Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,

Published byMarcus Dorsey Modified over 9 years ago

Similar presentations

Presentation on theme: "Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,"— Presentation transcript:

1 Chap 3: Program Security

2  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms, Trojan horses  Program development controls against malicious code and vulnerabilities: software engineering principles and practices  Controls to protect against program flaws in execution: operating system support and administrative controls SE571 Security in Computing Dr. Ogara 2

3  Malware infection – most common attack (67.1%)  Losses due to cybercrime Malicious insiders NOT responsible (only 59.1%) None of the losses due to non-malicious insider actions (only 39.5%)  New incidents Exploits of client’s Web browser Exploits of users’ social network profile (Source: Computer Security Institute 2010/2011 Survey ) SE571 Security in Computing Dr. Ogara 3

4 4

5  What are programs?  Why do we need to secure them?  What do we secure them from?  How do we secure them?  What are security flaws?  What is a fault?  Causes of the fault  Effects of a fault  How to fix a fault SE571 Security in Computing Dr. Ogara 5

6  What are programs? Pieces of code Are the heart of computing Examples - OS, device drivers, network infrastructure, DBMS,.exe files, applications, etc SE571 Security in Computing Dr. Ogara 6

7  Why security at the program level? Programs are used by users Many programs perform variety of task Secure program implies some degree of trust  Confidentiality  Integrity  Availability Security characteristics depends on application and user’s perception about the quality of the application SE571 Security in Computing Dr. Ogara 7

8  Fault Incorrect step, command or process in computer programs caused by human mistake(error) Inside view as seen by developers  Failure Departure from systems required behavior Outside view of the system as seen by users SE571 Security in Computing Dr. Ogara 8

9  Fixing faults Penetrate and patch Patches introduce more problems Patches cause side effects SE571 Security in Computing Dr. Ogara 9

10  Program security flaw An inappropriate program behavior caused by a program vulnerability Do the programs behave as the designers intended – unexpected behavior Vulnerability is a weakness in the security system Can derive from any kind of software fault Example, a program containing Trojan horse is vulnerable but the user may not see security flaw in the program SE571 Security in Computing Dr. Ogara 10

11  Intentionally induced errors Malicious flaws Non-malicious flaws  Inadvertent flaws/Unintentional human errors Validation error Domain error Serialization and aliasing Inadequate identification &authentication Boundary condition violation Logic errors SE571 Security in Computing Dr. Ogara 11

12  Buffer overflows  Incomplete mediation  Time-of-Check to Time-of-Use Errors  Combination of Non-malicious Program Flaws SE571 Security in Computing Dr. Ogara 12

13  Analogy – Pouring 2 gal of water into 1 gal pitcher. Some water will spill out. Error leads to a mess  Buffer (array or string) is a space on which data can be held  Buffer resides in memory  Buffer’s capacity is finite  Because of this most programmers must declare needed buffer size SE571 Security in Computing Dr. Ogara 13

14  Consider the code below For (i=0; i<=9; i++) Sample [i] = ‘A’; Sample [10] = ‘B’  Programs and data elements share space with OS, other codes and resident routine  Four cases to consider in deciding where extra character - ‘B’ goes SE571 Security in Computing Dr. Ogara 14

15 SE571 Security in Computing Dr. Ogara 15 Last two gives users access to systems data/privil eges

16  Last 2 cases would cause problems System gets unstable b’se data is now inconsistent User code now runs system privileges  Although flaw is from honest mistake, attackers can exploit such flaws  Attacker may replace code in the system space by masquerading as the OS. SE571 Security in Computing Dr. Ogara 16

17  Used less often  Occurs when access is not checked universally  Unchecked data values represent serious potential vulnerability SE571 Security in Computing Dr. Ogara 17

18  Based on true story  Company selling products on their website  Web design flaw  Company passes price of items back to itself as parameters  Customer browser shows: http://www.things.com/order.asp?custID=101&part=5 55A&qy=20&price =10&ship=boat&shipcost=5&total=205 SE571 Security in Computing Dr. Ogara 18

19  Malicious attacker may change the parameters as follows: http://www.things.com/order.asp?custID=101&part=5 55A&qy=20&price =1&ship=boat&shipcost=5&total=25  Buy products for less – pay $25 instead of $ 205. SE571 Security in Computing Dr. Ogara 19

20  Exploits the delay between the time-of- check and time-of-use  Change may occur between time access was checked and time result of check was used  Analogy Agree on price Buyer counts stack of money Buyer takes back part of money without seller knowing (condition has changed before exchange) Buyer passes money, gets receipt and product (paid less) SE571 Security in Computing Dr. Ogara 20

21  Prevention Avoid exposing critical parameters during any loss of control - access checking software must own request until requested action is complete Do not allow interruption (loss of control) during validation Validation routine can copy from the user’s space to the routine’s area—out of the user’s reach SE571 Security in Computing Dr. Ogara 21

22  Uses three flaws above as one step in a multistep attack SE571 Security in Computing Dr. Ogara 22

23  Why are they problems? Write message on screen Stop a running program Generate sound Erase a file My be triggered by time, date, event or condition Run with same authority as user – read, write, modify, delete privileges SE571 Security in Computing Dr. Ogara 23

24  Viruses  Worms  Rabbit  Trojan horse  Trap doors  Logic bomb SE571 Security in Computing Dr. Ogara 24

25  By running or installing programs containing viruses  Email attachments which execute automatically  Executable zip files  Macros SE571 Security in Computing Dr. Ogara 25

26  Appended viruses  Viruses that surround a program  Integrated viruses and replacements  Document viruses – macros SE571 Security in Computing Dr. Ogara 26

27 SE571 Security in Computing Dr. Ogara 27

28 SE571 Security in Computing Dr. Ogara 28

29 SE571 Security in Computing Dr. Ogara 29

30  Difficult to detect  Not easily destroyed or deactivated  Spread infection widely  Ability to re-infect home or other programs  Easy to create  Machine and OS independent SE571 Security in Computing Dr. Ogara 30

31  Replacing home program  Boot sector viruses  Memory resident viruses  Macros SE571 Security in Computing Dr. Ogara 31

32  Completely replacing a program SE571 Security in Computing Dr. Ogara 32

33 SE571 Security in Computing Dr. Ogara 33

34  Based on signature Polymorphic viruses make it more difficult  Tracking storage patterns  Execution patterns  Transmission patterns Boot process Disk access Network connections SE571 Security in Computing Dr. Ogara 34

35  Program that spread copies of itself across the network  Also copies itself as a stand alone program  Usually spread through a network  Example, Code red SE571 Security in Computing Dr. Ogara 35

36  Merges bits of seemingly inconsequential data to produce powerful results  Programs disregard small amount of money during computations  These can be shaved off and accumulated elsewhere SE571 Security in Computing Dr. Ogara 36

37  Name based on Greek legend mythology  Malicious code hides within or looks like legitimate program  Certain conditions triggers it  Does not replicate SE571 Security in Computing Dr. Ogara 37

38  Hides in the computer  Allows someone from remote location to take control of your computer  Ability to execute programs, change settings, monitor activities and access files on a remote computer SE571 Security in Computing Dr. Ogara 38

39  Class of malicious code that activates as a result of specific condition  Time dependent SE571 Security in Computing Dr. Ogara 39

Download ppt "Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,"

Similar presentations

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Lecturer: Fadwa Tlaelan

Lecturer: Fadwa Tlaelan
Chapter 3 (Part 1) Network Security

Chapter 3 (Part 1) Network Security
Unit 18 Data Security 1.

Unit 18 Data Security 1.
ITMS- 3153 Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.

ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.
________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.

Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.

Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.
CSE331: Introduction to Networks and Security Lecture 31 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 31 Fall 2002.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Definitions  Virus A small piece of software that attaches itself to a program on the computer. It can cause serious damage to your computer.  Worm.

Definitions  Virus A small piece of software that attaches itself to a program on the computer. It can cause serious damage to your computer.  Worm.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Data Security.

Data Security.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Similar presentations

Ads by Google