Download presentation
Presentation is loading. Please wait.
1
CHAPTER 4 Methodology
2
TYPES OF PROBLEMS 1. Black Box 2. Translucent Box 3. Crystal Box
This is the process to find vulnerabilities when attackers decide to go about attacking a product or system. Before attacking, there are three different classes of problems can be recognized: 1. Black Box 2. Translucent Box 3. Crystal Box The types of box refers to the level of visibility into the workings of the system we want to attack.
3
BLACK BOX Unknown Chips
It refers to any component or part of a system whose inner functions are hidden from the user of the system. Black Box analysis situation: Unknown Chips A good example of real-life black box. There are a lot of difficulty to determine what kind of chip. How to attack? Rip the box open but it only works when the box is physically available to user.
4
BLACK BOX Unknown Remote Host
A host across a network called FRED. There are no physical access to the host. How to attack? 1. Attacker would probably grab a handful of DoS tools and hit FRED. A program file of FRED may gives much greater sight into what FRED’s internal look like. 2. FRED has a UI of some sort. UI will have something (input) that FRED will accept (a possible bit stream) and attacker will have a chance to guess what the commands might be.
5
TRANSLUCENT BOX The black box discussion is only theory because there are no truly black box, only translucent boxes of various degree of transparency. How to attack? The attack can be done by penetrating the box shell and peek inside at the inner workings. It can be accomplished on a system or product under user control even for a remote system. The attack can be applied by using a number of tools and techniques against the system or product.
6
TRANSLUCENT BOX System Monitoring Tools
It can determine what kinds of files and other resources the program accesses. Windows doesn’t come with any tools of this sort, so, we should go to a third party. In particular, the tools of interest are Filemon and Regmon. Filemon allow user to monitor a running program to see what files it is accessing whether it’s reading or writing, where the file in and what other files it’s looking for.
7
TRANSLUCENT BOX Regmon allows user to monitor much the same for the Windows Registry, what keys it’s accessing, modifying, reading, looking for, etc. In most UNIX versions come with a set of tools that are a number of tracing programs, for example, trace, strace, ktrace and truss. In Red Hat Linux (version 6.2), attack can be done by using strace utility – it can show system (kernel) calls and what the parameters are, so, attackers can learn a lot about how a program works this way.
8
TRANSLUCENT BOX Packet Sniffing Tools
This tools usually used to attack the program if the program is primarily a network program. A tool that can be used to do packet sniffing is called sniffer. In network attack, we will need to determine what constitutes a unit of information, called “field”. A field is a piece of the input that the host processes separately. All these fields make up the protocol the server speaks.
9
TRANSLUCENT BOX Debuggers and Decompilers
A debugger is a piece of software that will take control of another program, ex, SoftICE. It allow things like stopping at certain points in this execution, changing variables and even changing the machine code in some cases. A decompiler (disassembler) is a program that takes binary code and turns it into some higher-level language, often, assembly language, ex, IDA Pro. It can deduce some of the original source code from the binary (object) code.
10
CRYSTAL BOX A crystal box is one we can see straight into the box.
This means for two things: 1. A hardware that we have the schematics 2. A software that we have the source code. How to attack? If we have the schematics for a hardware or the source code for a product or software, just read the code and change the code to disable the operation.
11
PROBLEMS There are some problems to find vulnerabilities using of all these methods: 1. Lack of information and difficulty in obtaining it, for example, in the crystal box, the reviewer must have a certain minimal knowledge set to be effective. 2. Cost and availability of tools. Some of the tools are quite expensive, for example, decompilers and debuggers. 3. Difficulty in creating a duplicate environment because there will still usually be significant time and disruption involved in configuring a target.
12
HOW TO SECURE There really isn’t any form of protection against these types of attacks. The main protection is make things as difficult as possible for attacker to attack by: 1. Limit the information given away. The less information leaked, the harder the attacker has to work. 2. Limit the rate at which information leaked. The less rate leaked, the slower the attacker has to work.
13
End of Chapter 4 Thank You
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.