Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.

Slides:



Advertisements
Similar presentations
Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,
Advertisements

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.
Chapter 14 Computer Security Threats
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.
Chapter 3 – Program Security Section 3.4 Targeted Malicious Code Section 3.5 Controls Against Program Threats.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.
Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:
CSCE 201 Attacks on Desktop Computers: Malicious Code Hardware attacks.
 a crime committed on a computer network, esp. the Internet.
Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.
Lecture 16 Overview.
Fundamentals of The Internet Learning outcomes After this session, you should be able to: Identify the threat of intruders in systems and networks and.
1 Chapter 19: Malicious Software Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal, U of Kentucky)
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
Chapter 5 P rogram Security. csci5233 computer security & integrity (Chap. 5) 2 Outline Viruses & worms Targeted Malicious Codes –Trapdoors, Salami attack,
1 Higher Computing Topic 8: Supporting Software Updated
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
CSCE 522 Lecture 12 Program Security Malicious Code.
10/11/2015 Computer virus By Al-janabi Rana J 1. 10/11/2015 A computer virus is a computer program that can copy itself and infect a computer without.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
Lecture 14 Overview. Secure programs Security implies some degree of trust that the program enforces expected – confidentiality, – integrity, and – availability.
Malicious Code By Diana Peng. What is Malicious Code? Unanticipated or undesired effects in programs/program parts, caused by an agent with damaging intentions.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.
Name: Perpetual Ifeanyi Onyia Topic: Virus, Worms, & Trojan Horses.
Program Security Week-2. Programming Fault: When a human makes a mistake, called an error, in performing some software activity, the error may lead to.
30.1 Lecture 30 Security II Based on Silberschatz & Galvin’s slides And Stallings’ slides.
CSCE 522 Lecture 12 Program Security Malicious Code.
For any query mail to or BITS Pilani Lecture # 1.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Program Security Malicious Code Program Security Malicious Code.
Malicious Logic and Defenses. Malicious Logic Trojan Horse – A Trojan horse is a program with an overt (documented or known) effect and covert (undocumented.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Malicious Software.
VIRUS.
n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.
1 Security in Computing Module 1 Introduction. What Is Security? “The quality or state of being secure—to be free from danger” 2.
Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.
Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.
Lecture 17 Overview. Targeted Malicious Code Trapdoor – undocumented entry point to a module – forget to remove them – intentionally leave them in the.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
NETWORK SECURITY Definitions and Preventions Toby Wilson.
Candidates should be able to:  describe the purpose and use of common utility programs for:  computer security (antivirus, spyware protection and firewalls)
Writing Secure Programs. Program Security CSCE Farkas/Eastman - Fall Program Flaws Taxonomy of flaws: how (genesis) when (time) where (location)
MALICIOUS SOFTWARE Rishu sihotra TE Computer
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Malicious Programs (1) Viruses have the ability to replicate themselves Other Malicious programs may be installed by hand on a single machine. They may.
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
Detected by, M.Nitin kumar ( ) Sagar kumar sahu ( )
Security Issues in Information Technology
CHAPTER 3 PROGRAM SECURITY.
Chapter Objectives In this chapter, you will learn:
Operating Systems Services provided on internet
Viruses and Other Malicious Content
CSE565: Computer Security Lecture 27 Program Security
Chap 10 Malicious Software.
Chap 10 Malicious Software.
Malicious Program and Protection
Presentation transcript:

Lecture 15 Overview

Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted function – Viruses are not programs – Definition from RFC 1135: A virus is a piece of code that inserts itself into a host [program], including operating systems, to propagate. It cannot run independently. It requires that its host program be run to activate it. 2 CS 450/650 Lecture 15: Malicious Codes

Kinds of Malicious Code Worm: a program that propagates copies of itself through the network. – Independent program. – May carry other code, including programs and viruses. – Definition from RFC 1135: A worm is a program that can run independently, will consume the resources of its host [machine] from within in order to maintain itself and can propagate a complete working version of itself on to other machines. 3 CS 450/650 Lecture 15: Malicious Codes

Kinds of Malicious Code Rabbit/Bacteria: make copies of themselves to overwhelm a computer system's resources – Denying the user access to the resources Logic/Time Bomb: programmed threats that lie dormant for an extended period of time until they are triggered – When triggered, malicious code is executed 4 CS 450/650 Lecture 15: Malicious Codes

Kinds of Malicious Code Trojan Horse: secret, undocumented routine embedded within a useful program – Execution of the program results in execution of secret code Trapdoor: secret, undocumented entry point into a program, used to grant access without normal methods of access authentication Dropper: Not a virus or infected file – When executed, it installs a virus into memory, on to the disk, or into a file 5 CS 450/650 Lecture 15: Malicious Codes

Virus Lifecycle Dormant phase: the virus is idle – not all viruses have this stage Propagation phase: the virus places an identical copy of itself into other programs of into certain system areas Triggering phase: the virus is activated to perform the function for which it was created Execution phase: the function is performed – The function may be harmless or damaging 6 CS 450/650 Lecture 15: Malicious Codes

Virus Types Parasitic virus: – Attaches itself to a file and replicates when the infected program is executed – most common form Memory resident virus: – lodged in main memory as part of a resident system program – Virus may infect every program that executes 7 CS 450/650 Lecture 15: Malicious Codes

Virus Types Boot Sector Viruses: – Infects the boot record and spreads when system is booted – Gains control of machine before the virus detection tools – Very hard to notice Macro Virus: – virus is part of the macro associated with a document 8 CS 450/650 Lecture 15: Malicious Codes

Virus Types Stealth virus: – A form of virus explicitly designed to hide from detection by antivirus software Polymorphic virus: – A virus that mutates with every infection making detection by the “signature” of the virus difficult 9 CS 450/650 Lecture 15: Malicious Codes

How Viruses Append 10 Original program virus Original program virus Virus appended to program += CS 450/650 Lecture 15: Malicious Codes Original program Virus-1 Virus-2 Virus surrounding a program Original program Virus-1 Virus-2 Virus-3 Virus-4 Virus integrated into program

How Viruses Gain Control Virus V has to be invoked instead of target T – V overwrites T – V changes pointers from T to V 11 CS 450/650 Lecture 15: Malicious Codes

Virus Signatures Storage pattern – Code always located on a specific address – Increased file size Execution pattern Transmission pattern Polymorphic Viruses 12 CS 450/650 Lecture 15: Malicious Codes

Antivirus Approaches Detection: – determine infection and locate the virus Identification: – identify the specific virus Removal: – remove the virus from all infected systems, so the disease cannot spread further Recovery: – restore the system to its original state 13 CS 450/650 Lecture 15: Malicious Codes

Preventing Virus Infection Prevention: – Good source of software installed – Isolated testing phase – Use virus detectors Limit damage: – Make bootable diskette – Make and retain backup copies important resources 14 CS 450/650 Lecture 15: Malicious Codes

Worm Self-replicating (like virus) Objective: system penetration (intruder) Phases: dormant, propagation, triggering, and execution Propagation: – Searches for other systems to infect e.g., host tables – Establishes connection with remote system – Copies itself to remote system – Execute 15 CS 450/650 Lecture 15: Malicious Codes

Lecture 16 Targeted Malware CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips

Targeted Malicious Code Trapdoor – undocumented entry point to a module – forget to remove them – intentionally leave them in the program for testing – intentionally leave them in the program for maintenance of the finished program, or – intentionally leave them in the program as a covert means of access to the component after it becomes an accepted part of a production system 17 CS 450/650 Lecture 16: Targeted Malicious Codes

Targeted Malicious Code Salami Attack – a series of many minor actions that together results in a larger action that would be difficult or illegal to perform at once – Ex. Interest computation rootkit – A program or coordinated set of programs designed to gain control over a computer system or network of computing systems 18 CS 450/650 Lecture 16: Targeted Malicious Codes

Targeted Malicious Code Privilege Escalation – a means for malicious code to be launched by a user with lower privileges but run with higher privileges Interface illusion – a spoofing attack in which all or part of a web page is false Keystroke Logging 19 CS 450/650 Lecture 16: Targeted Malicious Codes

Targeted Malicious Code Man-in-the-Middle Attacks Timing Attacks – attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms Covert Channels – programs that leak information – Ex. Hide data in output 20 CS 450/650 Lecture 16: Targeted Malicious Codes

Covert Channel - Trojan Horse John Spy Only John is permitted to access the document MS Word Document Spy’s Document copy TH install copy 21 CS 450/650 Lecture 16: Targeted Malicious Codes

Covert Channel Two active agents – Sender (has access to unauthorized information) e.g., Trojan Horse in MS Word – Receiver (reads sent information) e.g., program creating the copy Encoding schema – How the information is sent e.g., – File F exists  0 – File F is does not exist  1 Synchronization – e.g., when to check for existence of F 22 CS 450/650 Lecture 16: Targeted Malicious Codes

Storage Covert Channels Based on properties of resources – pass information by using presence or absence of objects in storage Examples: – File locks – Delete/create file – Memory allocation 23 CS 450/650 Lecture 16: Targeted Malicious Codes

File Lock Covert Channel 24

File Existence Channel Used to Signal

Timing Covert Channel Time is the factor – how fast – pass information using the speed at which things happen Examples: – Processing time – Transmission time 26 CS 450/650 Lecture 16: Targeted Malicious Codes

Covert Timing Channel 27

Covert Channel Detection and Removal Identification: – Shared resources – Program code correctness – Information flow analysis Removal: – Total removal – may not be possible – Reduce bandwidth 28 CS 450/650 Lecture 16: Targeted Malicious Codes

Controls Against Program Threats Prevent Threats during software development – Modularity security analysts must be able to understand each component as an independent unit and be assured of its limited effect on other components 29 CS 450/650 Lecture 16: Targeted Malicious Codes

Controls Against Program Threats Prevent Threats during software development – Encapsulation hide a component's implementation details minimize interfaces to reduce covert channels – Information hiding a component as a kind of black box components will have limited effect on other components 30 CS 450/650 Lecture 16: Targeted Malicious Codes

Controls Against Program Threats Peer Reviews – Hazard Analysis set of systematic techniques to expose potentially hazardous system states – Testing unit testing, integration testing, function testing, performance testing, acceptance testing, installation testing, regression testing 31 CS 450/650 Lecture 16: Targeted Malicious Codes

Controls Against Program Threats Good Design – Using a philosophy of fault tolerance – Have a consistent policy for handling failures – Capture the design rationale and history – Use design patterns Prediction – predict the risks involved in building and using the system 32 CS 450/650 Lecture 16: Targeted Malicious Codes

Controls Against Program Threats Static Analysis – Use tools and techniques to examine characteristics of design and code to see if the characteristics warn of possible faults Configuration Management – control changes during development and maintenance Analysis of Mistakes Proofs of Program Correctness – Can we prove that there are no security holes? 33 CS 450/650 Lecture 16: Targeted Malicious Codes

Operating System Controls on Use of Programs Trusted Software – code has been rigorously developed and analyzed Functional correctness Enforcement of integrity Limited privilege Appropriate confidence level 34 CS 450/650 Lecture 16: Targeted Malicious Codes

Operating System Controls on Use of Programs Mutual Suspicion – assume other program is not trustworthy Confinement – limit resources that program can access Access Log – list who access computer objects, when, and for how long 35 CS 450/650 Lecture 16: Targeted Malicious Codes

Administrative Controls Standards of Program Development Standards of design Standards of documentation, language, and coding style Standards of programming Standards of testing Standards of configuration management Security Audits Separation of Duties 36 CS 450/650 Lecture 16: Targeted Malicious Codes

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.