Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSC 382/582: Computer Security

Published byBirthe Line Iversen Modified over 5 years ago

Similar presentations

Presentation on theme: "CSC 382/582: Computer Security"— Presentation transcript:

1 CSC 382/582: Computer Security
Integrity Management CSC 382/582: Computer Security

2 Models of Intrusion Detection
Misuse detection You know what’s bad. Attempt to detect bad items. Anti-virus and anti-spyware tools. Anomaly detection You know what’s good. Attempt to detect deviations from good state. Host Intrusion Detection Systems (HIDS). CSC 382/582: Computer Security

3 Theory of Malicious Code
Theorem 22-1: It is undecidable whether an arbitrary program contains a computer virus. Proof: Define virus v as TM program that copies v to other parts of the tape, while not overwriting any part of v. Reduce to Halting Problem: T’ running code V’ reproduces V iff running T on V halts. Theorem 22-2: It is undecidable whether an arbitrary program contains malicious logic. CSC 382/582: Computer Security

4 CSC 382/582: Computer Security
Detecting Malware Signature-based Look for known patterns in malicious code. Defeated by polymorphic viruses. Smart scanning Skips junk instructions inserted by poly engines. Skips whitespace/case changes in macro viruses. Decryption Brute-forces simple XOR-based encryption. Checks decrypted text against small virus sig to decide whether has plaintext or not. CSC 382/582: Computer Security

5 CSC 382/582: Computer Security
Detecting Malware Code Emulation Execute potential malware on VM. Scan VM memory after certain # iterations. Watch instructions for decryptor profile. Code Optimization. Optimize away junk instructions and odd techniques used by polymorphic viruses. CSC 382/582: Computer Security

6 CSC 382/582: Computer Security
Detecting Malware Heuristics Code execution starts in last section. Suspicious code redirection. Suspicious section ACLs or size. Suspicious library routine imports. Hard-coded pointers into OS kernel. Neural Network Heuristics IBM researchers trained neural net to recognize difficult polymorphic viruses. Released in Symantec antivirus. CSC 382/582: Computer Security

7 CSC 382/582: Computer Security
Detecting Malware Behavior-based Watch for known actions from malicious code. Network access signature of worm. Unexpected use of dangerous system calls. Integrity Checking Host-based Intrusion Detection System. Record MAC, size, dates, ACL of files. Periodically check for changes. ex: Tripwire, AIDE CSC 382/582: Computer Security

8 CSC 382/582: Computer Security
References Ross Anderson, Security Engineering, Wiley, 2001. Matt Bishop, Computer Security: Art and Science, Addison-Wesley, 2003. William Cheswick, Steven Bellovin, and Avriel Rubin, Firewalls and Internet Security, 2/e, 2003. Fred Cohen, Simson Garfinkel, Gene Spafford, and Alan Schartz, Practical UNIX and Internet Security, 3/e, O’Reilly & Associates, 2003. Cyrus Peikari and Anton Chuvakin, Security Warrior, O’Reilly & Associates, 2003. Ed Skoudis and Lenny Zeltser, Malware: Fighting Malicious Code, Prentice Hall, 2003. Ed Skoudis, Counter Hack Reloaded 2/e, Prentice Hall, 2006. Peter Szor, The Art of Computer Virus Research and Defense, Addison-Wesley, 2005. CSC 382/582: Computer Security

Download ppt "CSC 382/582: Computer Security"

Similar presentations

Chapter 15 Computer Security Techniques

Chapter 15 Computer Security Techniques
Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.

1 Anti Virus vs virus System i-Specific Anti-Virus Product Ali ameen al said.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Malware.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Malware.
Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science ©2002-2004 Matt Bishop.

Malicious Logic What is malicious logic Types of malicious logic Defenses Computer Security: Art and Science © Matt Bishop.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Metamorphic Viruses Pat Walpole. Introduction What are metamorphic viruses Why they are dangerous Defenses against them.

Metamorphic Viruses Pat Walpole. Introduction What are metamorphic viruses Why they are dangerous Defenses against them.
Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.

Chapter 9 Security Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.
1 Malicious Logic CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 25, 2004.

1 Malicious Logic CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 25, 2004.
Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.

Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.
Dr. Richard Ford  Szor 11  Virus Scanners – how they work, why they matter, how to write one…

Dr. Richard Ford  Szor 11  Virus Scanners – how they work, why they matter, how to write one…
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Similar presentations

Ads by Google