Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003."— Presentation transcript:

1 Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003

2 Mobile Code And Mobile Code Security

3 Part I What is mobile code?

4 First, What Is Code?  Code is a series of commands, and (usually) contains no or little information.  Code can be executed, and running code most often requires some outside information (data) to work on.  Programs, applications, operating systems, games, calculators, media players, word processors and viruses are examples of code.  Resumes, pictures, videos, music, lists of numbers, and your ex-girlfriend’s social security number are examples of data. And how is it different from data?

5  Today, we constantly download or make web pages, movies, music and pictures then send them to friends and family. Data has definitely been successfully mobilized.  If I download Half-life, install and play it on my computer, then FTP it to a friend so he can install and play it*, could we then say that Half- life counts as mobile code? Enter the Internet * Legal battle with Sierra sold seperately

6 Mobile code is…  a general term used to refer to processes (executable code) that migrate and execute at remote hosts  any code that is specifically designed to be able to transport itself from one machine to another

7 Mobile code is…  a general term used to refer to processes (executable code) that migrate and execute at remote hosts  any code that is specifically designed to be able to transport itself from one machine to another

8 Mobile code is…  able to transport itself  fairly autonomous  often platform-independent  code that is moved from one host to another with or without interaction with the user

9 Examples of mobile code  Java applets and Java scripts  ActiveX controls  Visual Basic macros and scripts  Dynamic e-mail  Viruses, trojan horses, worms  The agents in The Matrix

10  Instead of moving large amounts of data around, move the computation to the data.  Add functionality anywhere anytime  Make distributed systems simpler, more flexible  Natural for network software What is mobile code good for?

11 Every rose… What is the problem with mobile code? SECURITY

12 Part II Mobile Code Security

13 A Tale of Two Problems  Malicious Code Problem  Malicious Host Problem

14 Malicious Code Problem  Mobile code that arrives at your workstation and intentionally or unintentionally causes you harm  Four attack classes: –invasion of privacy –denial of service –antagonism –system modification

15 Example?  Antagonism –meant to annoy or show off –no real damage to files or system –display of unwanted graphics or text  System modification –deletion of data or system files –capturing hard drive space – for e.g. to host shareware server

16 Example?  Invasion of privacy –read surfing history –read directory listings –steal files  Denial of service –re-aim browser –stealing CPU cycles –Web spoofing

17 Web Spoofing - example  Steal control of user’s view of web and simulate normal operation  Classic man-in-the-middle attack

18 Mobile code is smart  A firewall attempts to “block” Java in HTML by scanning port 80 (HTTP port) for the tag  Javascript can dynamically construct the tag once past the firewall

19 Counter-measures

20  Java applets and Java scripts  ActiveX controls  Visual Basic macros and scripts  Dynamic e-mail  Viruses, trojan horses, worms  The agents in The Matrix Examples of mobile code

21 Microsoft’s security  (Yeah right!)  Internet site zones of trust  ActiveX control signing and marking  Macro signing  Attachment warnings

22 SUN’s JAVA 2 Security  Identity –Origin –Signature – not same as origin!  Policy –Set by user(!!) or system administrator (still bad)  Good ol’ Sandboxing  Signatures use variation of X.509v3

23  Trusted third party that allows developers to digital sign their code  Consumers can feel safe in knowing that signed code is safe and has not been altered or tampered with – IF they trust the third party Verisign Digital Signing

24  Verisign works with: - Microsoft Authenticode and VBA - Netscape Object Signing - Sun Java signing  Techniques used include industry- standard cryptographic methods learnt in class – like RSA and PKI

25 Questions?

Download ppt "Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003."

Similar presentations

InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team 2001.09.18 (Nanjing)

InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team (Nanjing)
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
1 of 4 Malicious software, also known as “malware,” is often only a nuisance, but increasingly, malicious software can damage data, computers, and computer.

1 of 4 Malicious software, also known as “malware,” is often only a nuisance, but increasingly, malicious software can damage data, computers, and computer.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Safe IT – Protect your computer and Family from unwanted programs viruses and websites.

Safe IT – Protect your computer and Family from unwanted programs viruses and websites.
Downloading + Viruses. Downloading Modems (56K) V.90 DSL (digital subscriber line) Cable Modem Satellite.

Downloading + Viruses. Downloading Modems (56K) V.90 DSL (digital subscriber line) Cable Modem Satellite.
Hackers They can u Read the data files u Run the application programs u Modify some files which may cause damages Individuals who gain unauthorized access.

Hackers They can u Read the data files u Run the application programs u Modify some files which may cause damages Individuals who gain unauthorized access.
Web Security A how to guide on Keeping your Website Safe. By: Robert Black.

Web Security A how to guide on Keeping your Website Safe. By: Robert Black.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Computer Security and Penetration Testing

Computer Security and Penetration Testing

Similar presentations

Ads by Google