Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 5 P rogram Security. csci5233 computer security & integrity (Chap. 5) 2 Outline Viruses & worms Targeted Malicious Codes –Trapdoors, Salami attack,

Published byBarbara Allison Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 5 P rogram Security. csci5233 computer security & integrity (Chap. 5) 2 Outline Viruses & worms Targeted Malicious Codes –Trapdoors, Salami attack,"— Presentation transcript:

1 Chapter 5 P rogram Security

2 csci5233 computer security & integrity (Chap. 5) 2 Outline Viruses & worms Targeted Malicious Codes –Trapdoors, Salami attack, Covert channels Controls Against Program Threats –Programming & process controls –OS controls –Administrative controls

3 csci5233 computer security & integrity (Chap. 5) 3 Program Security Protection of programs is at the heart of security in computing. Why? Two types of program flaws: –Inadvertent human errors –Malicious, intentionally induced flaws Why can’t we stop all program flaws?

4 csci5233 computer security & integrity (Chap. 5) 4 Types of Malicious Codes Virus, Trojan horse, Logic/Time bomb, trapdoor (backdoor), worm, rabbit Table 5.1, p.180 What’s the difference between a virus and a worm? oA virus attaches itself to another program; a worm does not. oA virus may rely on a variety of transmission media; a worm transmit itself across the network. Both viruses and worms duplicate themselves when executed.

5 csci5233 computer security & integrity (Chap. 5) 5 How do viruses work? A virus is activated by being executed. A virus attaches to a “good” program, the carrier, by –Appending (Fig. 5.1) –Surrounding (Fig. 5.2) –Integrating (Fig. 5.3) –Replacing (Fig. 5.4)

6 csci5233 computer security & integrity (Chap. 5) 6 Boot Sector Viruses The bootstrap load process The boot sector Block chaining: Each block of the bootstrap is chained to the next block. A virus may attach itself to any block in the chain, or may replace the boot sector. Fig.5.5.

7 csci5233 computer security & integrity (Chap. 5) 7 Other Homes for Viruses Resident codes/routines (TSR) Application programs –Example: Word macros Libraries Compilers, loaders, linkers, debuggers, anti- virus s/w Anything else not mentioned in the book?

8 csci5233 computer security & integrity (Chap. 5) 8 Virus Signatures The signature of a virus is composed of the following characteristics: 1.Storage patterns 2.Execution patterns (Table 5.2, p.187) 3.Transmission patterns A virus scanner checks the signatures of viruses to detect viruses. Polymorphic viruses: A virus that can change its appearance. For example: having two different starting words. Preventing virus infection: pp.189-190

9 csci5233 computer security & integrity (Chap. 5) 9 The Morris Worm Nov. 1988 Took advantages of well-known UNIX flaws: user passwords, finger, sendmail An irony Positive result: The CERT (Computer Emergency Response Team) was established at Carnegie Mellon University.

10 csci5233 computer security & integrity (Chap. 5) 10 The Bugbear Worm As recent as Sept./Oct. 2002 A mass-mailing worm, attempting to send itself to email addresses found on an infected system It also spreads through open network shares and has the ability to send print jobs to printers found on an infected network. Once the virus is run, it will attempt to disable various security products, including many forms of anti-virus and personal firewall software. It will also attempt to install a backdoor trojan that will allow a hacker access to the infected PC.

11 csci5233 computer security & integrity (Chap. 5) 11 The Bugbear Worm It makes use of the “Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability” in Microsoft Internet Explorer (v 5.01 or 5.5 without SP2). Simply opening or previewing an infected message in a vulnerable email reader can result in infection.Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability More details: http://us.mcafee.com/root/genericURL_genericLeftNa v.asp?genericURL=/common/en- us/helpcenter/bugbear.asp&genericLeftNav=/VirusInf o/VIL/vil_nav.asp http://us.mcafee.com/root/genericURL_genericLeftNa v.asp?genericURL=/common/en- us/helpcenter/bugbear.asp&genericLeftNav=/VirusInf o/VIL/vil_nav.asp

12 csci5233 computer security & integrity (Chap. 5) 12 Targeted Malicious Codes Trapdoors A trapdoor is a secret, undocumented entry point into a module. A trapdoor is usually placed in a program during development, and may be used by a programmer to gain access to the program when it is placed into production mode.

13 csci5233 computer security & integrity (Chap. 5) 13 Targeted Malicious Codes Salami attack salami: a highly seasoned sausage of pork and beef either dried or fresh (Merriam-Webster’ Collegiate Dictionary, http://www.m-w.com/ )http://www.m-w.com/ Salami attacks occur in programs that compute amounts of money. A small amount of money is shaved from each computation. Example: truncation of fractional cents during computation of interest (p.198) Hard to detect in a large program

14 csci5233 computer security & integrity (Chap. 5) 14 Targeted Malicious Codes Covert channel: a program that leaks information A type of Trojan horse How? In addition to normal, proper communication channels, a program opens covert channels to leak information to unauthorized viewers (Fig. 5-8, p.199) c.f. packet sniffers, network probes, network monitors, HTTP monitors, protocol analyzers? (Check out a gagabit network analyzer at ftp://ftp.netinst.com/pub/product_lit_PDF/GOSS.pdf, or click here.) ftp://ftp.netinst.com/pub/product_lit_PDF/GOSS.pdfhere c.f., intrusion detection system ?

15 csci5233 computer security & integrity (Chap. 5) 15 Covert channels Examples of covert channels: p.201 c.f., Steganography replaces unneeded bits in image and sound files with secret data. See http://www.computerworld.com/securitytopics/security/encryption/st ory/0,10801,71726,00.html http://www.computerworld.com/securitytopics/security/encryption/st ory/0,10801,71726,00.html Types of covert channels: Storage channels pass information by the presence or absence of objects in storage. For example, a covert channel can signal one bit of information by whether or a not a file is locked. Timing channels pass information by the speed at which things happen. The shared resource is time. accept = 1; reject = 0 (See Fig. 5-12, p.204)

16 csci5233 computer security & integrity (Chap. 5) 16 Tools for identifying potential covert channels Shared Resource Matrix The basis of a covert channel is a shared resource. Finding all shared resources and determining which processes can write to and read from the resources… Looking for implied information flows: pp.205-206 Is any of the implied flows “undesirable”? Information Flow Analysis based on the syntax Types of flows: Explicit – B := A; Implicit – a. B := A; C:= B; b. if (D == 1) then B:=A; More examples: Table 5-5 (p.206)

17 csci5233 computer security & integrity (Chap. 5) 17 Controls Against Program Threats Programming controls Typical software engineering methods: peer reviews, walk- through, information hiding, independent testing, configuration management (check-in, check-out, history of changes, …), formal methods (such as B) Process controls 1988: Standard 2167A (DoD) 1990: ISO 9000 – to specify actions to be taken when any system has quality goals and contraints 1993: CMM (Capability Maturity Model) – to assess the quality of a software development company 1995: SSE CMM (System Security Engineering CMM) – to assess the quality of security engineering development practices (See http://www.sse-cmm.org/)http://www.sse-cmm.org/ SSE CMM model v2, 1999

18 csci5233 computer security & integrity (Chap. 5) 18 Controls Against Program Threats OS controls Chapter 6 Trusted OS Confined programs Access logs for auditing Administrative controls Chapter 10 Enforcing standards of design, documentations, programming, testing, configuration management, etc. Security audits Separation of duties among employees

19 csci5233 computer security & integrity (Chap. 5) 19 Summary Viruses, worms, and targeted Malicious Codes Controls Against Program Threats –Programming & process controls –OS controls –Administrative controls Next: Chapter 6 (OS Security)

Download ppt "Chapter 5 P rogram Security. csci5233 computer security & integrity (Chap. 5) 2 Outline Viruses & worms Targeted Malicious Codes –Trapdoors, Salami attack,"

Similar presentations

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.

COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Lecturer: Fadwa Tlaelan

Lecturer: Fadwa Tlaelan
Chapter 3 (Part 1) Network Security

Chapter 3 (Part 1) Network Security
Unit 18 Data Security 1.

Unit 18 Data Security 1.
ITMS- 3153 Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.

ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.

Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.
Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,

Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.

Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Similar presentations

Ads by Google