Chap 3: Program Security

 Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms, Trojan horses  Program development controls against malicious code and vulnerabilities: software engineering principles and practices  Controls to protect against program flaws in execution: operating system support and administrative controls SE571 Security in Computing Dr. Ogara 2

 Malware infection – most common attack (67.1%)  Losses due to cybercrime Malicious insiders NOT responsible (only 59.1%) None of the losses due to non-malicious insider actions (only 39.5%)  New incidents Exploits of client’s Web browser Exploits of users’ social network profile (Source: Computer Security Institute 2010/2011 Survey ) SE571 Security in Computing Dr. Ogara 3

4

 What are programs?  Why do we need to secure them?  What do we secure them from?  How do we secure them?  What are security flaws?  What is a fault?  Causes of the fault  Effects of a fault  How to fix a fault SE571 Security in Computing Dr. Ogara 5

 What are programs? Pieces of code Are the heart of computing Examples - OS, device drivers, network infrastructure, DBMS,.exe files, applications, etc SE571 Security in Computing Dr. Ogara 6

 Why security at the program level? Programs are used by users Many programs perform variety of task Secure program implies some degree of trust  Confidentiality  Integrity  Availability Security characteristics depends on application and user’s perception about the quality of the application SE571 Security in Computing Dr. Ogara 7

 Fault Incorrect step, command or process in computer programs caused by human mistake(error) Inside view as seen by developers  Failure Departure from systems required behavior Outside view of the system as seen by users SE571 Security in Computing Dr. Ogara 8

 Fixing faults Penetrate and patch Patches introduce more problems Patches cause side effects SE571 Security in Computing Dr. Ogara 9

 Program security flaw An inappropriate program behavior caused by a program vulnerability Do the programs behave as the designers intended – unexpected behavior Vulnerability is a weakness in the security system Can derive from any kind of software fault Example, a program containing Trojan horse is vulnerable but the user may not see security flaw in the program SE571 Security in Computing Dr. Ogara 10

 Intentionally induced errors Malicious flaws Non-malicious flaws  Inadvertent flaws/Unintentional human errors Validation error Domain error Serialization and aliasing Inadequate identification &authentication Boundary condition violation Logic errors SE571 Security in Computing Dr. Ogara 11

 Buffer overflows  Incomplete mediation  Time-of-Check to Time-of-Use Errors  Combination of Non-malicious Program Flaws SE571 Security in Computing Dr. Ogara 12

 Analogy – Pouring 2 gal of water into 1 gal pitcher. Some water will spill out. Error leads to a mess  Buffer (array or string) is a space on which data can be held  Buffer resides in memory  Buffer’s capacity is finite  Because of this most programmers must declare needed buffer size SE571 Security in Computing Dr. Ogara 13

 Consider the code below For (i=0; i<=9; i++) Sample [i] = ‘A’; Sample [10] = ‘B’  Programs and data elements share space with OS, other codes and resident routine  Four cases to consider in deciding where extra character - ‘B’ goes SE571 Security in Computing Dr. Ogara 14

SE571 Security in Computing Dr. Ogara 15 Last two gives users access to systems data/privil eges

 Last 2 cases would cause problems System gets unstable b’se data is now inconsistent User code now runs system privileges  Although flaw is from honest mistake, attackers can exploit such flaws  Attacker may replace code in the system space by masquerading as the OS. SE571 Security in Computing Dr. Ogara 16

 Used less often  Occurs when access is not checked universally  Unchecked data values represent serious potential vulnerability SE571 Security in Computing Dr. Ogara 17

 Based on true story  Company selling products on their website  Web design flaw  Company passes price of items back to itself as parameters  Customer browser shows: 55A&qy=20&price =10&ship=boat&shipcost=5&total=205 SE571 Security in Computing Dr. Ogara 18

 Malicious attacker may change the parameters as follows: 55A&qy=20&price =1&ship=boat&shipcost=5&total=25  Buy products for less – pay $25 instead of $ 205. SE571 Security in Computing Dr. Ogara 19

 Exploits the delay between the time-of- check and time-of-use  Change may occur between time access was checked and time result of check was used  Analogy Agree on price Buyer counts stack of money Buyer takes back part of money without seller knowing (condition has changed before exchange) Buyer passes money, gets receipt and product (paid less) SE571 Security in Computing Dr. Ogara 20

 Prevention Avoid exposing critical parameters during any loss of control - access checking software must own request until requested action is complete Do not allow interruption (loss of control) during validation Validation routine can copy from the user’s space to the routine’s area—out of the user’s reach SE571 Security in Computing Dr. Ogara 21

 Uses three flaws above as one step in a multistep attack SE571 Security in Computing Dr. Ogara 22

 Why are they problems? Write message on screen Stop a running program Generate sound Erase a file My be triggered by time, date, event or condition Run with same authority as user – read, write, modify, delete privileges SE571 Security in Computing Dr. Ogara 23

 Viruses  Worms  Rabbit  Trojan horse  Trap doors  Logic bomb SE571 Security in Computing Dr. Ogara 24

 By running or installing programs containing viruses  attachments which execute automatically  Executable zip files  Macros SE571 Security in Computing Dr. Ogara 25

 Appended viruses  Viruses that surround a program  Integrated viruses and replacements  Document viruses – macros SE571 Security in Computing Dr. Ogara 26

SE571 Security in Computing Dr. Ogara 27

SE571 Security in Computing Dr. Ogara 28

SE571 Security in Computing Dr. Ogara 29

 Difficult to detect  Not easily destroyed or deactivated  Spread infection widely  Ability to re-infect home or other programs  Easy to create  Machine and OS independent SE571 Security in Computing Dr. Ogara 30

 Replacing home program  Boot sector viruses  Memory resident viruses  Macros SE571 Security in Computing Dr. Ogara 31

 Completely replacing a program SE571 Security in Computing Dr. Ogara 32

SE571 Security in Computing Dr. Ogara 33

 Based on signature Polymorphic viruses make it more difficult  Tracking storage patterns  Execution patterns  Transmission patterns Boot process Disk access Network connections SE571 Security in Computing Dr. Ogara 34

 Program that spread copies of itself across the network  Also copies itself as a stand alone program  Usually spread through a network  Example, Code red SE571 Security in Computing Dr. Ogara 35

 Merges bits of seemingly inconsequential data to produce powerful results  Programs disregard small amount of money during computations  These can be shaved off and accumulated elsewhere SE571 Security in Computing Dr. Ogara 36

 Name based on Greek legend mythology  Malicious code hides within or looks like legitimate program  Certain conditions triggers it  Does not replicate SE571 Security in Computing Dr. Ogara 37

 Hides in the computer  Allows someone from remote location to take control of your computer  Ability to execute programs, change settings, monitor activities and access files on a remote computer SE571 Security in Computing Dr. Ogara 38

 Class of malicious code that activates as a result of specific condition  Time dependent SE571 Security in Computing Dr. Ogara 39