Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science ©2002-2004 Matt Bishop.

Slides:



Advertisements
Similar presentations
Operating System Security
Advertisements

Lectures on File Management
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #19-1 Chapter 19: Malicious Logic What is malicious logic Types of malicious.
CS526: Information Security Chris Clifton November 25, 2003 Malicious Code.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #9-1 Chapter 19: Malicious Logic What is malicious logic Types of malicious logic.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Protection. Goals of Protection Operating system consists of a collection of objects, hardware or software Each object has a unique name and can be accessed.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Chapter 14: Protection.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
Understanding Security Lesson 6. Objective Domain Matrix Skills/ConceptsMTA Exam Objectives Understanding the System.Security Namespace Understand the.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
1GMS-VU : Module 2 Introduction to Information and Communication Technologies Module 2 Computer Software.
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
Page 19/4/2015 CSE 30341: Operating Systems Principles Raid storage  Raid – 0: Striping  Good I/O performance if spread across disks (equivalent to n.
Operating Systems Protection & Security.
1 September 14, 2006 Lecture 3 IS 2150 / TEL 2810 Introduction to Security.
Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.
Database Security And Audit. Databasics Data is stored in form of files Record : is a one related group of data (in a row) Schema : logical structure.
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
14.1 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 14: Protection Goals of Protection Principles of Protection Domain of Protection.
Defense Against the Dark Arts Dan Fleck CS469 Security Engineering Reference: Angelos Stavrou’s ISA564 and Computer Security by Bishop Coming up: Types.
1 Higher Computing Topic 8: Supporting Software Updated
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 AE4B33OSS Chapter 14: Protection Goals of Protection Principles of Protection Domain.
(c) Mitsubishi Electric Corp. 1 User Scenarios & Security Considerations in APPAGG part 2/ Nobuhiro Electric.
Chapter 6: Integrity Policies  Overview  Requirements  Biba’s models  Clark-Wilson model Introduction to Computer Security ©2004 Matt Bishop.
Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 18: Protection Goals of Protection Objects and Domains Access Matrix Implementation.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Protection (Chapter 14)
Protection Nadeem Majeed Choudhary
G53SEC 1 Reference Monitors Enforcement of Access Control.
14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,
Malicious Logic and Defenses. Malicious Logic Trojan Horse – A Trojan horse is a program with an overt (documented or known) effect and covert (undocumented.
UT DALLAS Erik Jonsson School of Engineering & Computer Science FEARLESS engineering Integrity Policies Murat Kantarcioglu.
Information Security in Distributed Systems Distributed Systems1.
Security Patterns for Web Services 02/03/05 Nelly A. Delessy.
The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy.
Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.
Lecture 4 Mechanisms & Kernel for NOSs. Mechanisms for Network Operating Systems  Network operating systems provide three basic mechanisms that support.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Chapter 14: Protection Silberschatz, Galvin and Gagne ©2005 Operating System Concepts – 7 th Edition, Apr 11, 2005 Chapter 14: Protection Goals.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Design Principles and Common Security Related Programming Problems
Understanding Security
VMM Based Rootkit Detection on Android
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore
Chapter 15: Access Control Mechanisms Dr. Wayne Summers Department of Computer Science Columbus State University
Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
Information Systems Design and Development Security Precautions Computing Science.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
Chapter 6 Integrity Policies
Chapter 19. Malicious Logic
Chapter 1: Introduction
Chapter 2: System Structures
Chapter 14: Protection.
Chapter 22: Malicious Logic
Security.
Chapter 29: Program Security
CS510 Operating System Foundations
Operating System Concepts
Chapter 6: Integrity Policies
Malicious Program and Protection
Access Control What’s New?
Presentation transcript:

Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science © Matt Bishop

Defenses Distinguish between data, instructions Limit objects accessible to processes Inhibit sharing Detect altering of files Detect actions beyond specifications Analyze statistical characteristics Computer Security: Art and Science © Matt Bishop

Guardians, Watchdogs System intercepts request to open file Program invoked to determine if access is to be allowed These are guardians or watchdogs Effectively redefines system (or library) calls Computer Security: Art and Science © Matt Bishop

Trust Trust the user to take explicit actions to limit their process’ protection domain sufficiently That is, enforce least privilege correctly Trust mechanisms to describe programs’ expected actions sufficiently for descriptions to be applied, and to handle commands without such descriptions properly Trust specific programs and kernel Problem: these are usually the first programs malicious logic attack Computer Security: Art and Science © Matt Bishop

Inhibit Sharing Use separation implicit in integrity policies Example: LOCK keeps single copy of shared procedure in memory Master directory associates unique owner with each procedure, and with each user a list of other users the first trusts Before executing any procedure, system checks that user executing procedure trusts procedure owner Computer Security: Art and Science © Matt Bishop

Multilevel Policies Put programs at the lowest security level, all subjects at higher levels By *-property, nothing can write to those programs By ss-property, anything can read (and execute) those programs Example: DG/UX system All executables in “virus protection region” below user and administrative regions Computer Security: Art and Science © Matt Bishop

Detect Alteration of Files Compute manipulation detection code (MDC) to generate signature block for each file, and save it Later, recompute MDC and compare to stored MDC If different, file has changed Example: tripwire Signature consists of file attributes, cryptographic checksums chosen from among MD4, MD5, HAVAL, SHS, CRC-16, CRC-32, etc.) Computer Security: Art and Science © Matt Bishop

Assumptions Files do not contain malicious logic when original signature block generated Pozzo & Grey: implement Biba’s model on LOCUS to make assumption explicit Credibility ratings assign trustworthiness numbers from 0 (untrusted) to n (signed, fully trusted) Subjects have risk levels Subjects can execute programs with credibility ratings ≥ risk level If credibility rating < risk level, must use special command to run program Computer Security: Art and Science © Matt Bishop

Antivirus Programs Look for specific sequences of bytes (called “virus signature” in file If found, warn user and/or disinfect file Each agent must look for known set of viruses Cannot deal with viruses not yet analyzed Due in part to undecidability of whether a generic program is a virus Computer Security: Art and Science © Matt Bishop

Detect Actions Beyond Spec Treat execution, infection as errors and apply fault tolerant techniques Example: break program into sequences of nonbranching instructions Checksum each sequence, encrypt result When run, processor recomputes checksum, and at each branch co-processor compares computed checksum with stored one If different, error occurred Computer Security: Art and Science © Matt Bishop

N-Version Programming Implement several different versions of algorithm Run them concurrently Check intermediate results periodically If disagreement, majority wins Assumptions Majority of programs not infected Underlying operating system secure Different algorithms with enough equal intermediate results may be infeasible Computer Security: Art and Science © Matt Bishop

Proof-Carrying Code Code consumer (user) specifies safety requirement Code producer (author) generates proof code meets this requirement Proof integrated with executable code Changing the code invalidates proof Binary (code + proof) delivered to consumer Consumer validates proof Example statistics on Berkeley Packet Filter: proofs 300–900 bytes, validated in 0.3 –1.3 ms Startup cost higher, runtime cost considerably shorter Computer Security: Art and Science © Matt Bishop

Detecting Statistical Changes Example: application had 3 programmers working on it, but statistical analysis shows code from a fourth person—may be from a Trojan horse or virus! Other attributes: more conditionals than in source; look for identical sequences of bytes not common to any library routine; increases in file size, frequency of writing to executables, etc. Denning: use intrusion detection system to detect these Computer Security: Art and Science © Matt Bishop

Key Points A perplexing problem How do you tell what the user asked for is not what the user intended? Strong typing leads to separating data, instructions File scanners most popular anti-virus agents Must be updated as new viruses come out Computer Security: Art and Science © Matt Bishop

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.