100 likes | 275 Views
This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep track of these action items during your presentation In Slide Show, click on the right mouse button Select “Meeting Minder” Select the “Action Items” tab
E N D
This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep track of these action items during your presentation • In Slide Show, click on the right mouse button • Select “Meeting Minder” • Select the “Action Items” tab • Type in action items as they come up • Click OK to dismiss this box • This will automatically create an Action Item slide at the end of your presentation with your points entered. Security through Obscurity Jalkanen, Mättö, Perttunen Final Report
STO: Introduction • Alter protocols, algorithms, data • hiding password file • Not an obstacle • Depended on persons that implement the system
STO: Objectives of the Study • Cost-Benefit Analysis • Security vs. Convenience • Special purpose machine • Firewall • Effective but simple • Easy to change
Methods • Kernel checks binaries for an obscure symbol • Authenticating binaries through a cryptosystem • API of the kernel is changed through modification of syscalls • The order of kernel functions is changed in the syscall table
Analysis: Weaknesses • Modifications can be detected by comparing with originals • Unexpected and unwanted results (read() -> write()) • Commercial software is tricky • Compilers and dynamic linker must be removed • A separate compilation environment needs to be maintained
Analysis: Strengths • Very easy implementation (except for extra trouble due to recompilation) • Stops inexperienced hackers and “root kits” • Not dependant on authors - can be easily communicated to new personnel
What Can Be Done More? • Modify libraries, too! • Generate random syscall table every month/week/boot • Removal of read-priviledges of binaries & no core dumps • Shifting syscall table to prevent unexpected results
Conclusions • Yeah, it would work… but: • not recommendable on a larger scale • impossible to maintain in a bigger organization • cannot stop a determined hacker^H^H^H^H^H^Hintruder