140 likes | 311 Views
Application Security. Malicious Code. Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks Trapdoors Worms/Viruses Bot Networks. Vulnerable Software. Buffer overflows Insecure running environment Insecure temporary files
E N D
Malicious Code • Vulnerable Software • Hacker toolkits • Back/Trapdoors • Greedy Programs / Logic bombs • Salami Attacks • Trapdoors • Worms/Viruses • Bot Networks
Vulnerable Software • Buffer overflows • Insecure running environment • Insecure temporary files • Insecure program calls • Weak encryption • Poor programming • “If people built buildings the way that programmers write software, the first woodpecker to come along would destroy civilization.”
Handling Vulnerabilities • Locating • Dealing with vendors • Applying patches • Disabling services • Reconfiguring software/services
Hacker Toolkits Programs that automatically scan for security problems on systems • Useful for system administrators to find problems for fixing • Useful for hackers to find problems for exploitation Examples: • SATAN • COPS • ISS Countermeasure: Detection Software
Back/Trapdoors • Pieces of code written into applications of operating systems to grant programmers easy access • Useful for debugging and monitoring • Too often, not removed • Examples: • Dennis Richie’s loging/compiler hack • Sendmail DEBUG mode • Countermeasures • Sandboxing • Code Reviews
Logic Bombs • Pieces of code to cause undesired effects when event occurs • Used to enforce licenses (time-outs) • Used for revenge by disgruntled • Can be hard to determine malicious • Examples • British accounting firm logic bomb • British bank hack • Countermeasures • Personnel security
Viruses • Pieces of code that attach to existing programs • Not distinct program • No beneficial use – VERY destructive • Examples: • Michelangelo • Love letter • Countermeasures • Virus detection/disinfection software
Structure of a Virus • Marker: determine if a potential carrier program has been previously infected • Infector: Seeks out potential carriers and infects • Trigger check: Establishes if current conditions are sufficient for manipulation • Manipulation: Carry out malicious task
Types of Viruses • Memory-resident • Hardware • Buffered • Hide-and-seek • Live-and-die • Boot segment • Macro
Worms • Stand-alone programs that copy themselves from system to system • Some use in network computation • Examples: • Dolphin worm (Xerox PARC) • Code Red (2001, $12B cost) • Morris Worm (1988, $20M cost) • Countermeasures • Sandboxing • Quick patching: fix holes, stop worm
Trojan Horses • Programs that have malicious covert purpose • Have been used for license enforcement • Examples: • FIX2001 • AOL4FREE • RIDBO • Countermeasures • Sandboxing • Code reviews
Greedy Programs • Programs that copy themselves • Core wars • Have been used in destructive web pages, standalone programs • Can be very difficult to show deliberate usage • Countermeasures: • CPU quotas on process families • Process quotas • Review of imported software & web pages
Bot Networks • Collections of compromised machines • Typically, compromised by scripts • Respond to commands, perhaps encrypted • Examples:LeavesCode Red II • Countermeasures: Vul patching, Integrity checks