comparison and analysis
play

Comparison and Analysis Point of view If multiple processes - PowerPoint PPT Presentation

Jan 14, 2024 •480 likes •999 views

Comparison and Analysis Point of view If multiple processes involved in exploiting the flaw, how does that affect classification? xterm , fingerd flaws depend on interaction of two processes ( xterm and process to switch file objects;

  1. Comparison and Analysis • Point of view – If multiple processes involved in exploiting the flaw, how does that affect classification? • xterm , fingerd flaws depend on interaction of two processes ( xterm and process to switch file objects; fingerd and its client) • Levels of abstraction – How does flaw appear at different levels? • Levels are abstract, design, implementation, etc. June 2, 2005 ECS 153, Introduction to Computer Slide #1 Security

  2. xterm and PA Classification • Implementation level – xterm : improper change – attacker’s program: improper deallocation or deletion – operating system: improper indivisibility June 2, 2005 ECS 153, Introduction to Computer Slide #2 Security

  3. xterm and PA Classification • Consider higher level of abstraction, where directory is simply an object – create, delete files maps to writing; read file status, open file maps to reading – operating system: improper sequencing • During read, a write occurs, violating Bernstein conditions • Consider even higher level of abstraction – attacker’s process: improper choice of initial protection domain • Should not be able to write to directory containing log file • Semantics of UNIX users require this at lower levels June 2, 2005 ECS 153, Introduction to Computer Slide #3 Security

  4. xterm and RISOS Classification • Implementation level – xterm : asynchronous validation/inadequate serialization – attacker’s process: exploitable logic error and violable prohibition/limit – operating system: inconsistent parameter validation June 2, 2005 ECS 153, Introduction to Computer Slide #4 Security

  5. xterm and RISOS Classification • Consider higher level of abstraction, where directory is simply an object (as before) – all: asynchronous validation/inadequate serialization • Consider even higher level of abstraction – attacker’s process: inadequate identification/authentication/authorization • Directory with log file not protected adequately • Semantics of UNIX require this at lower levels June 2, 2005 ECS 153, Introduction to Computer Slide #5 Security

  6. xterm and NRL Classification • Time, location unambiguous – Time: during development – Location: Support:privileged utilities • Genesis: ambiguous – If intentional: • Lowest level: inadvertent flaw of serialization/aliasing – If unintentional: • Lowest level: nonmalicious: other – At higher levels, parallels that of RISOS June 2, 2005 ECS 153, Introduction to Computer Slide #6 Security

  7. xterm and Aslam’s Classification • Implementation level – attacker’s process: object installed with incorrect permissions • attacker’s process can delete file – xterm : access rights validation error • xterm doesn’t properly validate file at time of access – operating system: improper or inadequate serialization error • deletion, creation should not have been interspersed with access, open – Note: in absence of explicit decision procedure, all could go into class race condition June 2, 2005 ECS 153, Introduction to Computer Slide #7 Security

  8. The Point • The schemes lead to ambiguity – Different researchers may classify the same vulnerability differently for the same classification scheme • Not true for Aslam’s, but that misses connections between different classifications – xterm is race condition as well as others; Aslam does not show this June 2, 2005 ECS 153, Introduction to Computer Slide #8 Security

  9. fingerd and PA Classification • Implementation level – fingerd : improper validation – attacker’s process: improper choice of operand or operation – operating system: improper isolation of implementation detail June 2, 2005 ECS 153, Introduction to Computer Slide #9 Security

  10. fingerd and PA Classification • Consider higher level of abstraction, where storage space of return address is object – operating system: improper change – fingerd : improper validation • Because it doesn’t validate the type of instructions to be executed, mistaking data for valid ones • Consider even higher level of abstraction, where security- related value in memory is changing and data executed that should not be executable – operating system: improper choice of initial protection domain June 2, 2005 ECS 153, Introduction to Computer Slide #10 Security

  11. fingerd and RISOS Classification • Implementation level – fingerd : incomplete parameter validation – attacker’s process: violable prohibition/limit – operating system: inadequate identification/authentication/authorization June 2, 2005 ECS 153, Introduction to Computer Slide #11 Security

  12. fingerd and RISOS Classification • Consider higher level of abstraction, where storage space of return address is object – operating system: asynchronous validation/inadequate serialization – fingerd : inadequate identification/authentication/authorization • Consider even higher level of abstraction, where security- related value in memory is changing and data executed that should not be executable – operating system: inadequate identification/authentication/authorization June 2, 2005 ECS 153, Introduction to Computer Slide #12 Security

  13. fingerd and NRL Classification • Time, location unambiguous – Time: during development – Location: support: privileged utilities • Genesis: ambiguous – Known to be inadvertent flaw – Parallels that of RISOS June 2, 2005 ECS 153, Introduction to Computer Slide #13 Security

  14. fingerd and Aslam Classification • Implementation level – fingerd : boundary condition error – attacker’s process: boundary condition error • operating system: environmental fault – If decision procedure not present, could also have been access rights validation errors June 2, 2005 ECS 153, Introduction to Computer Slide #14 Security

  15. Common Vulnerabilities • Unknown interaction with other system components • Overflow • Race conditions • Environment variables • Not resetting privileges June 2, 2005 ECS 153, Introduction to Computer Slide #15 Security

  16. Unknown Interactions • DNS with bad information • Assumption about servers running on ports June 2, 2005 ECS 153, Introduction to Computer Slide #16 Security

  17. Poisoned DNS • DNS: returns a host name given an IP address • Attacker “poisons the DNS” – Say that address 169.237.4.199 corresponds to host “a.com null; cp /bin/sh /etc/telnetd;” • Attacker connect to a system running server that notifies root of any connections or connection attempts • It runs a command like this: echo Login | mail –s nob null; cp /bin/sh /etc/telnetd June 2, 2005 ECS 153, Introduction to Computer Slide #17 Security

  18. Wrong Server Listening • Connect to port 79 to obtain information – fingerd takes name, name and host, and sends back information about that user on named host (or local, if no host named) • Server is chargen (supposed to be on port 19), not fingerd – finger client prints whatever it is sent June 2, 2005 ECS 153, Introduction to Computer Slide #18 Security

  19. Overflows • Buffer overflows • Integer overflows June 2, 2005 ECS 153, Introduction to Computer Slide #19 Security

  20. Example: sendmail config file • sendmail takes debugging flags of form flag . value – sendmail -d7,102 sets debugging flag 7 to value 102 • Flags stored in array in data segment • So is name of default configuration file – It’s called sendmail.cf • Contains name of local delivery agent – Mlocal line; usually /bin/mail … June 2, 2005 ECS 153, Introduction to Computer Slide #20 Security

  21. In Pictures configuration file name 100 / e t c 104 / s e n Create your own config file, d m a i making the local mailer be whatever l . c f you want. Then run sendmail with the following debug flags settings: flag –27 to 117 (‘t’), –26 to 110 (‘m’), and –25 to 113 (‘p’). Have it deliver a letter to any local address … 128 byte for flag 0 June 2, 2005 ECS 153, Introduction to Computer Slide #21 Security

  22. Problems and Solutions • Sendmail won’t recognize negative flag numbers • So make them unsigned (positive)! –27 becomes 2 32 – 27 = 4294967269 –26 becomes 2 32 – 26 = 4294967270 –25 becomes 2 32 – 26 = 4294967271 • Command is: sendmail -d4294967269,117 -d4294967270,110 - d4294967271,113 … June 2, 2005 ECS 153, Introduction to Computer Slide #22 Security

  23. Race Conditions • TOCTTOU flaws like xterm • Races in signaling, interprocess communication June 2, 2005 ECS 153, Introduction to Computer Slide #23 Security

  24. Race Conditions • Two events, a and b , will occur – Order ab is expected – Order ba causes problem – a and b “race” to finish first • Arises in concurrent programming – UNIX, Linux systems are multiprocessing – Two processes interacting creates the possibility of race condition – One process is victim, one attacker June 2, 2005 ECS 153, Introduction to Computer Slide #24 Security

  25. TOCTTOU Flaw • Time of Check to Time of Use (TOCTTOU) – Check some condition of a resource – If check satisfactory, use the resource • Example : File name rebound to file object at each file system access by name June 2, 2005 ECS 153, Introduction to Computer Slide #25 Security

Recommend

BEMUSE PHASE II: BEMUSE PHASE II: COMPARISON AND ANALYSIS COMPARISON AND ANALYSIS OF THE

BEMUSE PHASE II: BEMUSE PHASE II: COMPARISON AND ANALYSIS COMPARISON AND ANALYSIS OF THE

DIPARTIMENTO DI INGEGNERIA MECCANICA, NUCLEARE E DELLA PRODUZIONE - UNIVERSITA' DI PISA 56100 PISA - ITALY BEMUSE PHASE II: BEMUSE PHASE II: COMPARISON AND ANALYSIS COMPARISON AND ANALYSIS OF THE RESULTS OF THE RESULTS REV. 1 REV. 1 A.

1.13k views • 53 slides
Muon Monitor Analysis Update Analysis of beginning second Run + comparison with old (first

Muon Monitor Analysis Update Analysis of beginning second Run + comparison with old (first

Muon Monitor Analysis Update Analysis of beginning second Run + comparison with old (first NOvA run) data see slides NuMI Operations February 4, 2016 Here: Second Run data from 23 October 2015 to 8 March 2016 Signals are

147 views • 13 slides
Comparison and Validation of Vortex Lattice Aerodynamic Analysis for the Learjet 24 Curtis

Comparison and Validation of Vortex Lattice Aerodynamic Analysis for the Learjet 24 Curtis

Comparison and Validation of Vortex Lattice Aerodynamic Analysis for the Learjet 24 Curtis Scholz & Andrew Hahn ASAB Systems Analysis and Concepts Directorate 08/06/2014 National Aeronautics and Space Administration Caveats v This was

482 views • 13 slides
Voice quality analysis in forensic voice comparison: developing the vocal profile analysis scheme

Voice quality analysis in forensic voice comparison: developing the vocal profile analysis scheme

Voice quality analysis in forensic voice comparison: developing the vocal profile analysis scheme Eugenia San Segundo, Paul Foulkes, Peter French Philip Harrison & Vincent Hughes University of York & J P French Associates IAFPA 2016

1.01k views • 21 slides
Fixed-Point implementation of Lattice Wave Digital Filter: comparison and error analysis

Fixed-Point implementation of Lattice Wave Digital Filter: comparison and error analysis

Motivation SIF LWDF LWDF-to-SIF Example and comparison Summary Fixed-Point implementation of Lattice Wave Digital Filter: comparison and error analysis Anastasia Volkova, Thibault Hilaire Sorbonne Universit es, University Pierre and

868 views • 41 slides
L is for Lightning! An analysis and comparison of lightning and lightning incidents in Co L

L is for Lightning! An analysis and comparison of lightning and lightning incidents in Co L

STRUCK BY LIZ LIGHTNING PRODUCTIONS PRESENTS: L is for Lightning! An analysis and comparison of lightning and lightning incidents in Co L orado versus F L orida By: Elizabeth Liz Lightning Prasse Why lightning? Personal survivor

423 views • 23 slides
Comparison of DNA Stability Using Various Sample Collection Devices for forensic DNA analysis

Comparison of DNA Stability Using Various Sample Collection Devices for forensic DNA analysis

Comparison of DNA Stability Using Various Sample Collection Devices for forensic DNA analysis Criminal Investigation Laboratory, Oita Prefectural Police, Japan Seiki Nakao Todays Presentation 1. Introduction 2. Materials and Methods 3.

609 views • 27 slides
COMPARISON OF FOUR DATA ANALYSIS SOFTWARE FOR COMBINED X-RAY REFLECTIVITY AND GRAZING INCIDENCE

COMPARISON OF FOUR DATA ANALYSIS SOFTWARE FOR COMBINED X-RAY REFLECTIVITY AND GRAZING INCIDENCE

COMPARISON OF FOUR DATA ANALYSIS SOFTWARE FOR COMBINED X-RAY REFLECTIVITY AND GRAZING INCIDENCE X-RAY FLUORESCENCE MEASUREMENTS Brenger Caby (1) , Fabio Brigidi (2) , Dieter Ingerle (3) , Blanka Detlefs (1) , Gal Picot (1) , Luca Lutterotti

485 views • 20 slides
Rational Statistical Analysis Practice In Dissolution Profile Comparison: FDA Perspective

Rational Statistical Analysis Practice In Dissolution Profile Comparison: FDA Perspective

Rational Statistical Analysis Practice In Dissolution Profile Comparison: FDA Perspective Haritha Mandula, Ph.D. FDA/CDER/OPQ/ Office of New Drug Products Division of Biopharmaceutics M-CERSI Workshop, May 21-22, 2019, University of Maryland,

282 views • 25 slides
Comparison of SA approaches and analysis of non linearities in a real case model application C.A.

Comparison of SA approaches and analysis of non linearities in a real case model application C.A.

The European Commissions science and knowledge service Joint Research Centre Comparison of SA approaches and analysis of non linearities in a real case model application C.A. Belis, P. Thunis, C. Cuvelier EC-JRC , G. Pirovano RSE S.p.A , A.

503 views • 17 slides
Comparison of complementary statistical analysis approaches in metabolomic food traceability Ral

Comparison of complementary statistical analysis approaches in metabolomic food traceability Ral

Comparison of complementary statistical analysis approaches in metabolomic food traceability Ral Gonzlez-Domnguez 1,2* , Ana Sayago 1,2 , ngeles Fernndez-Recamales 1,2 1 Department of Chemistry, Faculty of Experimental Sciences,

377 views • 13 slides
Key ingredients for RNA-seq differential analysis Neutral comparison study Etienne Delannoy &

Key ingredients for RNA-seq differential analysis Neutral comparison study Etienne Delannoy &

Key ingredients for RNA-seq differential analysis Neutral comparison study Etienne Delannoy & Marie-Laure Martin-Magniette Plant Science Institut of Paris-Saclay (IPS2) Applied Mathematics and Informatics Unit at AgroParisTech E. Delannoy

951 views • 23 slides
City of Waukesha West-Side and Southeast Interceptor Sewer Cost Comparison Analysis Central

City of Waukesha West-Side and Southeast Interceptor Sewer Cost Comparison Analysis Central

City of Waukesha West-Side and Southeast Interceptor Sewer Cost Comparison Analysis Central States Water Environment Association, May 2012 Agenda Purpose Basis of Analysis Evaluation of Existing Collection System System Flow

255 views • 23 slides
Analysis of variance April 16, 2009 Contents Comparison of several groups One-way ANOVA

Analysis of variance April 16, 2009 Contents Comparison of several groups One-way ANOVA

Analysis of variance April 16, 2009 Contents Comparison of several groups One-way ANOVA Two-way ANOVA Interaction Model checking Acknowledgement for use of presentation Julie Lyng Forman, Dept. of Biostatistics (2008),

1.17k views • 63 slides
Rational Statistical Analysis Practice in Dissolution Profile Comparison for Product Quality

Rational Statistical Analysis Practice in Dissolution Profile Comparison for Product Quality

Rational Statistical Analysis Practice in Dissolution Profile Comparison for Product Quality Assessment of Similarity through Real Case Studies: Industry Perspective May 21, 2019 Yanbing Zheng, Jian-Hwa Han, James Reynolds, Mark Johnson,

758 views • 29 slides
A comparison of approaches to large scale data analysis A. Pavlo, et al., SIGMOD, 2009

A comparison of approaches to large scale data analysis A. Pavlo, et al., SIGMOD, 2009

A comparison of approaches to large scale data analysis A. Pavlo, et al., SIGMOD, 2009 Presentation by Atreyee Maiti Motivation MapReduce: A major step backwards? basic control flow of this framework has existed in parallel DBMS for

249 views • 21 slides
Comparison of Photovoltaic Modeling Analysis and Actual Performance Data of Lee County Justice

Comparison of Photovoltaic Modeling Analysis and Actual Performance Data of Lee County Justice

S PA CE R ESEA RCH I N ST IT U T E Comparison of Photovoltaic Modeling Analysis and Actual Performance Data of Lee County Justice Center Solar Power Installation Project Julie A. Rodiek and Steve R. Best Space Research Institute, Auburn

480 views • 26 slides
Comparison of Measurement and Analysis of High Temperature Steady-state Creep Experiment for

Comparison of Measurement and Analysis of High Temperature Steady-state Creep Experiment for

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Comparison of Measurement and Analysis of High Temperature Steady-state Creep Experiment for Equipment Verification Gyeong-Ha Choi a,b , Dong-Hyun Kim a , JaeYong

306 views • 3 slides
News from ToF+dEdx analysis in Be+Be interactions. Magdalena Kuich University of Warsaw May 19,

News from ToF+dEdx analysis in Be+Be interactions. Magdalena Kuich University of Warsaw May 19,

News from ToF+dEdx analysis in Be+Be interactions. Magdalena Kuich University of Warsaw May 19, 2016 1 / 45 Outline Data 1 Cuts 2 Procedure 3 Fits 4 Parameters 5 Spectra 6 Comparison with Emil 7 Comparison with EPOS 8

1.36k views • 45 slides
A Comparison of Analysis Techniques for Systematic Instructional Design BY RICHARD RD THRI

A Comparison of Analysis Techniques for Systematic Instructional Design BY RICHARD RD THRI

A Comparison of Analysis Techniques for Systematic Instructional Design BY RICHARD RD THRI RIPP, M M.A. FEBRUARY 15, 2017 PRESENTED IN EME 7634: ADVANCED INSTRUCTIONAL DESIGN AT UNIVERSITY OF CENTRAL FLORIDA ASSI SIGNMENT NT 3: A ANAL

706 views • 13 slides
Bayesian Analysis for Algorithm Performance Comparison Is it possible to compare optimization

Bayesian Analysis for Algorithm Performance Comparison Is it possible to compare optimization

Bayesian Analysis for Algorithm Performance Comparison Is it possible to compare optimization algorithms without hypothesis testing? Josu Ceberio Is there a reproducibility crisis? Fuente: Monya Baker (2016) Is there a reproducibility crisis?

310 views • 27 slides
Random-effects network meta-analysis of studies of binary outcomes: Comparison of frequentist,

Random-effects network meta-analysis of studies of binary outcomes: Comparison of frequentist,

Random-effects network meta-analysis of studies of binary outcomes: Comparison of frequentist, MCMC and INLA method with data on exacerbations in COPD patients 2014-12-05 H. Schmidt, G. Nehmiz Workshop of Bayes WG and SFB 876, Dortmund

919 views • 28 slides
A comparison group analysis aimed at assessing HIV care coordination program effectiveness Denis

A comparison group analysis aimed at assessing HIV care coordination program effectiveness Denis

A comparison group analysis aimed at assessing HIV care coordination program effectiveness Denis Nash, PhD, MPH 1 , Rebekkah Robbins, MPH 2 , McKaylee Robertson, MPH 1 , Stephanie Chamberlin, MPH, MIA 2 , Sarah Braunstein, PhD 2 , Levi Waldron,

482 views • 24 slides
Comparison Between Bayesian and Maximum Entropy Analysis of Flow Networks 1 Maximum Entropy

Comparison Between Bayesian and Maximum Entropy Analysis of Flow Networks 1 Maximum Entropy

Comparison Between Bayesian and Maximum Entropy Analysis of Flow Networks 1 Maximum Entropy The Maximum Entropy (MaxEnt) method is a methodology to assign or update probability distributions to describe systems which are not completely

202 views • 17 slides

More recommend