1. Program Security Week-2

2. Programming Fault: When a human makes a mistake, called an error, in performing some software activity, the error may lead to a fault, or an incorrect step, command, process, or data definition in a computer program. For example, a designer may misunderstand a requirement and create a design that does not match the actual intent of the requirements analyst and the user. Failure: a departure from the system's required behavior. It can be discovered before or after system delivery, during testing, or during operation and maintenance. A Flaw can be either a fault or failure, and a Vulnerability usually describes a class of flaws, such as a buffer overflow.

3. Programming contd. Functional Requirements: The Functional Requirement document defines the capabilities and functions that a System must be able to perform successfully. Security Requirements: Types and levels of protection necessary for equipment, data, information, applications, and facilities. Unexpected Behaviour: The inadequacies of penetrate-and-patch led researchers to seek a better way to be confident that code meets its security requirements. One way to do that is to compare the requirements with the behavior.

4. Programming contd. Organised Design Top-down: is essentially the breaking down of a system to gain insight into its compositional sub-systems. Bottom-up: is the piecing together of systems to give rise to grander systems, thus making the original systems sub-systems of the emergent system. Waterfall Model

5. Programming contd. Organised Design CASE (Computer Aided Software Engineering) tool: it allows system developers to create prototype screens and report generators rapidly and easily. Language Choice Strongly Typed - each type of data is predefined as part of the programming language Example: Ruby, Python and so forth. “structured programming”, modularity, complexity Analyzable and Rigorous Semantics

6. Nonmalicious (unintentional) Programming Errors Buffer-overflows A buffer overflow is the computing equivalent of trying to pour two liters of water into a one-liter pitcher: Some water is going to spill out and make a mess. A buffer (or array or string) is a space in which data can be held. A buffer resides in memory. Because memory is finite, a buffer's capacity is finite.

7. Nonmalicious (unintentional) Programming Errors Incomplete mediation is another security problem that has been with us for decades. Attackers are exploiting it to cause security problems. http://www.somesite.com/subpage/userinput.asp?parm1=(808)555-1212 &parm2=2009Jan17 Using verification techniques can reduce the problem. Time-of-Check to Time-of-Use Errors Check for access permission occurs before use; condition changes between check and use. The time-of-check to time-of-use (TOCTTOU) flaw can be in a scenario of Web application that allows a user to edit pages, and also allows administrators to lock pages to prevent editing.

8. Virus and Other Malicious Code Types (Note: terminology is nonstandard) Virus: A virus is a program that can replicate itself and pass on malicious code to other nonmalicious programs by modifying them. Eg. Transient and Resident Virus. Worms: A worm is a program that spreads copies of itself through a network. Difference between a worm and a virus is that a worm operates through networks, and a virus can spread through any medium. A Trojan horse is malicious code that, in addition to its primary effect, has a second, nonobvious malicious effect.

9. Virus and Other Malicious Code Types (Note: terminology is nonstandard) Trapdoor/backdoor: a program features that allows others to gain access other than obvious or direct means. Logic bomb: malicious code that is triggered or detonated or goes off when a specified condition is met. A time bob is a logic bomb that whose trigger is a time or data

10. Virus and Other Malicious Code Transmission links email executable code in data files (macros, autorun code, helper applications) Gaining Control

11. Virus and Other Malicious Code Execution one-time on system startup or reboot on every activation of a program on an event Recognition signature, patterns polymorphic, viruses encrypted viruses

12. Targeted (intentional) Malicious Code Trapdoor: undocumented entry point to a program, for example, developers do this during testing. Salami attacks: “small thin slices” – typical example involve interest calculations. Small amounts of money (pennies) are accumulated elsewhere. Rootkits: It is a piece of malicious code that goes to great lengths not to be discovered or, if discovered and removed, to reestablish itself whenever possible. The name rootkit refers to the code's attempt to operate as root, the superprivileged user of a Unix system. Privilege escalation attack is a means for malicious code to be launched by a user with lower privileges but run with higher privileges.

13. Targeted (intentional) Malicious Code Interface Illusion – fake websites Keystroke loggers – retain copies of all keys presses. Man-In-The-Middle Attack – a program interjects itself between two the programs – e.g. user-input and application results. Covert channels – programs that leak information

14. Controls Depend in part on means of transmission of malicious code Some controls are not fool proof: - programming environment - testing (absence of flaws in testing does not imply absence of flaws in code) “vetting” or clearing programmers; using only programmers from a particular nation or having a particular certification - everyone makes human mistakes at some time - even well-vetted individuals can be malicious - programmers have method and opportunity; motive is hard to control completely

15. Controls Software development (programming environment and practices) controls testing (many types) program structure mutual suspicion genetic diversity Confined execution environment See many operating system confinement approaches in Chapter 3.

16. Thank You !