1 / 8

Security through Obscurity

This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep track of these action items during your presentation In Slide Show, click on the right mouse button Select “Meeting Minder” Select the “Action Items” tab

audrey-noel
Download Presentation

Security through Obscurity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep track of these action items during your presentation • In Slide Show, click on the right mouse button • Select “Meeting Minder” • Select the “Action Items” tab • Type in action items as they come up • Click OK to dismiss this box • This will automatically create an Action Item slide at the end of your presentation with your points entered. Security through Obscurity Jalkanen, Mättö, Perttunen Final Report

  2. STO: Introduction • Alter protocols, algorithms, data • hiding password file • Not an obstacle • Depended on persons that implement the system

  3. STO: Objectives of the Study • Cost-Benefit Analysis • Security vs. Convenience • Special purpose machine • Firewall • Effective but simple • Easy to change

  4. Methods • Kernel checks binaries for an obscure symbol • Authenticating binaries through a cryptosystem • API of the kernel is changed through modification of syscalls • The order of kernel functions is changed in the syscall table

  5. Analysis: Weaknesses • Modifications can be detected by comparing with originals • Unexpected and unwanted results (read() -> write()) • Commercial software is tricky • Compilers and dynamic linker must be removed • A separate compilation environment needs to be maintained

  6. Analysis: Strengths • Very easy implementation (except for extra trouble due to recompilation) • Stops inexperienced hackers and “root kits” • Not dependant on authors - can be easily communicated to new personnel

  7. What Can Be Done More? • Modify libraries, too! • Generate random syscall table every month/week/boot • Removal of read-priviledges of binaries & no core dumps • Shifting syscall table to prevent unexpected results

  8. Conclusions • Yeah, it would work… but: • not recommendable on a larger scale • impossible to maintain in a bigger organization • cannot stop a determined hacker^H^H^H^H^H^Hintruder

More Related