CHAPTER 3 PROGRAM SECURITY.

Slides:



Advertisements
Similar presentations
IS 376 NOVEMBER 5, DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.
Advertisements

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
Let’s Talk About Cyber Security
Thank you to IT Training at Indiana University Computer Malware.
CPSC 6126 Computer Security Information Assurance.
Chapter 3 (Part 1) Network Security
Unit 18 Data Security 1.
ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.
________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.
Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Chapter 3 – Program Security Section 3.4 Targeted Malicious Code Section 3.5 Controls Against Program Threats.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Data Security.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
CSCE 201 Attacks on Desktop Computers: Malicious Code Hardware attacks.
 a crime committed on a computer network, esp. the Internet.
Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
Chapter 5 P rogram Security. csci5233 computer security & integrity (Chap. 5) 2 Outline Viruses & worms Targeted Malicious Codes –Trapdoors, Salami attack,
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
CSCE 522 Lecture 12 Program Security Malicious Code.
Viruses, Trojans and Worms The commonest computer threats are viruses. Virus A virus is a computer program which changes the way in which the computer.
Week 6 - Wednesday.  What did we talk about last time?  Exam 1  Before that?  Program security  Non-malicious flaws.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
Malicious Code By Diana Peng. What is Malicious Code? Unanticipated or undesired effects in programs/program parts, caused by an agent with damaging intentions.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.
Name: Perpetual Ifeanyi Onyia Topic: Virus, Worms, & Trojan Horses.
Program Security Week-2. Programming Fault: When a human makes a mistake, called an error, in performing some software activity, the error may lead to.
Malicious Logic and Defenses. Malicious Logic Trojan Horse – A Trojan horse is a program with an overt (documented or known) effect and covert (undocumented.
CPSC 6126 Computer Security Information Assurance.
ITD 2323 Lesson 3 – Viruses and other Malicious Codes Prepared by Izwan Suhadak Ishak Lecturer FITM, UNISEL.
Malicious Software.
VIRUS.
n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.
Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.
Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Understand Malware LESSON Security Fundamentals.
Types of Computer Malware. The first macro virus was written for Microsoft Word and was discovered in August Today, there are thousands of macro.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
MUHAMMAD GHAZI AIMAN BIN MOHD AIDI. DEFINITION  A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
COMPUTERVIRUSES MALICIOUS CODES  Malicious code: It is an undesired program or part caused by an agent intent to damage.  Agent is Writer or Distributor.
Security on the Internet Norman White ©2001. Security What is it? Confidentiality – Can my information be stolen? Integrity – Can it be changed? Availability.
Viruses and spyware are two kinds of usually malicious software that you need to protect your computer against. You need antispyware technology to help.
Chapter 40 Internet Security.
Securing Network Servers
Operating Systems Services provided on internet
Computer Security: Chapter 4
Lecture 8. Cyber Security, Ethics and Trust
COMPUTER VIRUSES Computer Technology.
Viruses and Other Malicious Content
Firewalls.
CSE565: Computer Security Lecture 27 Program Security
WHAT IS A VIRUS? A Computer Virus is a computer program that can copy itself and infect a computer A Computer Virus is a computer program that can copy.
Text Book: Security in Computing
Chap 10 Malicious Software.
Program Security Jagdish S. Gangolly School of Business
UNIT 18 Data Security 1.
Faculty of Science IT Department By Raz Dara MA.
Chapter 29: Program Security
Chap 10 Malicious Software.
CS-3013 Operating Systems Hugh C. Lauer
Malicious Program and Protection
Presentation transcript:

CHAPTER 3 PROGRAM SECURITY

3.1 Non-Malicious Code and Malicious Code Unintentional Caused from a mistake done by a human such as programmers and developers Many such errors cause program malfunction but do not lead to more serious security vulnerabilities

3.1 Non-Malicious Code and Malicious Code Rogue program General name for unanticipated or undesired effects in programs or program parts, caused by an agent intent on damage Behaves in an unexpected ways It can do anything any other program can such as writing a message on a computer screen, stopping a running program, generating a sound or erasing a stored file Malicious code runs under the user’s authority but without the user’s permission or even knowledge

3.2 Non-Malicious Program Errors Three classic error types: Buffer overflow Incomplete mediation Time-of-check to time-of-use (TOCTTOU)

3.2 Non-Malicious Program Errors 3.2.1 Buffer Overflows A buffer: space in which data can be held Resides in memory; because memory is finite, a buffer’s capacity is finite For this reason, the programmer must declare the buffer’s maximum size so that the compiler can set aside that amount of space Example: char sample[10]; -> compiler set aside 10 bytes to store this buffer sample[10] = ‘A’ -> the subscript is out of bound, we have a problem

3.2 Non-Malicious Program Errors 3.2.2 Incomplete Mediation Consider the previous example from previous slide: http://www.somesite.com/subpage/userinput.asp?parm1=(808)555- 1212&parm2=2009Jan17 The two parameters looks like a telephone number and a date The question now: What would happen if parm2 were submitted as 1800Jan01? Or 1800Feb30? Or 2048Min32 or Ardvark2Many? One way to produce the problem is to try to anticipate them

3.2 Non-Malicious Program Errors 3.2.3 Time-of-Check to Time-of-Use (TOCTTOU) Involves synchronization Access control is a fundamental part of computer security Every requested access must be governed by an access policy stating who is allowed access to what; then the request must be mediated by an access-policy-enforcement agent But an incomplete mediation problem occurs when access is not checked universally TOCTTOU flaw concerns mediation that is performed with a “bait and switch” in the middle Also known as serialization or synchronization flaw

3.2 Non-Malicious Program Errors 3.2.4 Combinations of Non-malicious Program Flaws An attacker may begin a three-pronged attack by using a buffer overflow to disrupt all execution of arbitrary code on a machine The attacker then logs in as the new user and exploits an incomplete mediation flaws as common building blocks Clever attacker uses flaws as common building blocks to build a complex attack

3.3 Virus and Other Malicious Code 3.3.1 Why worry about Malicious Code? Malicious code can do much (harm) It can do anything any other program can such as writing a message on a computer screen, stopping a running program, generating a sound or erasing a stored file Or it can do nothing at all right now; it can be planted to lie dormant, undetected, until some event triggers the code to act Malicious code runs under the user’s authority but without the user’s permission or even knowledge

3.3 Virus and Other Malicious Code 3.3.2 Kinds of Malicious Code Malicious code/rogue program is the general name for unanticipated or undesired effects in programs or programs parts, caused by an agent intent on damage The agent is the writer of the program or the person who causes its distribution A virus is a program that can pass on malicious code to other non-malicious programs by modifying them A virus can be either transient or resident

3.3 Virus and Other Malicious Code 3.3.2.1 Transient virus Has a life that depends on the life of its host; the virus runs when its attached program executes and terminates when its attached program ends 3.3.2.1 Resident virus Locates itself in memory; Then it can remain active or be activates as a stand- alone program, even after its attached program ends

3.3 Virus and Other Malicious Code 3.3.2.3 Types of Malicious Code Code Type Characteristics Virus Attaches itself to program and propagates copies of itself to other program Trojan horse Contains unexpected, additional functionality Logic bomb Triggers action when condition occurs Time bomb Triggers action when specified time occurs Trapdoor Allows unauthorized access to functionality Worm Propagates copies of itself through a network Rabbit Replicates itself without limit to exhaust resources

3.3 Virus and Other Malicious Code 3.3.3 How Viruses Attach 3.3.3.1 Appended Viruses A program virus attaches itself to a program, then whenever the program is run, the virus is activated. Refer to Figure 3-4 page 118 3.3.3.2 Viruses That Surround a Program Virus that runs the original program but has control before and after its execution Refer to Figure 3-5 page 119 3.3.3.3 Integrated Viruses and Replacements Viruses replaces some of its target and integrate itself into the original code of the target Refer to Figure 3-6 page 120

3.3 Virus and Other Malicious Code 3.3.4 Document Viruses It is implemented within a formatted document, such as written document, database, a slide presentation or spreadsheet

3.3 Virus and Other Malicious Code 3.3.5 Homes For Viruses The virus writer may find these qualities appealing in a virus: It is hard to detect It is not easily destroyed or deactivated It spreads infection widely It can re-infect its home program or other programs It is easy to create It is machine independent and operating system independent

3.3 Virus and Other Malicious Code 3.3.6 Prevention of Virus Infection There are six techniques: Use only commercial software acquired from reliable, well-established vendors. Test all new software on an isolated computer. Open attachments only when you know them to be safe. Make a recoverable system image and store it safely Make and retain backup copies of executable system files. Use virus detectors regularly and update them daily.

3.3 Virus and Other Malicious Code 3.3.7 Truth and Misconceptions about viruses Viruses can infect only Microsoft Windows systems (False) Viruses can modify “hidden” or “read-only” files (True) Viruses can appear only in data files, or only in Word documents, or only in programs (False) Viruses spread only on disks or through e-mail (False) Viruses cannot remain in memory after a complete power off/power on reboot (True) Viruses cannot infect hardware (True) Viruses can be malevolent, benign, or benevolent (True)

3.4 Targeted Malicious Code 3.4.1 Trapdoor It is an undocumented entry point to a module Developers insert trapdoors during code development, perhaps to test the module, to provide “hooks” by which to connect future modifications or enhancements, or to allow fail in the future Can allow a programmer access to a program once it is placed in production

3.4 Targeted Malicious Code 3.4.1 Trapdoor Causes of Trapdoors Trapdoors can persist in production programs because the developers Forget to remove them Intentionally leave them in the program for testing Intentionally leave them in the program for maintenance of the finished program Intentionally leave them in the program as a covert means of access to the component after it becomes an accepted part of a production system

3.4 Targeted Malicious Code 3.4.2 Salami Attack A salami attack merges bits of seemingly inconsequential data to yield powerful results Normally, salami attack when the course code of a system is too large or complex to be audited Why Salami Attacks Persist Computer computations are notoriously subject to small errors involving rounding and truncation It is easier for programmers and users to accept a small amount of error as natural and unavoidable

3.4 Targeted Malicious Code 3.4.3 Covert channels: Programs that leaks Information Programs that communicate information to people who should not receive it The communication travels unnoticed, accompanying other, perfectly proper, communications Example: - A programmer who has direct access to data can usually just read the data and write it to another file or print it out - If, however, the programmer is one step removed from the data (outside the organizational owning the data), the programmer must figure how to get the data - One way --> to built-in Trojan horse (once the horse is enabled, it finds and transmits the data - In order to send the data to the others, the programmer has to arrange to extract the data more surreptitiously - Covert channels are a means of extracting the data clandestinely

3.5 Controls Against Program Threats 3.5.1 Development Controls It requires people to: Specify the system Design the system Implement the system Test the system Review the system Document the system Manage the system Maintain the system

3.5 Controls Against Program Threats 3.5.2 Operating System Controls on Use of Programs A trusted software is where we know the code has been rigorously developed and analysed To trust any program, we should look for: Functional correctness Enforcement of integrity Limited privilege Appropriate confidence level Others include: Mutual suspicion Confinement Access log

3.5 Controls Against Program Threats 3.5.3 Administrative Controls Standards of Program Development Administrative controls can be exercised by considering the following standards of: Design Documentation, language and coding style Programming Testing Configuration management

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.