Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.

Published byTrevor Wilkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650."— Presentation transcript:

1 Lecture 14 Overview

2 Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650 Lecture 14: Program Flaws

3 Security Flaws by Genesis Genesis – Intentional Malicious: Trojan Horse, Trapdoor, Logic Bomb, Worms, Virus Non-malicious – Inadvertent Validation error Domain error Serialization error Identification/authentication error Other error 3 CS 450/650 Lecture 14: Program Flaws

4 Flaws by time Time of introduction – During development Requirement/specification/design Source code Object code – During maintenance – During operation 4 CS 450/650 Lecture 14: Program Flaws

5 Flaws by Location Location – Software Operating system: system initialization, memory management, process management, device management, file management, identification/authentication, other Support tools: privileged utilities, unprivileged utilities Application – Hardware 5 CS 450/650 Lecture 14: Program Flaws

6 Malware Evolution 1980s – Malware for entertainment (pranks) – 1983: “virus” – 1988: Internet Worm 1990s – Malware for social status / experiments – 1990: antivirus software Early 2000s – Malware to spam Mid 2000s – Criminal malware CS 450/650 Lecture 14: Program Flaws 6

7 Lecture 15 Malicious Codes CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips

8 Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted function – Viruses are not programs – Definition from RFC 1135: A virus is a piece of code that inserts itself into a host [program], including operating systems, to propagate. It cannot run independently. It requires that its host program be run to activate it. 8 CS 450/650 Lecture 15: Malicious Codes

9 Kinds of Malicious Code Worm: a program that propagates copies of itself through the network. – Independent program. – May carry other code, including programs and viruses. – Definition from RFC 1135: A worm is a program that can run independently, will consume the resources of its host [machine] from within in order to maintain itself and can propagate a complete working version of itself on to other machines. 9 CS 450/650 Lecture 15: Malicious Codes

10 Kinds of Malicious Code Rabbit/Bacteria: make copies of themselves to overwhelm a computer system's resources – Denying the user access to the resources Logic/Time Bomb: programmed threats that lie dormant for an extended period of time until they are triggered – When triggered, malicious code is executed 10 CS 450/650 Lecture 15: Malicious Codes

11 Kinds of Malicious Code Trojan Horse: secret, undocumented routine embedded within a useful program – Execution of the program results in execution of secret code Trapdoor: secret, undocumented entry point into a program, used to grant access without normal methods of access authentication Dropper: Not a virus or infected file – When executed, it installs a virus into memory, on to the disk, or into a file 11 CS 450/650 Lecture 15: Malicious Codes

12 Malware Proliferation (Microsoft Security Intelligence Report 6)‏ CS 450/650 Lecture 15: Malicious Codes 12

13 Malware Families CS 450/650 Lecture 15: Malicious Codes 13

14 Regional Threat Categories (Microsoft Security Intelligence Report 6)‏ CS 450/650 Lecture 15: Malicious Codes 14

15 Virus Lifecycle Dormant phase: the virus is idle – not all viruses have this stage Propagation phase: the virus places an identical copy of itself into other programs of into certain system areas Triggering phase: the virus is activated to perform the function for which it was created Execution phase: the function is performed – The function may be harmless or damaging 15 CS 450/650 Lecture 15: Malicious Codes

16 Virus Types Parasitic virus: – Attaches itself to a file and replicates when the infected program is executed – most common form Memory resident virus: – lodged in main memory as part of a resident system program – Virus may infect every program that executes 16 CS 450/650 Lecture 15: Malicious Codes

17 Virus Types Boot Sector Viruses: – Infects the boot record and spreads when system is booted – Gains control of machine before the virus detection tools – Very hard to notice Macro Virus: – virus is part of the macro associated with a document 17 CS 450/650 Lecture 15: Malicious Codes

18 Virus Types Stealth virus: – A form of virus explicitly designed to hide from detection by antivirus software Polymorphic virus: – A virus that mutates with every infection making detection by the “signature” of the virus difficult 18 CS 450/650 Lecture 15: Malicious Codes

19 How Viruses Append 19 Original program virus Original program virus Virus appended to program += CS 450/650 Lecture 15: Malicious Codes

20 How Viruses Append 20 Original program virus Original program Virus-1 Virus surrounding a program += Virus-2 CS 450/650 Lecture 15: Malicious Codes

21 How Viruses Append 21 Original program virus Original program Virus-1 Virus integrated into program += Virus-2 Virus-3 Virus-4 CS 450/650 Lecture 15: Malicious Codes

22 How Viruses Gain Control Virus V has to be invoked instead of target T – V overwrites T – V changes pointers from T to V 22 CS 450/650 Lecture 15: Malicious Codes

23 High risk virus properties Hard to detect Hard to destroy Spread infection widely Can re-infect Easy to create Machine independent 23 CS 450/650 Lecture 15: Malicious Codes

24 Virus Signatures Storage pattern – Code always located on a specific address – Increased file size Execution pattern Transmission pattern Polymorphic Viruses 24 CS 450/650 Lecture 15: Malicious Codes

25 Antivirus Approaches Detection: – determine infection and locate the virus Identification: – identify the specific virus Removal: – remove the virus from all infected systems, so the disease cannot spread further Recovery: – restore the system to its original state 25 CS 450/650 Lecture 15: Malicious Codes

26 Preventing Virus Infection Prevention: – Good source of software installed – Isolated testing phase – Use virus detectors Limit damage: – Make bootable diskette – Make and retain backup copies important resources 26 CS 450/650 Lecture 15: Malicious Codes

27 Nyxem Email Virus Estimate of total number of infected computers is between 470K and 945K At least 45K of the infected computers were also compromised by other forms of spyware or botware Spread 27 CS 450/650 Lecture 15: Malicious Codes

28 Worm Self-replicating (like virus) Objective: system penetration (intruder) Phases: dormant, propagation, triggering, and execution Propagation: – Searches for other systems to infect e.g., host tables – Establishes connection with remote system – Copies itself to remote system – Execute 28 CS 450/650 Lecture 15: Malicious Codes

29 Code-Red Worm On July 19, 2001, more than 359,000 computers connected to the Internet were infected with the Code-Red (CRv2) worm in less than 14 hours Spread 29 CS 450/650 Lecture 15: Malicious Codes

30 Sapphire/Slammer Worm was the fastest computer worm in history – doubled in size every 8.5 seconds – infected more than 90 percent of vulnerable ~75K hosts within 10 minutes. 30 CS 450/650 Lecture 15: Malicious Codes

31 Witty Worm reached its peak activity after approximately 45 minutes – at which point the majority of vulnerable hosts had been infected World USA 31 CS 450/650 Lecture 15: Malicious Codes

Download ppt "Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650."

Similar presentations

Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,

Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
30/04/2015Tim S Roberts 20081 COIT13152 Operating Systems T1, 2008 Tim S Roberts.

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
Lecture 13 Malicious Software modified from slides of Lawrie Brown.

Lecture 13 Malicious Software modified from slides of Lawrie Brown.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Chapter 3 (Part 1) Network Security

Chapter 3 (Part 1) Network Security
A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys,

A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys,
Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips.

Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips.
ITMS- 3153 Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.

ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.
Chapter 14 Computer Security Threats

Chapter 14 Computer Security Threats
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.

Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.
Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,

Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.

Similar presentations

Ads by Google