Security Malware and Defenses Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Slides:



Advertisements
Similar presentations
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Advertisements

Thank you to IT Training at Indiana University Computer Malware.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.
3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.
What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
Buffer Overflow Attacks Figure (a) Situation when the main program is running. (b) After the procedure A has been called. (c) Buffer overflow shown.
Chapter 9 Security Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Chapter Nine Maintaining a Computer Part III: Malware.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
By, Anish Shanmugasundaram Yashwanth Sainath Jammi.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
IT security By Tilly Gerlack.
Rootkits. EC-Council The Problem  Microsoft Corp. security researchers are warning about a new generation of powerful system-monitoring programs, or.
 a crime committed on a computer network, esp. the Internet.
Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.
Introduction of Internet security Sui Wang IS300.
Computer Threats Cybercrimes are criminal acts conducted through the use of computers by cybercriminals. © 2009 Prentice-Hall, Inc. 1.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Malware.
1 Higher Computing Topic 8: Supporting Software Updated
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Viruses, Computer Security & Ethical Issues Digital Communication Systems Ms. Powers.
Administrative: Objective: –Tutorial on Risks –Phoenix recovery Outline for today.
Security. cs431-cotter2 Figure 9-1. Security goals and threats. Threats Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.
Types of Electronic Infection
Name: Perpetual Ifeanyi Onyia Topic: Virus, Worms, & Trojan Horses.
30.1 Lecture 30 Security II Based on Silberschatz & Galvin’s slides And Stallings’ slides.
For any query mail to or BITS Pilani Lecture # 1.
Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 25 – Virus Detection and Prevention.
Malicious Logic and Defenses. Malicious Logic Trojan Horse – A Trojan horse is a program with an overt (documented or known) effect and covert (undocumented.
Malicious Software.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.
Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Understand Malware LESSON Security Fundamentals.
W elcome to our Presentation. Presentation Topic Virus.
Types of Malware © 2014 Project Lead The Way, Inc.Computer Science and Software Engineering.
Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
Candidates should be able to:  describe the purpose and use of common utility programs for:  computer security (antivirus, spyware protection and firewalls)
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Malicious Programs (1) Viruses have the ability to replicate themselves Other Malicious programs may be installed by hand on a single machine. They may.
Detected by, M.Nitin kumar ( ) Sagar kumar sahu ( )
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Week-14 (Lecture-1) Malicious software and antivirus: 1. Malware A user can be tricked or forced into downloading malware comes in many forms, Ex. viruses,
Computer Security Keeping you and your computer safe in the digital world.
Security on the Internet Norman White ©2001. Security What is it? Confidentiality – Can my information be stolen? Integrity – Can it be changed? Availability.
Managing Windows Security
MODERN OPERATING SYSTEMS Third Edition ANDREW S
Chap 10 Malicious Software.
Chap 10 Malicious Software.
Presentation transcript:

Security Malware and Defenses Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

The Security Environment Threats Security goals and threats. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Computer Security Triad Three key objectives are at the heart of computer security Data and services Availability Confidentiality Integrity

Malware Malicious software – Trojan hourses, virus, worms,.. Etc Today’s malware is all about stealth Infected machines report back to attacker, its address, information…?? Attacker uses backdoor to control the infected machine…. Make it a zombie. A collection of zombies is called a botnet Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Malware Criminals can rent out botnets Keyloggers Identity theft Malware can lay in wait for something interesting Malware can interfere with competition’s production process Malware could target another person in the company to discredit that person Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Types of Malware Trojan Horse Virus Worm Spyware RootKits Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Trojan Horse Transport means…Getting victims to download virus without attacker’s intervention. Now you have to get the victim to run it Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Trojan Horse Download program somewhere in users PATH. (Find directory not secured) Pick a name of a mistyped command ‘la’. If the user mistypes ‘ls’ as ‘la’, the Trojan will run. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Trojan Horse Legitimate, but malicious, user Puts an infected version of ‘ls’ on the system. Call admin…… cd/home/mal ls –l Admin just ran Trojan with superuser privileges Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Viruses Virus is a program that can reproduce itself by attaching its code to another program. Often written in assembler or C. Attacker infects a program on his own machine, then gets that program distributed. Once installed on victim’s machine, it remains dormant until executed. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Virus Once activated… – Executes it payload – Often waits for a specific date or time – …. We want to make sure the virus is well distributed before people start noticing it. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Different Kinds of Viruses 1.Companion 2.Executable Program 3.Memory 4.Boot sector 5.Device Driver 6.Macro 7.Source code Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

1. Companion Virus Old virus type Runs with the program is supposed to run Ex: in old MS-DOS – We install a program named prog.com – When user enters prog, instead of prog.exe, our infected program is executed. – We’ll call prog.exe after our malicious activity and no one will be the wiser Can also be done with symbolic links Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

2. Executable Program Virus Overwrites the executable program with itself. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Executable Program Viruses (1) A recursive procedure that finds executable files on a UNIX system. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Executable Program Viruses (2) A recursive procedure that finds executable files on a UNIX system. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Executable Virus Overwriting virus is easy to detect…. Parasitic virus: this virus attaches itself to the program to do the bad thing, but allows the program to function normally afterward. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Executable Program Viruses (3) (a) An executable program. (b) With a virus at the front. (c) With a virus at the end. (d) With a virus spread over free space within the program. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved. Cavity Virus

3. Memory-Resident Viruses Stays in RAM, either hiding at the top of memory or down among the interrupt vectors (the last few hundred bytes are generally unused) Capture one of the interrupt vectors – Putting it’s own address there – Call the interrupt after it does what it does – Benefit.. It can run in system mode Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

4. Boot Sector Virus Virus that overwrites the master boot record or boot sector. Requires intimate knowledge of the operating system’s internal data structure Copies the first sector of the boot sector to a safe place so it can call it later. At start-up, it copies the virus to RAM Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Boot Sector Viruses (a) After the virus has captured all the interrupt and trap vectors. (b) After the operating system has retaken the printer interrupt vector. (c) After the virus has noticed the loss of the printer interrupt vector and recaptured it. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

5. Device Driver Viruses Infect the device driver – it’s just a executable programs that live on disk Device drivers are always loaded at boot time and may run kernel mode. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

6. Macro Viruses Virus attached to macros in Microsoft Office. Send the infected word document to someone. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

7. Source Code Viruses Very portable Looks for C code and changes it to call the virus. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Worms Self-replicating program Moves itself through the network and system without the victims help. Robert Morris Internet worm of 1988 Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Spyware Runs on the victims machine with victim knowing, doing things behind victim’s back 3 Broad categories – Marketing – Surveillance – Zombie army Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Actions Taken by Spyware (1) 1.Change the browser’s home page. 2.Modify the browser’s list of favorite (bookmarked) pages. 3.Add new toolbars to the browser. 4.Change the user’s default media player. 5.Change the user’s default search engine. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Actions Taken by Spyware (2) 6.Add new icons to the Windows desktop. 7.Replace banner ads on Web pages with those the spyware picks. 8.Put ads in the standard Windows dialog boxes 9.Generate a continuous and unstoppable stream of pop-up ads. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Rootkit A rootkit is a program or set of programs and files that attempts to conceal it’s existence Usually contains malware Where they hide is how they are defined…. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Types of Rootkits (1) Five kinds of rootkits – issue is where do they hide? 1.Firmware rootkit 2.Hypervisor rootkit 3.Kernel rootkit 4.Library rootkit 5.Application rootkit Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Types of Rootkits (2) Figure Five places a rootkit can hide. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Rootkit Detection Read the files in the directory – Unless the dir system call is infected Timing related – Does something take longer than it should Sony Rootkit Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Defenses Firewall Antivirus Code Signing Jailing Model-Based Intrusion Detection Encapsulating Mobile Code Java Security Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Defense 1: Firewalls A simplified view of a hardware firewall protecting a LAN with three computers No packets can enter or exit the LAN without approval from Firewall Stateless Firewall – Packet header information is used in approval Stateful Firewall – Firewall tracks connections … may inspect packets. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Defense 2: Antivirus Some techniques – Virus Scanner Goat file to attract a virus – After analysis of virus, add to database known viruses Store file lengths – If they change…. Potential problem Hunt for decryption procedure – If virus compresses to fit in pgm size.. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Virus Scanners (1) Figure (a) A program. (b) An infected program. (c) A compressed infected program. (d) An encrypted virus. (e) A compressed virus with encrypted compression code. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Antivirus (2) Some techniques – Integrity Checkers Compute checksum for clean files – Behavioral Checkers Monitor all activity Word shouldn’t overwrite a file Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Defense 3: Code Signing Using digital signatures to sign code Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Defense 4: Jailing The new program’s execution is monitored in a jail. System call is transferred to jailer who makes the decision if it is allowed. Like running in a debugger. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Defense 5: Model-Based Intrusion Detection Intrusion Detection System (IDS) 1.Network-Based IDS Focused on incoming packets 2.Host based IDS Static model-based intrusion detection Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Model-Based Intrusion Detection Static model-based intrusion detection – Implemented using jailing technique – Learn the ‘good’ behavior of a program from program model. Compiler can generate it and the author certifies it Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Model-Based Intrusion Detection (a) A program. (b) System call graph for (a). Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Defense 6: Encapsulating Mobile Code Problem: – Javascript, applets, agents… – Things that want to execute on our machines – Things we may want to let execute on our machines Defensive methods – Sandboxing – Interpretation Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Sandboxing (a) Memory divided into 16-MB sandboxes. (b) One way of checking an instruction for validity. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved. Divides virtual address into 2 regions: One for data One for code Confines applet to a limited range of virtual addresses enforced at runtime Guarantees the applet cannot jump to code outside its code or reference data outside data sandbox

Interpretation Run applets interpretively. Every instruction can be examined by interpreter. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Defense 7: Java Security Checks on applets include: 1.Does applet attempt to forge pointers? 2.Does it violate access restrictions on private-class members? 3.Does it try to use variable of one type as another? 4.Does it generate stack overflows or underflows? 5.Does it illegally convert variables of one type to another? Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Java Security (2) Some examples of protection that can be specified with JDK 1.2. Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

End Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.