1 Part 6: System Security u Malware u Safe Coding u Software Trust u Virus Detectors u Software Signatures u “Kernel Integrity Checkers” u “Application.

Slides:



Advertisements
Similar presentations
New Security Issues Raised by Open Cards Pierre GirardJean-Louis Lanet GERMPLUS R&D.
Advertisements

Vpn-info.com.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Chapter 3 (Part 1) Network Security
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
Malwares – Types & Defense Raghunathan Srinivasan Sept 25, 2007 CSE 466/598 Computer Systems Security.
1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.
Attacking Malicious Code: A Report to the Infosec Research Council Kim Sung-Moo.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Computer Security and Penetration Testing
Protection and Security CSCI 444/544 Operating Systems Fall 2008.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.
G53SEC 1 Reference Monitors Enforcement of Access Control.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES By: Eric Chien and Peter Szor Presented by: Jesus Morales.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Lecture 2 Title: Computer Software By: Mr Hashem Alaidaros MIS 101.
1 Higher Computing Topic 8: Supporting Software Updated
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
CE Operating Systems Lecture 3 Overview of OS functions and structure.
G53SEC 1 Reference Monitors Enforcement of Access Control.
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Malicious Logic and Defenses. Malicious Logic Trojan Horse – A Trojan horse is a program with an overt (documented or known) effect and covert (undocumented.
1 Part 7: State of the Art and Future u Are we in a sorry state? u How to keep us Safe? u Software trust management u Hardware trust management u Evasive.
Security Architecture and Design Chapter 4 Part 1 Pages 297 to 319.
Operating Systems Security
Security Vulnerabilities in A Virtual Environment
Wireless and Mobile Security
Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.
Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.
Lecture 4 Page 1 CS 111 Online Modularity and Virtualization CS 111 On-Line MS Program Operating Systems Peter Reiher.
Exploiting Instruction Streams To Prevent Intrusion Milena Milenkovic.
VMM Based Rootkit Detection on Android
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Information Systems Design and Development Security Precautions Computing Science.
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
Security on the Internet Norman White ©2001. Security What is it? Confidentiality – Can my information be stolen? Integrity – Can it be changed? Availability.
Chapter 40 Internet Security.
Security of Digital Signatures
Modularity Most useful abstractions an OS wants to offer can’t be directly realized by hardware Modularity is one technique the OS uses to provide better.
CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.
Lecture 1-Part 2: Operating-System Structures
Chap 10 Malicious Software.
Security.
Chap 10 Malicious Software.
Sai Krishna Deepak Maram, CS 6410
Operating System Concepts
Test 3 review FTP & Cybersecurity
Presentation transcript:

1 Part 6: System Security u Malware u Safe Coding u Software Trust u Virus Detectors u Software Signatures u “Kernel Integrity Checkers” u “Application Integrity Checkers”

2 Computer Systems u Security – keep the systems safe u No malware u No applications that can be attacked u No data stolen u No corruption or harmful activity u User accounts are not hacked u ….. HOW? Safe software Virus checks Sandboxing Integrity checking Crypto File Systems Smartcards

3 Safe Coding u Not well understood u Software has vulnerabilities, ensure attack free code at implementation time  Stack Guard and Lib Safe and a host of techniques are available  Type safe languages are available  Not clear if these approaches work u Teach programmers to be aware of attack techniques on software  Safe coding practices

4 Bounds Checking u Array bounds often get exceeded and yet nothing happens  Very common in C and C++ code  Optimized compilers for all languages disable bounds checking  Have to be checked in software, at all points u Buffer overflow of many kinds use this u For every data transfer we need to check the size of the data  Function calls  Data copying  Reading input  more

5 Input Validation u Input to a program has to be validated  From network  From files  From user u Almost never done u A program “expects” the data to be formatted correctly, specially if that program generated the data  Suppose WORD creates a DOC file  When WORD reads it, the data is expected to be in WORD format  Simple checks are NOT enough u This vulnerability is ingrained into all legacy software

6 Calling Routines u When routines are called, the caller and the callee must perform sanity checks on arguments u Specially when system calls and library routines are called u Many stack and heap smashing attacks use such vulnerabilities  If a program has a call to the “system” routine in Unix  If arguments are tampered with, any program can be run by an attacker

7 Root Access Attacks u “set uid” programs can gain root access  Used heavily for Unix  Similar features in all operating systems u Many attacks have been designed to misuse this feature in many non-intuitive ways u Databases are particularly attackable via setuid attacks

8 Heap tricks u Put crafted data on heap  Most input is read into the heap area anyway u Ensure that a particular pointer to an argument to another function call has been tampered with  Next time the function is called, it will be called with attacked arguments u Hard to detect and protect against

9 Open Source vs. Closed Source u What is safer – Open Source or Closed Source? u Open Source:  Many eyes theory  When found, vulnerabilities quickly fixed u Closed Source:  Stringent code review and coding security policies may be in effect  Even if vulnerabilities exist, they may not be found, as the code is unknown  Vendor may have liability u This debate has no obvious outcome, both have advantages and disadvantages

10 Data Execution u Many attacks inject executable code as data and then transfer control to it u Solution is to ensure data is never executed  Code resides in code segment, data resides in data segment  Code segment must be non-writable  Data segment must be non-executable u Hardware support needed NX or XD bits in page tables  Existed in the old VAX architecture

11 Software Issues u Software is inherently untrustable u Even if source code is visible (e.g. Thompson Attack)  Many techniques for obfuscation  Easy to make software do things other than what the source code seems to do u Programmers can inject things into programs that can be harmful  By design  By accident u How do we know that software is to be trusted?  OS  Applications  Drivers  Downloaded things No good answer

12 Feature Creep u Features of a program causes unforeseen vulnerabilities u e.g. Visual Basic Scripting in Outlook  Why does an reader have to be programmable?  ….because it can be done! u Complex features of programs are attractive to designers and to end users u Impossible to analyze the security impacts u Many tricks are then invented by attackers u Old adage: Keep it simple  Code will be cleaner  Features would be understandable  Unforeseen consequences will be minimized

13 Malware u Virus – Trojan – Worm u Adware, spyware u Rootkits Can be detectable, but only if detector in operating system Not detectable

14 Virus Detectors u Current state of the art in virus prevention is detection of viruses in all incoming files and existing files u Any file that a computer accesses is “scanned” by a virus detector u Hooks to the “open” and other system calls  Makes system performance degrade u Scanning via hash matching u Needs to know all the hashes of known viruses  Detects known viruses  Does not detect changes to existing programs  Have to frequently download “virus definitions”

15 Downside of Virus Detectors u Can be easily disabled (via buffer overflow, for example) u Rootkits can uninstall it, or disable it  Cannot detect rootkits u Performance is slow u New viruses can spread without fear for some time u The virus detector is itself a virus?  Yes, but a good one  No, but can be, via a little social engineering u Can store hashes of good files, but….  A virus can change the definitions and escape detection

16 Smart Viruses u Polymorphic Viruses u Viruses that attack detectors u Viruses that hide from detectors  Camouflaged  Hidden names

17 Rootkits u Rootkits are kernel patches + processes u Processes may run with Admin/root privileges u Special routines are embedded in the kernel u Many kernel routines may be changed or patched u How to detect  Take checksum of kernel  Take checksum of routines that may change  Look at kernel tables and watch for changes  Check for perturbations

18 Undetecatable u If a rootkit is not worried about rootkit detectors then it is detectable u Rootkits can be designed to be evasive  If we take hashes of the kernel, it will patch the routine that computes the hash  If we track kernel tables, the tracking routine will be patched u A “new” rootkit detector will find an old rootkit  As long as the rootkit writer does not know of the detector and its techniques  A rootkit can patch itself later to become invisible to new rootkit detector  Cat and Mouse game

19 Sandboxing u Run a program with some flags set in the kernel, designating it to be a sandboxed process u Every time this process calls a “system call”  Check whether it is an allowable operation  Check whether the arguments are “allowed”  Interpret the call and ensure it falls under the “safe” category  Policies have to be stated and enforced  …. Loopholes?

20 Integrity Checking u Every executable file should have a pre-computed hash and a signature and an issuer certificate  Hash ensures any changes to the executable is detectable  Signature ensures that no one updates the hash  Issuer certificate ensures the signature is not faked  This information is stored, separately from the file itself (hopefully securely) u Integrity Checking  Check hash and signature every time the file is executed  Check hash occasionally while the program execution is in progress (to detect dynamic corruption) u Problem: Who does the checking?

21 Application Integrity Checking u Assume: Operating System is not compromised u OS does Application Integrity Checking  OS stores hashes and signatures  Unsigned application either not allowed, or signed by OS  Dynamic checking is also done u Ensures freedom from downloaded viruses u Ensures some freedom from buffer overflow attacks  Cannot be completely detected, but the harm caused is limited u Runs only “trusted applications” u Either signed applications or authorized by the user  Help prevention of undetected downloads, spyware and many such malware

22 Kernel Integrity Checking u How to check the OS for rootkits? u Use a hardware device  TCG “Trusted Computing Group” approach  “Co-Pilot” approach u Use a software device  The VMM “Virtual Machine Manager” approach u Concept:  A trusted device has keys and signatures for the operating system components  This device can access the OS and check it for integrity  Possible to detect rootkits, as long as the checker is not compromised

23 Hardware Checking u TPM (trusted platform module) from TCG  A hardware device, that contains keys and hashes for checking integrity of operating systems  Attestation of software and digital signatures possible  An elaborate framework of security modules, protocols and monitoring of applications  Can be used to enforce software licenses u Co-Pilot Project  Hardware on the PCI bus, can take over the computer  Performs memory checks on the OS and interrupt routines  Can detect rootkits, even dynamic ones

24 Software Checking u Run the Operating System as a host on a Virtual Machine Manager u The VMM is hard to compromise  Small, hence free of vulnerabilities (assumption)  OS has to be rootkitted to attack VMM, but the VMM can detect such rootkits u Check OS integrity from the VMM (Terra Project) u Check OS integrity from a separate host operating system called the Security Monitor  ASU project u Work in progress, not tested well yet

25 Secure I/O u All security solutions outlined so far suffers from a spoofing vulnerability u A piece of software can be flagged to be “trusted” by faking human input by a program (virus) u TO ensure spoof freedom there is a need for a secure I/O channel from the core security system to the human user  TCG-TPM, Co-Pilot, Terra --- all are vulnerable u Secure I/O needs separate hardware channel, separate keypad  An SSL connection to a small communicator may be a solution.

26 Crypto File Systems u All files are stored encrypted u Where is the key?  Derived from a passphrase  Everything is “weak” as along the computer is “running” u MS-CFS uses PKI u Advantages  Lost/stolen disks are secure  Proper implementations may disallow some viruses from accessing some files u Diadvantrages  Files are decrypted on the fly and CFS is transparent to users and hance viruses  Attacking the key is possible

27 Current Status u Integrity checking is almost non-existent in deployed software  Hence, all systems are soft against viral attacks  Big security problem,  Device driver signing is used in Windows, quite ineffective u The TCG system is the closest to deployment  Also the weakest system  Has political implications u No other solutions are being deployed   may not be entirely true

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.