Chapter 5 P rogram Security. csci5233 computer security & integrity (Chap. 5) 2 Outline Viruses & worms Targeted Malicious Codes –Trapdoors, Salami attack,

Slides:

Advertisements

Similar presentations

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.

Advertisements

Thank you to IT Training at Indiana University Computer Malware.

COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Lecturer: Fadwa Tlaelan

Chapter 3 (Part 1) Network Security

Unit 18 Data Security 1.

ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.

Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Video Following is a video of what can happen if you don’t update your security settings! security.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.

CSCE 201 Attacks on Desktop Computers: Malicious Code Hardware attacks.

Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.

WHAT IS VIRUS? NAE GRAND CHALLENGE SECURE CYBERSPACE.

 a crime committed on a computer network, esp. the Internet.

Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.

Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.

Terminology Worm –A computer program that duplicates itself over computer networks. Virus –A computer program that inspects it’s environment and copies.

Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

1 Higher Computing Topic 8: Supporting Software Updated

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.

CSCE 522 Lecture 12 Program Security Malicious Code.

Computer viruses are small software programs that are made to spread from one computer to another and to interfere with computer operations. There are.

Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.

Administrative: Objective: –Tutorial on Risks –Phoenix recovery Outline for today.

Malicious Code By Diana Peng. What is Malicious Code? Unanticipated or undesired effects in programs/program parts, caused by an agent with damaging intentions.

Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.

30.1 Lecture 30 Security II Based on Silberschatz & Galvin’s slides And Stallings’ slides.

Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 25 – Virus Detection and Prevention.

Malicious Logic and Defenses. Malicious Logic Trojan Horse – A Trojan horse is a program with an overt (documented or known) effect and covert (undocumented.

Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.

Chapter 19 – Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature: Awaiting the blow. —On War,

Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.

Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.

Understand Malware LESSON Security Fundamentals.

W elcome to our Presentation. Presentation Topic Virus.

NETWORK SECURITY Definitions and Preventions Toby Wilson.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

DEVICE MANAGEMENT AND SECURITY NTM 1700/1702. LEARNING OUTCOMES 1. Students will manipulate multiple platforms and troubleshoot problems when they arise.

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

Network System Security - Task 2. Russell Johnston.

CHAPTER 3 PROGRAM SECURITY.

Malicious Software.

Viruses and Other Malicious Content

CSE565: Computer Security Lecture 27 Program Security

WHAT IS A VIRUS? A Computer Virus is a computer program that can copy itself and infect a computer A Computer Virus is a computer program that can copy.

Chap 10 Malicious Software.

UNIT 18 Data Security 1.

Chapter 22: Malicious Logic

Chap 10 Malicious Software.

Presentation transcript:

Chapter 5 P rogram Security

csci5233 computer security & integrity (Chap. 5) 2 Outline Viruses & worms Targeted Malicious Codes –Trapdoors, Salami attack, Covert channels Controls Against Program Threats –Programming & process controls –OS controls –Administrative controls

csci5233 computer security & integrity (Chap. 5) 3 Program Security Protection of programs is at the heart of security in computing. Why? Two types of program flaws: –Inadvertent human errors –Malicious, intentionally induced flaws Why can’t we stop all program flaws?

csci5233 computer security & integrity (Chap. 5) 4 Types of Malicious Codes Virus, Trojan horse, Logic/Time bomb, trapdoor (backdoor), worm, rabbit Table 5.1, p.180 What’s the difference between a virus and a worm? oA virus attaches itself to another program; a worm does not. oA virus may rely on a variety of transmission media; a worm transmit itself across the network. Both viruses and worms duplicate themselves when executed.

csci5233 computer security & integrity (Chap. 5) 5 How do viruses work? A virus is activated by being executed. A virus attaches to a “good” program, the carrier, by –Appending (Fig. 5.1) –Surrounding (Fig. 5.2) –Integrating (Fig. 5.3) –Replacing (Fig. 5.4)

csci5233 computer security & integrity (Chap. 5) 6 Boot Sector Viruses The bootstrap load process The boot sector Block chaining: Each block of the bootstrap is chained to the next block. A virus may attach itself to any block in the chain, or may replace the boot sector. Fig.5.5.

csci5233 computer security & integrity (Chap. 5) 7 Other Homes for Viruses Resident codes/routines (TSR) Application programs –Example: Word macros Libraries Compilers, loaders, linkers, debuggers, antivirus s/w Anything else not mentioned in the book?

csci5233 computer security & integrity (Chap. 5) 8 Virus Signatures The signature of a virus is composed of the following characteristics: 1.Storage patterns 2.Execution patterns (Table 5.2, p.187) 3.Transmission patterns A virus scanner checks the signatures of viruses to detect viruses. Polymorphic viruses: A virus that can change its appearance. For example: having two different starting words. Preventing virus infection: pp

csci5233 computer security & integrity (Chap. 5) 9 The Morris Worm Nov Took advantages of well-known UNIX flaws: user passwords, finger, sendmail An irony Positive result: The CERT (Computer Emergency Response Team) was established at Carnegie Mellon University.

csci5233 computer security & integrity (Chap. 5) 10 The Bugbear Worm As recent as Sept./Oct A mass-mailing worm, attempting to send itself to addresses found on an infected system It also spreads through open network shares and has the ability to send print jobs to printers found on an infected network. Once the virus is run, it will attempt to disable various security products, including many forms of anti-virus and personal firewall software. It will also attempt to install a backdoor trojan that will allow a hacker access to the infected PC.

csci5233 computer security & integrity (Chap. 5) 11 The Bugbear Worm It makes use of the “Incorrect MIME Header Can Cause IE to Execute Attachment vulnerability” in Microsoft Internet Explorer (v 5.01 or 5.5 without SP2). Simply opening or previewing an infected message in a vulnerable reader can result in infection.Incorrect MIME Header Can Cause IE to Execute Attachment vulnerability More details: v.asp?genericURL=/common/en- us/helpcenter/bugbear.asp&genericLeftNav=/VirusInf o/VIL/vil_nav.asp v.asp?genericURL=/common/en- us/helpcenter/bugbear.asp&genericLeftNav=/VirusInf o/VIL/vil_nav.asp

csci5233 computer security & integrity (Chap. 5) 12 Targeted Malicious Codes Trapdoors A trapdoor is a secret, undocumented entry point into a module. A trapdoor is usually placed in a program during development, and may be used by a programmer to gain access to the program when it is placed into production mode.

csci5233 computer security & integrity (Chap. 5) 13 Targeted Malicious Codes Salami attack salami: a highly seasoned sausage of pork and beef either dried or fresh (Merriam-Webster’ Collegiate Dictionary, ) Salami attacks occur in programs that compute amounts of money. A small amount of money is shaved from each computation. Example: truncation of fractional cents during computation of interest (p.198) Hard to detect in a large program

csci5233 computer security & integrity (Chap. 5) 14 Targeted Malicious Codes Covert channel: a program that leaks information A type of Trojan horse How? In addition to normal, proper communication channels, a program opens covert channels to leak information to unauthorized viewers (Fig. 5-8, p.199) c.f. packet sniffers, network probes, network monitors, HTTP monitors, protocol analyzers? (Check out a gagabit network analyzer at ftp://ftp.netinst.com/pub/product_lit_PDF/GOSS.pdf, or click here.) ftp://ftp.netinst.com/pub/product_lit_PDF/GOSS.pdfhere c.f., intrusion detection system ?

csci5233 computer security & integrity (Chap. 5) 15 Covert channels Examples of covert channels: p.201 c.f., Steganography replaces unneeded bits in image and sound files with secret data. See ory/0,10801,71726,00.html ory/0,10801,71726,00.html Types of covert channels: Storage channels pass information by the presence or absence of objects in storage. For example, a covert channel can signal one bit of information by whether or a not a file is locked. Timing channels pass information by the speed at which things happen. The shared resource is time. accept = 1; reject = 0 (See Fig. 5-12, p.204)

csci5233 computer security & integrity (Chap. 5) 16 Tools for identifying potential covert channels Shared Resource Matrix The basis of a covert channel is a shared resource. Finding all shared resources and determining which processes can write to and read from the resources… Looking for implied information flows: pp Is any of the implied flows “undesirable”? Information Flow Analysis based on the syntax Types of flows: Explicit – B := A; Implicit – a. B := A; C:= B; b. if (D == 1) then B:=A; More examples: Table 5-5 (p.206)

csci5233 computer security & integrity (Chap. 5) 17 Controls Against Program Threats Programming controls Typical software engineering methods: peer reviews, walk- through, information hiding, independent testing, configuration management (check-in, check-out, history of changes, …), formal methods (such as B) Process controls 1988: Standard 2167A (DoD) 1990: ISO 9000 – to specify actions to be taken when any system has quality goals and contraints 1993: CMM (Capability Maturity Model) – to assess the quality of a software development company 1995: SSE CMM (System Security Engineering CMM) – to assess the quality of security engineering development practices (See SSE CMM model v2, 1999

csci5233 computer security & integrity (Chap. 5) 18 Controls Against Program Threats OS controls Chapter 6 Trusted OS Confined programs Access logs for auditing Administrative controls Chapter 10 Enforcing standards of design, documentations, programming, testing, configuration management, etc. Security audits Separation of duties among employees

csci5233 computer security & integrity (Chap. 5) 19 Summary Viruses, worms, and targeted Malicious Codes Controls Against Program Threats –Programming & process controls –OS controls –Administrative controls Next: Chapter 6 (OS Security)