1 Chapter 3 (Part 1) Network Security Chapter 3 – Program SecuritySection 3.1 Secure ProgramsSection 3.2 Nonmalicious Program ErrorsSection 3.3 Viruses and Other Malicious Code
2 In this Section Programming errors with security implications Malicious Code Program Development and ControlsControls to protect against flaws in executionPrograms (lots of them)have errorsHow do we keep programs from flaws?How do we protect computing resources against programs that contain flaws?
3 Secure Programs What is a secure program? Everyone has there own requirement of secure.Part of assessing software qualityDoes it meet security requirements in specification? (is requirements complete?)In general, we often look at quantity and types of faults for evidence of security (or lack of it). We track these things.
4 Who’s Fault is it? Finding lots of faults in software early. NOT GOOD.Early approaches were “Penetrate” and then “Patch”Repairing with a patch is a narrow focus and not the more important requirements.Patches can cause other problems.Non obvious side effectsFix one places – fails anotherPerformance or function suffers
5 Types of FlawsValidation error (incomplete or inconsistent): permissions checksDomain error: controlled access to dataSerialization and aliasing: program flow orderInadequate identification and authentication: basis for authorizationBoundary condition violation: failure on first or last caseOther exploitable logic errors
6 Unexpected Behavior Unexpected behavior is a program security flaw. Does the program behave as it was designed?Behavior can be:Vulnerability (class of fault)Flaw (fault or failure)Flaw (human)InadvertentIntentional
7 Nonmalicious Program Errors Buffer OverflowsExcess information provided – overfilling the bucketBuffer – space in which data is held (array or string)char sample or char sample[i]For (i=0; I<=9; i++) sample[i] = ‘A’;sample = ‘B’;
9 Nonmalicious Program Errors Incomplete MediationSupplying the wrong type of data being requested.Supplying the wrong length of data being requested.ProblemSystem FailsSupply of Bad DataMust be checked by programmerClient side verses Server SideTime-of-Check to Time-of-Use ErrorsOld bait-n-switch
10 Viruses and Other Malicious Code Why worry about it?HarmWhat is it?Unexpected or undesired effects in program or data caused by an agent intent on damage.Agent is the writer of the codeMistakes are not malicious (human error)Virus – program that replicates itself to other programs by altering the program code.Transient virus – runs when host runsResident virus – resides in memory (active as a stand alone)
11 Logic Bomb – only on a condition Time bomb – only at certain time Trojan Horse – in addition to primary effect, has a second, non-obvious malicious effect.PasswordsLogic Bomb – only on a conditionTime bomb – only at certain timeTrapdoor (backdoor) – other means of privileged access; intentional and non-intentionalWorm – spreads virus via networkRabbit – replicates to exhaust recoursesViruses can append, surround and integrate
15 Figure 3-7 Virus Completely Replacing a Program.
16 Viruses (Continued) Document Virus Within the format of a documentMacro VirusAppealing Qualities for Virus WritersHard to detectNot easily destroyedSpreads widelyRe-infects easilyEasy to createMachine and OS independent
17 Viruses (Continued) Where do they live? One-Time Execution Virus – come in on ; these are popularBoot Sector VirusFrom the bootsrap (bootup); bootse ctor of the hard disk
18 Viruses (Continued) Where do they live? Memory-Resident Viruses Terminate and Stay Resident (TSR)Infects Windows System Registry to reloadApplicationsMacrosScriptsLibrariesImagesDocuments
19 Viruses (Continued) Virus Signatures Viruses are no completely invisibleThey all leave a signature pattern (DNA)Patterns are found with Virus ScannersVirus patternsAlways at same locationTop of file locationFile size growsStrange code; jump statementsHash or checksum change (later chapters)
21 Viruses (Continued) Transmission Patterns Polymorphic Virus – every changing virusEncrypting Virus – tries to hidePreventionCommercial software applicationsTest all softwareOpening attachmentsMake system imagesKeep copies of executable files and data filesVirus Detection Software
22 Viruses (Continued) Truths and Misconceptions about Viruses Viruses infect only Windows (False)Viruses can modify “hidden” or “read-only” files (True)Files only appear in executable files (False)Viruses spread only on disks or only through (false)Viruses cannot remain in memory when power is off (True/False)Viruses can not infect hardware. (True/False)Viruses can be malevolent, benign or benevolent (True)