flaw ) (fault ) (failure


    ) (vulnerability ) (flaw .

    ) (vulnerability ) (flaw :

    http://ceit.aut.ac.ir/~shahriari


    -
    o

    :
    n

    http://ceit.aut.ac.ir/~shahriari

    10


    -
    o

    http://ceit.aut.ac.ir/~shahriari

    11


    -
    o

    .
    :
    n

    .

    .
    .

    http://ceit.aut.ac.ir/~shahriari

    12

    :
    n
    n

    :
    n
    n
    n
    n
    n
    n

    :
    :
    :



    http://ceit.aut.ac.ir/~shahriari

    13

    ) (error
    .

    :
    n

    )(buffer overflow
    )(incomplete mediation
    )(time-of-check to time-of-use errors

    http://ceit.aut.ac.ir/~shahriari

    14

    -
    o

    2 1
    .

    :
    o

    http://ceit.aut.ac.ir/~shahriari

    15

    -
    :
    ]Char sample [10
    o

    10 ] sample [0

    ] sample [9 .
    o

    ] sample [10 .
    Sample [10] = B

    http://ceit.aut.ac.ir/~shahriari

    16

    -
    o

    )For (i=0; i<=9 ; i++


    ;sample [i] = A
    Sample [10] = B

    http://ceit.aut.ac.ir/~shahriari

    17

    18

    http://ceit.aut.ac.ir/~shahriari

    -
    :
    o

    http://ceit.aut.ac.ir/~shahriari

    19

    -
    :
    o

    http://ceit.aut.ac.ir/~shahriari

    20

    -
    :
    o

    ) (stack pointer .

    http://ceit.aut.ac.ir/~shahriari

    21

    -
    o


    .
    http://www.somesite.com/subpage/userinput.asp?parm1=(808)555-1212 &parm2=2009Jan17

    1212-555 1 .

    http://ceit.aut.ac.ir/~shahriari

    22


    :
    o

    2 .


    . 2048Min32 .




    !!

    http://ceit.aut.ac.ir/~shahriari

    23


    :
    o

    Things .
    URL .
    .

    http://www.things.com/order.asp?custID=101&part=555A&qy=20&price=10&ship=boat&shipcost=5
    &total=205

    205 25 .
    http://ceit.aut.ac.ir/~shahriari

    24


    :
    o

    http://ceit.aut.ac.ir/~shahriari

    25

    my-file
    change byte 4 to A .


    your-file .

    http://ceit.aut.ac.ir/~shahriari

    26


    :
    o

    .
    :
    n

    http://ceit.aut.ac.ir/~shahriari

    27

    -
    o

    :
    .

    .

    http://ceit.aut.ac.ir/~shahriari

    28

    http://ceit.aut.ac.ir/~shahriari

    29

    http://ceit.aut.ac.ir/~shahriari

    30

    .1 :
    o

    .
    ...


    ... .

    http://ceit.aut.ac.ir/~shahriari

    31

    .2
    o

    http://ceit.aut.ac.ir/~shahriari

    32

    -
    )(malicious code or rogue program
    o

    http://ceit.aut.ac.ir/~shahriari

    33

    -
    )(virus
    o

    :
    n

    :
    .

    : .

    http://ceit.aut.ac.ir/~shahriari

    34

    -
    )(Trojan horse
    o

    :

    .

    http://ceit.aut.ac.ir/~shahriari

    35

    -
    )(logic and time bomb
    o

    .
    .

    )(trap door or back door


    o

    http://ceit.aut.ac.ir/~shahriari

    36

    -
    )(worm
    o

    :
    n

    Rabbit

    o rabbit
    .
    http://ceit.aut.ac.ir/~shahriari

    37

    -
    o


    .
    : ...

    http://ceit.aut.ac.ir/~shahriari

    38

    -

    o

    http://ceit.aut.ac.ir/~shahriari

    39

    -

    o

    .
    .

    http://ceit.aut.ac.ir/~shahriari

    40

    -
    o


    ...

    command
    .

    command
    .

    http://ceit.aut.ac.ir/~shahriari

    41

    -

    o

    ) (V ) (T :
    n

    I am T

    call me instead of T

    invoke me

    . :
    n

    http://ceit.aut.ac.ir/~shahriari

    42

    -
    -

    http://ceit.aut.ac.ir/~shahriari

    43

    ) (back door
    .

    :
    n

    ....

    http://ceit.aut.ac.ir/~shahriari

    44


    salami
    o


    . .

    man in the middle

    timing

    http://ceit.aut.ac.ir/~shahriari

    45


    covert channel
    o


    .
    :

    http://ceit.aut.ac.ir/~shahriari

    46

    rootkit
    o

    Rootkit
    .
    .
    Sony XCP :

    n
    n


    xcp.
    Mark Russinovich .
    .
    http://ceit.aut.ac.ir/~shahriari

    47

    :
    n

    )(development

    http://ceit.aut.ac.ir/~shahriari

    48

    module
    .
    .


    .
    encapsulation .

    http://ceit.aut.ac.ir/~shahriari

    49

    modularization

    . :

    http://ceit.aut.ac.ir/~shahriari

    50


    - modularization
    o

    ) (cohesion ) (coupling .
    . :

    http://ceit.aut.ac.ir/~shahriari

    51


    - modularization
    o



    . :

    http://ceit.aut.ac.ir/~shahriari

    52

    -
    o

    :
    n


    . .

    .
    .


    . .

    http://ceit.aut.ac.ir/~shahriari

    53

    -
    n

    o :
    n

    Black box test

    Clear box test or white box

    .
    http://ceit.aut.ac.ir/~shahriari

    54


    :
    o

    .
    o

    .
    .

    http://ceit.aut.ac.ir/~shahriari

    55

    You might also like