Transcript Document
Chap 3: Program Security
Programming errors with security implications:
buffer overflows, incomplete access control
Malicious code: viruses, worms, Trojan horses
Program development controls against malicious
code and vulnerabilities: software engineering
principles and practices
Controls to protect against program flaws in
execution: operating system support and
administrative controls
SE571 Security in Computing
Dr. Ogara
2
Malware
infection – most common attack
(67.1%)
Losses due to cybercrime
• Malicious insiders NOT responsible (only 59.1%)
• None of the losses due to non-malicious insider actions
(only 39.5%)
New
incidents
• Exploits of client’s Web browser
• Exploits of users’ social network profile
(Source: Computer Security Institute 2010/2011 Survey )
SE571 Security in Computing
Dr. Ogara
3
SE571 Security in Computing
Dr. Ogara
4
What
are programs?
Why do we need to secure them?
What do we secure them from?
How do we secure them?
What are security flaws?
What is a fault?
Causes of the fault
Effects of a fault
How to fix a fault
SE571 Security in Computing
Dr. Ogara
5
What
are programs?
• Pieces of code
• Are the heart of computing
• Examples - OS, device drivers, network
infrastructure, DBMS, .exe files, applications, etc
SE571 Security in Computing
Dr. Ogara
6
Why
security at the program level?
• Programs are used by users
• Many programs perform variety of task
• Secure program implies some degree of trust
Confidentiality
Integrity
Availability
• Security characteristics depends on application
and user’s perception about the quality of the
application
SE571 Security in Computing
Dr. Ogara
7
Fault
• Incorrect step, command or process in computer
programs caused by human mistake(error)
• Inside view as seen by developers
Failure
• Departure from systems required behavior
• Outside view of the system as seen by users
SE571 Security in Computing
Dr. Ogara
8
Fixing
faults
• Penetrate and patch
• Patches introduce more problems
• Patches cause side effects
SE571 Security in Computing
Dr. Ogara
9
Program security flaw
• An inappropriate program behavior caused by a
•
•
•
•
program vulnerability
Do the programs behave as the designers
intended – unexpected behavior
Vulnerability is a weakness in the security
system
Can derive from any kind of software fault
Example, a program containing Trojan horse is
vulnerable but the user may not see security
flaw in the program
SE571 Security in Computing
Dr. Ogara
10
Intentionally induced errors
• Malicious flaws
• Non-malicious flaws
Inadvertent flaws/Unintentional
errors
•
•
•
•
•
•
human
Validation error
Domain error
Serialization and aliasing
Inadequate identification &authentication
Boundary condition violation
Logic errors
SE571 Security in Computing
Dr. Ogara
11
Buffer
overflows
Incomplete mediation
Time-of-Check to Time-of-Use Errors
Combination of Non-malicious Program
Flaws
SE571 Security in Computing
Dr. Ogara
12
Analogy
– Pouring 2 gal of water into 1
gal pitcher. Some water will spill out.
Error leads to a mess
Buffer (array or string) is a space on
which data can be held
Buffer resides in memory
Buffer’s capacity is finite
Because of this most programmers must
declare needed buffer size
SE571 Security in Computing
Dr. Ogara
13
Consider
the code below
For (i=0; i<=9; i++)
Sample [i] = ‘A’;
Sample [10] = ‘B’
Programs
and data elements share space
with OS, other codes and resident routine
Four cases to consider in deciding where
extra character - ‘B’ goes
SE571 Security in Computing
Dr. Ogara
14
Last two
gives
users
access to
systems
data/privil
eges
SE571 Security in Computing
Dr. Ogara
15
Last
2 cases would cause problems
• System gets unstable b’se data is now
inconsistent
• User code now runs system privileges
Although
flaw is from honest mistake,
attackers can exploit such flaws
Attacker may replace code in the system
space by masquerading as the OS.
SE571 Security in Computing
Dr. Ogara
16
Used
less often
Occurs when access is not checked
universally
Unchecked data values represent serious
potential vulnerability
SE571 Security in Computing
Dr. Ogara
17
Based
on true story
Company selling products on their
website
Web design flaw
Company passes price of items back to
itself as parameters
Customer browser shows:
http://www.things.com/order.asp?custID=101&part=5
55A&qy=20&price
=10&ship=boat&shipcost=5&total=205
SE571 Security in Computing
Dr. Ogara
18
Malicious
attacker may change the
parameters as follows:
http://www.things.com/order.asp?custID=101&part=5
55A&qy=20&price
=1&ship=boat&shipcost=5&total=25
Buy
products for less – pay $25 instead of
$ 205.
SE571 Security in Computing
Dr. Ogara
19
Exploits
the delay between the time-ofcheck and time-of-use
Change may occur between time access
was checked and time result of check was
used
Analogy
• Agree on price
• Buyer counts stack of money
• Buyer takes back part of money without seller
knowing (condition has changed before exchange)
• Buyer passes money, gets receipt and product (paid
less)
SE571 Security in Computing
Dr. Ogara
20
Prevention
• Avoid exposing critical parameters during any
loss of control - access checking software must
own request until requested action is complete
• Do not allow interruption (loss of control) during
validation
• Validation routine can copy from the user’s space
to the routine’s area—out of the user’s reach
SE571 Security in Computing
Dr. Ogara
21
Uses
three flaws above as one step in a
multistep attack
SE571 Security in Computing
Dr. Ogara
22
Why
are they problems?
• Write message on screen
• Stop a running program
• Generate sound
• Erase a file
• My be triggered by time, date, event or
condition
• Run with same authority as user – read, write,
modify, delete privileges
SE571 Security in Computing
Dr. Ogara
23
Viruses
Worms
Rabbit
Trojan
horse
Trap doors
Logic bomb
SE571 Security in Computing
Dr. Ogara
24
By
running or installing programs
containing viruses
Email attachments which execute
automatically
Executable zip files
Macros
SE571 Security in Computing
Dr. Ogara
25
Appended
viruses
Viruses that surround a program
Integrated viruses and replacements
Document viruses – macros
SE571 Security in Computing
Dr. Ogara
26
SE571 Security in Computing
Dr. Ogara
27
SE571 Security in Computing
Dr. Ogara
28
SE571 Security in Computing
Dr. Ogara
29
Difficult
to detect
Not easily destroyed or deactivated
Spread infection widely
Ability to re-infect home or other
programs
Easy to create
Machine and OS independent
SE571 Security in Computing
Dr. Ogara
30
Replacing
home program
Boot sector viruses
Memory resident viruses
Macros
SE571 Security in Computing
Dr. Ogara
31
Completely
replacing a program
SE571 Security in Computing
Dr. Ogara
32
SE571 Security in Computing
Dr. Ogara
33
Based
on signature
• Polymorphic viruses make it more difficult
Tracking
storage patterns
Execution patterns
Transmission patterns
• Boot process
• Disk access
• Network connections
SE571 Security in Computing
Dr. Ogara
34
Program
that spread copies of itself
across the network
Also copies itself as a stand alone
program
Usually spread through a network
Example, Code red
SE571 Security in Computing
Dr. Ogara
35
Merges bits of seemingly inconsequential
data to produce powerful results
Programs disregard small amount of
money during computations
These can be shaved off and accumulated
elsewhere
SE571 Security in Computing
Dr. Ogara
36
Name
based on Greek legend mythology
Malicious code hides within or looks like
legitimate program
Certain conditions triggers it
Does not replicate
SE571 Security in Computing
Dr. Ogara
37
Hides
in the computer
Allows someone from remote location to
take control of your computer
Ability to execute programs, change
settings, monitor activities and access
files on a remote computer
SE571 Security in Computing
Dr. Ogara
38
Class
of malicious code that activates as a
result of specific condition
Time dependent
SE571 Security in Computing
Dr. Ogara
39