Processing & Properties of Floor and Wall Tiles.pptx
Lecture 3
1. Computer Network Security 1
Program security
Two types of program flaws
Non-malicious program flaws
Malicious program flaws
2. Computer Network Security 2
Non malicious program errors
Buffer overflows
Incomplete mediation
Time-of-check to time-of-use errors
3. Computer Network Security 3
Buffer overflow
The computer equivalent of trying to pour
two litre of water into a one-litre pitcher
A buffer is a space in which data can be
held
Since memory is finite, so is the buffer
The programmer must declare the buffer
size
4. Computer Network Security 4
Buffer overflow
char sample[10] sets aside ten bytes of
memory
sample[10]=‘A’;
sample[i]=‘A’;
All program and data are in memory during
execution, sharing the space with the OS,
other code and resident routines
5. Computer Network Security 5
Buffer overflow
If the extra character overwrites user’s data,
it may affect the program’s results but not
other programs
If it overflows into the user’s program area,
and overwrites an instruction to be executed
the machine will try to execute 0x41
6. Computer Network Security 6
Security implications
The attacker may replace code in system
space by other instructions which will cause
control to be transferred to the attacker with
OS privileges
The attacker could replace the return
address
7. Computer Network Security 7
Security implementation
Identify what you are trying to protect.
Determine what you are trying to protect them
from.
Determine how likely the threats are.
Implement steps that protect your assets in a cost
effective manner
Review the process continuously making
improvements when you find a weakness
8. Computer Network Security 8
Incomplete mediation
http://www.somesite.com/subpage/userinput¶
m1=(808)555-1212¶m2=2002Jan01
What if param2 were 1800Jan01? Or 1800Feb30?
Or 2048Min32? Or 1Aardvark2Many?
A routine could fail on a data type error
Receiving program generates wrong result
The receiving program might have a default
condition
9. Computer Network Security 9
Time-to-check to time-of-use errors
Involves synchronization
Modern OSs and processors usually change the
order of instruction execution to increase
performance
Instructions that appear to be adjacent may not be
executed immediately after each other, because of
intentionally changed order or the effects of other
processes in concurrent execution
10. Computer Network Security 10
Time-to-check to time-of-use errors
Every requested access must be governed
by an access policy stating who is allowed
access to what, then the request must be
mediated by an access policy enforcement
agent
An incomplete mediation problem occurs if
the access is not checked universally
11. Computer Network Security 11
Time-to-check to time-of-use errors
A person draws five $20 bills from his
pocket, carefully counts them and
places them in front of the seller. When
the seller turns around to make his bill,
he takes back one $20 bill, hands over
the stack of bills, takes his buy and
leaves
12. Computer Network Security 12
Time-to-check to time-of-use errors
An application request access to a file and
passes a data structure. The mediator stores
the filename locally and checks for access
rights. While the mediator checks for
access, the user may modify the locally
stored file name and gain access to a
different file
13. Computer Network Security 13
Security implication
Checking one action and performing
another is an example of ineffective access
control
Solutions:
Digital signatures and certificates. Time-of-
check is when someone signs and time-of-use is
when anyone verifies the signature. If the
private key is exposed, the key must be revoked
14. Computer Network Security 14
Failures due to non-malicious flaws
ARPANET had hard coded 347 as the size
of the node table
When a host’s node table reached 348, it
crashed
15. Computer Network Security 15
Viruses and other malicious code
Much of the work done by programs is invisible to
users. How can you tell if a game program does
nothing in addition to its expected interaction with
you?
Malicious people can make programs serve as
vehicles to access and change data and other
programs
Unanticipated or undesired effects in program
parts
16. Computer Network Security 16
Malicious code-possibilities
Write a message to the screen
Stopping a running program
Generating a sound
Erasing a stored file
18. Computer Network Security 18
Virus
A program that can pass on malicious code
to other non-malicious programs by
modifying them
Virus can be transient or resident
Transient virus’s life depends on the life of
its host: the virus runs when the host does
A resident virus locates itself in memory
19. Computer Network Security 19
Trojan horse
A Trojan horse is malicious code that, in addition
to its primary effect, has a second, nonobvious
malicious effect.
As an example of a computer Trojan horse,
consider a login script that solicits a user’s
identification and password, passes the
identification information on to the rest of the
system for login processing, but also retains a
copy of the information for later, malicious use.
20. Computer Network Security 20
logic bomb
A logic bomb is a class of malicious code that
“detonates” or goes off when a specified condition
occurs.
A time bomb is a logic bomb whose trigger is a
time or date.
21. Computer Network Security 21
Backdoor
A trapdoor or backdoor is a feature in a program
by which someone can access the program other
than by the obvious, direct call, perhaps with
special privileges.
For instance, an automated bank teller program
might allow anyone entering the number 990099
on the keypad to process the log of everyone’s
transactions at that machine.
22. Computer Network Security 22
Worm
A worm is a program that spreads copies of itself
through a network.
The primary difference between a worm and a
virus is that a worm operates through networks,
and a virus can spread through any medium (but
usually uses copied program or data files).
Additionally, the worm spreads copies of itself as
a standalone program, whereas the virus spreads
copies of itself as a program that attaches to or
embeds in other programs.
23. Computer Network Security 23
Rabbit
Some literature also defines a rabbit as a
virus or worm that self-replicates without
bound, with the intention of exhausting
some computing resources.
A rabbit might create copies of itself and
store them on disk, in an effort to
completely fill the disk, for example.
24. Computer Network Security 24
How viruses attach
A virus will do nothing and will not spread
unless it is executed. There are many ways
to ensure that a virus is executed
A setup program may call dozens or even
hundreds of other programs, on the
distribution disk, already residing on the
computer, or resident in memory
Human intervention is necessary to start the
process
25. Computer Network Security 25
How viruses attach
Email attachments
The virus code can be embedded in an executable
file attachment
Objects such as graphics files can contain code to
be executed by the editor, so they can be
transmission agents for viruses
26. Computer Network Security 26
How viruses attach
Appended viruses
Viruses that surround a program
Integrated virus and replacements
27. Computer Network Security 27
Appended viruses
Usually a virus inserts a copy of itself before the
first executable instruction in a program
Simple and usually effective
Typically the user does not notice the effects of
the virus since the program does its job as usual
28. Computer Network Security 28
Viruses that surround a program
Has control before and after a program
execution
A virus’ presence may be given away by
the file size of the program, so the virus
writer may infect the file listing display
program to regain control after the file
listing is generated but before it is displayed
29. Computer Network Security 29
Integrated viruses and
replacements
Virus replaces some of its target
Virus writer has to know the exact structure
of the program
Could replace the entire target
30. Computer Network Security 30
Document viruses
Most popular
Implemented within a formatted document,
which contains not only data, but also
commands, such as formulae, formatting
controls and links etc
User sees only the contents of the
document, so the virus writers includes the
virus in the commands
31. Computer Network Security 31
How viruses gain control
A virus has to be invoked instead of the
target
The virus has to either seem to be the target,
or has to push the target out of the way and
become a substitute
A virus could replace a target by assuming
its name
The virus can overwrite the target on disk
32. Computer Network Security 32
How viruses gain control
The virus can change the pointers in the file
tables so that the virus is located instead of
the target
33. Computer Network Security 33
Desirable qualities in viruses
Hard to detect
Not easily destroyed
Spreads widely
Re-infect its home program or other
programs
Easy to create
Machine independent and OS independent
34. Computer Network Security 34
Homes for viruses
One time execution
Boot sector viruses
Memory-resident viruses
Other homes
35. Computer Network Security 35
One-time execution
Majority of viruses today execute only
once, spreading their infection and causing
their effect in that one execution
A virus often arrives as an email attachment
of a document virus and is executed just by
opening it
36. Computer Network Security 36
Boot sector viruses
A given hardware platform can run many different
OS
The boot sector contains a boot loader to load the
particular OS into memory and run it
To accommodate large boot loaders, chaining is
used
The virus may break the chain anywhere and
insert itself
Appeal: virus gains control early, when no
detection tool is running, and is invisible to file
listing
37. Computer Network Security 37
Memory resident viruses
Some portions of the OS and a few
specialized user programs would take too
long to reload each time they are needed, so
they are kept in memory and are called
resident code
e.g., routines that interpret keys pressed on
the keyboard, error control, alarm clock
Virus attached to resident code
38. Computer Network Security 38
Other homes for viruses
Application macros
Libraries
Compilers, linkers
Runtime monitors, runtime debuggers
Anti-virus
39. Computer Network Security 39
Virus signatures
A virus can not be completely invisible
Code must be stored somewhere and must
be in memory
A virus executes in a particular way and
uses a certain method to spread
Each of these characteristics yields a telltale
pattern called a signature
42. Computer Network Security 42
Execution patterns
A virus writer may want a virus to do
several things at the same time
Spread infection
Avoid detection
Cause harm
43. Computer Network Security 43
Transmission patterns
Viruses can travel
During the boot process
Over a network connection
Host’s execution
Remain in memory to infect other diskettes
44. Computer Network Security 44
Polymorphic viruses
Virus signature is the most reliable way to
detect a virus
A clever virus writer can cause something
other than specific strings to be in portions
where a virus scanner would look for those
strings
A virus that can change its appearance is
called a polymorphic virus
45. Computer Network Security 45
Polymorphic viruses
Two-form virus can be treated as two
independent viruses, so the virus writer will
want a large or unlimited number of forms
A polymorphic virus has to randomly
reposition all parts of itself and randomly
change all fixed data
A virus may randomly intersperse harmless
instructions throughout its code
46. Computer Network Security 46
Prevention of virus infection
Not to share executable code with infected source
This was easy to do, as executable files had a
particular extension
Today seemingly non-executable files can contain
executable code
Programs are usually configured to activate this
code automatically, such as open attachments
47. Computer Network Security 47
Prevention of virus infection
The file type is hidden in a field at the start of a
file, so Windows would try to open an executable
file with a non-executable extension, with the
appropriate program, failing which the executable
code will be run
Since you can not know which sources are
infected, assume that every outside source is
infected
48. Computer Network Security 48
Prevention
Use only software acquired from reliable and
well-established vendors
Test all software on an isolated computer
Open attachments only when you know them to be
safe
Make a recoverable system image and store it
safely
Make and retain backup copies of executable
system files
Use virus detectors
49. Computer Network Security 49
Trapdoors
An undocumented entry point into a module
Inserted during code development, perhaps
to test the module, or to provide hooks by
which to connect future modifications, or
enhancements, or to allow access if the
module should fail in the future
50. Computer Network Security 50
Trapdoors-Examples
Programs are prepared in modules, each tested in
“unit testing” and then integrated and tested in
“integration testing”, to see how they function as
they send messages and data from one to the other
Rather than paste all modules together in a big
bang approach, the modules are grouped into
several logical clusters of a few components each
Each cluster is tested in a way that allows testers
to control and understand what might make a
component or its interface fail
51. Computer Network Security 51
Trapdoors-Examples
During component testing, the tester cannot use the
surrounding routines that prepare input or work with
output, so they write “stubs” and “drivers” to inject data in
and extract results
These stubs and drivers are later discarded because they
are replaced by the actual components
The programmers embed debugging code into suspicious
components
To control stubs or invoke debugging code, the
programmer embeds special control sequences in the
component’s design, specifically to support testing
52. Computer Network Security 52
Trapdoors-Examples
Command insertion is a recognized testing
practice, if left in place after testing, the extra
commands can become a problem
The Internet Worm spread itself due to exactly
this kind of a trapdoor in an email program
Poor error checking is another source of trapdoors
Trapdoors can be useful for system auditing or
testing, but they must be documented and access
must be protected
53. Computer Network Security 53
Trapdoors-causes
Trapdoors can persist in programs because
the developer:
forgot to remove them
Intentionally left it there for testing
Intentionally left it for maintenance
Left there for covert access
54. Computer Network Security 54
Covert channels
Programs that communicate information to people
who shouldn’t receive it
The communication accompanies other perfectly
proper communications e.g., a student may
communicate correct answer choices by coughing
once for ‘a’, clearing her throat for ‘b’ and so on
One way for the programmer to have a covert
channel is to write to a file, print it out
A programmer should not have access to data once
the program is in operation
55. Computer Network Security 55
How to create covert channels
A printed report would be too obvious
Encode data values into a different report format
Storage channels: pass information by using the
presence or absence of objects in storage e.g., lock
or not lock a file to signal one bit of information
Other ways would be consume disk quota
Timing channels: pass information by the speed
at which things happen e.g., using or not using an
assigned amount of computing time (quantum)
56. Computer Network Security 56
How to prevent these flaws
Good software engineering practices
Operating system controls
Administrative controls
Program controls in general