A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys,

Slides:

Advertisements

Similar presentations

Virus Code Actions Clara Pirie & Eilidh Currie. Viruses A virus is a computer program that can copy itself and infect a computer without the permission.

Advertisements

COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.

Chapter 3 (Part 1) Network Security

Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips.

CS526: Information Security Chris Clifton November 25, 2003 Malicious Code.

POP QUIZ!!! What kind of software is Medisoft? Name ONE of the 4 things that you can do to data in Medisoft. What is the Medisoft Program Date? What key.

ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.

Computer Viruses.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Nasca Internet Networking and Security viruses.

Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.

Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,

Definitions  Virus A small piece of software that attaches itself to a program on the computer. It can cause serious damage to your computer.  Worm.

COMPREHENSIVE Excel Tutorial 8 Developing an Excel Application.

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Video Following is a video of what can happen if you don’t update your security settings! security.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Computer Literacy BASICS

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, S. Hansman and R. Hunt,

VIRUSES and DESTRUCTIVE PROGRAMS

The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.

CSCE 201 Attacks on Desktop Computers: Malicious Code Hardware attacks.

Computer Software Computer Technology Day 5. Software  Provides step-by-step instructions that tell the computer how to perform  Categories  System.

 a crime committed on a computer network, esp. the Internet.

Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

Information Technology Software. SYSTEM SOFTWARE.

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

CSCE 522 Lecture 12 Program Security Malicious Code.

10/11/2015 Computer virus By Al-janabi Rana J 1. 10/11/2015 A computer virus is a computer program that can copy itself and infect a computer without.

Input Output Excel Internet/ Etc.Grab Bag

Malicious Code By Diana Peng. What is Malicious Code? Unanticipated or undesired effects in programs/program parts, caused by an agent with damaging intentions.

Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.

Logic Bomb Virus.  The first use of a time bomb in software may have been with the scribe markup language and word processing system, developed by Brian.

Program Security Week-2. Programming Fault: When a human makes a mistake, called an error, in performing some software activity, the error may lead to.

Course code: ABI 204 Introduction to E-Commerce Chapter 5: Security Threats to Electronic Commerce AMA University 1.

CSCE 522 Lecture 12 Program Security Malicious Code.

Key Applications Module Lesson 21 — Access Essentials

Hosted by Andrew Benson Choice1Choice 2Choice 3Choice

We are here to help you… Fight something like this Brownies !

Program Security Malicious Code Program Security Malicious Code.

Malicious Logic and Defenses. Malicious Logic Trojan Horse – A Trojan horse is a program with an overt (documented or known) effect and covert (undocumented.

Chapter 23: Vulnerability Analysis Dr. Wayne Summers Department of Computer Science Columbus State University

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

Keyboarding Definitions. CD-Rom A CD-Rom is a compact disc used as a read- only memory device for a computer system. Read-only means you cannot make any.

Writing Secure Programs. Program Security CSCE Farkas/Eastman - Fall Program Flaws Taxonomy of flaws: how (genesis) when (time) where (location)

Overview of Database Security Introduction Security Problems Security Controls Designing Database Security.

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.

Covert Channels Eric Pennington COSC480. Common Network Threats  Viruses, Trojans, Worms, etc.  Password Attacks  Eavesdropping  Port Scanning  Not.

Britanny polca Objectives: * Identify what Malicious code is * Know the categories of Malicious code * Introduce you to the parts of Malicious software.

Vulnerability Analysis

Various Types of Malware

Viruses and Other Malicious Content

CSE565: Computer Security Lecture 27 Program Security

Computer Technology Notes 5

WHAT IS A VIRUS? A Computer Virus is a computer program that can copy itself and infect a computer A Computer Virus is a computer program that can copy.

Computer Viruses.

Text Book: Security in Computing

Computer security Computer security means protecting our computer system and the information they contain againts unwanted access, damage,destruction or.

Chap 10 Malicious Software.

Program Security Jagdish S. Gangolly School of Business

Chapter 23: Vulnerability Analysis

Chap 10 Malicious Software.

Malicious Program and Protection

Presentation transcript:

A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys, Vol. 26, No. 2, Sept. 1994

Outline Background Taxonomies of Security flaws Taxonomy by Genesis Conclusion Question

Background What is a security flaw in a program ? “A security flaw is a part of a program that can cause the system to violate its security requirements.” Why build taxonomies for computer security flaws? Learn from previous mistakes; Determine which areas of systems and processes need the most improvement; Seek better ways of building systems to meet security requirements. taxonomy: classification, division into ordered groups or categories.

Taxonomies of Security Flaws Taxonomy by genesis¹ -- How did the flaw enter the system ? Taxonomy by time of introduction -- When did the flaw enter the system ? Taxonomy by location -- Where in the system is the flaw manifest² ? 1. genesis: The coming into being of something; the origin. 2. manifest: Clearly apparent to the sight; appear introduced, found

Taxonomy by Genesis Intentional: Malicious Trojan Horse Non-Replicating Replicating Trapdoor Logic/Time bomb Non-malicious Convert channel Storage channel Timing channel Inadvertent: Validation error incomplete/inconsistent Domain error Serialization/aliasing Identification/authorization inadequate Boundary condition violation

Taxonomy by Time of Introduction During development: Requirement/specification/design Source code Object code During maintenance During operation

Software Operating System Memory management Process management Device management Supporting software Privileged Utilities Application software Hardware File management System initialization Identification/Authorization Taxonomy by Location Unprivileged Utilities

Easter Egg Vulnerability Easter egg is a piece of program insert into a commecial software product during the software development process and not meant to be part of the product. Security requirement: programs don’t have undocumented “features” which could be exploited as Trojan Horses. Example: Microsoft Excel 97 Fight Simulator Easter Egg: 1. On a new Worksheet, Press F5. 2. Type X97:L97 and hit enter 3. Press the tab key 4. Hold Ctrl-Shift 5. Click on the Chart Wizard toolbar button 6. Use mouse to fly around - Right button forward/ Left button reverse Let’s try to classify it using taxonomy by genesis.

Review Taxonomy by Genesis Intentional: Malicious Trojan Horse Non-Replicating Replicating Trapdoor Logic/Time bomb Non-malicious Convert channel Storage channel Timing channel Inadvertent: Validation error incomplete/inconsistent Domain error Serialization/aliasing Identification/authorization inadequate Boundary condition violation

Taxonomy by Genesis -- Intentional Malicious: Trojan horses: a program that disguises as a useful service but exploits program user’s rights. Virus: replicating itself by copying its code to another program files. Worm: replicating itself by creating new processes or files with its code.

Taxonomy by Genesis -- Intentional (Cont.) Malicious: Trapdoors: Pieces of code that response to special input, and allow unauthorized access to the system. Logic bomb/Time bomb: piece of code remains in the host system until a certain time or some events (or user actions) occur.

Taxonomy by Genesis -- Intentional (Cont.) Non-malicious Covert channel: a communication path in a computer system not intended by the system’s designers. Storage channel transfers information through bits (used to convey encoded information) setting by one program / bits reading by another. Timing channel: convey information by modulating system behavior over time to receive information of system behavior and infer protected information.

Possible Classification Solution to MS Excel 97 “Fly Simulator” Non-malicious: should be yes ? Covert channel: No Storage channel: No Timing channel: No Malicious: No ? Trojan horses: Yes Virus: No Worm: No Trapdoors: No ? Logic bomb/Time bomb: Yes, it is triggered by some user actions.

Conclusion: This paper proposed 3 taxonomies for security flaws in computer program. It provides an approach for evaluating problems in the system they built. The method of organizing security flaws helps to remove and prevent the introduction of security flaws. Limitation: The taxonomies were based on about 50 selected operating systems flaws, with no attempt to categorize flaws in application software (DBMS, etc.).

Question: Do you think the taxonomies in this paper are appropriate for the security flaw we found ? Is it easy to classify a security flaw or not?