Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 17 Overview. Targeted Malicious Code Trapdoor – undocumented entry point to a module – forget to remove them – intentionally leave them in the.

Published byLucas Freeman Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 17 Overview. Targeted Malicious Code Trapdoor – undocumented entry point to a module – forget to remove them – intentionally leave them in the."— Presentation transcript:

1 Lecture 17 Overview

2 Targeted Malicious Code Trapdoor – undocumented entry point to a module – forget to remove them – intentionally leave them in the program for testing – intentionally leave them in the program for maintenance of the finished program, or – intentionally leave them in the program as a covert means of access to the component after it becomes an accepted part of a production system 2 CS 450/650 Lecture 17: Targeted Malicious Codes

3 Targeted Malicious Code Salami Attack – a series of many minor actions that together results in a larger action that would be difficult or illegal to perform at once – Ex. Interest computation rootkit – A program or coordinated set of programs designed to gain control over a computer system or network of computing systems 3 CS 450/650 Lecture 17: Targeted Malicious Codes

4 Targeted Malicious Code Privilege Escalation – a means for malicious code to be launched by a user with lower privileges but run with higher privileges Interface illusion – a spoofing attack in which all or part of a web page is false Keystroke Logging 4 CS 450/650 Lecture 17: Targeted Malicious Codes

5 Targeted Malicious Code Man-in-the-Middle Attacks Timing Attacks – attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms Covert Channels – programs that leak information – ex. Hide data in output 5 CS 450/650 Lecture 17: Targeted Malicious Codes

6 Covert Channel Two active agents – Sender (has access to unauthorized information) e.g., Trojan Horse in MS Word – Receiver (reads sent information) e.g., program creating the copy Encoding schema – How the information is sent e.g., – File F exists  0 – File F is does not exist  1 Synchronization – e.g., when to check for existence of F 6 CS 450/650 Lecture 17: Targeted Malicious Codes

7 Storage Covert Channels Based on properties of resources – pass information by using presence or absence of objects in storage Examples: – File locks – Delete/create file – Memory allocation 7 CS 450/650 Lecture 17: Targeted Malicious Codes

8 Timing Covert Channel Time is the factor – how fast – pass information using the speed at which things happen Examples: – Processing time – Transmission time 8 CS 450/650 Lecture 17: Targeted Malicious Codes

9 Controls Against Program Threats Prevent Threats during software development – Modularity security analysts must be able to understand each component as an independent unit and be assured of its limited effect on other components 9 CS 450/650 Lecture 17: Targeted Malicious Codes

10 Controls Against Program Threats Prevent Threats during software development – Encapsulation hide a component's implementation details minimize interfaces to reduce covert channels – Information hiding a component as a kind of black box components will have limited effect on other components 10 CS 450/650 Lecture 17: Targeted Malicious Codes

11 Controls Against Program Threats Peer Reviews – Hazard Analysis set of systematic techniques to expose potentially hazardous system states – Testing unit testing, integration testing, function testing, performance testing, acceptance testing, installation testing, regression testing 11 CS 450/650 Lecture 17: Targeted Malicious Codes

12 Controls Against Program Threats Good Design – Using a philosophy of fault tolerance – Have a consistent policy for handling failures – Capture the design rationale and history – Use design patterns Prediction – predict the risks involved in building and using the system 12 CS 450/650 Lecture 17: Targeted Malicious Codes

13 Controls Against Program Threats Static Analysis – Use tools and techniques to examine characteristics of design and code to see if the characteristics warn of possible faults Configuration Management – control changes during development and maintenance Analysis of Mistakes Proofs of Program Correctness – Can we prove that there are no security holes? 13 CS 450/650 Lecture 17: Targeted Malicious Codes

14 Operating System Controls on Use of Programs Trusted Software – code has been rigorously developed and analyzed Functional correctness Enforcement of integrity Limited privilege Appropriate confidence level 14 CS 450/650 Lecture 17: Targeted Malicious Codes

15 Operating System Controls on Use of Programs Mutual Suspicion – assume other program is not trustworthy Confinement – limit resources that program can access Access Log – list who access computer objects, when, and for how long 15 CS 450/650 Lecture 17: Targeted Malicious Codes

16 Administrative Controls Standards of Program Development Standards of design Standards of documentation, language, and coding style Standards of programming Standards of testing Standards of configuration management Security Audits Separation of Duties 16 CS 450/650 Lecture 17: Targeted Malicious Codes

17 Lecture 18 Protection in Operating System CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Ian Goldberg and Hesham El-Rewini

18 Operating System An OS allows different users to access different resources in a shared way The OS needs to control – the sharing and – provide an interface to allow the access Identification and authentication are required for access control CS 450/650 Lecture 18: Protection in Operating System 18

19 History OSs evolved as a way to allow multiple users use the same hardware – Sequentially (based on executives)‏ – Interleaving (based on monitors)‏ OS makes resources available to users – if required by them and permitted by some policy OS also protects users from each other – Attacks, mistakes, resource overconsumption Even for a single-user OS, protecting a user from him/herself is a good thing – Mistakes, malware CS 450/650 Lecture 18: Protection in Operating System 19

20 Protected Objects CPU Memory I/O devices (disks, printers, keyboards,...)‏ Programs Data Networks CS 450/650 Lecture 18: Protection in Operating System 20

21 Separation Keep one user's objects separate from other users Physical separation – Use different physical resources for different users – Easy to implement, but expensive and inefficient Temporal separation – Execute different users' programs at different times CS 450/650 Lecture 18: Protection in Operating System 21

22 Separation Logical separation – User is given the impression that no other users exist – As done by an operating system Cryptographic separation – Encrypt data and make it unintelligible to outsiders – Complex CS 450/650 Lecture 18: Protection in Operating System 22

23 Sharing Sometimes, users want to share resources – Library routines (e.g., libc)‏ – Files or database records OS should allow flexible sharing, not “all or nothing” – Which files or records? Which part of a file/record? – Which other users? – Can other users share objects further? – What uses are permitted? Read but not write, view but not print (Feasibility?)‏ Aggregate information only – For how long? CS 450/650 Lecture 18: Protection in Operating System 23

24 Memory and Address Protection Prevent program from corrupting other programs or data, operating system and maybe itself Often, the OS can exploit hardware support for this protection, so it’s cheap Memory protection is part of translation from virtual to physical addresses – Memory management unit (MMU) generates exception if something is wrong with virtual address or associated request – OS maintains mapping tables used by MMU and deals with raised exceptions CS 450/650 Lecture 18: Protection in Operating System 24

25 Memory and Address Protection Bare Machine user 0 n memory CS 450/650 Lecture 18: Protection in Operating System 25

26 Protection Techniques Fence register – Exception if memory access below address in fence register – Protects operating system from user programs – Single user only CS 450/650 Lecture 18: Protection in Operating System 26

27 Address Protection for a resident monitor memory 0 n Fence register CPU address true false error Address >= fence CS 450/650 Lecture 18: Protection in Operating System 27

28 Protection Techniques Base/bounds register pair – Exception if memory access below/above address in base/bounds register – Different values for each user program – Maintained by operating system during context switch – Limited flexibility CS 450/650 Lecture 18: Protection in Operating System 28

29 Protection Techniques Tagged architecture – Each memory word has one or more extra bits that identify access rights to word – Very flexible – Large overhead – Difficult to port OS from/to other hardware architectures CS 450/650 Lecture 18: Protection in Operating System 29

30 Segmentation Each program has multiple address spaces – Segments use different segments for code, data, stack – Or maybe even more fine-grained, different segments for data with different access restrictions Virtual addresses consist of two parts: – CS 450/650 Lecture 18: Protection in Operating System 30

31 Segmentation OS keeps mapping from segment name to its base physical address in Segment Table OS can transparently relocate or resize segments and share them between processes Each segment has its own memory protection attributes CS 450/650 Lecture 18: Protection in Operating System 31

32 Segmentation memory 0 n CPU (s,d) < true false error limitbase + Segment Table CS 450/650 Lecture 18: Protection in Operating System 32

33 Logical and Physical Representation of Segments CS 450/650 Lecture 18: Protection in Operating System 33

34 Translation of Segment Address Segment Table also contains memory protection attributes CS 450/650 Lecture 18: Protection in Operating System 34

35 Review of Segmentation Advantages: – Each address reference is checked for protection by hardware – Many different classes of data items can be assigned different levels of protection – Users can share access to a segment, with potentially different access rights – Users cannot access an unpermitted segment CS 450/650 Lecture 18: Protection in Operating System 35

36 Review of Segmentation Disadvantages: – External fragmentation – Dynamic length of segments requires costly out- of-bounds check for generated physical addresses – Segment names are difficult to implement efficiently CS 450/650 Lecture 18: Protection in Operating System 36

37 Paging Program (i.e., virtual address space) is divided into equal-sized chunks – pages Physical memory is divided into equal-sized chunks – frames Frame size equals page size CS 450/650 Lecture 18: Protection in Operating System 37

38 Paging Virtual addresses consist of two parts: – – # bits for offset = log 2 (page size), – no out-of-bounds possible for offset OS keeps mapping from page # to its base physical address in Page Table Each page has its own memory protection attributes CS 450/650 Lecture 18: Protection in Operating System 38

39 Paging memory 0 n CPU pd Page Table f fd Logical addressPhysical address CS 450/650 Lecture 18: Protection in Operating System 39

40 Page Address Translation CS 450/650 Lecture 18: Protection in Operating System 40

41 Review of Paging Advantages: – Each address reference is checked for protection by hardware – Users can share access to a page, with potentially different access rights – Users cannot access an unpermitted page Disadvantages: – Internal fragmentation – Assigning different levels of protection to different classes of data items not feasible CS 450/650 Lecture 18: Protection in Operating System 41

42 x86 Architecture x86 architecture provides both segmentation and paging – Linux uses a combination of segmentation and paging Only simple form of segmentation to avoid portability issues Segmentation cannot be turned off on x86 – Same for Windows CS 450/650 Lecture 18: Protection in Operating System 42

43 Paged Segmentation CS 450/650 Lecture 18: Protection in Operating System 43

44 x86 Architecture Memory protection bits indicate no access, read/write access or read-only access Recent x86 processors also include NX (No eXecute) bit, forbidding execution of instructions stored in page – Enabled in Windows XP SP 2 and some Linux distros – Helps against some buffer overflows CS 450/650 Lecture 18: Protection in Operating System 44

Download ppt "Lecture 17 Overview. Targeted Malicious Code Trapdoor – undocumented entry point to a module – forget to remove them – intentionally leave them in the."

Similar presentations

Threads, SMP, and Microkernels

Threads, SMP, and Microkernels
Part IV: Memory Management

Part IV: Memory Management
Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.

Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.
Introduction to Operating Systems CS-2301 B-term 20081 Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.

Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
CMPT 300: Operating Systems I Dr. Mohamed Hefeeda

CMPT 300: Operating Systems I Dr. Mohamed Hefeeda
Memory Management Design & Implementation Segmentation Chapter 4.

Memory Management Design & Implementation Segmentation Chapter 4.
Lecture 11: Memory Management

Lecture 11: Memory Management
Memory Management 2010.

Memory Management 2010.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Memory Management 1 CS502 Spring 2006 Memory Management CS-502 Spring 2006.

Memory Management 1 CS502 Spring 2006 Memory Management CS-502 Spring 2006.
CS-3013 & CS-502, Summer 2006 Memory Management1 CS-3013 & CS-502 Summer 2006.

CS-3013 & CS-502, Summer 2006 Memory Management1 CS-3013 & CS-502 Summer 2006.
Computer Organization and Architecture

Computer Organization and Architecture
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.

Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.
SE571 Security in Computing

SE571 Security in Computing
03/05/2008CSCI 315 Operating Systems Design1 Memory Management Notice: The slides for this lecture have been largely based on those accompanying the textbook.

03/05/2008CSCI 315 Operating Systems Design1 Memory Management Notice: The slides for this lecture have been largely based on those accompanying the textbook.
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.

Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.
Chapter 3 – Program Security Section 3.4 Targeted Malicious Code Section 3.5 Controls Against Program Threats.

Chapter 3 – Program Security Section 3.4 Targeted Malicious Code Section 3.5 Controls Against Program Threats.
Week 7 - Monday.  What did we talk about last time?  Malicious code case studies  Exam 1 post mortem.

Week 7 - Monday.  What did we talk about last time?  Malicious code case studies  Exam 1 post mortem.

Similar presentations

Ads by Google