We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byKhalil Lemon
Modified over 2 years ago
1 Copyright © 2013 M. E. Kabay. All rights reserved. Mobile Code CSH5 Chapter 17 Mobile Code Robert Gezelter
2 Copyright © 2013 M. E. Kabay. All rights reserved. Topics Introduction to Mobile Code Mobile Code from the Web Motivations and Goals Design and Implementation Errors CSH5 Chapter 17 Mobile Code
3 Copyright © 2013 M. E. Kabay. All rights reserved. Mobile Code Defined Instructions delivered to remote computer from outside an enclave Enclave is system under unitary control by single authority Dynamic execution (execution on demand) Fundamental problems Mobile code may perform unauthorized functions Growing spectrum of devices using mobile code PDAs Mobile phones Tablets
5 Copyright © 2013 M. E. Kabay. All rights reserved. Effects of Mobile Code System / application crashes Obvious effects include Denial of service Corruption (integrity problems) Covert effects more dangerous Access to addresses spam Keyloggers Rootkits Hephrati case in Israel (2005) showed how mobile code could be used for industrial espionage Varda Raziel-Jacont & Amnon Jaconts MS for L is for Lies appeared on Internet sites Former son-in-law Michael Hephrati responsible using implanted mobile code
6 Copyright © 2013 M. E. Kabay. All rights reserved. Motivations & Goals Shift in motivations Pranks vengeful vindictive criminal Goals differ Amusement Blackmail Corporate espionage Financial fraud/theft Misappropriation of computer resources Creation of botnets Applications to DDoS & spam Involvement in information warfare
7 Copyright © 2013 M. E. Kabay. All rights reserved. Design & Implementation Errors Range of errors Simple design/coding errors cause mistakes in function Usually predictable Often noticeable But mistakes in security architecture particularly serious Security architectures for mobile code may be flawed in Creation of sandbox Method of code authentication
8 Copyright © 2013 M. E. Kabay. All rights reserved. Signed Code Principle (belief): If you know and trust who wrote code it must be OK Use digital signatures based on Public Key Cryptosystem Apply ANSI X.509 Certificates But signing bad code doesnt remove the flaws Topics discussed below: Authenticode Limitations of Signed Code Problems with ActiveX Security Model Case Studies
9 Copyright © 2013 M. E. Kabay. All rights reserved. Authenticode Microsoft method Developers obtain digital certificate from Microsoft Certificate Authority (CA) Sign their code with their private key Users (systems) check validity of code at execution time using public key Components PKI, X.509, CA Control over private keys used to sign code Known as the Software Publishing Certificate Valid method for verifying digital signatures No protection against bad code
10 Copyright © 2013 M. E. Kabay. All rights reserved. Limitations of Signed Code All-or-nothing approach to trust Signed items assumed to be perfect No concept of partial trust Digital signature does not … provide any guarantee of benevolence or competence. – CERT/CC® Organizations signing their code must strictly control access to the signing key But widespread practice in software development shops tolerates shared accounts and passwords Serious question about value of signing code
11 Copyright © 2013 M. E. Kabay. All rights reserved. Problems with ActiveX Security Model Importing and installing controls Signing does not guarantee safety or trustworthiness Running controls ActiveX control has no limitations on actions Runs with same privileges as user Typically users run as root on their Windows PCs No basis for deciding whether particular control is safe or not in specific context Scripting concerns Individual developers have no systematic method for evaluating safety of their code No equivalent to a sandbox for testing
12 Copyright © 2013 M. E. Kabay. All rights reserved. Case Studies (1) Internet Exploder (1996) Fred McLain wrote demonstrate ActiveX control to illustrate excessive control of systems Shut down users computer (with permission of user!) Chaos Computer Club Demo (1997) ActiveX control subverted Quicken accounting package Made Quicken create transfer order for money Filmed demonstration for German television
13 Copyright © 2013 M. E. Kabay. All rights reserved. Case Studies (2) VeriSign Issues Certificates to Imposters (2001) Class 3 Digital Certificates for signing ActiveX controls Issued to someone impersonating MS employee Allowed signing code as if it came from MS Problems No Certificate Revocation List (CRL) Would need to verify date of every MS certificate to identity fraudulent issued ones Caution to avoid overreacting 1 st error discovered in >500,000 issued certificates
14 Copyright © 2013 M. E. Kabay. All rights reserved. Restricted Operating Environments At simplest level, users should not execute code that affects entire system – restricted to their own processes Process is unique instance of execution of particular code by specific user on particular machine at specific instant Concept of privileges determines what a process can accomplish Supervisory or root privileges allow full access Restricted operating environment Developed since earliest multi-user systems MULTICS, OS/360, UNIX… See CSH5 Chapter 24, Operating System Security Sandbox is an example of restricted operating environment
15 Copyright © 2013 M. E. Kabay. All rights reserved. Java Programming language developed by Sun Microsystems Platform independence Typically used in Web browser Includes virtual machine (JVM) Plus Java Run Time Environment Code known as applets May be signed Restricted access to system resources Known as the Java sandbox But bugs have allowed Java applets to leave sandbox on occasion
16 Copyright © 2013 M. E. Kabay. All rights reserved. Asymmetric & Transitive Trust Asymmetry in power can cause opportunity for mass infection E.g., large customer can force small suppliers to conform to its standards Force use of unsafe mobile code Can resist damage by enforcing principle of least privilege in execution of all code Transitive trust results from assumption that trusted sites must have trustworthy code Essential to enforce tight security on all mobile code regardless of source ActiveX security model thus fundamentally flawed because it relies solely on transitive trust
17 Copyright © 2013 M. E. Kabay. All rights reserved. Misappropriation & Subversion Mobile code targets have changed From individual target machines To entire populations of targets John Schiefer (acidstorm) Caught by Bot Roast II, FBI operation against botnet operators in ,000 systems infected with spybots for capture of userID and passwords Used to subvert PayPal & other accounts 150,000 systems infected to support Dutch criminal Internet advertising company Pled guilty Sentenced to 4 years in US federal prison
18 Copyright © 2013 M. E. Kabay. All rights reserved. Multidimensional Threat Signing code leaves other issues Integrity of signing process Integrity of the PKI Safety or validity of code not addressed Individual controls or applets may function correctly BUT Interactions that were not or could not be tested may cause failures E.g., attempts to use same Windows registry key in conflicting ways Complexity of operating environment may preclude provable safety
19 Copyright © 2013 M. E. Kabay. All rights reserved. Client Responsibilities (1) Fundamental issue: Browser running mobile code may allow change to persistent state of operating system Use nonprivileged account wherever possible when browsing Web Windows XP SP2 offers Data Execution Prevention (DEP) Monitors use of memory to restrict access to protected areas Windows 7 Stronger partition between administrator privileges and normal user mode AppLocker allows admin control over allowable execution of code
20 Copyright © 2013 M. E. Kabay. All rights reserved. Client Responsibilities (2) Virtual Machine (VM) technology Significant potential for security improvement Can instantiate a desktop for specific purpose Complete isolation from rest of system Expendable WWW browser Run on VM desktop Delete when finished Bad effects of harmful code could be Isolated Evanescent
22 Copyright © 2013 M. E. Kabay. All rights reserved. Recommendations for Mobile Code Security Client systems Bar acceptance of unsigned controls and applets Restrict use of ActiveX Restrict acceptance of pop-ups Developers Follow good software engineering practices Grant minimum necessary privileges & access Use defensive programming Limit privileged access Ensure integrity of code-signing process Protect signing keys against compromise
23 Copyright © 2013 M. E. Kabay. All rights reserved. Now go and study
Access Control 1. Given Credit Where It Is Due Most of the lecture notes are based on slides by Dr. Daniel M. Zimmerman at CALTECH Some slides are from.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Fundamentals of Information Systems Security.
Active X and Signed Applets Chad Bollard. Overview ActiveX Security Features Hidden Problems Signed Applets Security Features Security Problems.
Chapter 7: E-Commerce Security and Payment system CMPD 424 E-Commerce.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Computer Security and Penetration Testing Chapter 13 Programming Exploits.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 29Slide 1 Configuration management l Managing the products of system change l Objectives.
©Ian Sommerville 2007Change Management Slide 1 Software change management.
© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 16 Secure Coding in Java and.NET Part 1: Fundamentals.
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Presented by Manager, MIS. GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.
Lecture 14 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Java – in context Main Features From Sun Microsystems ‘White Paper’
CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.
Chapter 17: WEB COMPONENTS By Chuong Vu. Chapter Contents Current Web Components and Concerns Web protocols – SSL/TLS, HTTP/HTTPS, DAP/LDAP, FTP/SFTP.
11/2/2013 2:02:38 AM 5864_ER_FED 1 Importing Certificates into Lotus Notes R6.
Module 2 – User Safety Privacy Attacks on end users Browser vulnerabilities.
Distributed System’s Middleware: DCOM's ActiveX versus Java's JavaBeans and CORBA's IIOP.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Java & The Android Stack: A Security Analysis Pragati Ogal Rai Mobile Technology Evangelist PayPal, eBay Java.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Web Security A how to guide on Keeping your Website Safe. By: Robert Black.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.
Application Security Chapter 8 Copyright Pearson Prentice Hall 2013.
ACT User Meeting June Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.
Client Side Vulnerabilities Aka, The Perils of HTTP Lesson 14.
J ava P rogramming: From Problem Analysis to Program Design, From Problem Analysis to Program Design, Second Edition Second Edition D.S. Malik D.S. Malik.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
IT Essentials 5.0 Overview February Cisco Public © 2013 Cisco and/or its affiliates. All rights reserved. 2.
Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Compatibility and Interoperability Requirements. Agenda Compatibility and interoperability requirements Support for x64 versions Signing files and drivers.
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
1 Copyright © 2005, Oracle. All rights reserved. Introducing the Java and Oracle Platforms.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Introduction to Computer Administration Introduction.
Phishing, what you should know L kout Initiative Office of Information Technology.
© GlobalSign. A GMO Internet Inc group company. Authentication. Security. Trust. Code Signing Distributing trustworthy software over the Internet.
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
CS CS 5150 Software Engineering Lecture 18 Security.
© 2016 SlidePlayer.com Inc. All rights reserved.