Attacking Malicious Code: A Report to the Infosec Research Council Kim Sung-Moo.

Slides:



Advertisements
Similar presentations
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Advertisements

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Java Applet Security Diana Dong CS 265 Spring 2004.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Chapter 3 (Part 1) Network Security
An Introduction to Proof-Carrying Code David Walker Princeton University (slides kindly donated by George Necula; modified by David Walker)
Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]
1 Extensible Security Architectures for Java Authors: Dan S.Wallch, Dirk Balfanz Presented by Moonjoo Kim.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Programmability with Proof-Carrying Code George C. Necula University of California Berkeley Peter Lee Carnegie Mellon University.
A Type System for Expressive Security Policies David Walker Cornell University.
Protection and Security CSCI 444/544 Operating Systems Fall 2008.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Stack Management Each process/thread has two stacks  Kernel stack  User stack Stack pointer changes when exiting/entering the kernel Q: Why is this necessary?
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Types for Programs and Proofs Lecture 1. What are types? int, float, char, …, arrays types of procedures, functions, references, records, objects,...
Computer Security “Measures and controls that ensure confidentiality, integrity, and availability of IS assets including hardware, software, firmware,
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
1 Chapter 1 The need for security Computerized trend (all kind of information are in the database) Information passing through Internet.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
Operating system Security By Murtaza K. Madraswala.
Security - Why Bother? Your projects in this class are not likely to be used for some critical infrastructure or real-world sensitive data. Why should.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
©Ian Sommerville 2004Software Engineering Case Studies Slide 1 The Internet Worm Compromising the availability and reliability of systems through security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Operating Systems Security
Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
Computer Security By Duncan Hall.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
SAFE KERNEL EXTENSIONS WITHOUT RUN-TIME CHECKING George C. Necula Peter Lee Carnegie Mellon U.
Role Of Network IDS in Network Perimeter Defense.
Lecture9 Page 1 CS 236 Online Operating System Security, Con’t CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Lecture 4 Page 1 CS 111 Online Modularity and Memory Clearly, programs must have access to memory We need abstractions that give them the required access.
CIW Lesson 8 Part B. Malicious Software application that installs hidden services on systems term for software whose specific intent is to harm computer.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.
Secure Programming Dr. X
Introduction to Operating Systems
CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.
Chapter 14: System Protection
Types for Programs and Proofs
Secure Programming Dr. X
Ik-Soon Kim December 18, 2010 Embedded Software Platform Team
Operating system Security
Operating System Structure
The Security Problem Security must consider external environment of the system, and protect it from: unauthorized access. malicious modification or destruction.
Introduction to Operating Systems
Chap 10 Malicious Software.
Chap 10 Malicious Software.
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Presentation transcript:

Attacking Malicious Code: A Report to the Infosec Research Council Kim Sung-Moo

Contents  What is malicious code?  Defense against malicious code  Current defenses  Promising new defenses  Policy as Achilles’ Heel  Conclusions

What is Malicious Code?  Any code added, changed, or removed from a software system.  To intentionally cause harm or subvert the system’s intended function.

Examples of malicious code  Viruses  attach to host programs and propagate when an infected program executes.  Worms  Particular to networked computers.  Attack to jump from one to another across network.  Trojan Horses  Hide malicious intent inside a host program that appears to do something useful.  Attack Scripts  Exploit security weaknesses like buffer overflows.  Java attack applets  Embedded in Web pages.  Dangerous ActiveX controls

A Growing Problem  Networks are everywhere.  Internet makes an attack easy.  System complexity is rising.  Applications becoming larger, bugs can’t be avoided.  Hard to find malicious code in API.  The use of unsafe programming language (C or C++)  Systems are easily extensible.  Malicious code can slip in systems as an unwanted extension. (scripts, applets, etc.)

Defense against Malicious Code  4 approaches that the host can protect itself.  Analyze the code and reject it if there is the potential that executing it will cause harm.  Rewrite the code before executing it so that it can do no harm.  Monitor the code while its executing and stop it before it does harm.  Audit the code during executing and take policing action if it did some harm.

Code Analysis  Scan a file or do dataflow analysis.  Help finding security-related bugs. (buffer overflow)  Necessarily limited  Because determining if code will misbehave is as hard as the halting problem.

Code Rewriting  Less pervasive but more important.  Inserts extra code to perform dynamic checks that ensure bad things cannot happen.  Ex) array bounds check in Java

Code Monitoring  Traditional approach  Monitor the code while its executing and stop it before it does harm.  Ex) JVM interpreter  Interpreter monitors execution of applets and mediates access to system calls  By examining the execution stack to determine who is issuing the system call request.

Code Auditing  If we want to recover damage, the damage must be properly assessed and addressed.  Create an audit trail that captures program behavior.

Security Principles  The Principle of Least Privilege  A component should be given the minimum access necessary to accomplish its intended task.  The Principle of Minimum Trusted Computing Base (TCB).  The best way to assure that your system is secure is to keep your TCB small and simple.  TCB is the set of hardware and software components

Current Defenses  OS-Based Reference Monitors  Scanning for Known Malicious Code  Code Signing

OS-Based Reference Monitors  Provided by the computer hardware and OS.  Examples  Address translation hardware  Supervisor-mode and user-mode  Timer interrupt  System calls for invoking a trusted software  Disadvantage  Work with a fixed system-call interface and a fixed vocabulary.  Hard to extend interface and vocabulary.  Advantage  Effective for protecting OS resources.

Scanning for Known Malicious Code  Blacklisting matches programs against a database of known virus signatures.  Disadvantage  Weak to unknown malicious codes  Each file must be scanned  Too easy to change malicious code a little.  Advantage  Cheap to implement  Easily find naïve attacks

Code Signing  Authenticate code based on public-key cryptography and digital signatures.  Poor understanding of most people  If a key is stolen, anyone can use the key to sign any code.  We can’t know developer’s bad thought.  Lack of a Public Key Infrastructure (PKI)

Promising New Defenses  Software-Based Reference Monitors  Type-Safe Languages  Proof-Carrying Code

Software-Based Reference Monitors  Alternative to OS-based reference monitors  Idea  Rewrite binary code  Insert extra checks and states on each memory access and control transfer.  Current research  Implementation of Java’s stack inspection security policy

Type-Safe Languages  Type-safe programming language  Java, scheme, ML  Ensure that operations are only applied to values of the appropriate type.  Specify new, abstract types for operations.  Enable offline enforcement through static type checking instead of each time a operation is performed.  Current research  Eliminate more runtime checks (array bounds checks)  Eliminate type-checking machine code

Proof-Carrying Code  Require any untrusted code to come equipped with an explicit, machine-checkable proof  Before executing  Prove that the code respects a given security policy.  Proof checker is very simple.  Can enforce any security policy with proof  Current research  How to integrate compilers and modern theorem provers to produce PCC.

Policy as Achilles’ Heel  Policy can be of service.  But there is the problem of policy.  Bad policy  Incorrectly enforced policy  There is the many levels of policy.

Bad Policy  Misunderstanding of context  policy makes no sense in the context where it was applied.  Over restriction  the policy prevents useful work when it is enforced.  Noncomprehensiveness  policy fails to cover some situation or exists at the wrong level of abstraction.

Incorrectly Enforced Policy  The enforcement mechanism is too weak to implement the desired policy.  There are bugs in the implementation of the enforcement mechanism.  The enforcement mechanism is misconfigured.

Example Bad PolicyExample Incorrect policy enforcement Example Context misunderstood Script languages (Visual Basic) Mechanism is too weak Privacy in smart cards Overly restrictive Changing passwords too frequently Mechanism is buggy Buffer overflows in kernels Noncompre- hensive Executable content in (love virus) Mechanism is misconfigured Sendmail debug mode

The Many Levels of Policy  By collection of lower-level enforcement mechanisms, define metalevel policies.  We must consider safety, liveness, confidentiality.  Most of technologies can enforce particular aspects of software behavior.  Question  How to express reasonable security policy that can be directly transformed into solutions.  Answer  Understand policy as a layered set of abstractions.

Conclusions  The malicious code problem will continue to grow as the Internet grows.  Our hope is  creating sound policy about software behavior  enforcing that policy through the use of technologies

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.