Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
SECURITY
Viruses and other Malicious Code
Group 1 Presents
PROGRAM SECURITY
Programming errors with security implications-buffer
overflows, incomplete access control
Malicious code-viruses, worms, Trojan horses
Program development controls against malicious code
and vulnerabilities-software engineering principles and
practices
Controls to protect against program flaws in executionoperating system support and administrative controls
SECURE PROGRAMS
Security implies some degree of trust that the program
enforces
expected
availability.
confidentiality,
integrity,
and
FIXING FAULTS
Software that has many faults early on is likely to have many others still
waiting to be found.
Early computer security work used penetrate and patch method where
analysts searched for and repaired faults (tiger team)
Often patch efforts made system less secure:
Pressure to repair encourages a narrow focus on the fault and not its
context.
Fixing the fault often introduces side effects.
Fault not fixed properly cause it will cause performance problems.
UNEXPECTED BEHAVIOR
Compare program requirements with behavior to identify program
security flaws
Flaw is either a fault or failure
Vulnerability is a class of flaws (e.g. buffer overflows)
Need to determine how to prevent harm caused by possible flaws
Program security flaws can derive from any kind of software fault.
Inadvertent human flaws
Malicious, intentionally induced flaws
UNEXPECTED BEHAVIOR
Hindrances for eliminating program security flaws
How do we test for what a program shouldnt do?
Programming and software engineering techniques evolve more
rapidly than computer security techniques
PROGRAM FLAWS
Include
TYPES OF FLAWS
Intentional
Malicious
Nonmalicious
Inadvertent
Validation error (incomplete /
inconsistent)
Domain error
Serialization and aliasing
Inadequate identification and
authentication
Boundary condition violation
Other exploitable logic errors
VIRUSES
Are the prime example of non-specific malicious code:
they are not directed specifically at any one system or
user.
MALICIOUS CODE
Can be a program or part of a program.
A software that gives partial to full control of your
computer to do whatever the malware creator
wants
CODE TYPE
CHARACTERISTIC
Virus
Trojan horse
Logic bomb
Time bomb
Trapdoor
Worm
Rabbit
WAYS VIRUSES
ARE ATTACHED
APPENDED VIRUSES
virus code is inserted before first instruction, last
virus instruction points to first program instruction
Hard to detect
MEMORY-RESIDENT VIRUSES
For every frequently used parts of the
operating system, and a few specialized user
programs, it would take too long to reload
the program each time it was needed. Such
code remains in memory and is called
resident code.
VIRUS SIGNATURES
Each of these characteristics is a telltale pattern, called
signature that can be found. The signature of a virus is
important for creating a program called a virus scanner
that can automatically detect and in some cases remove
viruses.
STORAGE PATTERN
A virus may attach itself to a file, in which case the
files size grows, or the virus may obligate all or
part of the underlying program, in which case the
programs size does not change, but the programs
functioning is impaired.
ANTIVIRUS SOFTWARE
Execution Patterns
Transmission Patterns
Polymorphic Viruses
An antivirus that can change its appearance
Techniques for building a reasonably safe community for electronic contract include :
VIRUS EFFECT
Attach to executable program
HOW IT IS CAUSE
-
Intercept interrupt
Intercept operating system call
Modify system file
Modify ordinary executable program
Intercept system calls that would reveal self and salsify result
Classify self as hidden file
Spread infection
Prevent deactivation
Remain in memory
Infect disks
Conceal itself
Covert Channels: programs that leak information (Ex. Hide data in output)
Storage Channels pass information by using presence or absence
of objects in storage