Presentation is loading. Please wait.

Presentation is loading. Please wait.

Program Security Jagdish S. Gangolly School of Business

Published byἙστία Μακρής Modified over 5 years ago

Similar presentations

Presentation on theme: "Program Security Jagdish S. Gangolly School of Business"— Presentation transcript:

1 Program Security Jagdish S. Gangolly School of Business
State University of New York at Albany NOTE: These notes are based on the book Security in Computing, by Charles & Shari Pfleeger (3rd ed) and are prepared solely for the students in the course Acc 661 at SUNY Albany. They are not to be used by others without the permission of the instructor. 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

2 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly
Program Security What does it mean to say a program is “secure”? Approaches to judge quality IEEE Terminology for quality Types of flaws: Inadvertent flaws Intentional flaws Nonmalicious Buffer overflows Incomplete mediation Time-of-check to Time-of-use errors 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

3 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly
Program Security Malicious code 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

4 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly
Program Security What does it mean to say a program is “secure”? Some measure of trust that it enforces confidentiality, integrity, and availability It takes too long to break through its security controls It runs for a period of time with no apparent failures It meets the security requirements in its specification 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

5 Approaches to judge quality
Penetrate-and-patch: Search for faults and develop patches Problems: Patches may introduce new faults Pressure to repair fault leads to a narrow focus on fault rather than on its context Compare requirements with behavior of programs 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

6 IEEE Terminology for quality
Error: when a human makes a mistake Fault: an incorrect step, command, process, or data definition in a computer program Failure: A departure from the system’s required behavior 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

7 Types of flaws: Inadvertent flaws
Validation error (incomplete or inconsistent) Domain error Serializing and aliasing Inadequate identification and authentication Boundary condition validation Other exploitable logic errors 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

8 Intentional flaws: Nonmalicious
Buffer overflows: Buffer is a place where data is held. Array bounds example (some languages do not check array bounds, and in others array bounds do not have to be pre-specified) Char sample[10]; Sample[10]=‘A’; 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

9 Buffer overflows (Continued)
The out-of-array-bounds data can overflow into User’s data space, overwriting other existing data User’s program data, Overlaying an already executed instruction, with no effect Overlay an instruction not yet executed, with the result an instruction with operation code 0X42 (internal code for character ‘B’) will be executed. If there is no such instruction, the system will halt with illegal instruction exception. Otherwise the machine will use succeeding bytes as if they were rest of the instruction 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

10 Buffer overflows (Continued)
What can a malicious programmer can do with buffer overflows? Replace code in the system space, insert overflow data corresponding to machine code for instructions, and gain control back from the operating system, with higher privileges. Cause an overflow into the stack, change either old stack pointer thereby changing the context for the calling procedure) or Return address to cause control to transfer where (s)he wants Pass parameters on to a web server that causes buffer overflow and crashes the program 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

11 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly
Incomplete mediation Pass parameters to a web server that causes it to fail due to data type error, or execute with a wrong result. This problem can be alleviated by client side checking of input, or by limiting the client-side choices only to valid ones (by drop-down boxes, check boxes, etc.). However, this can be rendered useless if the client manually edits the URLs in the http requests. 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

12 Time-of-check to Time-of-use errors
Also known as serialization or synchronization flaw During the time that an access to resources (files) is checked and the time the result of the check is used, the user can change the descriptor of the resource, thereby exploiting the lack of synchronization Use of digital signatures can alleviate this problem 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

13 Malicious code or Rogue program
Malicious code can do anything that a program can Malicious code runs under the user’s authority Malicious code can do anything that a user can, but without his/her permission or knowledge Definition: Unanticipated or undesired effects in programs or program parts, caused by an agent intent on damage. 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

14 Malicious code (Continued)
Kinds of malicious code: Virus: program that can pass on malicious code to other nonmalicious programs by modifying them Transient: its life depends on the life of the host Resident: locates itself in memory, and can remain active or be activated as a stand-alone program even after its attached program ends Trojan Horse: In addition to primary function, also has a non-obvious malicious effect Logic bomb: detonates when a specified condition occurs 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

15 Malicious code (Continued)
Time bomb: logic bomb whose trigger is a time or date Trapdoor or backdoor: Someone can access the program by other than obvious, direct call, perhaps with special privileges Worm: program that spreads copies of itself (as a standalone program) through a network Rabbit: virus or worm that self-replicates without bound, with the intent of exhausting some computing resource 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

16 Viruses & Targeted malicious code
How viruses attach & types of viruses Qualities appealing to virus writers Boot sector viruses and Memory-resident viruses Virus signatures Polymorphic viruses Virus prevention Targeted malicious code: Trapdoors, Salami attacks, covert channels 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

17 How viruses attach & types of viruses
For a virus to do its work, it must be executed. Once executed, it may install itself in permanent memory, or spread itself attachments: A common means is via attachments Virus appended to a program: when the program is executed, the virus is also executed Virus that surrounds a program: Runs the original program, but has control before and after the program execution Integrated virus: integrates itself into the original program Document virus: virus implemented in a formatted document 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

18 Qualities appealing to virus writers
Hard to detect Not easily destroyed or deactivated Spreads infection widely Can re-infect its home program or other programs Easy to create Machine independent and operating system independent 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

19 Boot sector viruses and Memory-resident viruses
Boot sector viruses: When a computer is turned on, firmware recognizes the hardware present, tests them, copies a fixed number of bytes from the disk to a location in memory (bootstrap), and jumps to that address in memory in transferring control to the operating system. Chaining bootstrap makes installation of viruses attractive (by breaking the chain). Memory-resident viruses: attached to memory-resident code since such code is executed frequently while the machine is running 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

20 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly
Polymorphic viruses A virus that can change its appearance Forms: More than one alternative but with equivalent beginning words, on installation one of the words is installed Move pieces of the virus around to make detection difficult Embed random numbers Encrypting viruses 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

21 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly
Virus signatures Pattern of bytes that provide telltale signs of a virus. They are used by virus scanners to detect the presence of the virus In case of attached viruses, the start of the virus code becomes detectable signature Suspicious patterns such as JUMP instructions at the beginning of programs used by scanners to detect viruses Scanners are effective only if up to date signatures are used 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

22 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly
Virus prevention Not sharing executable code Setting handlers not to automatically open attachments Be careful with large datasets and graphics since they can have embedded in them executables Be careful with Microsoft file design problem (operating system may switch to the application of the hidden file type) Use only commercial software acquired from reliable, well-established vendors (?) 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

23 Virus prevention (Continued)
Test all new software on an isolated computer Open attachments only when known to be safe Make a recoverable system image and store it safely Backups of executable system files Use detectors regularly and update frequently 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

24 Targeted malicious code
Trapdoors: undocumented entry point to a module Sources of trapdoors: During unit and integration testing, programmers use stubs (to mimic output) and drivers (to mimic input). They also embed control sequences in the design to support testing. If such code is not removed at the end of the testing, they can be used as trapdoors Poor error checking: Unacceptable input may not be caught but passed on to the user for use Undefined opcodes: hardware equivalent of poor error checking 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

25 Trapdoors (Continued)
Trapdoors can be useful in finding security flaws, but Left on purpose with full understanding of their potential consequences Must be documented Access to them must be controlled Causes of trapdoors: Trapdoors can persist in production because developers Forget to remove them Intentionally leave them for testing Intentionally leave them for program maintenance Intentionally leave them as covert means of access 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

26 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly
Salami attack Programs that disregard small amounts of money in computations (interest, tax calculations, etc.) may be vulnerable to salami attack where such shavings from transactions can be accumulated elsewhere Auditing of corrections in computations involving large volume of transactions involving small amounts of money can prevent salami attacks 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

27 Covert channels: Programs that leak information
Covert channels communicate information to those who should not be receiving it. Ways of creating covert channels: Trojan horses By encoding the format of data values in another innocuous report by varying the format of the output (changing the length of lines, last digit in insignificant field, etc,) Storage channels, using file locks. Service programs and the spy need a common timing source broken into intervals Timing channels pass information by using the speed at which things happen. 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

28 Covert channels: How to identify them
Covert channels need shared resources. Shared resource matrix: 11/20/2018 Acc 661 Auditing of Adv Acctg Sys (Spring 2003) Gangolly

Download ppt "Program Security Jagdish S. Gangolly School of Business"

Similar presentations

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
Lectures on File Management

Lectures on File Management
Presented by: Melissa Dark CERIAS, Purdue University.

Presented by: Melissa Dark CERIAS, Purdue University.
Lecturer: Fadwa Tlaelan

Lecturer: Fadwa Tlaelan
CPSC 6126 Computer Security Information Assurance.

CPSC 6126 Computer Security Information Assurance.
Chapter 3 (Part 1) Network Security

Chapter 3 (Part 1) Network Security
A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys,

A Taxonomy of Computer Program Security Flaws C. E. Landwehr, A. R. Bull, J. P. McDermott and W.S. Choi -- Presented by: Feng Hui Luo ACM Computing Surveys,
Unit 18 Data Security 1.

Unit 18 Data Security 1.
ITMS- 3153 Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.

ITMS Information Systems Security 1. Malicious Code Malicious code or rogue program is the general name for unanticipated or undesired effects in.
95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.

95-752:8-1 Application Security :8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.
________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Copyright © 1995-2009 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.

Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.
Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,

Chap 3: Program Security.  Programming errors with security implications: buffer overflows, incomplete access control  Malicious code: viruses, worms,
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Similar presentations

Ads by Google