This document discusses computer system security and various types of cyber attacks. It begins by defining computer security and explaining the components of a computer system that need protection, such as hardware, firmware and software. It then describes different types of cyber attacks including web-based attacks like SQL injection, session hijacking and phishing. It also discusses system-based attacks like viruses, worms and Trojans. The document explains control hijacking attacks, defenses against them using techniques like ASLR, and runtime defenses such as stack canaries. It provides examples of advanced attacks like return-oriented programming and heap spray attacks.

1. Computer System
Security
By-
Deepti Deshmukh

2. Unit 1:
Computer System Security Introduction:
 Introduction :What is computer security and what to learn?
 Sample Attacks
 The Marketplace for vulnerabilities
 Error 404 Hacking digital India part 1 chase
 Hijacking & Defense: Control Hijacking
 More Control Hijacking attacks integer overflow
 More Control Hijacking attacks format string vulnerabilities
 Defense against Control Hijacking -Platform Defenses
 Defense against Control Hijacking - Run-time Defenses
 Advanced Control
 Hijacking attacks

3. Computer System Security
Introduction:
Introduction :
computer security, also called cybersecurity, the protection of computer systems
and information from harm, theft, and unauthorized use.
Computer hardware is typically protected by the same means used to protect other
valuable or sensitive equipment
The components of a computer system that needs to be protected are:
• Hardware, the physical part of the computer, like the system memory and disk
drive
• Firmware, permanent software that is etched into a hardware
device’s nonvolatile memory and is mostly invisible to the user
• Software, the programming that offers services, like operating system, word
processor, internet browser to the user

4. Benefits of cyber security:
• Data protection from unauthorised access, loss or deletion.
• Preventing financial fraud and embezzlement.
• Protection of intellectual property.
• Prevention of cyber espionage.
• Prevention of fraud through financial transactions like wire transfers etc.
• Improves customer confidence.
• Cyber security will defend us from critical cyber- attacks.
• It helps us to browse the safe website.
• Cyber security will defend us from hacks & virus.
• The application of cyber security used in our PC needs to update every week.
• Internet security processes all the incoming & outgoing data on our computer.
• It helps to reduce computer chilling & crashes.
• Gives us privacy.

5. Weaknesses of cyber security
• It was expensive; most of the users can’t afford this.
• A normal user can’t use this properly, requiring special expertise.
• Lack of knowledge is the main problem.
• It was not easy to use.
• It makes the system slower.
• It could take hours to days to fix a breach in security.

6. Types of Cyber Attacks(Sample Attack):
A cyber-attack is an exploitation of computer systems and networks. It uses malicious
code to alter computer code, logic or data and lead to cybercrimes, such as information
and identity theft.
Cyber-attacks can be classified into the following categories:

7. Web-based attacks:
These are the attacks which occur on a website or web applications. Some of the
important web-based attacks are as follows-
1. Injection attacks
It is the attack in which some data will be injected into a web application to manipulate
the application and fetch the required information.
Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced
into a DNS resolver's cache causing the name server to return an incorrect IP address,
diverting traffic to the attacker?s computer or any other computer. The DNS spoofing
attacks can go on for a long period of time without being detected and can cause
serious security issues.

8. Web-based attacks contd..
3. Session Hijacking
It is a security attack on a user session over a protected network. Web applications
create cookies to store the state and user sessions. By stealing the cookies, an attacker
can have access to all of the user data.
4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like user
login credentials and credit card number. It occurs when an attacker is masquerading
as a trustworthy entity in electronic communication.
5. Brute force
It is a type of attack which uses a trial and error method. This attack generates a large
number of guesses and validates them to obtain actual data like user password and
personal identification number. This attack may be used by criminals to crack
encrypted data, or by security, analysts to test an organization's network security.

9. Web-based attacks contd..
6. Denial of Service
It is an attack which meant to make a server or network resource unavailable to
the users. It accomplishes this by flooding the target with traffic or sending it
information that triggers a crash. It uses the single system and single internet
connection to attack a server. It can be classified into the following-
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site,
and is measured in bit per second.
Protocol attacks- It consumes actual server resources, and is measured in a
packet.
Application layer attacks- Its goal is to crash the web server and is measured in
request per second.

10. Web-based attacks contd..
7. Dictionary attacks
This type of attack stored the list of a commonly used password and validated them
to get original password.
8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can
make a web server to deliver web pages for which he is not authorized to browse.
9. File Inclusion attacks
It is a type of attack that allows an attacker to access unauthorized or essential files which
is available on the web server or to execute malicious files on the web server by making
use of the include functionality.
10. Man in the middle attacks
It is a type of attack that allows an attacker to intercepts the connection between client
and server and acts as a bridge between them. Due to this, an attacker will be able to read,
insert and modify the data in the intercepted connection.

11. System-based attacks:
These are the attacks which are intended to compromise a computer or a computer
network. Some of the important system-based attacks are as follows-
1. Virus
It is a type of malicious software program that spread throughout the computer files
without the knowledge of a user. It is a self-replicating malicious computer program
that replicates by inserting copies of itself into other computer programs when
executed. It can also execute instructions that cause harm to the system.
2. Worm
It is a type of malware whose primary function is to replicate itself to spread to
uninfected computers. It works same as the computer virus. Worms often originate
from email attachments that appear to be from trusted senders.

12. System-based attacks contd ….
3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and
unusual activity, even when the computer should be idle. It misleads the user of its
true intent. It appears to be a normal application but when opened/executed some
malicious code will run in the background.
4. Backdoors
It is a method that bypasses the normal authentication process. A developer may
create a backdoor so that an application or operating system can be accessed for
troubleshooting or other purposes.
5. Bots
A bot (short for "robot") is an automated process that interacts with other network
services. Some bots program run automatically, while others only execute
commands when they receive specific input. Common examples of bots program
are the crawler, chatroom bots, and malicious bots.

13. The Marketplace for vulnerabilities:
Vulnerabilities are nothing but the weakness in the security systems so,
attackers can get the confidential data easily and not possible to maintain data
integrity.
Because of vulnerabilities attackers get the door to come in system to access
system
To protect our system from vulnerabilities it is required to update system of
software regularly.

14. The Marketplace for vulnerabilities contd …
Common types of vulnerabilities are:
1. Bugs
2. Weak passwords
3. Sql Injection
4. Buffer overflow
5. Missing authentication
6. Missing data encryption
Causes and Harms due to vulnerabilities are:
1. Reliability
2. Usability
3. Confidentiality
4. Integrity

15. Error 404 Hacking digital India part 1
chase:
Hackers can not only know your current location and Generalized System preferences
(GSP) history but also have complete access to your contacts, text messages ,
Facebook , Whatsapp and most importantly your banking details including your CVV
number.

16. Hijacking and Defense
Control Hijacking
A control hijacking attack exploits a program error, particularly a memory
corruption vulnerability, at application runtime to subvert the intended control flow
of a program.
Control-hijacking attacks = Control-flow hijacking attacks
Change of control flow Alter a code pointer (i.e., value that influences program
counter) or,Gain control of the instruction pointer Change memory region that
should not be accessed E.g.Code injection attacks, Code reuse attacks Buffer
overflows are one of Control hijacking attacks

17. Control hijacking attacks:
Buffer overflow attack:
https://www.imperva.com/learn/application-security/buffer-overflow/
Integer overflow attack:
https://www.comparitech.com/blog/information-security/integer-overflow-
attack/
Control hijacking attacks format string vulnerabilities:
https://www.comparitech.com/blog/information-security/format-string-attac
https://www.kapravelos.com/teaching/csc591-f17/lectures/02-cha.pdf

18. Control hijacking: Platform defense
Marking memory as non-execute (DEP)
Prevent attack code execution by marking stack and heap as
non-executable
• NX-bit on AMD Athlon 64, XD-bit on Intel P4 Prescott
– NXbit in every Page Table Entry (PTE)
• Deployment:
– Linux (via PaX project); OpenBSD
– Windows: since XP SP2 (DEP)
• Visual Studio: /NXCompat[:NO]
• Limitations:
– Some apps need executable heap (e.g. JITs).
– Can be easily bypassed using Return OrientedProgramming (ROP)

19. Attack:Return Oriented Programming
(ROP)
args
ret-addr
sfp
local buf
exec()
printf()
“/bin/sh”
Control hijacking without injecting code:
stack libc.so
Dan Boneh

20. ROP: in more detail
To run /bin/sh we must direct stdin and stdout to the socket:
dup2(s, 0) // map stdin to socket
dup2(s, 1) // map stdout to socket
execve("/bin/sh", 0, 0);
dup2(s, 0)
ret
dup2(s, 1)
ret
Gadgets in victim code:
execve("/bin/sh")
ret
Stack (set by attacker): overflow-str 0x408400 0x408500 0x408300
ret-addr
Stack pointer moves up on pop
Dan Boneh

21. ROP: in even more detail
dup2(s,0) implemented as a sequence of gadgets in victim code:
Stack (by attacker):
pop rdi
ret
overflow-str 0x408100 s 0x408200 0 0x408300 33 0x408400
pop rsi
ret
pop rax
ret
syscall
ret
0x408200
0x408100 0x408300 0x408400
ret-addr (rdi ⟵ s) (rsi ⟵ 0) (rax ⟵ 33)
syscall #33
5f
c3
Dan Boneh
5e
c3

22. Dan Boneh
What to do?? Randomization
• ASLR: (Address Space Layout Randomization)
– Map shared libraries to rand location in process memory
⇒ Attacker cannot jump directly to exec function
– Deployment:
• Windows 7:
(/DynamicBase)
8 bits of randomness for DLLs
– aligned to 64K page in a 16MB region ⇒ 256 choices
• Windows 8: 24 bits of randomness on 64-bit processors
• Other randomization methods:
– Sys-call randomization: randomize sys-call id’s
– Instruction Set Randomization (ISR)

23. Run time checking: StackGuard
local canary sfp ret str
top
of
stack
• Many run-time checking techniques …
– we only discuss methods relevant to overflow protection
• Solution 1: StackGuard
– Run time tests for stack integrity.
– Embed “canaries” in stack frames and verify their integrity
prior to function return.
Frame 2 Frame 1
local canary sfp ret str
Dan Boneh

24. Dan Boneh
Canary
Types
• Random canary:
– Random string chosen at program startup.
– Insert canary string into every stack frame.
– Verify canary before returning from function.
• Exit program if canary changed. Turns potential exploit into DoS.
– To corrupt, attacker must learn current random string.
• Terminator canary: Canary = {0, newline, linefeed, EOF}
– String functions will not copy beyond terminator.
– Attacker cannot use string functions to corrupt stack.

25. Heap Spray Attack:
https://www.facebook.com/128BitSmile/videos/01-module-06-advanced-
control-hijacking-attacks-iit-kanpur-csss/1220999294949715/

26. Best Luck……