Download presentation
1
Chapter 3 (Part 1) Network Security
Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code
2
In this Section Programming errors with security implications
Malicious Code Program Development and Controls Controls to protect against flaws in execution Programs (lots of them)have errors How do we keep programs from flaws? How do we protect computing resources against programs that contain flaws?
3
Secure Programs What is a secure program?
Everyone has there own requirement of secure. Part of assessing software quality Does it meet security requirements in specification? (is requirements complete?) In general, we often look at quantity and types of faults for evidence of security (or lack of it). We track these things.
4
Who’s Fault is it? Finding lots of faults in software early.
NOT GOOD. Early approaches were “Penetrate” and then “Patch” Repairing with a patch is a narrow focus and not the more important requirements. Patches can cause other problems. Non obvious side effects Fix one places – fails another Performance or function suffers
5
Types of Flaws Validation error (incomplete or inconsistent): permissions checks Domain error: controlled access to data Serialization and aliasing: program flow order Inadequate identification and authentication: basis for authorization Boundary condition violation: failure on first or last case Other exploitable logic errors
6
Unexpected Behavior Unexpected behavior is a program security flaw.
Does the program behave as it was designed? Behavior can be: Vulnerability (class of fault) Flaw (fault or failure) Flaw (human) Inadvertent Intentional
7
Nonmalicious Program Errors
Buffer Overflows Excess information provided – overfilling the bucket Buffer – space in which data is held (array or string) char sample[10] or char sample[i] For (i=0; I<=9; i++) sample[i] = ‘A’; sample[10] = ‘B’;
8
Figure 3-1 Places Where a Buffer Can Overflow.
9
Nonmalicious Program Errors
Incomplete Mediation Supplying the wrong type of data being requested. Supplying the wrong length of data being requested. Problem System Fails Supply of Bad Data Must be checked by programmer Client side verses Server Side Time-of-Check to Time-of-Use Errors Old bait-n-switch
10
Viruses and Other Malicious Code
Why worry about it? Harm What is it? Unexpected or undesired effects in program or data caused by an agent intent on damage. Agent is the writer of the code Mistakes are not malicious (human error) Virus – program that replicates itself to other programs by altering the program code. Transient virus – runs when host runs Resident virus – resides in memory (active as a stand alone)
11
Logic Bomb – only on a condition Time bomb – only at certain time
Trojan Horse – in addition to primary effect, has a second, non-obvious malicious effect. Passwords Logic Bomb – only on a condition Time bomb – only at certain time Trapdoor (backdoor) – other means of privileged access; intentional and non-intentional Worm – spreads virus via network Rabbit – replicates to exhaust recourses Viruses can append, surround and integrate
12
Figure 3-4 Virus Appended to a Program.
13
Figure 3-5 Virus Surrounding a Program.
14
Figure 3-6 Virus Integrated into a Program.
15
Figure 3-7 Virus Completely Replacing a Program.
16
Viruses (Continued) Document Virus
Within the format of a document Macro Virus Appealing Qualities for Virus Writers Hard to detect Not easily destroyed Spreads widely Re-infects easily Easy to create Machine and OS independent
17
Viruses (Continued) Where do they live?
One-Time Execution Virus – come in on ; these are popular Boot Sector Virus From the bootsrap (bootup); bootse ctor of the hard disk
18
Viruses (Continued) Where do they live? Memory-Resident Viruses
Terminate and Stay Resident (TSR) Infects Windows System Registry to reload Applications Macros Scripts Libraries Images Documents
19
Viruses (Continued) Virus Signatures
Viruses are no completely invisible They all leave a signature pattern (DNA) Patterns are found with Virus Scanners Virus patterns Always at same location Top of file location File size grows Strange code; jump statements Hash or checksum change (later chapters)
20
Figure 3-9 Recognizable Patterns in Viruses.
21
Viruses (Continued) Transmission Patterns
Polymorphic Virus – every changing virus Encrypting Virus – tries to hide Prevention Commercial software applications Test all software Opening attachments Make system images Keep copies of executable files and data files Virus Detection Software
22
Viruses (Continued) Truths and Misconceptions about Viruses
Viruses infect only Windows (False) Viruses can modify “hidden” or “read-only” files (True) Files only appear in executable files (False) Viruses spread only on disks or only through (false) Viruses cannot remain in memory when power is off (True/False) Viruses can not infect hardware. (True/False) Viruses can be malevolent, benign or benevolent (True)
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.