CSCE 522 Lecture 12 Program Security Malicious Code.

Slides:

Advertisements

Similar presentations

Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,

Advertisements

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Chapter 3 (Part 1) Network Security

A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys,

Lecture 14 Program Flaws CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Csilla Farkas and Brandon Phillips.

ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.

Chapter 14 Computer Security Threats

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.

Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Viruses and Worms By: Olga Bibas. Malicious Programs are perhaps the most sophisticated threats to computer systems. These threats can be divided into.

Video Following is a video of what can happen if you don’t update your security settings! security.

1 Ola Flygt Växjö University, Sweden Malicious Software.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

The Utility Programs: The system programs which perform the general system support and maintenance tasks are known as utility programs. Tasks performed.

Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:

CSCE 201 Attacks on Desktop Computers: Malicious Code Hardware attacks.

Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.

Fundamentals of The Internet Learning outcomes After this session, you should be able to: Identify the threat of intruders in systems and networks and.

1 Chapter 19: Malicious Software Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal, U of Kentucky)

1 Higher Computing Topic 8: Supporting Software Updated

Information Technology Software. SYSTEM SOFTWARE.

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

10/11/2015 Computer virus By Al-janabi Rana J 1. 10/11/2015 A computer virus is a computer program that can copy itself and infect a computer without.

Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.

Administrative: Objective: –Tutorial on Risks –Phoenix recovery Outline for today.

Lecture 14 Overview. Secure programs Security implies some degree of trust that the program enforces expected – confidentiality, – integrity, and – availability.

Malicious Code By Diana Peng. What is Malicious Code? Unanticipated or undesired effects in programs/program parts, caused by an agent with damaging intentions.

Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.

Name: Perpetual Ifeanyi Onyia Topic: Virus, Worms, & Trojan Horses.

30.1 Lecture 30 Security II Based on Silberschatz & Galvin’s slides And Stallings’ slides.

CSCE 522 Lecture 12 Program Security Malicious Code.

For any query mail to or BITS Pilani Lecture # 1.

Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 25 – Virus Detection and Prevention.

Program Security Malicious Code Program Security Malicious Code.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.

CONTENTS What is Virus ? Types of computer viruses.

Malicious Software.

n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

Chapter 19 – Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature: Awaiting the blow. —On War,

1 Security in Computing Module 1 Introduction. What Is Security? “The quality or state of being secure—to be free from danger” 2.

Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.

Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.

Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

Candidates should be able to:  describe the purpose and use of common utility programs for:  computer security (antivirus, spyware protection and firewalls)

MALICIOUS SOFTWARE Rishu sihotra TE Computer

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Malicious Programs (1) Viruses have the ability to replicate themselves Other Malicious programs may be installed by hand on a single machine. They may.

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

Detected by, M.Nitin kumar ( ) Sagar kumar sahu ( )

Britanny polca Objectives: * Identify what Malicious code is * Know the categories of Malicious code * Introduce you to the parts of Malicious software.

Viruses and Other Malicious Content

CSE565: Computer Security Lecture 27 Program Security

WHAT IS A VIRUS? A Computer Virus is a computer program that can copy itself and infect a computer A Computer Virus is a computer program that can copy.

Chap 10 Malicious Software.

Program Security Jagdish S. Gangolly School of Business

Chapter 23: Vulnerability Analysis

Chap 10 Malicious Software.

Presentation transcript:

CSCE 522 Lecture 12 Program Security Malicious Code

CSCE Farkas2 Reading Reading for this lecture: Required: – Pfleeger: Ch. 3 Recommended: – USC Computing Services – Virus Information Center – L. Constantin, Eastern European cybercriminals trump Asian counterparts, researchers say, rn_European_cybercriminals_trump_Asian_counterpart s_researchers_say?taxonomyId=82&pageNumber=1 rn_European_cybercriminals_trump_Asian_counterpart s_researchers_say?taxonomyId=82&pageNumber=1

CSCE Farkas3 Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system

CSCE Farkas4 Security Flaws by Genesis Genesis – Intentional Malicious: Trojan Horse, Trapdoor, Logic Bomb, Worms, Virus Non-malicious – Inadvertent Validation error Domain error Serialization error Identification/authentication error Other error

CSCE Farkas5 Flaws by time Time of introduction – During development Requirement/specification/design Source code Object code – During maintenance – During operation

CSCE Farkas6 Flaws by Location Location – Software Operating system: system initialization, memory management, process management, device management, file management, identification/authentication, other Support: privileged utilities, unprivileged utilities Application – Hardware

CSCE Farkas7 Slammer Worm The Slammer worm (Sapphire worm) was the fastest worm in history – Start: Saturday, Jan. 25, 2003 – Doubled in size every 8.5 seconds at its peak – Infected more than 90 percent of the vulnerable hosts within 10 minutes using a vulnerability in Microsoft's SQL Server – Total infected: more than 75,000 hosts – Flooded networks all over the world, caused disruptions to financial institutions, ATMs, and even an election in Canada – s.html s.html

CSCE Farkas8 History 1982: Elk Cloner 1983: “virus” 1988: Internet Worm 1990: antivirus software 2000s: virus mitigation

CSCE Farkas9 Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. Propagates and performs some unwanted function. Viruses are not programs - they cannot run on their own. Bacteria: make copies of themselves to overwhelm a computer system's resources. Denying the user access to the resources.

CSCE Farkas10 Kinds of Malicious Code Worm: a program that propagates copies of itself through the network. Independent program. May carry other code, including programs and viruses. Trojan Horse: secret, undocumented routine embedded within a useful program. Execution of the program results in execution of secret code.

CSCE Farkas11 Kinds of Malicious Code Logic bomb, time bomb: programmed threats that lie dormant for an extended period of time until they are triggered. When triggered, malicious code is executed. Trapdoor: secret, undocumented entry point into a program, used to grant access without normal methods of access authentication. Dropper: Not a virus or infected file. When executed, it installs a virus into memory, on to the disk, or into a file.

CSCE Farkas12 Virus Virus lifecycle: 1. Dormant phase: the virus is idle. (not all viruses have this stage) 2. Propagation phase: the virus places an identical copy of itself into other programs of into certain system areas. 3. Triggering phase: the virus is activated to perform the function for which it was created. 4. Execution phase: the function is performed. The function may be harmless or damaging.

CSCE Farkas13 Virus Types Parasitic virus: most common form. Attaches itself to a file and replicates when the infected program is executed. Memory resident virus: lodged in main memory as part of a resident system program. Virus may infect every program that executes.

CSCE Farkas14 Virus Types Boot Sector Viruses: – Infects the boot record and spreads when system is booted. – Gains control of machine before the virus detection tools. – Very hard to notice – Carrier files: AUTOEXEC.BAT, CONFIG.SYS,IO.SYS

CSCE Farkas15 Virus Types Stealth virus: a form of virus explicitly designed to hide from detection by antivirus software. Polymorphic virus: a virus that mutates with every infection making detection by the “signature” of the virus difficult.

CSCE Farkas16 How Viruses Append Original program virus Original program virus Virus appended to program +=

CSCE Farkas17 How Viruses Append Original program virus Original program Virus-1 Virus surrounding a program += Virus-2

CSCE Farkas18 How Viruses Append Original program virus Original program Virus-1 Virus integrated into program += Virus-2 Virus-3 Virus-4

CSCE Farkas19 How Viruses Gain Control Virus V has to be invoked instead of target T. – V overwrites T – V changes pointers from T to V High risk virus properties: – Hard to detect – Hard to destroy – Spread infection widely – Can re-infect – Easy to create – Machine independent

CSCE Farkas20 Virus Signatures Storage pattern – Code always located on a specific address – Increased file size Execution pattern Transmission pattern Polymorphic Viruses

CSCE Farkas21 Antivirus Approaches Detection: determine infection and locate the virus. Identification: identify the specific virus. Removal: remove the virus from all infected systems, so the disease cannot spread further. Recovery: restore the system to its original state.

CSCE Farkas22 Preventing Virus Infection Prevention: Good source of software installed Isolated testing phase Use virus detectors Limit damage: Make bootable diskette Make and retain backup copies important resources

CSCE Farkas23 Worm Self-replicating (like virus) Objective: system penetration (intruder) Phases: dormant, propagation, triggering, and execution Propagation: – Searches for other systems to infect (e.g., host tables) – Establishes connection with remote system – Copies itself to remote system – Execute

CSCE Farkas24 Covert Channel - Trojan Horse John Spy Only John is permitted to access the document MS Word Document Spy’s Document copy TH install copy

CSCE Farkas25 Covert Channel Need: Two active agents – Sender (has access to unauthorized information) – e.g., TH in MS Word – Receiver ( reads sent information) – e.g., program creating the copy Encoding schema – How the information is sent – e.g., File F exists  0 File F is does not exist  1 Synchronization – e.g., when to check for existence of F

CSCE Farkas26 Storage Covert Channels Based on properties of resources Examples: – File locks – Delete/create file – Memory allocation

CSCE Farkas27 Timing Covert Channel Time is the factor – how fast Examples: – Processing time – Transmission time

CSCE Farkas28 Covert Channel Detection and Removal Identification: Shared resources Program code correctness Information flow analysis Removal: Total removal – may not be possible Reduce bandwidth

CSCE Farkas29 Next Class Network Security