1 Vulnerability Analysis CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 26, 2004.

Slides:



Advertisements
Similar presentations
Lectures on File Management
Advertisements

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
Vulnerability Analysis. Formal verification Formally (mathematically) prove certain characteristics Proves the absence of flaws in a program or design.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Courtesy of Professors Chris Clifton & Matt Bishop INFSCI 2935: Introduction of Computer Security1 November 13, 2003 Malicious Code Vulnerability Analysis.
Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science © Matt Bishop.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
1 Evaluating Systems CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 6, 2004.
1 Access Control Matrix CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 9, 2004.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Achieving Trusted Systems by Providing Security and Reliability Ravishankar K. Iyer, Zbigniew Kalbarczyk, Jun Xu, Shuo Chen, Nithin Nakka and Karthik Pattabiraman.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Vulnerability Analysis
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 20 October 28, 2004.
Information Systems Security Computer System Life Cycle Security.
A Framework for Automated Web Application Security Evaluation
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.
Chapter 13 Processing Controls. Operating System Integrity Operating system -- the set of programs implemented in software/hardware that permits sharing.
Unix Security Use of a taxonomy of security faults By T. Aslam, I. Krsul, and E. H. Spafford.
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES By: Eric Chien and Peter Szor Presented by: Jesus Morales.
OS Hardening Justin Whitehead Francisco Robles. ECE Internetwork Security OS Hardening Installing kernel/software patches and configuring a system.
Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and.
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
Software Security and Security Engineering (Part 2)
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
1 IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 9 Oct 30, 2013 Authentication, Identity Vulnerability.
CPSC 6126 Computer Security Information Assurance.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 9 Nov 25, 2008 Authentication, Identity Malicious Code, Vulnerability.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Lecture 12 Nov 29, 2007 Malicious Code, Vulnerability Analysis, Intrusion.
Unix Security Assessing vulnerabilities. Classifying vulnerability types Several models have been proposed to classify vulnerabilities in UNIX-type Oses.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
1 Assurance, Malicious Code Vulnerability Analysis Nov 30, 2006 Lecture 9 IS 2150 / TEL 2810 Introduction to Security.
Vulnerability Analysis
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Design Principles and Common Security Related Programming Problems
Chapter 23: Vulnerability Analysis Dr. Wayne Summers Department of Computer Science Columbus State University
Chapter 19: Building Systems with Assurance Dr. Wayne Summers Department of Computer Science Columbus State University
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Role Of Network IDS in Network Perimeter Defense.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 23 Slide 1 Software testing.
Writing Secure Programs. Program Security CSCE Farkas/Eastman - Fall Program Flaws Taxonomy of flaws: how (genesis) when (time) where (location)
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Vulnerability Analysis Dr. X. Computer system Design Implementation Maintenance Operation.
Software Security Q: What does it mean to say that a program is secure? A: There is a sufficient amount of trust that the program maintains _____________,
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #20-1 Chapter 20: Vulnerability Analysis Background Penetration Studies Example.
Vulnerability Analysis
Chapeter20. Vulnerability Analysis
Chap 20. Vulnerability Analysis
Secure Software Confidentiality Integrity Data Security Authentication
Chapter 8 – Software Testing
Security mechanisms and vulnerabilities in .NET
Chapter 23: Vulnerability Analysis
VA/PT.
Test Case Test case Describes an input Description and an expected output Description. Test case ID Section 1: Before execution Section 2: After execution.
Intrusion Detection system
Chapter 29: Program Security
IS 2150 / TEL 2810 Information Security & Privacy
Operating System Concepts
Crisis and Aftermath Morris worm.
Chapter 14: Protection.
IS 2150 / TEL 2810 Introduction to Security
Presentation transcript:

1 Vulnerability Analysis CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 26, 2004

2 Acknowledgements Many of these slides came from Chris Clifton and Matt Bishop, author of Computer Security: Art and Science

3 Vulnerability Analysis Vulnerability or security flaw: specific failures of security controls (procedures, technology or management) Errors in code Human violators Mismatch between assumptions Exploit: Use of vulnerability to violate policy Attacker: Attempts to exploit the vulnerability

4 Techniques for Detecting Vulnerabilities System Verification Determine preconditions, post-conditions Validate that system ensures post-conditions given preconditions Can prove the absence of vulnerabilities Penetration testing Start with system/environment characteristics Try to find vulnerabilities Cannot prove the absence of vulnerabilities

5 System Verification What are the problems? Invalid assumptions Limited view of system Still an inexact science External environmental factors Incorrect configuration, maintenance and operation of the program or system

6 Penetration Testing Test strength of security controls of the complete system Attempt to violate stated policy Works on in-place system Framework for evaluating results Examines procedural, operational and technological controls Typical approach: Red Team, Blue Team, White Team Red team attempts to discover vulnerabilities Blue team simulates normal administration Detect attack, respond White team injects workload, captures results

7 Types/layers of Penetration Testing Black Box (External Attacker) External attacker has no knowledge of target system Attacks often build on human element – Social Engineering System access provided (External Attacker) Red team provided with limited access to system Models external attack Goal is to gain normal or elevated access Then violate policy Internal attacker Red team provided with authorized user access Goal is to elevate privilege / violate policy

8 Red Team Approach Flaw Hypothesis Methodology: Information gathering Examine design, environment, system functionality Flaw hypothesis Predict likely vulnerabilities Flaw testing Determine where vulnerabilities exist Flaw generalization Attempt to broaden discovered flaws Flaw elimination (often not included) Suggest means to eliminate flaw Flaw does Not exist Refine with new understanding

9 Problems with Penetration Testing Nonrigorous Dependent on insight (and whim) of testers No good way of evaluating when “complete” How do we make it systematic? Try all classes of likely flaws But what are these? Vulnerability Classification!

10 Vulnerability Classification Goal: describe spectrum of possible flaws Enables design to avoid flaws Improves coverage of penetration testing Helps design/develop intrusion detection How do we classify? By how they are exploited? By where they are found? By the nature of the vulnerability?

11 Example flaw: xterm log xterm runs as root Generates a log file Appends to log file if file exists Problem: ln /etc/passwd log_file Solution if (access(“log_file”, W_OK) == 0) fd = open(“log_file”, O_WRONLY|O_APPEND) What can go wrong?

12 Example: Finger Daemon (exploited by Morris worm) finger sends name to fingerd fingerd allocates 512 byte buffer on stack Places name in buffer Retrieves information (local finger) and returns Problem: If name > 512 bytes, overwrites return address Exploit: Put code in “name”, pointer to code in bytes 513+ Overwrites return address

13 Vulnerability Classification: Generalize xterm: race condition between validation and use fingerd: buffer overflow on the stack Can we generalize to cover all possible vulnerabilities?

14 RISOS: Research Into Secure Operating Systems 1. Incomplete parameter validation – Check parameter before use – E.g., buffer overflow – 2. Inconsistent parameter validation – Different routines with different formats for same data 3. Implicit sharing of privileged / confidential data – OS fails to isolate processes and users 4. Asynchronous validation / inadequate serialization – Race conditions and Time-of-Check-to-Time-of-Use flaws 5. Inadequate identification /authentication / authorization – Trojan horse; accounts without passwords 6. Violable prohibition / limit – Improper handling of bounds conditions (e.g., in memory allocation) 7. Exploitable logic error – Incorrect error handling, incorrect resource allocations etc.

15 Protection Analysis Model Classes Pattern-directed protection evaluation Methodology for finding vulnerabilities Applied to several operating systems Discovered previously unknown vulnerabilities Resulted in two-level hierarchy of vulnerability classes

16 PA flaw classes 1. Improper protection domain initialization and enforcement a. domain: Improper choice of initial protection domain b. exposed representations: Improper isolation of implementation detail (Covert channels) c. consistency of data over time: Improper change d. naming: Improper naming (two objects with same name) e. residuals: Improper deallocation or deletion 2. Improper validation (validation of operands, queue management dependencies) 3. Improper synchronization a. interrupted atomic operations: Improper indivisibility b. serialization: Improper sequencing 4. critical operator selection errors: Improper choice of operand or operation

17 PA analysis procedure A pattern-directed protection evaluation approach Collect known protection problems Convert these problems to a more formalized notation (set of conditions) Eliminate irrelevant features and abstract system-specific components into system-independent components (generalize raw patterns) Determine relevant features of OS Code Compare features with generic error patterns

18 Aslam’s Model Attempts to classify faults unambiguously Decision procedure to classify faults Coding Faults Synchronization errors Timing window Improper serialization Condition validation errors Bounds not checked Access rights ignored Input not validated Authentication / Identification failure Emergent Faults Configuration errors Wrong install location Wrong configuration information Wrong permissions Environment Faults

19 Common Vulnerabilities and Exposures (cve.mitre.org)cve.mitre.org Captures specific vulnerabilities Standard name Cross-reference to CERT, etc. Entry has three parts Unique ID Description References NameCVE DescriptionRace condition in xterm allows local users to modify arbitrary files via the logging option. References CERT:CA XF:xterm

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.