Chapter 3 (Part 1) Network Security

Slides:

Advertisements

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Advertisements

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.

CSE331: Introduction to Networks and Security Lecture 32 Fall 2002.

Lecturer: Fadwa Tlaelan

CPSC 6126 Computer Security Information Assurance.

Week 5 - Wednesday.  What did we talk about last time?  Attacks on hash functions.

Network Security Philadelphia UniversitylAhmad Al-Ghoul Module 5 Program Security  MModified by :Ahmad Al Ghoul  PPhiladelphia University.

CS526: Information Security Chris Clifton November 25, 2003 Malicious Code.

Last time Program security Flaws, faults, and failures

ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.

CSCE 201 Attacks on Desktop Computers: Malicious Code Hardware attacks.

 a crime committed on a computer network, esp. the Internet.

Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

1 Higher Computing Topic 8: Supporting Software Updated

Information Technology Software. SYSTEM SOFTWARE.

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

CSCE 522 Lecture 12 Program Security Malicious Code.

Week 6 - Wednesday.  What did we talk about last time?  Exam 1  Before that?  Program security  Non-malicious flaws.

Administrative: Objective: –Tutorial on Risks –Phoenix recovery Outline for today.

Malicious Code By Diana Peng. What is Malicious Code? Unanticipated or undesired effects in programs/program parts, caused by an agent with damaging intentions.

Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.

For more notes and topics visit: eITnotes.com.

Name: Perpetual Ifeanyi Onyia Topic: Virus, Worms, & Trojan Horses.

What is computer virus? Computer virus refers to a program which damages computer systems and/or destroys or erases data files.

Program Security Week-2. Programming Fault: When a human makes a mistake, called an error, in performing some software activity, the error may lead to.

CSCE 522 Lecture 12 Program Security Malicious Code.

For any query mail to or BITS Pilani Lecture # 1.

CIS 442: Chapter 2 Viruses. Malewares Maleware classifications and types Viruses Logical and time bombs Trojan horses and backdoors Worms Spam Spyware.

Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 25 – Virus Detection and Prevention.

Program Security Malicious Code Program Security Malicious Code.

Malicious Logic and Defenses. Malicious Logic Trojan Horse – A Trojan horse is a program with an overt (documented or known) effect and covert (undocumented.

CPSC 6126 Computer Security Information Assurance.

ITD 2323 Lesson 3 – Viruses and other Malicious Codes Prepared by Izwan Suhadak Ishak Lecturer FITM, UNISEL.

Malicious Software.

Chapter 19 – Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature: Awaiting the blow. —On War,

Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.

Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.

14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.

W elcome to our Presentation. Presentation Topic Virus.

Program Security 1. Program Security – Outline 3.1. Secure Programs – Defining & Testing Introduction Judging S/w Security by Fixing Faults Judging S/w.

Week 6 - Monday.  What did we talk about last time?  Quantum cryptography  Non-malicious program errors.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Malicious Programs (1) Viruses have the ability to replicate themselves Other Malicious programs may be installed by hand on a single machine. They may.

COMPUTERVIRUSES MALICIOUS CODES  Malicious code: It is an undesired program or part caused by an agent intent to damage.  Agent is Writer or Distributor.

Giảng viên hướng dẫn : Sinh viên : Hoàng Xuân Nhật Huy Nguyễn Nam Tiệp.

Computer Viruses Author: Alyse Allen.

CHAPTER 3 PROGRAM SECURITY.

Buffer Overflows Incomplete Access Control

Viruses and Other Malicious Content

CSE565: Computer Security Lecture 27 Program Security

WHAT IS A VIRUS? A Computer Virus is a computer program that can copy itself and infect a computer A Computer Virus is a computer program that can copy.

Text Book: Security in Computing

Chap 10 Malicious Software.

Program Security Jagdish S. Gangolly School of Business

Chapter 22: Malicious Logic

Chap 10 Malicious Software.

Malicious Program and Protection

Presentation transcript:

Chapter 3 (Part 1) Network Security Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code

In this Section Programming errors with security implications Malicious Code Program Development and Controls Controls to protect against flaws in execution Programs (lots of them)have errors How do we keep programs from flaws? How do we protect computing resources against programs that contain flaws?

Secure Programs What is a secure program? Everyone has there own requirement of secure. Part of assessing software quality Does it meet security requirements in specification? (is requirements complete?) In general, we often look at quantity and types of faults for evidence of security (or lack of it). We track these things.

Who’s Fault is it? Finding lots of faults in software early. NOT GOOD. Early approaches were “Penetrate” and then “Patch” Repairing with a patch is a narrow focus and not the more important requirements. Patches can cause other problems. Non obvious side effects Fix one places – fails another Performance or function suffers

Types of Flaws Validation error (incomplete or inconsistent): permissions checks Domain error: controlled access to data Serialization and aliasing: program flow order Inadequate identification and authentication: basis for authorization Boundary condition violation: failure on first or last case Other exploitable logic errors

Unexpected Behavior Unexpected behavior is a program security flaw. Does the program behave as it was designed? Behavior can be: Vulnerability (class of fault) Flaw (fault or failure) Flaw (human) Inadvertent Intentional

Nonmalicious Program Errors Buffer Overflows Excess information provided – overfilling the bucket Buffer – space in which data is held (array or string) char sample[10] or char sample[i] For (i=0; I<=9; i++) sample[i] = ‘A’; sample[10] = ‘B’;

Figure 3-1 Places Where a Buffer Can Overflow.

Nonmalicious Program Errors Incomplete Mediation Supplying the wrong type of data being requested. Supplying the wrong length of data being requested. Problem System Fails Supply of Bad Data Must be checked by programmer Client side verses Server Side Time-of-Check to Time-of-Use Errors Old bait-n-switch

Viruses and Other Malicious Code Why worry about it? Harm What is it? Unexpected or undesired effects in program or data caused by an agent intent on damage. Agent is the writer of the code Mistakes are not malicious (human error) Virus – program that replicates itself to other programs by altering the program code. Transient virus – runs when host runs Resident virus – resides in memory (active as a stand alone)

Logic Bomb – only on a condition Time bomb – only at certain time Trojan Horse – in addition to primary effect, has a second, non-obvious malicious effect. Passwords Logic Bomb – only on a condition Time bomb – only at certain time Trapdoor (backdoor) – other means of privileged access; intentional and non-intentional Worm – spreads virus via network Rabbit – replicates to exhaust recourses Viruses can append, surround and integrate

Figure 3-4 Virus Appended to a Program.

Figure 3-5 Virus Surrounding a Program.

Figure 3-6 Virus Integrated into a Program.

Figure 3-7 Virus Completely Replacing a Program.

Viruses (Continued) Document Virus Within the format of a document Macro Virus Appealing Qualities for Virus Writers Hard to detect Not easily destroyed Spreads widely Re-infects easily Easy to create Machine and OS independent

Viruses (Continued) Where do they live? One-Time Execution Virus – come in on EMAIL; these are popular Boot Sector Virus From the bootsrap (bootup); bootse ctor of the hard disk

Viruses (Continued) Where do they live? Memory-Resident Viruses Terminate and Stay Resident (TSR) Infects Windows System Registry to reload Applications Macros Scripts Libraries Images Documents

Viruses (Continued) Virus Signatures Viruses are no completely invisible They all leave a signature pattern (DNA) Patterns are found with Virus Scanners Virus patterns Always at same location Top of file location File size grows Strange code; jump statements Hash or checksum change (later chapters)

Figure 3-9 Recognizable Patterns in Viruses.

Viruses (Continued) Transmission Patterns Polymorphic Virus – every changing virus Encrypting Virus – tries to hide Prevention Commercial software applications Test all software Opening attachments Make system images Keep copies of executable files and data files Virus Detection Software

Viruses (Continued) Truths and Misconceptions about Viruses Viruses infect only Windows (False) Viruses can modify “hidden” or “read-only” files (True) Files only appear in executable files (False) Viruses spread only on disks or only through EMAIL (false) Viruses cannot remain in memory when power is off (True/False) Viruses can not infect hardware. (True/False) Viruses can be malevolent, benign or benevolent (True)