International Journal of Engineering Trends and Technology (IJETT) – Volume 15 Number 3 – Sep 2014
Overview of Cyber Security
Karan B. Maniar
Atharva College of Engineering
University Of Mumbai
Mumbai, India
Abstract
Cyber security, also referred to as information
technology security, focuses on protecting computers,
networks, programs and data from unintended or
unauthorized access, change or destruction [1]. In the
last decade, buffer overflows have been ubiquitous
[2]. Another type of attack that is becoming universal
is remote client-side attack [3]. It is very important to
clearly understand the types of attacks, and the steps
to be taken to prevent such security attacks. This
paper aims to elucidate primary factors relating to
security. I also go further to provide information on
some more common types of attacks and steps to be
taken to avert them. The lethality of these types of
attacks could hinder the growth of the Internet.
1.
INTRODUCTION
Buffer overflows are one of the most serious class
of security threats because the control of the host
can be taken by anyone. They are very common and
extremely easy to exploit. Buffer overflows have
been subjected to a lot of analysis and the fact that
they constitute a majority of remote penetration
security issues warrants analysis of this degree. [1]
Another type of attack is denial-of-service (DoS)
attack. It is an attempt to make a machine or
network resource unavailable to its intended users
[4]. The length and size of attacks don’t follow
exponential distribution, but follow heavy-tailed
distribution. The technique which is used to
estimate DoS attack activity in the Internet is termed
“backscatter analysis”. [5]
Another security exposure is the one which results
in the contamination of the origin (scheme, host or
port.) If the browser provides no isolation between
documents from the same scheme, host or port, then
it could result in the contamination vulnerabilities in
a numerous browser security features like cookies,
encryption, and code signing. Refining the
browser’s notion of origin is an appealing approach,
but the attackers can bypass these “finer grained
origins”, making this approach futile. [7]
ISSN: 2231-5381
Undermining machine-code execution is the basis
of current software attacks. A basic safety property
which can avert such attacks is Control-Flow
Integrity (CFI). CFI is compatible with most
existing software, and doesn’t result in slowing the
system the down because it has very low
performance overhead. There are many creative
vulnerability reduction proposed, but they have
some limitations which are caused by lack of a
realistic model, reliance on informal reasoning and
hidden assumptions. [6]
2.
BUFFER OVERFLOW
Definition
A buffer is a temporary data storage area. A buffer
overflow occurs when a program or process tries to
store more data in a buffer than it was intended to
hold. [8]
How to prevent or eliminate the vulnerability?
A combination of the StackGuard [9] [10] defense
and the non-executable stack defense[11] [12] serve
to defeat many contemporary buffer overflow
attacks, and that the proposed PointGuard defense
will address most of the remaining contemporary
buffer overflow attacks.
3.
DENIAL-OF-SERVICE ATTACK
Definition
A Denial-of-Service (DoS) attack is an attack meant
to shut down a machine or network, making it
inaccessible to its intended users. This is achieved
by flooding the target with traffic, or triggering a
crash by sending it the type of information which
triggers the crash. By using any of these two ways,
DoS attack disposes authorized users the service or
resource they expected. [13]
Casualties of DoS attacks often target the web
servers of high-profile organizations such as
banking, commerce, and media companies, or
government and trade organizations. DoS attacks
seldom result in the theft or loss of noteworthy
information or other belongings, but they are potent
http://www.ijettjournal.org
Page 110
International Journal of Engineering Trends and Technology (IJETT) – Volume 15 Number 3 – Sep 2014
enough to cost the victim a great deal of time and
money. [13]
There are two general methods of DoS attacks:
flooding services or crashing services. Flood attacks
occur when the system receives too much traffic for
the server to buffer, causing them to slow down and
eventually stop. Popular flood attacks include:
Buffer overflow attacks, ICMP flood and SYN
flood. [13]
A few origin contaminations are:
Cookie Paths, Web Server Key-Enabled Cookies,
Mixed Content, Extended Validation, Petname
Toolbar, Signed JARs, Certificate Errors. [7]
A few solutions are: [7]
Embrace:


How to prevent a Denial-of-Service attack?
Here are a few methods to block the attack: [14]




Blocking the Attack with Packet Filters on
the Router(s)
Blocking the attack by configuring
Windows Firewall.
Null Routes.
Blocking the attack by configuring the
webserver.
4.
Frame Navigation
Phishing Filters
Extend:


HTTPEV
YURL
Destroy:



ForceHTTPS
SafeLock
ForceCertificate
CONTROL FLOW INTEGRITY (CFI)
Definition
Ideally, CFI prevents flows of control that were not
intended by the original program, effectively putting
a stop to exploitation based on return oriented
programming (and many other attacks besides). [15]
LITERATURE SURVEY
Sr.
No
1
Year
Paper
Description
2000
Attacks and
defences for the
vulnerability of
the decade
2
2000
Inferring Internet
denial-of-service
activity
3
2001
Intrusion
detection via
static analysis
4
2003
Remote timing
attacks are
practical
5
2004
Privacy of
contextual
integrity
6
2005
7
2005
Control-flow
integrity
Outwitting the
Witty worm
8
2005
Presents a detailed
categorization and
analysis of buffer
overflow
vulnerabilities,
attacks, and
defenses.
Presents a new
technique called
“backscatter
analysis,” for
estimating denial-ofservice attack activity
in the Internet.
Successfully applies
static program
analysis to intrusion
detection
Successfully applies
static program
analysis to
intrusion detection.
Develops a model of
informational privacy
in terms of contextual
integrity, defined as
compatibility with
presiding norms of
information
appropriateness and
distribution.
CFI and its
advantages.
Presents fine-grained
understanding of the
exact control flow of
a particular worm.
Techniques are
shown which are use
to exploit inherent
statistical constraints
in the input and to
Weakness of CFI
CFI restricts control-flow transfers based on a finite,
static CFG. As a result, even in its ideal form it
cannot guarantee that a function call returns to the
call site responsible for the most recent invocation
to the function. Limiting the number of IDs used
and applying CFI more loosely to improve
performance and accommodate imperfect CFGs,
further reduces its precision. [15]
5.
FINER -GRAINED ORIGINS
Definition
Ignoring same-origin equivalence classes and
treating documents differently is the common trend
in current and proposed browser security features. If
two documents were retrieved from the same origin,
then they can completely control each other i.e. read
and modify. The privilege that is granted to some,
but not all, of the documents from an origin is
termed as sub-origin privilege level. Sub-origin
privileges do not interact well with the scripting
policy of the browser. Revising the browser’s
scripting policy to recognize finer grained origins is
an effective approach to prevent the privilege
escalation. [7]
ISSN: 2231-5381
Keyboard
acoustic
emanations
revisited
http://www.ijettjournal.org
Page 111
International Journal of Engineering Trends and Technology (IJETT) – Volume 15 Number 3 – Sep 2014
9
2007
The geometry of
innocent flesh on
the bone
10
2008
Differential
privacy
11
2008
Cold boot attacks
on encryption
keys
12
2008
Beware of finergrained origins
13
2009
Native Client
14
15
2010
2014
Interpreter
exploitation
Out Of Control:
Overcoming
Control-Flow
Integrity
perform feedback
training can be
applied to other
emanations with
similar properties.
Presents a new way
of organizing returninto-libc exploits on
the x86 that is
fundamentally
different from
previous techniques.
Gives a general
impossibility result
showing that a
formalization of
Dalenius’ goal along
the lines of semantic
security cannot be
achieved.
Shows that the
popular belief among
experts that a
computer’s memory
is erased immediately
when it loses power
is incorrect
Discusses several
approaches to
preventing a certain
type of attack.
Describes the design,
implementation and
evaluation of Native
Client, a sandbox for
untrusted x86 native
code.
Shows how the
design and
implementation of an
interpreter may have
surprising impacts
with regard to
security.
Overcoming CFI.
5. David Moore, Geoffrey M. Voelker and Stefan Savage.
“Inferring Internet Denial-of-Service Activity”.
6. Mart´ın Abadi, Mihai Budiu U´ lfar Erlingsson, Jay Ligatti.
“Control-Flow Integrity”.
7. Collin Jackson, Adam Barth. “Beware of Finer-Grained
origins”.
8.
http://searchsecurity.techtarget.com/definition/bufferoverflow
9. Crispin Cowan, Calton Pu, Dave Maier, Heather Hinton, Peat
Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian
Zhang. StackGuard: Automatic Adaptive Detection and
Prevention of Buffer-Overflow Attacks. In 7th USENIX
Security Conference, pages 63–77, San Antonio, TX, January
1998.
10. Crispin Cowan, Steve Beattie, Ryan Finnin Day, Calton Pu,
Perry Wagle, and Erik Walthinsen. Protecting Systems from
Stack Smashing Attacks with StackGuard. In Linux Expo,
Raleigh, NC, May 1999
11. Casper Dik. Non-Executable Stack for Solaris. Posting to
comp.security.unix,http://x10.dejanews.com/getdoc.xp?AN=207
344316&CONTEXT=890082637.1567359211&%hitnum=69&
AH=1, January 2 1997.
12. “Solar Designer”. Non-Executable
http://www.openwall.com/linux/.
User
Stack.
13.
https://www.paloaltonetworks.com/resources/learningcenter/what-is-a-denial-of-service-attack-dos.html
14.
http://www.gregthatcher.com/Azure/Ch5_HowToStopADenialO
fServiceAttack.aspx
15. Enes Göktas, Elias Athanasopoulos, Herbert Bos, Georgios
Portokalidis. “Out Of Control: Overcoming Control-Flow
Integrity”
CONCLUSION
Thus we can conclude with this paper that there are
many different types of cyber security threats, but at
the same time, there are numerous ways to avert
those threats. However, there are certain limitations
to some of the methods that are employed to avert
the threats, which in turn warrants further research
in the field of cyber security, as the volume and
sophistication of cyber-attacks is growing rapidly.
REFERENCE
1.
http://www.umuc.edu/cybersecurity/about/cybersecuritybasics.cfm
2. Crispin Cowan, Perry Wagle, Calton Pu, Steve Beattie, and
Jonathan Walpole. “Buffer Overflows:Attacks and Defenses for
the Vulnerability of the Decade”.
3. Dionysus Blazakis. “Interpreter Exploitation”.
4. http://en.wikipedia.org/wiki/Denial-of-service_attack.
ISSN: 2231-5381
http://www.ijettjournal.org
Page 112