cs 480 557
play

CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. - PDF document

Nov 24, 2023 •141 likes •238 views

Overview CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human Security 3.Program Security Security Computer security threats Unintentional: - Coding faults - Operational faults -

  1. Overview CS 480/ 557 � Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human Security 3.Program Security Security � Computer security threats � Unintentional: - Coding faults - Operational faults - Environmental faults Presentation #10 � Intentional (malicious code): � Trojan horses Computer Security Threats � Trap doors Tjaden – Ch. 8 � Viruses � Worms Dr. Mohamed Aboutabl Computer Security Threats 2 Physical Security Human Factors � Human factors - t he users of computer systems impact security � Physical security entails restricting access to some object by physical � Users can undermine system security through their naïveté, laziness, or means dishonesty � Examples: locked doors and human guards � Users of a system should also be educated about its security � Neglecting physical security can undermine other security mechanisms that mechanisms so that they are unlikely to accidentally undermine them protect a system � Explain to users why certain passwords are weak or help them � Example: a system with an superb file-protection mechanism choose strong ones � The disk drive that stores the file-system is publicly accessible � Users of a system should be screened so that they are unlikely to � An attacker could attach his own computer to the drive and read its purposely abuse the system privileges they are given contents � People who have exhibited a pattern of dishonest behavior in the past are risky users Dr. Mohamed Aboutabl Computer Security Threats 3 Dr. Mohamed Aboutabl Computer Security Threats 4 Program Security Program Security (cont) � Program security requires that the software that runs on a computer � Coding faults – development bugs that can be exploited to compromise system must be: system security � Written correctly (NO coding faults ) � Examples: � Installed and configured properly (NO operational faults ) � Condition validation errors – a requirement is either incorrectly � Used in the manner in which they were intended (NO environmental specified or incompletely checked faults ) � Synchronization errors – operations are performed in an improper � Properly behaved (NO malicious code ) order � Flaws in any of these areas may be discovered and exploited by attackers Dr. Mohamed Aboutabl Computer Security Threats 5 Dr. Mohamed Aboutabl Computer Security Threats 6

  2. Condition Validation Error – Example (cont) Condition Validation E rror – An “ Incorrect Specification” E xample � Processing uux requests: � The uux (Unix-to -Unix command e xecution) utility � For each command: � Used to execute a sequence of commands on a specified (remote) system � Check the command to make sure it is in the set of “safe ” � For security reasons, the commands executed by uux should be limited to a commands set of “safe ” commands � Skip the command’s arguments until a delimiter is reached � The date command (displays the current date and time) is a safe � Example: command and should be allowed � cmd1 arg1 arg2 ; cmd2 ; cmd3 arg1 � The rm command (removes files) is not a safe command and should not � The problem: some implementations did not include the ampersand (&) be allowed in the list of delimiters though it is a valid delimiter � The result: unsafe commands (e.g. cmd4) could be executed if the y followed an ampersand: � cmd2 & cmd4 arg1 Dr. Mohamed Aboutabl Computer Security Threats 7 Dr. Mohamed Aboutabl Computer Security Threats 8 Program Security (cont) Synchronization E rror – Improper Order of E xecution : An E xample � The mkdir utility – creates a new subdirectory � Malicious code - programs specifically designed to undermine the security of a system � Creates a new, empty subdirectory (owned by root ) � Trojan horses � Changes ownership of the subdirectory from root to the user executing � Login spoof mkdir � Root kits � The problem: � If the system is busy, it may be possible to execute a few other � Trap doors commands between the two steps of mkdir � Viruses � Example: � Virus scanning � Delete the new directory after step one and replace it with a link to � Macro viruses another file on the system � Worms � When step two executes it will give the user ownership of the file � The Morris worm Dr. Mohamed Aboutabl Computer Security Threats 9 Dr. Mohamed Aboutabl Computer Security Threats 10 Trojan Horses Trojan Horses (cont) � History – a hollow wooden horse used by the Greeks during the Trojan War � Examples (cont): � Today - a Trojan horse is a program that has two purposes: one obvious � Salami and benign, the other hidden and malicious � Programmer writes bank software that credits interest to custome r � Examples: accounts each month � Login spoof � The result of the interest computation on many accounts may not be � Mailers, editors, file transfer utilities, etc. a whole number of cents � Compilers � Example: � 0.25 percent of $817.40 is $2.0435 � Should be rounded down to $2.04 in interest � Programmer instructs program to deposit fractional cents into the programmer’s account Dr. Mohamed Aboutabl Computer Security Threats 11 Dr. Mohamed Aboutabl Computer Security Threats 12

  3. Trojan Horses (cont) Trap Doors � Examples (cont): � Trap doors are flaws that designers place in programs so that specific security checks are not performed under certain circumstances � Root kits � Example: a programmer developing a computer -controlled door to a bank’s � A root kit is collections of Trojan Horse programs that replace valut widely-used system utility programs: � ls and find (hides files) � After the programmer is done the bank will reset all of the access codes to the vault � ps and top (hides processes) � However, the programmer may have left a special access code in his � netstat (hides network connections) program that always opens the vault � Goal: conceal the intruder’s presence and activities from users and the system administrator Dr. Mohamed Aboutabl Computer Security Threats 13 Dr. Mohamed Aboutabl Computer Security Threats 14 Viruses Viruses (cont) � A virus is a fragment of code created to spread copies of itself to other � Virus may prepend its instructions to the program’s instructions programs � Every time the program is run the virus’ code is executed � Infection propagation – mechanism to spread infection to other � Require a host (typically a program): hosts � In which to live � Manipulation routine – (optional) mechanism to perform other � From which to spread to other hosts actions: � A host that contains a virus is said to be infected � Displaying a humorous message � A virus typically infects a program by attaching a copy of itself to the � Subtly altering stored data program � Deleting files � Goal: spread and infect as many hosts as possible � Killing other running programs � Causing system crashes � Etc. Dr. Mohamed Aboutabl Computer Security Threats 15 Dr. Mohamed Aboutabl Computer Security Threats 16 Viruses (cont) Defending Against Computer Viruses � Virus scanning programs check files for signatures of known viruses � Signature = some unique fragment of code from the virus that appears in every infected file � Problems: � Polymorphic viruses that change their appearance each time they infect a new file � No easily recognizable pattern common to all instances of the vi rus � New viruses (and modified old viruses) appear regularly � Database of viral signatures must be updated frequently Dr. Mohamed Aboutabl Computer Security Threats 17 Dr. Mohamed Aboutabl Computer Security Threats 18

Recommend

More recommend