SlideShare a Scribd company logo

Lecture 3

Download as PPT, PDF
E
Education

Computer Network Security PPT

Engineering
1 of 57
Computer Network Security 1 Program security Two types of program flaws Non-malicious program flaws Malicious program flaws
Computer Network Security 2 Non malicious program errors Buffer overflows Incomplete mediation Time-of-check to time-of-use errors
Computer Network Security 3 Buffer overflow The computer equivalent of trying to pour two litre of water into a one-litre pitcher A buffer is a space in which data can be held Since memory is finite, so is the buffer The programmer must declare the buffer size
Computer Network Security 4 Buffer overflow char sample[10] sets aside ten bytes of memory sample[10]=‘A’; sample[i]=‘A’; All program and data are in memory during execution, sharing the space with the OS, other code and resident routines
Computer Network Security 5 Buffer overflow If the extra character overwrites user’s data, it may affect the program’s results but not other programs If it overflows into the user’s program area, and overwrites an instruction to be executed the machine will try to execute 0x41
Computer Network Security 6 Security implications The attacker may replace code in system space by other instructions which will cause control to be transferred to the attacker with OS privileges The attacker could replace the return address
Computer Network Security 7 Security implementation Identify what you are trying to protect. Determine what you are trying to protect them from. Determine how likely the threats are. Implement steps that protect your assets in a cost effective manner Review the process continuously making improvements when you find a weakness
Computer Network Security 8 Incomplete mediation http://www.somesite.com/subpage/userinput&para m1=(808)555-1212&param2=2002Jan01 What if param2 were 1800Jan01? Or 1800Feb30? Or 2048Min32? Or 1Aardvark2Many? A routine could fail on a data type error Receiving program generates wrong result The receiving program might have a default condition
Computer Network Security 9 Time-to-check to time-of-use errors Involves synchronization Modern OSs and processors usually change the order of instruction execution to increase performance Instructions that appear to be adjacent may not be executed immediately after each other, because of intentionally changed order or the effects of other processes in concurrent execution
Computer Network Security 10 Time-to-check to time-of-use errors Every requested access must be governed by an access policy stating who is allowed access to what, then the request must be mediated by an access policy enforcement agent An incomplete mediation problem occurs if the access is not checked universally
Computer Network Security 11 Time-to-check to time-of-use errors A person draws five $20 bills from his pocket, carefully counts them and places them in front of the seller. When the seller turns around to make his bill, he takes back one $20 bill, hands over the stack of bills, takes his buy and leaves
Computer Network Security 12 Time-to-check to time-of-use errors An application request access to a file and passes a data structure. The mediator stores the filename locally and checks for access rights. While the mediator checks for access, the user may modify the locally stored file name and gain access to a different file
Computer Network Security 13 Security implication Checking one action and performing another is an example of ineffective access control Solutions: Digital signatures and certificates. Time-of- check is when someone signs and time-of-use is when anyone verifies the signature. If the private key is exposed, the key must be revoked
Computer Network Security 14 Failures due to non-malicious flaws ARPANET had hard coded 347 as the size of the node table When a host’s node table reached 348, it crashed
Computer Network Security 15 Viruses and other malicious code Much of the work done by programs is invisible to users. How can you tell if a game program does nothing in addition to its expected interaction with you? Malicious people can make programs serve as vehicles to access and change data and other programs Unanticipated or undesired effects in program parts
Computer Network Security 16 Malicious code-possibilities Write a message to the screen Stopping a running program Generating a sound Erasing a stored file
Computer Network Security 17 Kinds of malicious code 􀂄 Virus 􀂄 Trojan horse 􀂄 Logic bomb 􀂄 Backdoor 􀂄 Worm 􀂄 rabbit
Computer Network Security 18 Virus A program that can pass on malicious code to other non-malicious programs by modifying them Virus can be transient or resident Transient virus’s life depends on the life of its host: the virus runs when the host does A resident virus locates itself in memory
Computer Network Security 19 Trojan horse A Trojan horse is malicious code that, in addition to its primary effect, has a second, nonobvious malicious effect. As an example of a computer Trojan horse, consider a login script that solicits a user’s identification and password, passes the identification information on to the rest of the system for login processing, but also retains a copy of the information for later, malicious use.
Computer Network Security 20 logic bomb A logic bomb is a class of malicious code that “detonates” or goes off when a specified condition occurs. A time bomb is a logic bomb whose trigger is a time or date.
Computer Network Security 21 Backdoor A trapdoor or backdoor is a feature in a program by which someone can access the program other than by the obvious, direct call, perhaps with special privileges. For instance, an automated bank teller program might allow anyone entering the number 990099 on the keypad to process the log of everyone’s transactions at that machine.
Computer Network Security 22 Worm A worm is a program that spreads copies of itself through a network. The primary difference between a worm and a virus is that a worm operates through networks, and a virus can spread through any medium (but usually uses copied program or data files). Additionally, the worm spreads copies of itself as a standalone program, whereas the virus spreads copies of itself as a program that attaches to or embeds in other programs.
Computer Network Security 23 Rabbit Some literature also defines a rabbit as a virus or worm that self-replicates without bound, with the intention of exhausting some computing resources. A rabbit might create copies of itself and store them on disk, in an effort to completely fill the disk, for example.
Computer Network Security 24 How viruses attach A virus will do nothing and will not spread unless it is executed. There are many ways to ensure that a virus is executed A setup program may call dozens or even hundreds of other programs, on the distribution disk, already residing on the computer, or resident in memory Human intervention is necessary to start the process
Computer Network Security 25 How viruses attach Email attachments The virus code can be embedded in an executable file attachment Objects such as graphics files can contain code to be executed by the editor, so they can be transmission agents for viruses
Computer Network Security 26 How viruses attach Appended viruses Viruses that surround a program Integrated virus and replacements
Computer Network Security 27 Appended viruses Usually a virus inserts a copy of itself before the first executable instruction in a program Simple and usually effective Typically the user does not notice the effects of the virus since the program does its job as usual
Computer Network Security 28 Viruses that surround a program Has control before and after a program execution A virus’ presence may be given away by the file size of the program, so the virus writer may infect the file listing display program to regain control after the file listing is generated but before it is displayed
Computer Network Security 29 Integrated viruses and replacements Virus replaces some of its target Virus writer has to know the exact structure of the program Could replace the entire target
Computer Network Security 30 Document viruses Most popular Implemented within a formatted document, which contains not only data, but also commands, such as formulae, formatting controls and links etc User sees only the contents of the document, so the virus writers includes the virus in the commands
Computer Network Security 31 How viruses gain control A virus has to be invoked instead of the target The virus has to either seem to be the target, or has to push the target out of the way and become a substitute A virus could replace a target by assuming its name The virus can overwrite the target on disk
Computer Network Security 32 How viruses gain control The virus can change the pointers in the file tables so that the virus is located instead of the target
Computer Network Security 33 Desirable qualities in viruses Hard to detect Not easily destroyed Spreads widely Re-infect its home program or other programs Easy to create Machine independent and OS independent
Computer Network Security 34 Homes for viruses One time execution Boot sector viruses Memory-resident viruses Other homes
Computer Network Security 35 One-time execution Majority of viruses today execute only once, spreading their infection and causing their effect in that one execution A virus often arrives as an email attachment of a document virus and is executed just by opening it
Computer Network Security 36 Boot sector viruses A given hardware platform can run many different OS The boot sector contains a boot loader to load the particular OS into memory and run it To accommodate large boot loaders, chaining is used The virus may break the chain anywhere and insert itself Appeal: virus gains control early, when no detection tool is running, and is invisible to file listing
Computer Network Security 37 Memory resident viruses Some portions of the OS and a few specialized user programs would take too long to reload each time they are needed, so they are kept in memory and are called resident code e.g., routines that interpret keys pressed on the keyboard, error control, alarm clock Virus attached to resident code
Computer Network Security 38 Other homes for viruses Application macros Libraries Compilers, linkers Runtime monitors, runtime debuggers Anti-virus
Computer Network Security 39 Virus signatures A virus can not be completely invisible Code must be stored somewhere and must be in memory A virus executes in a particular way and uses a certain method to spread Each of these characteristics yields a telltale pattern called a signature
Computer Network Security 40 Virus effects and causes
Computer Network Security 41 Virus effects and causes
Computer Network Security 42 Execution patterns A virus writer may want a virus to do several things at the same time Spread infection Avoid detection Cause harm
Computer Network Security 43 Transmission patterns Viruses can travel During the boot process Over a network connection Host’s execution Remain in memory to infect other diskettes
Computer Network Security 44 Polymorphic viruses Virus signature is the most reliable way to detect a virus A clever virus writer can cause something other than specific strings to be in portions where a virus scanner would look for those strings A virus that can change its appearance is called a polymorphic virus
Computer Network Security 45 Polymorphic viruses Two-form virus can be treated as two independent viruses, so the virus writer will want a large or unlimited number of forms A polymorphic virus has to randomly reposition all parts of itself and randomly change all fixed data A virus may randomly intersperse harmless instructions throughout its code
Computer Network Security 46 Prevention of virus infection Not to share executable code with infected source This was easy to do, as executable files had a particular extension Today seemingly non-executable files can contain executable code Programs are usually configured to activate this code automatically, such as open attachments
Computer Network Security 47 Prevention of virus infection The file type is hidden in a field at the start of a file, so Windows would try to open an executable file with a non-executable extension, with the appropriate program, failing which the executable code will be run Since you can not know which sources are infected, assume that every outside source is infected
Computer Network Security 48 Prevention Use only software acquired from reliable and well-established vendors Test all software on an isolated computer Open attachments only when you know them to be safe Make a recoverable system image and store it safely Make and retain backup copies of executable system files Use virus detectors
Computer Network Security 49 Trapdoors An undocumented entry point into a module Inserted during code development, perhaps to test the module, or to provide hooks by which to connect future modifications, or enhancements, or to allow access if the module should fail in the future
Computer Network Security 50 Trapdoors-Examples Programs are prepared in modules, each tested in “unit testing” and then integrated and tested in “integration testing”, to see how they function as they send messages and data from one to the other Rather than paste all modules together in a big bang approach, the modules are grouped into several logical clusters of a few components each Each cluster is tested in a way that allows testers to control and understand what might make a component or its interface fail
Computer Network Security 51 Trapdoors-Examples During component testing, the tester cannot use the surrounding routines that prepare input or work with output, so they write “stubs” and “drivers” to inject data in and extract results These stubs and drivers are later discarded because they are replaced by the actual components The programmers embed debugging code into suspicious components To control stubs or invoke debugging code, the programmer embeds special control sequences in the component’s design, specifically to support testing
Computer Network Security 52 Trapdoors-Examples Command insertion is a recognized testing practice, if left in place after testing, the extra commands can become a problem The Internet Worm spread itself due to exactly this kind of a trapdoor in an email program Poor error checking is another source of trapdoors Trapdoors can be useful for system auditing or testing, but they must be documented and access must be protected
Computer Network Security 53 Trapdoors-causes Trapdoors can persist in programs because the developer: forgot to remove them Intentionally left it there for testing Intentionally left it for maintenance Left there for covert access
Computer Network Security 54 Covert channels Programs that communicate information to people who shouldn’t receive it The communication accompanies other perfectly proper communications e.g., a student may communicate correct answer choices by coughing once for ‘a’, clearing her throat for ‘b’ and so on One way for the programmer to have a covert channel is to write to a file, print it out A programmer should not have access to data once the program is in operation
Computer Network Security 55 How to create covert channels A printed report would be too obvious Encode data values into a different report format Storage channels: pass information by using the presence or absence of objects in storage e.g., lock or not lock a file to signal one bit of information Other ways would be consume disk quota Timing channels: pass information by the speed at which things happen e.g., using or not using an assigned amount of computing time (quantum)
Computer Network Security 56 How to prevent these flaws Good software engineering practices Operating system controls Administrative controls Program controls in general
Computer Network Security 57 ANY QUESTIONS ?

Recommended

Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-security
Vamsee Krishna Kiran
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
AfiqEfendy Zaen
 
Program security
Program securityProgram security
Program security
G Prachi
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
patelripal99
 
Computer worms viruses and Prevention
Computer worms viruses and PreventionComputer worms viruses and Prevention
Computer worms viruses and Prevention
Pratimesh Pathak
 
Network security
Network securityNetwork security
Network security
quest university nawabshah
 
Computer security
Computer securityComputer security
Computer security
fiza1975
 
Intruders
IntrudersIntruders
Intruders
Dr.Florence Dayana
 

Recommended

Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-security
Vamsee Krishna Kiran
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
AfiqEfendy Zaen
 
Program security
Program securityProgram security
Program security
G Prachi
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
patelripal99
 
Computer worms viruses and Prevention
Computer worms viruses and PreventionComputer worms viruses and Prevention
Computer worms viruses and Prevention
Pratimesh Pathak
 
Network security
Network securityNetwork security
Network security
quest university nawabshah
 
Computer security
Computer securityComputer security
Computer security
fiza1975
 
Intruders
IntrudersIntruders
Intruders
Dr.Florence Dayana
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
Colin058
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
Dnyaneshwar Beedkar
 
Computer Security
Computer SecurityComputer Security
Computer Security
Klynveld Peat Marwick Goerdeler Global Services
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Malicious software
Malicious softwareMalicious software
Malicious software
Dr.Florence Dayana
 
Computer Security 101
Computer Security 101Computer Security 101
Computer Security 101
Progressive Integrations
 
Public key algorithm
Public key algorithmPublic key algorithm
Public key algorithm
Prateek Pandey
 
03 cia
03 cia03 cia
03 cia
Jadavsejal
 
Malicious
MaliciousMalicious
Malicious
Khyati Rajput
 
Network security
Network securityNetwork security
Network security
Estiak Khan
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Dheeraj Kataria
 
Security threats
Security threatsSecurity threats
Security threats
Qamar Farooq
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
A. Shamel
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
priya_trehan
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Protection and security
Protection and securityProtection and security
Protection and security
mbadhi
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
LakshayNRReddy
 
Operating system security
Operating system securityOperating system security
Operating system security
Sarmad Makhdoom
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITY
RohitK71
 
Program security chapter 3
Program security chapter 3Program security chapter 3
Program security chapter 3
Education
 
unit 2 -program security.pdf
unit 2 -program security.pdfunit 2 -program security.pdf
unit 2 -program security.pdf
KavithaK23
 

More Related Content

What's hot

Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
Colin058
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
priya_trehan
 
Operating system security
Operating system securityOperating system security
Operating system security
Sarmad Makhdoom
 

What's hot (20)

Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Cia security model
Cia security modelCia security model
Cia security model
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Computer Security 101
Computer Security 101Computer Security 101
Computer Security 101
 
Public key algorithm
Public key algorithmPublic key algorithm
Public key algorithm
 
03 cia
03 cia03 cia
03 cia
 
Malicious
MaliciousMalicious
Malicious
 
Network security
Network securityNetwork security
Network security
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
 
Security threats
Security threatsSecurity threats
Security threats
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Protection and security
Protection and securityProtection and security
Protection and security
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
 
Malware ppt final.pptx
Malware ppt final.pptxMalware ppt final.pptx
Malware ppt final.pptx
 
Operating system security
Operating system securityOperating system security
Operating system security
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITY
 

Similar to Lecture 3

maliciouse code malwere dan bentuk penyebarannya
maliciouse code malwere dan bentuk penyebarannyamaliciouse code malwere dan bentuk penyebarannya
maliciouse code malwere dan bentuk penyebarannya
SYYULIANISKOMMT
 
Presentation2
Presentation2Presentation2
Presentation2
Jeslynn
 
Application'sand security
Application'sand securityApplication'sand security
Application'sand security
arun nalam
 
Final Project _Smart Utilities
Final Project _Smart UtilitiesFinal Project _Smart Utilities
Final Project _Smart Utilities
Pasan Alagiyawanna
 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System Threats
Reddhi Basu
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilities
richarddxd
 
Form4 cd2
Form4 cd2Form4 cd2
Form4 cd2
smktsj2
 
Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakraborty
sankhadeep
 

Similar to Lecture 3 (20)

Program security chapter 3
Program security chapter 3Program security chapter 3
Program security chapter 3
 
unit 2 -program security.pdf
unit 2 -program security.pdfunit 2 -program security.pdf
unit 2 -program security.pdf
 
Ch19
Ch19Ch19
Ch19
 
maliciouse code malwere dan bentuk penyebarannya
maliciouse code malwere dan bentuk penyebarannyamaliciouse code malwere dan bentuk penyebarannya
maliciouse code malwere dan bentuk penyebarannya
 
Presentation2
Presentation2Presentation2
Presentation2
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
Application'sand security
Application'sand securityApplication'sand security
Application'sand security
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethics
 
INT 1010 05-3.pdf
INT 1010 05-3.pdfINT 1010 05-3.pdf
INT 1010 05-3.pdf
 
Final Project _Smart Utilities
Final Project _Smart UtilitiesFinal Project _Smart Utilities
Final Project _Smart Utilities
 
Software security
Software securitySoftware security
Software security
 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System Threats
 
Computer virus
Computer virusComputer virus
Computer virus
 
Computer virus
Computer virusComputer virus
Computer virus
 
Virus and Worms
Virus and WormsVirus and Worms
Virus and Worms
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilities
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
 
Form4 cd2
Form4 cd2Form4 cd2
Form4 cd2
 
Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakraborty
 

More from Education

A friendly introduction to differential equations
A friendly introduction to differential equationsA friendly introduction to differential equations
A friendly introduction to differential equations
Education
 

More from Education (11)

A friendly introduction to differential equations
A friendly introduction to differential equationsA friendly introduction to differential equations
A friendly introduction to differential equations
 
High-order Assembly Language/Shuttle (HAL/S)
High-order Assembly Language/Shuttle (HAL/S)High-order Assembly Language/Shuttle (HAL/S)
High-order Assembly Language/Shuttle (HAL/S)
 
assembly language programming and organization of IBM PC" by YTHA YU
assembly language programming and organization of IBM PC" by YTHA YUassembly language programming and organization of IBM PC" by YTHA YU
assembly language programming and organization of IBM PC" by YTHA YU
 
Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2
 
Lecture 7
Lecture 7Lecture 7
Lecture 7
 
Lecture 6
Lecture 6Lecture 6
Lecture 6
 
Lecture 5
Lecture 5Lecture 5
Lecture 5
 
Lecture 4
Lecture 4Lecture 4
Lecture 4
 
Lecture 2
Lecture 2Lecture 2
Lecture 2
 
Lecture 1
Lecture 1Lecture 1
Lecture 1
 
Data warehousing labs maunal
Data warehousing labs maunalData warehousing labs maunal
Data warehousing labs maunal
 

Recently uploaded

(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Dr.Costas Sachpazis
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
ranjana rawat
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Call Girls in Nagpur High Profile
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
roncy bisnoi
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
Tonystark477637
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Christo Ananth
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
ranjana rawat
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
ankushspencer015
 

Recently uploaded (20)

(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
Vivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design SpainVivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design Spain
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSUNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 

Lecture 3

  • 1. Computer Network Security 1 Program security Two types of program flaws Non-malicious program flaws Malicious program flaws
  • 2. Computer Network Security 2 Non malicious program errors Buffer overflows Incomplete mediation Time-of-check to time-of-use errors
  • 3. Computer Network Security 3 Buffer overflow The computer equivalent of trying to pour two litre of water into a one-litre pitcher A buffer is a space in which data can be held Since memory is finite, so is the buffer The programmer must declare the buffer size
  • 4. Computer Network Security 4 Buffer overflow char sample[10] sets aside ten bytes of memory sample[10]=‘A’; sample[i]=‘A’; All program and data are in memory during execution, sharing the space with the OS, other code and resident routines
  • 5. Computer Network Security 5 Buffer overflow If the extra character overwrites user’s data, it may affect the program’s results but not other programs If it overflows into the user’s program area, and overwrites an instruction to be executed the machine will try to execute 0x41
  • 6. Computer Network Security 6 Security implications The attacker may replace code in system space by other instructions which will cause control to be transferred to the attacker with OS privileges The attacker could replace the return address
  • 7. Computer Network Security 7 Security implementation Identify what you are trying to protect. Determine what you are trying to protect them from. Determine how likely the threats are. Implement steps that protect your assets in a cost effective manner Review the process continuously making improvements when you find a weakness
  • 8. Computer Network Security 8 Incomplete mediation http://www.somesite.com/subpage/userinput&para m1=(808)555-1212&param2=2002Jan01 What if param2 were 1800Jan01? Or 1800Feb30? Or 2048Min32? Or 1Aardvark2Many? A routine could fail on a data type error Receiving program generates wrong result The receiving program might have a default condition
  • 9. Computer Network Security 9 Time-to-check to time-of-use errors Involves synchronization Modern OSs and processors usually change the order of instruction execution to increase performance Instructions that appear to be adjacent may not be executed immediately after each other, because of intentionally changed order or the effects of other processes in concurrent execution
  • 10. Computer Network Security 10 Time-to-check to time-of-use errors Every requested access must be governed by an access policy stating who is allowed access to what, then the request must be mediated by an access policy enforcement agent An incomplete mediation problem occurs if the access is not checked universally
  • 11. Computer Network Security 11 Time-to-check to time-of-use errors A person draws five $20 bills from his pocket, carefully counts them and places them in front of the seller. When the seller turns around to make his bill, he takes back one $20 bill, hands over the stack of bills, takes his buy and leaves
  • 12. Computer Network Security 12 Time-to-check to time-of-use errors An application request access to a file and passes a data structure. The mediator stores the filename locally and checks for access rights. While the mediator checks for access, the user may modify the locally stored file name and gain access to a different file
  • 13. Computer Network Security 13 Security implication Checking one action and performing another is an example of ineffective access control Solutions: Digital signatures and certificates. Time-of- check is when someone signs and time-of-use is when anyone verifies the signature. If the private key is exposed, the key must be revoked
  • 14. Computer Network Security 14 Failures due to non-malicious flaws ARPANET had hard coded 347 as the size of the node table When a host’s node table reached 348, it crashed
  • 15. Computer Network Security 15 Viruses and other malicious code Much of the work done by programs is invisible to users. How can you tell if a game program does nothing in addition to its expected interaction with you? Malicious people can make programs serve as vehicles to access and change data and other programs Unanticipated or undesired effects in program parts
  • 16. Computer Network Security 16 Malicious code-possibilities Write a message to the screen Stopping a running program Generating a sound Erasing a stored file
  • 17. Computer Network Security 17 Kinds of malicious code 􀂄 Virus 􀂄 Trojan horse 􀂄 Logic bomb 􀂄 Backdoor 􀂄 Worm 􀂄 rabbit
  • 18. Computer Network Security 18 Virus A program that can pass on malicious code to other non-malicious programs by modifying them Virus can be transient or resident Transient virus’s life depends on the life of its host: the virus runs when the host does A resident virus locates itself in memory
  • 19. Computer Network Security 19 Trojan horse A Trojan horse is malicious code that, in addition to its primary effect, has a second, nonobvious malicious effect. As an example of a computer Trojan horse, consider a login script that solicits a user’s identification and password, passes the identification information on to the rest of the system for login processing, but also retains a copy of the information for later, malicious use.
  • 20. Computer Network Security 20 logic bomb A logic bomb is a class of malicious code that “detonates” or goes off when a specified condition occurs. A time bomb is a logic bomb whose trigger is a time or date.
  • 21. Computer Network Security 21 Backdoor A trapdoor or backdoor is a feature in a program by which someone can access the program other than by the obvious, direct call, perhaps with special privileges. For instance, an automated bank teller program might allow anyone entering the number 990099 on the keypad to process the log of everyone’s transactions at that machine.
  • 22. Computer Network Security 22 Worm A worm is a program that spreads copies of itself through a network. The primary difference between a worm and a virus is that a worm operates through networks, and a virus can spread through any medium (but usually uses copied program or data files). Additionally, the worm spreads copies of itself as a standalone program, whereas the virus spreads copies of itself as a program that attaches to or embeds in other programs.
  • 23. Computer Network Security 23 Rabbit Some literature also defines a rabbit as a virus or worm that self-replicates without bound, with the intention of exhausting some computing resources. A rabbit might create copies of itself and store them on disk, in an effort to completely fill the disk, for example.
  • 24. Computer Network Security 24 How viruses attach A virus will do nothing and will not spread unless it is executed. There are many ways to ensure that a virus is executed A setup program may call dozens or even hundreds of other programs, on the distribution disk, already residing on the computer, or resident in memory Human intervention is necessary to start the process
  • 25. Computer Network Security 25 How viruses attach Email attachments The virus code can be embedded in an executable file attachment Objects such as graphics files can contain code to be executed by the editor, so they can be transmission agents for viruses
  • 26. Computer Network Security 26 How viruses attach Appended viruses Viruses that surround a program Integrated virus and replacements
  • 27. Computer Network Security 27 Appended viruses Usually a virus inserts a copy of itself before the first executable instruction in a program Simple and usually effective Typically the user does not notice the effects of the virus since the program does its job as usual
  • 28. Computer Network Security 28 Viruses that surround a program Has control before and after a program execution A virus’ presence may be given away by the file size of the program, so the virus writer may infect the file listing display program to regain control after the file listing is generated but before it is displayed
  • 29. Computer Network Security 29 Integrated viruses and replacements Virus replaces some of its target Virus writer has to know the exact structure of the program Could replace the entire target
  • 30. Computer Network Security 30 Document viruses Most popular Implemented within a formatted document, which contains not only data, but also commands, such as formulae, formatting controls and links etc User sees only the contents of the document, so the virus writers includes the virus in the commands
  • 31. Computer Network Security 31 How viruses gain control A virus has to be invoked instead of the target The virus has to either seem to be the target, or has to push the target out of the way and become a substitute A virus could replace a target by assuming its name The virus can overwrite the target on disk
  • 32. Computer Network Security 32 How viruses gain control The virus can change the pointers in the file tables so that the virus is located instead of the target
  • 33. Computer Network Security 33 Desirable qualities in viruses Hard to detect Not easily destroyed Spreads widely Re-infect its home program or other programs Easy to create Machine independent and OS independent
  • 34. Computer Network Security 34 Homes for viruses One time execution Boot sector viruses Memory-resident viruses Other homes
  • 35. Computer Network Security 35 One-time execution Majority of viruses today execute only once, spreading their infection and causing their effect in that one execution A virus often arrives as an email attachment of a document virus and is executed just by opening it
  • 36. Computer Network Security 36 Boot sector viruses A given hardware platform can run many different OS The boot sector contains a boot loader to load the particular OS into memory and run it To accommodate large boot loaders, chaining is used The virus may break the chain anywhere and insert itself Appeal: virus gains control early, when no detection tool is running, and is invisible to file listing
  • 37. Computer Network Security 37 Memory resident viruses Some portions of the OS and a few specialized user programs would take too long to reload each time they are needed, so they are kept in memory and are called resident code e.g., routines that interpret keys pressed on the keyboard, error control, alarm clock Virus attached to resident code
  • 38. Computer Network Security 38 Other homes for viruses Application macros Libraries Compilers, linkers Runtime monitors, runtime debuggers Anti-virus
  • 39. Computer Network Security 39 Virus signatures A virus can not be completely invisible Code must be stored somewhere and must be in memory A virus executes in a particular way and uses a certain method to spread Each of these characteristics yields a telltale pattern called a signature
  • 40. Computer Network Security 40 Virus effects and causes
  • 41. Computer Network Security 41 Virus effects and causes
  • 42. Computer Network Security 42 Execution patterns A virus writer may want a virus to do several things at the same time Spread infection Avoid detection Cause harm
  • 43. Computer Network Security 43 Transmission patterns Viruses can travel During the boot process Over a network connection Host’s execution Remain in memory to infect other diskettes
  • 44. Computer Network Security 44 Polymorphic viruses Virus signature is the most reliable way to detect a virus A clever virus writer can cause something other than specific strings to be in portions where a virus scanner would look for those strings A virus that can change its appearance is called a polymorphic virus
  • 45. Computer Network Security 45 Polymorphic viruses Two-form virus can be treated as two independent viruses, so the virus writer will want a large or unlimited number of forms A polymorphic virus has to randomly reposition all parts of itself and randomly change all fixed data A virus may randomly intersperse harmless instructions throughout its code
  • 46. Computer Network Security 46 Prevention of virus infection Not to share executable code with infected source This was easy to do, as executable files had a particular extension Today seemingly non-executable files can contain executable code Programs are usually configured to activate this code automatically, such as open attachments
  • 47. Computer Network Security 47 Prevention of virus infection The file type is hidden in a field at the start of a file, so Windows would try to open an executable file with a non-executable extension, with the appropriate program, failing which the executable code will be run Since you can not know which sources are infected, assume that every outside source is infected
  • 48. Computer Network Security 48 Prevention Use only software acquired from reliable and well-established vendors Test all software on an isolated computer Open attachments only when you know them to be safe Make a recoverable system image and store it safely Make and retain backup copies of executable system files Use virus detectors
  • 49. Computer Network Security 49 Trapdoors An undocumented entry point into a module Inserted during code development, perhaps to test the module, or to provide hooks by which to connect future modifications, or enhancements, or to allow access if the module should fail in the future
  • 50. Computer Network Security 50 Trapdoors-Examples Programs are prepared in modules, each tested in “unit testing” and then integrated and tested in “integration testing”, to see how they function as they send messages and data from one to the other Rather than paste all modules together in a big bang approach, the modules are grouped into several logical clusters of a few components each Each cluster is tested in a way that allows testers to control and understand what might make a component or its interface fail
  • 51. Computer Network Security 51 Trapdoors-Examples During component testing, the tester cannot use the surrounding routines that prepare input or work with output, so they write “stubs” and “drivers” to inject data in and extract results These stubs and drivers are later discarded because they are replaced by the actual components The programmers embed debugging code into suspicious components To control stubs or invoke debugging code, the programmer embeds special control sequences in the component’s design, specifically to support testing
  • 52. Computer Network Security 52 Trapdoors-Examples Command insertion is a recognized testing practice, if left in place after testing, the extra commands can become a problem The Internet Worm spread itself due to exactly this kind of a trapdoor in an email program Poor error checking is another source of trapdoors Trapdoors can be useful for system auditing or testing, but they must be documented and access must be protected
  • 53. Computer Network Security 53 Trapdoors-causes Trapdoors can persist in programs because the developer: forgot to remove them Intentionally left it there for testing Intentionally left it for maintenance Left there for covert access
  • 54. Computer Network Security 54 Covert channels Programs that communicate information to people who shouldn’t receive it The communication accompanies other perfectly proper communications e.g., a student may communicate correct answer choices by coughing once for ‘a’, clearing her throat for ‘b’ and so on One way for the programmer to have a covert channel is to write to a file, print it out A programmer should not have access to data once the program is in operation
  • 55. Computer Network Security 55 How to create covert channels A printed report would be too obvious Encode data values into a different report format Storage channels: pass information by using the presence or absence of objects in storage e.g., lock or not lock a file to signal one bit of information Other ways would be consume disk quota Timing channels: pass information by the speed at which things happen e.g., using or not using an assigned amount of computing time (quantum)
  • 56. Computer Network Security 56 How to prevent these flaws Good software engineering practices Operating system controls Administrative controls Program controls in general
  • 57. Computer Network Security 57 ANY QUESTIONS ?