Operating System Protection Through Program Evolution

Slides:



Advertisements
Similar presentations
On the Genetic Evolution of a Perfect Tic-Tac-Toe Strategy
Advertisements

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
1 An Overview of Computer Security computer security.
Memory Management Design & Implementation Segmentation Chapter 4.
Operating System Support Focus on Architecture
Understanding Operating Systems1 Operating Systems Virtual Memory Thrashing Single-User Contiguous Scheme Fixed Partitions Dynamic Partitions.
CS-3013 & CS-502, Summer 2006 Memory Management1 CS-3013 & CS-502 Summer 2006.
TEST CASE DESIGN Prepared by: Fatih Kızkun. OUTLINE Introduction –Importance of Test –Essential Test Case Development A Variety of Test Methods –Risk.
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
Process Management A process is a program in execution. It is a unit of work within the system. Program is a passive entity, process is an active entity.
Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.
Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,
Simulation of Memory Management Using Paging Mechanism in Operating Systems Tarek M. Sobh and Yanchun Liu Presented by: Bei Wang University of Bridgeport.
Defining Anomalous Behavior for Phase Change Memory
1 Memory Management Memory Management COSC513 – Spring 2004 Student Name: Nan Qiao Student ID#: Professor: Dr. Morteza Anvari.
A Computer Science Tapestry 1 Recursion (Tapestry 10.1, 10.3) l Recursion is an indispensable technique in a programming language ä Allows many complex.
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
 a crime committed on a computer network, esp. the Internet.
1 “Operating System Protection Through Program Evolution” Dr. Frederick B. Cohen “…one of the major reasons attacks succeed is because of the static nature.
Computer Security and Penetration Testing
Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.
Disclosure risk when responding to queries with deterministic guarantees Krish Muralidhar University of Kentucky Rathindra Sarathy Oklahoma State University.
VIRTUAL MEMORY By Thi Nguyen. Motivation  In early time, the main memory was not large enough to store and execute complex program as higher level languages.
Protection in General- Purpose OS Week-3. Our Main Concern In what way do operating systems protect one user’s process from inadvertent or malicious interaction.
Okalo Daniel Ikhena Dr. V. Z. Këpuska December 7, 2007.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
Operating Systems Lecture 14 Segments Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard. Zhiqing Liu School of Software Engineering.
Evolutionary Security CS 610: Advanced Security Gabriel Daleson.
Symmetric Encryption Lesson Introduction ●Block cipher primitives ●DES ●AES ●Encrypting large message ●Message integrity.
COMP9321 Web Application Engineering Semester 2, 2015 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 1COMP9321, 15s2, Week.
Operating System Protection Through Program Evolution Fred Cohen Computers and Security 1992.
Computer Security By Duncan Hall.
Design Principles and Common Security Related Programming Problems
CS162 - Topic #10 Lecture: Recursion –The Nature of Recursion –Tracing a Recursive Function –Work through Examples of Recursion Programming Project –Discuss.
1 Design Principles CS461 / ECE422 Spring Overview Simplicity  Less to go wrong  Fewer possible inconsistencies  Easy to understand Restriction.
Operating System (Reference : OS[Silberschatz] + Norton 6e book slides)
` Question: How do immune systems achieve such remarkable scalability? Approach: Simulate lymphoid compartments, fixed circulatory networks, cytokine communication.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
A project is a set of series of tasks that need to be completed in order and in time to reach specific goals. A project is a temporary that means it has.
Prepared by: Fatih Kızkun
CMSC 611: Advanced Computer Architecture
CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.
Chapter 2 Memory and process management
Memory COMPUTER ARCHITECTURE
Chapter 14: Protection Modified by Dr. Neerja Mhaskar for CS 3SH3.
Testing and Debugging PPT By :Dr. R. Mall.
WEP & WPA Mandy Kershishnik.
Cryptographic Hash Function
Atomic Operations in Hardware
Memory Management © 2004, D. J. Foreman.
Chapter 9 – Real Memory Organization and Management
William Stallings Computer Organization and Architecture
Towards Reliable Application Deployment in the Cloud
Main Memory Management
Announcements Final Exam on August 17th Wednesday at 16:00.
Software Security Lesson Introduction
Chapter 1 Introduction.
Transparent Contribution of Memory
Chapter 29: Program Security
Interrupt handling Explain how interrupts are used to obtain processor time and how processing of interrupted jobs may later be resumed, (typical.
CSC3050 – Computer Architecture
Management From the memory view, we can list four important tasks that the OS is responsible for ; To know the used and unused memory partitions To allocate.
An Introduction to Debugging
Creating robust project networks
DBMS Module III DBMS
Operating System Concepts
Transparent Contribution of Memory
Coevolutionary Automated Software Correction
Presentation transcript:

Operating System Protection Through Program Evolution By Dr. Frederick B. Cohen Presented by William Lu

The Ultimate Attack How to defeat defensive measures of a system? Gain physical access to the system Reverse engineer defenses Find weak link and exploit

The Ultimate Defense How to defend against attackers Make attacks extremely complex Make costs too high to be worth attacking i.e. passwords Large space Spread out probability density (diffusion) Obscuring stored information (confusion) How to defend against attackers In practice, password space is huge but human methods of password selection leads to a high probability of select words.

The Ultimate Defense Current operating systems Space is enormous (all programs that fit in memory) High probability subspace (very small number of versions) No confusion No confusion – the part of the program that performs any given operation is apparent

The Ultimate Defense How to increase operating system defenses? Reducing coherence How? Unique defense for each system Feasibility? Too many unique defenses to design Compromise? Implement a fixed number of defenses

The Ultimate Defense More practical solution? Goal? Evolutionary defenses Goal? Produce a large search space Provide confusion Provide diffusion With more evolution, there’s less performance, but higher cost of attack

(some) Techniques for Program Evolution Equivalent instruction sequences Instruction reordering Variable substitution

Equivalent Instruction Sequences What does it do? Replaces instruction sequences with equivalent sequences i.e. add 17 is equivalent to add 20 and subtract 3 How does it help defend against attacks? As evolution increases so does time and space Potentially infinite evolutions Creates enormous possible executions

Instruction Reordering What does it do? Reorders instructions without altering program execution Order does not matter How does it help defend against attacks? Typical system call involves setting a series of values. Values are independent and can be set in any order. Assigning independent values can be reordered Increases complexity of attacks to n! different orderings (n = # of different instructions)

Instruction Reordering 3 different instructions 6 different forms … I=3 J=5 K=8

Variable Substitution What does it do? Alters the location of memory storage areas How does it help defend against attacks? Prevents static examination and analysis of parameters Move variables to different locations to prevent patterns without affecting program execution

(and other) techniques? What to do with these (and other) techniques?

Providing Evolution in Defenses How to evolve? Select a mix of evolution techniques Increase complexity while minimizing impact on end users

Providing Evolution in Defenses When to evolve? At the factory? Uniquely identify each disk sent out Reduced efficiency At installation? Unique tracking number, unique registration numbers Evolution at installation can take place while installer is asking for user input or swapping of disks. Crucial to have unique and confidential evolution Takes time at end user level

Providing Evolution in Defenses When to evolve? After installation? Cannot assure against corruption Cannot trust internal checking Attack that succeeds on one day may fail the next Unique tracking number, unique registration numbers Evolution at installation can take place while installer is asking for user input or swapping of disks.

Attacks on Program Evolution Points of Attack Tracing Attack

Point of Attack How? How to defend against it? Find original entry point and exploit it Gain direct access to hardware or operating system internals How to defend against it? Evolve the core of the operating system Evolving the calling mechanism Calls that bypass protection may be of the wrong form Used by viruses

Tracing Attacks How? How to defend against it? Trace programs at execution or simulation How to defend against it? Use redundancy Force attacker to use tracing on each attack

Conclusion Program evolution can increase the complexity for an attacker Create a large search space to make attacks infeasible Need more study to reach maturity

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.