country
$20 Bonus + 25% OFF
Securing Higher Grades Costing Your Pocket? Book Your Assignment at The Lowest Price Now!

CO4509 Computer Security Assignment

tag 0 Download14 Pages / 3,382 Words tag Add in library Click this icon and make it bookmark in your library to refer it later. GOT IT
  • Course Code: CO4509
  • University: University Of Central Lancashire
  • Country: United Kingdom

Question:

1. Analyse potential threats to computer systems and networks and eval- uate countermeasures.
2. Critically evaluate security policies and techniques.
3. Research and report on a security-related topic, using appropriate literature.
 
 

Answer:

Introduction:

Computer security is a major concern for every organisation and most importantly to safe guard the data stored on the system from any loss. It is important to secure the information from data loss or inception of viruses or malware in the system. Security completely deals with securing the data stored on the network from any unauthorized loss. Every organisation is dependent on computer for performing certain tasks thus it is important that updated technology is used (Kocher, et. al, 2018).  Everyone relies on the data stored on the computer thus it is important to keep the information secure and preventing data from any loss. Keeping the information confidential, integrated and available is the vital part of an organization. Computer security cannot be left unnoticed as there are various threats and viruses appearing at every instant.  It is essential to safeguard the information from hackers as they are trying to steal the sensitive data packets stored on the network (Trippel, Lustig and Martonosi,  2018).  There are various ways in which person can steal the information or can access the hard drive even if the computer is not open or plugged in. Then the information is misused which leads to loss of confidentiality of the data packets. It may also damage the components of computer, thus for providing complete protection to data it is necessary to protect the computer hardware as well as various components. For protecting system various strategies are available, disk lock is one of them. Disk locks are available in various sizes which provide protection of CPU components. Network security is also important as the flow of data occurs over the network (Watson, et. al, 2018). Network need to be secured as there are various threats on the network that allow third party to read and modify the data silently. Overall computer security deals with securing the system as well as network from all malicious activities. Additionally hardware components, operating system and off shell programs need to be protected.  In this report we would be focusing on two major flaws that affect every chip on the computer. Spectre and meltdown are vulnerabilities that contain malicious programs and give access to unauthorized users to access the sensitive data. These flaws lead to leakage of data packets and break all security boundaries that are enforced in the systems hardware to get the access to steal the data (Thurnher, 2018).

These security bugs are found on the CPU chip. Central processing unit is the brain of the computer and all the functions on the computer are performed due to CPU. These two flaws work on kernel to steal the data of the computer and are very dangerous to be handled. They access any application running on the computer and steal the data from the application; the data could be any sensitive information like credit card information or any confidential information. Thus it is important to fix theses bugs. It is often a misconception that the application running on the system is not linked to each other, user think that operating system and software’s are isolated from each other. But the fact is not true, it was researched that the software’s running on the system leave the footprints on the processor. Thus the modern processors usually store all the recently accessed data (Boothby, 2015). Thus modern processor leaks the information and gives the software access to an unauthorized user. It is important to eliminate the granularity of access from the software by removing the footprints; this will help in securing the system.

 

Spectre exploits speculative applications and branch predication that leads to loss of data from cache lines of the processor. Spectre doesn’t read memory from kernel or any physical memory but reads the memory from the current process running on the system. Modern processor executes the instructions in a parallel manner but sometimes these instructions are never executed (Etzler, 2014).  Snapshots are taken by CPU of these instructions so that if execution is not executed it could be rolled back. Morden processor makes use of branch predication and speculation execution of instruction to improve the performance of the system. Spectre attack includes the victim of a process that will not occur during the execution of correct code. Due to this reason leakage of data take place via side channels. Side channel is the main reason due to which attackers are getting access to read the information in an unauthorized manner by destroying the confidentiality of the system. Increasing the speed of the system is achieved by executing the instruction in a speculative manner by guessing the direction of control flow (Hill and Lynn, 2010). Spectre attack occurs due to outbreak of JavaScript on the system or by attacking the native code.

Spectre vulnerability does not permit an unauthorized user to access the privileged memory location. It allows the execution of the code in the victim procedure and allows reading of the data that is not allowed. Spectre is based on branch predication algorithm and deals with leaking the data packets out of the process without any acknowledgment. Spectre exploration is useful in many ways like it helps the hackers by leaking the private data from the browser and also by leaking the user space modules to promote remote execution of the code (Subashini and Kavitha, 2011).

It open the gateway for any dangerous attacks like the JavaScript used for development of website uses Spectre for revealing the sensitive information. Most of the attacks take place at the hardware level which are difficult to be tracked. Patches used by Spectre alleviates the flaws by changing or removing the software code. Caching is the other reason for speculative execution as this process is an underlying feature of hardware which allows attacker to steal the data packets. These feature were basically designed to safeguard the system from these flaws but they make the system slow hence degrades the performance.

Meltdown is one of worst bug found in the CPU chip and is important to be resolved immediately. It permits the attacker to read the kernel as well as physical memory from any user process that is not unauthorized. It uses the concept of executing the instruction in an out of order fashion so that data could be leaked (Mollah,  Azad and Vasilakos, 2017). Cache lines are also used for stealing the data. It takes the advantage of the fact that orders are not executed in a particular manner so that information could be easily leaked from the network channels. Meltdown is patched in Windows, Linux, Android and Mac. If the system is not patched properly attacker could read kernel memory from Window. Every system uses paged table for mapping the physical memory and the virtual memory. Modern processor maps kernel address with the user address. This is linked with the micro architectural attack as it focuses on destroying the order in which execution take place so that physical memory could be targeted (Simakov, et. al, 2018). It deals with accessing the kernel memory and reading the data from user space. The access to user space trap the system as the content is leaked through the cache lines. It is basically implemented as the executions of instruction happen in an out of order manner, which in turn increases the utilization factor of the processor. The processor queues all the instructions that are completed in the buffer and retrieve the instructions by reordering it whenever needed.

In a Meltdown process the attacker launch a process by creating a large array in the user space. This array in the user space reads the byte from the CPU memory by clearing all the collection in user space. The first step of Meltdown attack focuses on reading the kernel memory byte wise, but it causes an exception by leaking the content from the side channel before exception handler could do anything. The exception handler looks in the system for the malicious activities because the execution of the instruction is out of order. Once the attacker attacks the side channel it looks in the user space array to read the instructions before anyone else could read it (Sclofsky and Funk, K., 2017)

 


Central processing unit takes snapshot of these operations assuming if these instructions are not executed, and then the snapshots could be used. In the next step, Meltdown accesses the secret data by inhabiting the information in an array which is readable in user space memory. It is difficult to read the data in user space memory thus data is flushed back by resetting the snapshots taken by CPU. In the third step exceptions are triggered by exception handler as the instructions are not in a well-defined order (Anand, et.al, 2017). It is not possible to read the secret data from user space array as it get rolled back. The final step involves the iteration of unauthorized process of array elements. All the content of secret data is returned back to cache line. This permits the attack to happen without handling the exception of software.

Meltdown is helpful in several ways like it provides privilege escalation and Para virtualization of the data.

Privilege Escalation- Whenever attacker tries to execute a process on an unpatched system, all the physical memory of the system is destroyed. As the physical memory is dumped attacker uses this memory to identify all the sensitive data.

 Para virtualization- Kernel address is targeted by the attacker which is shared between the host and the container of kernel memory (Simonton, 2017). Attacker uses this address to read the data from container which leads to hypervisor escape.

It is very difficult to detect these vulnerabilities because:

  1. These bugs generally occur at hardware level which are difficult to be detected and patched. Certain software’s are required to deal with the hardware issues. To resolve the origin of these flaws the judgment of modern processor need to be updated.
  2. These flaws are not visible and enter the system through the side channels. The information is leaked by capturing the physical implementation of the computer.
  3. It is expensive to remove these vulnerabilities by patches as it degrades the performance of the system.
 

Fixing Spectre and Meltdown

Spectre and Meltdown have attacked every device like android, Mac or windows PCs thus it is important to protect the devices from these bugs. It is easy to fix the bug in android devices by simply updating the software (Rieck, 2017). These flaws attack windows PCs as they read all the data and information of the running applications. It is very hard to fix these bugs thus various measures taken are:

Installing Antivirus- There are various antiviruses that are not compatible for Spectre and Meltdown. Thus it is important to install an antivirus that is compatible with Spectre and Meltdown (Matsuda, Uemura and Canon  2017).

Mitigation- Hardware and software of the system need to be updated. As there are flaws which are not present at software level but are present at the CPU chip which is very difficult to be patched. Patching degrades the overall performance of the system thus the complete solution is mitigating the flaws (Matsuda, Uemura and Canon  2017).

Firmware- It protects the system from spectre variants. Thus every system needs to have an updated firmware.

Updating the system-It is important to keep the operating system updated and checking the firmware updated so that PC is protected against these flaws. If the software is not updated some steps need to be taken manually by clicking on the start option then setting tab then update and security option and future clicking on windows update (Matsuda, Uemura and Canon  2017).

Vendor Links- Patches are available on the vendor links, thus patches are downloaded from these links to check the environmental conditions of the system and checking that each patch has been implemented properly.

These bugs occur in all type of operating system, various actions need to be taken to protect the operating system from Meltdown and Spectre:

Android- Some android devices are built in such a way that they fix the bugs by removing it. They can be removed by using antivirus on the system that eliminates the bugs from the system (Heires,2017). Bugs occur from any unknown sources but on Google phones the system is automatically updated before the patch attack. For non- Google device it need to wait till the patch occur.

Mac- This operating system is patched in such a way that it deals with spectre and meltdoen attack. Latest updates are available on App store supposing that these updates removes the flaws from the system It also make sure that performance of system are not affected by the patches.

IOS- Spectre is most commonly found in iPhones or iPad’s, therefore JavaScript used by the browser was patched and triggered to protect the system. Apart from that latest versions are already protected and need not to be patched (Heires,2017).

Linux- It is difficult to protect the system which as Linux operating system as first it is necessary to update the firmware. Apart from that motherboard of the system need to be checked to make sure that there are no bugs (Heires,2017).

 

Impact on the business

Spectre and Meltdown are two bugs which impact the performance of the business. The risk of cyber-attacks has increased due to these bugs as it lets the sensitive data to be exploited by the side channels. It decreases the speed of the processor as the patches on the system degrade the overall performance. Large organisations have a heavy load on the network so poor performance cannot be accumulated. As performance of an organisation is directly related to the operating system and hardware of the system (Peng, Y., Zhao, H., Sun, X. and Sun, C., 2017). Thus to maintain the performance of the system and keep it safeguard from Meltdown and Spectre, certain measures are:

Updating- Devices need to be updated and patches need to be installed to deal with all kind of security bugs. Devices need to be updated on regular basics (Kim, et.al, 2015).

Keeping the information up-to-date- Spectre is dangerous bug as it cannot be resolved using patches whereas meltdown can be resolved by patches. Security team need to take care of new updates to secure the system (Page,  Kaur and Waters, 2017).

Analysing- Security of a system is not only the key concern Securing the cloud of a business is also important as most the data is stored on the cloud. Attacker steals the data from any security chain thus analysing the security flaws and fixing it is essential.

Evaluation- The data packets are segregated according to its sensitivity. So that the sensitive data can be stored on the cloud as it reduces the chances of leakage of data.

Protection of System from flaws

Keeping the system safe from Meltdown and spectre attack could be done by patching the system. Other than that using the updated windows resolve the issue of patching the system. Patches need to be downloaded from third party users to keep the system secure and updated. Apart from just downloading the patches it is important to keep the backup of the data, if in case data is loss or system crashes data can be restored rom the backup (Dionne and Hassani,  2015).

In case of Spectre where patches don’t work it is important to keep the backup of data by installing the software updates automatically. The only solution for Spectre bug is keeping it updated. Other than that various browsers like Mozilla have provided with the solution for protecting the system from theses bugs. It is recommended that user uses anti malware software by keeping this software updated (Dionne and Hassani,  2015). Spectre uses JavaScript to inject the code on the website to perform malicious activities; the anti-malware installed in the system block the malicious code to attack the system. Various traditional approaches are used to protect the system from unauthorized access. These methods wrap the system by a protective layer that does not allow any know of flaw to penetrate in the system. Operator of the system assures that all the sensitive data is handled properly and no unauthorized users access the data packets (Ma, Wang and Zhao, 2014).

Influence of Spectre and Meltdown

These are security bug that permits untrusted users to access the data without any permission. These flaws degrade the performance of an organisation as all the sensitive data like banking details or passwords are leaked. These affect the modern processors, computers, smartphones or tablets. As in today’s era everyone believes that there data is secured on the network and the confidentiality is maintained. But Spectre and Meltdown destroys the confidentiality of the network by allowing them to steal the information from the network by side channels or breaking the security barriers (Jolfaei, Wu, and Muthukkumarasamy, 2014). The flaws will increase in future thus it is important to improve the methods to in which operating system handles the flaws. These vulnerabilities have attacked the cloud system also.

Seeing from the core perceptive of security, these flaws affect the principal of isolation between the applications layer and operating system. By exploiting their isolation it allow the attacker to access the data stored on the system secretly. All the data stored on the cloud can be stolen due to these bugs. It affects the ubiquities of the processor and even the cloud environment. To control these flaws several problems are resolved especially at the hardware level. Computers need to be designed in a way that measures hardware updates automatically so that it doesn’t affect the software solutions of the system (Jolfaei, Wu, and Muthukkumarasamy,  2014). To fix these bugs permanently in futures, hardware’s are deployed in such a way that it deals with these flaws by not allowing them to penetrate in the system. Until the new hardware is deployed, temporary software based solutions are used for providing patches.

Conclusion

Meltdown breaks the most important isolation among user application and the operating system. It permits a code to access the memory and all the secret data of other programs. Thus it can be concluded that a computer has a susceptible computer and runs on an unpatched operating system it is not considered harmless to work. Whereas, Spectre breaks the isolation between different applications but allow an attacker to trick error free programs. Spectre is tougher to exploit than Meltdown but they are harder to mitigate. Solution for this problem is reliable and can be solved by method of Desktop channel. With the help of Desktop central one can protect the network against Meltdown and Spectre and defend the system from existing and future vulnerabilities. It patches Windows, Linux or Mac. system automatically for no future damage. Thus it is important to fix these bugs to maintain confidentiality of the data stored on the system.

 

References

Anand, K., Crampon, M., Meester, R., Rozner, J. and Chase, J., PREVOTY Inc, 2017. Systems and methods for sql type evaluation to detect evaluation flaws. U.S. Patent Application 15/268,503.

Boothby, B., 2015. Autonomous Attack—Opportunity or Spectre?. In Yearbook of International Humanitarian Law 2013(pp. 71-88). TMC Asser Press, The Hague.

Dionne, G. and Hassani, S.S., 2015. Endogenous hidden markov regimes in operational loss data: Application to the recent financial crisis. Cahier de recherche/Working Paper, 15, p.16.

Etzler, M., 2014. Ghostbuster: Cotton Mather’s Invocation of the History of the Specter in the Justification of the Salem Witch Trials. Preface: Mission of the JGMF About the Authors Ross Enochs. The Fetter, the Ring and the Oath: Binding Symbolism in Viking Mythology, p.42.

Han, Y., Chan, J., Alpcan, T. and Leckie, C., 2017. Using virtual machine allocation policies to defend against co-resident attacks in cloud computing. IEEE Transactions on Dependable and Secure Computing, 14(1), pp.95-108.

Heires, K., 2017. FLAWS IN THE DATA. Risk Management, 64(3), p.38.

Hill, D.W. and Lynn, J.T., Motorola Solutions Inc, 2010. Adaptive system and method for responding to computer network security attacks. U.S. Patent 6,088,804.

Jolfaei, A., Wu, X.W. and Muthukkumarasamy, V., 2014. Comments on the security of “Diffusion–substitution based gray image encryption” scheme. Digital signal processing, 32, pp.34-36.

Download Sample

Get 100% money back after download, simply upload your unique content* of similar no. of pages or more. We verify your content and once successfully verified 100% value credited to your wallet within 7 days.

Upload Unique Document

Document Under Evaluation

Get Credits into Your Wallet

*The content must not be available online or in our existing Database to qualify as unique.

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2020). Computer Security Assignment. Retrieved from https://myassignmenthelp.com/free-samples/co4509-computer-security-assignment.

"Computer Security Assignment." My Assignment Help, 2020, https://myassignmenthelp.com/free-samples/co4509-computer-security-assignment.

My Assignment Help (2020) Computer Security Assignment [Online]. Available from: https://myassignmenthelp.com/free-samples/co4509-computer-security-assignment
[Accessed 07 August 2020].

My Assignment Help. 'Computer Security Assignment' (My Assignment Help, 2020) <https://myassignmenthelp.com/free-samples/co4509-computer-security-assignment> accessed 07 August 2020.

My Assignment Help. Computer Security Assignment [Internet]. My Assignment Help. 2020 [cited 07 August 2020]. Available from: https://myassignmenthelp.com/free-samples/co4509-computer-security-assignment.


Coming up with interesting research topics is a challenging task. If you are looking to save money for authentic assistance, MyAssignmenthelp.com is the place where you will get answers for topics like Bill Gates Leadership style, Starbucks social responsibility and more. Another daunting aspect, where our experts shine, is providing accurate citations. If you have no idea how to cite a research paper, do not hesitate to avail our service. To provide swift service, our writers frequently use referencing tools to ensure accurate citations on the chosen citation style. Even if you need assistance in the 11th hour, you know where to find us.

Latest Networking Samples

COSC 2671 Social Media And Network Analytics

Download : 0 | Pages : 4

Answer: Introduction Social media platforms like Twitter generates massive amount of data at every second due to the posts by its users.  There are almost 7986 tweets/second are posted on the twitter by its users (while twitter only allows 140 characters for each tweet). For this sentiment analysis of the twitter data we selected the recent ball tampering event happened in between the Australia and South Africa test match. Data collecti...

Read More arrow Tags: Australia Melbourne Management University of Melbourne 

MITS5003 Wireless Networks And Communication 3

Download : 0 | Pages : 8
  • Course Code: MITS5003
  • University: University Of Victoria
  • Country: Canada

Answer: Introduction Wireless networks and communication is a broad topic that basically explains communication using wireless devices. It can mainly be subdivided into main bits. One is wireless communication and the other one is communication. Wireless communication is a type of communication that is performed and delivered wirelessly (Acemoglu, Malekian, & Ozdaglar, 2016). This terms broadly defined all procedures and forms of communic...

Read More arrow Tags: Australia Lakemba 45 wireless network and communication University of Victoria 

ICT115 Introduction To Systems Design 5

Download : 0 | Pages : 5

Answer: Introduction This report is being proposed considering the theoretical aspects of the processes involved for the implementation of an automated ‘car parking system’. Rise in population lead to the enhancement in the number and strengths of the transporting facilities available in the area and thus, parking could be the biggest problem for the populated area. This system presents an effective and efficient ‘automated ...

Read More arrow Tags: Australia Granville Management University of New South Wales 

CAB303 Networks

Download : 0 | Pages : 3
  • Course Code: CAB303
  • University: Queensland University Of Technology
  • Country: Australia

Answer: Problem Details Identify the protocol disrupted and explain the normal behaviour: The transmission control protocol is disrupted for operation. FTP uses TCP exclusively for its transportation needs and data transfer (Myers ., 2016). This is protocol is used other than the UDP since the protocol does not drop the packets sent between the hosts. All the packets between the client and the server are received in the way they are...

Read More arrow Tags: Australia Networking network and security  Queensland University of Technology 

MITS5004 IT Security 2

Download : 0 | Pages : 2
  • Course Code: MITS5004
  • University: Victorian Institute Of Technology
  • Country: Australia

Answer: NMAP Nmap (Network Mapper) is a direct line system filtering utility for Linux, BSD, and other working frameworks. At the point when run, clients can utilize it to investigate gadgets on a system and produce a guide of what it finds, filter individual machines, and considerably more. Metasploit Framework Metasploit is a cross-stage and open-source device at first created by H. D. Moore in 2003. It is written in Ruby and is accessibl...

Read More arrow Tags: Australia Lakemba Networking IT Security Victorian Institute of technology 
Next
watch

Save Time & improve Grade

Just share Requriment and get customize Solution.

question
We will use e-mail only for:

arrow Communication regarding your orders

arrow To send you invoices, and other billing info

arrow To provide you with information of offers and other benefits

1,379,740

Orders

4.9/5

Overall Rating

5,085

Experts

Our Amazing Features

delivery

On Time Delivery

Our writers make sure that all orders are submitted, prior to the deadline.

work

Plagiarism Free Work

Using reliable plagiarism detection software, Turnitin.com.We only provide customized 100 percent original papers.

time

24 X 7 Live Help

Feel free to contact our assignment writing services any time via phone, email or live chat.

subject

Services For All Subjects

Our writers can provide you professional writing assistance on any subject at any level.

price

Best Price Guarantee

Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.

Our Experts

Assignment writing guide
student rating student rating student rating student rating student rating 5/5

184 Order Completed

96% Response Time

Arapera Billing

Masters in Management, MMgt

Wellington, New Zealand

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

134 Order Completed

95% Response Time

Thomas Nelson

MS in Information Systems Technology with Specialization in Database Administration

New Jersey, United States

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

610 Order Completed

100% Response Time

Cheryl Zhao

PhD in Statistics

Singapore, Singapore

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

1265 Order Completed

97% Response Time

James Cook

Masters in Management

Wellington, New Zealand

Hire Me

FREE Tools

plagiarism

Plagiarism Checker

Get all your documents checked for plagiarism or duplicacy with us.

essay

Essay Typer

Get different kinds of essays typed in minutes with clicks.

edit

GPA Calculator

Calculate your semester grades and cumulative GPa with our GPA Calculator.

referencing

Chemical Equation Balancer

Balance any chemical equation in minutes just by entering the formula.

calculator

Word Counter & Page Calculator

Calculate the number of words and number of pages of all your academic documents.

Refer Just 5 Friends to Earn More than $2000

Check your estimated earning as per your ability

1

1

1

Your Approx Earning

Live Review

Our Mission Client Satisfaction

Awesome work. Awesome response time. Very thorough & clear. Love the results I get with MAH!

flag

User Id: 383727 - 31 Jul 2020

Australia

student rating student rating student rating student rating student rating

Work was done in a timely manner took it through grammarly checked for plagiarism very well satisfied

flag

User Id: 463334 - 31 Jul 2020

Australia

student rating student rating student rating student rating student rating

Great work for the short notice given. Thank you for never disappointing and helping out.

flag

User Id: 194216 - 31 Jul 2020

Australia

student rating student rating student rating student rating student rating

I received a full point on the assignment. Thank you for all the help with the assignment.

flag

User Id: 411395 - 31 Jul 2020

Australia

student rating student rating student rating student rating student rating
callback request mobile
Have any Query?