Add to collection(s) Add to saved
  1. Business
  2. Economics
  3. Econometrics

Chapter 3-2

advertisement 
Chapter 3 – Program Security
Section 3.4 Targeted Malicious Code
Section 3.5 Controls Against Program Threats
In this Section
 Program Threats
 Trapdoors
 Salami Attack
 Privilege Escalation
 Man-in-the-Middle
 Covert Channels
 Controls Against Program Threats
 Modularity
 Mutual Suspicion
 Hazard Analysis
Targeted Malicious Code
 So far looked at code written to affect users and
machines indiscriminately
 Targeted Malicious Code – written for a particular
system or application with a particular purpose
 Similar to viruses but with the addition of new
techniques
Trapdoor
 Trapdoor – an undocumented entry point to a module.
 Inserted for code development
 “Hooks” to add additional future enhancements
 Can be legitimate or non-legitmate
 Software Testing
 Unit Testing
 Integration Testing
 Stubs and Drivers – routines that inject information during
testing
 Control Stubs – used to invoke debugging code
 Accidently left in place
 Poor Error Checking
Trapdoors
 Poorly defined Data
 Incomplete Mediation
 Undefined Opcodes – instructions that have not been
defined for the processor
 Trapdoors can be useful
 Software audits may request trapdoors to be inserted
 Trap doors should always be documented.
Causes of Trapdoors
 Forgot to remove
 Intentionally for Testing
 Intentionally left for maintenance
 Intentionally left for covert means of access
 Trapdoors are not bad. They are not faults until the
trapdoor is not shut.
 A system is not secure if a trapdoor is present but
unknown by others
Salami Attack
 Named after the way scrap meat is used to form salami
 Salami Attack – merges seemingly inconsequential bits of
data to yield something important
 Classic Salami Attacks
 Missing ½ cent
 Missing percentage
 Taking a bit from a bunch
 Charging higher fees
 Why do they happen?
 Sometimes programmers just except small errors
 Code many times it to large to look for salami type errors
Rootkits
 Rootkit – is a piece of malicious code that goes to
great lengths not to be discovered
 If discovered tries to reestablish itself
 Tries to run itself as “root” on the system (UNIX




administrator)
Resides between user and OS
Intercepts commands in order to keep itself hidden
Rootkit Revealer – program written to reveal rootkits
XCP rootkit – used to help prevent copying of music
Others
 Privilege Escalation-Attack is a means for malicious
code to be launched by a user with lower privileges but
run with higher privileges
 Interface Illusions - spoofing an attack in which all
or part of a web page is false
 Keystroke Logging – keeps a copy of everything
pressed
 Man-in-the-Middle Attack- Malicious program exists
between tow programs
 Timing Attack – identify how fast something happens
Covert Channels
 Communication information to people/systems that





should not have it
Unnoticed communication and accompanies other
information
Data written to a drive, sent across a network, placed in a
file or printout
Storage Channel – passes information based on presence
or non-presence of data
File lock Channel – lock or non-lock of file
Timing Channels – varying speed in system or not using
assigned computational time
Controls Against Program Threats
 Development of Controls
 Specify the system
 Design the system
 Implement the system
 Test the system
 Review the system at various stages
 Document the system
 Manage the system
 Maintain the systems
 Typically it is not one person that does all of these
Designing Secure and Usable
Systems
 You can’t retrofit usable security
 Tools aren’t a solution
 Min the upper layers
 Keep the customers satisfied
 Think Locally; act locally
Modularity
 Small self-contained units
 Modularity
 Isolates
 Hides
 Keep it isolated from the effects of other components
 Encapsulation – is isolation
 Information Hiding – each component hides its
precise implementation of some other design decision
from others.
Modularization
 Process of dividing into subtasks
 Goal of Modular Units
 Single-purpose
 Small
 Simple
 Independent
 Advantages of Modularity
 Maintenance
 Understandability
 Reuse
 Correctness
 Testing
Modularity
 High Cohesion
 All the elements of a component have a logical and
functional reason for being there
 Low Coupling
 The degree with which a component depends on other
components in the system
 Encapsulation – does not mean complete isolation
 Information Hiding – a “black box” approach
Mutual Suspicion
 Programs are not always trustworthy
 Mutual suspicion – each program operates as if other
routines in the system were malicious or incorrect
 Confinement – program is strictly prohibited in what
system resources can be accessed
Peer Reviews
 Peer review
 Hazard analysis
 Testing
 Good design
 Predictions
 Static analysis
 Configuration management
 Analysis of mistakes
Types of Peer Review
 Review- presented formally
 Walk-Through – creator leads and controls the
discussion
 Inspection – formal detailed analysis
 Finding a fault and dealing with it:
 By learning how, when, and why errors occur
 By taking action to prevent mistakes
 By scrutinizing products to find the instances and
effects of errors that were missed.
Hazard Analysis/Testing
 Hazard Analysis – set of systematic techniques to expose potentially hazardous system
states.
 Hazards and Operability Studies
 Failure Modes and effects analysis
 Fault tree analysis
 Testing
 Unit Testing
 Integration Testing
 Function Testing
 Performance Testing
 Acceptance Testing
 Installation Testing
 Regression Testing
 Black-box Testing
 Clear-box Testing
 Independent Testing
 Penetration Testing
Good Design
 Using a philosophy of fault tolerance
 Having a consistent policy for handling failures
 Capturing the design rationale and history
 Using design patterns
 Passive fault detection – waiting for a system to fail
 Active fault detection – construct a system that
reacts to a failure
Good Design
 Handling Problems
 Retrying – restoring the system to previous state and try
again
 Correcting – resorting the system to previous state and
correcting some system characteristic before trying
again
 Reporting – restoring and reporting but not trying again
Configuration Management
 Who is making the changes
 Corrective change
 Adaptive change
 Perfective change
 Preventive change
 Configuration Management – is the process by which we
control changes during development and maintenance
 Configuration identification
 Configuration control and change management
 Configuration auditing
 Status accounting
Related documents
On Boolean functions, symmetric cryptography and algebraic coding
On Boolean functions, symmetric cryptography and algebraic coding
Chapter 3: Program Security
Chapter 3: Program Security
Prophiler: A fast filter for the large
Prophiler: A fast filter for the large
Final Presentation - Computer Science
Final Presentation - Computer Science
Network theory III
Network theory III
Rootkits
Rootkits
San Andreas Fault System Stress Accumulation Rates
San Andreas Fault System Stress Accumulation Rates
Safe(r) Web Browsing presentation
Safe(r) Web Browsing presentation
slides
slides
Defining and classifying hazards.
Defining and classifying hazards.
IPDE PROCESS - Community Unit School District 200
IPDE PROCESS - Community Unit School District 200
Susan MacKenzie
Susan MacKenzie
Document13359443 13359443
Document13359443 13359443
CABLE FAULT ANALYSIS BY
CABLE FAULT ANALYSIS BY
Forecasted Tools for Issuing Hydrologic Hazards in AWIPS II
Forecasted Tools for Issuing Hydrologic Hazards in AWIPS II
Basic Email and Web Security
Basic Email and Web Security
Full Talk
Full Talk
Learning to Detect and Classify Malicious Executables in the Wild
Learning to Detect and Classify Malicious Executables in the Wild
Recent Rootkit History
Recent Rootkit History
PPT
PPT
Download
advertisement