Security into applications and operation systems
Eva Rodríguez; Beatriz Otero; Jordi Salazar; Santiago Silvestre; Francesc Torres.
Annotation

Security in applications and operating systems is a critical aspect in an era where cyber threats are continuously evolving in number and complexity. Its main aim is to safeguard data, ensure system integrity, and protect against unauthorized access. In applications, security focuses on implementing measures such as encryption, authentication, and secure coding practices to prevent vulnerabilities, like data breaches or malware infections. To ensure effective security mechanisms it is important to understand the different malware stages, as well the different categories of malware. On the other hand, operating system security, involves enforcing access controls, managing user permissions, and applying protective mechanisms, as antivirus. Together, application and OS security are crucial for a robust defence strategy, ensuring that both software and system resources are protected from known threats and zero-day attacks.

Objectives

At the end of this module, the student should be able to:

Understand the role of security in applications and web applications.

Identify and categorize the most common threats in web applications.

Understand the security protocols used at the application layer.

Understand the role of security at the OS level.

Identify and categorize the most common threats and attacks in OS.

Identify and analyse the different categories of malware.

Understand the different malware stages: intrusion, infection, obfuscation and payload.

Identify an analyse malicious code operation, including virus and worms.

Understand OS protection techniques, including the basic components of an antivirus software and how they operate in a Windows OS.

Understand the simplified structure of an OS, leveraging the philosophy behind a Windows and Linux operating system

Keywords
Antivirus, Application threats, Applications Security, Malware, Systems Development Life Cycle, Obfuscation, Operating Systems security, Open Web Application Security Project, Virus, Web application Threats, Web Applications Security, Worms.
Date of Creation
20. 06. 2024
Language
English
License
Creative Commons BY-SA 4.0
ISBN
Literature
  1. Pargaonkar, S. (2023). A Comprehensive Research Analysis of Software Development Life Cycle (SDLC) Agile & Waterfall Model Advantages, Disadvantages, and Application Suitability in Software Quality Engineering. International Journal of Scientific and Research Publications (IJSRP), 13(08), 345-358.
  1. Adkins, H., Beyer, B., Blankinship, P., Lewandowski, P., Oprea, A., & Stubblefield, A. (2020). Building secure and reliable systems: best practices for designing, implementing, and maintaining systems. O'Reilly Media.
  1. Shahid, J., Hameed, M. K., Javed, I. T., Qureshi, K. N., Ali, M., & Crespi, N. (2022). A comparative study of web application security parameters: Current trends and future directions. Applied Sciences, 12(8), 4077.
  1. The Open Web Application Security Project (OWASP), https://owasp.org [Accessed 25/09/2024]
  1. Cross-Origin Resource Sharing, https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/07-Testing_Cross_Origin_Resource_Sharing [Accessed 25/09/2024]
  1. Galluccio, E., Caselli, E., & Lombari, G. (2020). SQL Injection Strategies: Practical techniques to secure old vulnerabilities against modern attacks. Packt Publishing Ltd.
  1. OWASP Dependency Check, https://owasp.org/www-project-dependency-check/ [Accessed 25/09/2024]
  1. Common Vulnerability and Exposures (CVE), https://www.cve.org/ [Accessed 25/09/2024]
  1. National Vulnerability Database (NVD), https://nvd.nist.gov/ [Accessed 25/09/2024]
  1. Wetteroth, D. (2001). OSI reference model for telecommunications. McGraw-Hill Professional.
  1. David J. Wetherall, Andrew S. Tanenbaum, Computer Networks, Fifth Edition. Pearson. 2010.
  1. Cevallos-Salas, D., Estrada-Jiménez, J., & Guamán, D. S. (2024). Application layer security for Internet communications: A comprehensive review, challenges, and future trends. Computers and Electrical Engineering, 119, 109498.
  1. ENISA Threat Landscape, https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023 [Accessed 25/09/2024]
  1. What is malware, https://www.cloudflare.com/en-gb/learning/ddos/glossary/malware/ [Accessed 25/09/2024]
  1. What is a virus, https://www.techtarget.com/searchsecurity/definition/virus [Accessed 25/09/2024]
  1. Worms, https://csrc.nist.gov/glossary/term/worm [Accessed 25/09/2024]
  1. Vosatka, J. (2018). Introduction to hardware trojans. The Hardware Trojan War: Attacks, Myths, and Defenses, 15-51.
  1. What is ransomware, https://www.cloudflare.com/en-gb/learning/security/ransomware/what-is-ransomware/ [Accessed 25/09/2024]
  1. Kim, S., Park, J., Lee, K., You, I., & Yim, K. (2012). A Brief Survey on Rootkit Techniques in Malicious Codes. J. Internet Serv. Inf. Secur., 2(3/4), 134-147.
  1. Femi Reis, Backdoor: Bypassing the Gatekeepers in Cybersecurity. 2021.
  1. Church, K. W., & Chandrasekar, R. (2023). Emerging trends: Risks 3.0 and proliferation of spyware to 50,000 cell phones. Natural Language Engineering, 29(3), 824-841.
  1. Bailey, M., Cooke, E., Jahanian, F., Xu, Y., & Karir, M. (2009, March). A survey of botnet technology and defenses. In 2009 Cybersecurity Applications & Technology Conference for Homeland Security (pp. 299-304). IEEE.
  1. Avi Kak, Lecture 22: Malware: Viruses and Worms. Lecture Notes on “Computer and Network Security”, 2024.
  1. What is a computer worm?, https://www.mcafee.com/learn/what-is-worm/ [Accessed 25/09/2024]
  1. Orman, H. (2003). The Morris worm: A fifteen-year perspective. IEEE Security & Privacy, 1(5), 35-43.
  1. McAfee Antivirus, https://www.mcafee.com/ [Accessed 25/09/2024]
  1. Norton Antivirus, https://www.norton.com/ [Accessed 25/09/2024]
  1. TrendMicro, https://www.trendmicro.com [Accessed 25/09/2024]