220 likes | 624 Views
Chapter 3 (Part 2) Network Security. Chapter 3 – Program Security Section 3.4 Targeted Malicious Code Section 3.5 Controls Against Program Threats. In this Section . Program Threats Trapdoors Salami Attack Privilege Escalation Man-in-the-Middle Covert Channels
E N D
Chapter 3 (Part 2)Network Security Chapter 3 – Program Security Section 3.4 Targeted Malicious Code Section 3.5 Controls Against Program Threats
In this Section • Program Threats • Trapdoors • Salami Attack • Privilege Escalation • Man-in-the-Middle • Covert Channels • Controls Against Program Threats • Modularity • Mutual Suspicion • Hazard Analysis
Targeted Malicious Code • So far looked at code written to affect users and machines indiscriminately • Targeted Malicious Code – written for a particular system or application with a particular purpose • Similar to viruses but with the addition of new techniques
Trapdoor • Trapdoor – an undocumented entry point to a module. • Inserted for code development • “Hooks” to add additional future enhancements • Can be legitimate or non-legitmate • Software Testing • Unit Testing • Integration Testing • Stubs and Drivers – routines that inject information during testing • Control Stubs – used to invoke debugging code • Accidently left in place • Poor Error Checking
Trapdoors • Poorly defined Data • Incomplete Mediation • Undefined Opcodes – instructions that have not been defined for the processor • Trapdoors can be useful • Software audits may request trapdoors to be inserted • Trap doors should always be documented.
Causes of Trapdoors • Forgot to remove • Intentionally for Testing • Intentionally left for maintenance • Intentionally left for covert means of access • Trapdoors are not bad. They are not faults until the trapdoor is not shut. • A system is not secure if a trapdoor is present but unknown by others
Salami Attack • Named after the way scrap meat is used to form salami • Salami Attack – merges seemingly inconsequential bits of data to yield something important • Classic Salami Attacks • Missing ½ cent • Missing percentage • Taking a bit from a bunch • Charging higher fees • Why do they happen? • Sometimes programmers just except small errors • Code many times it to large to look for salami type errors
Rootkits • Rootkit – is a piece of malicious code that goes to great lengths not to be discovered • If discovered tries to reestablish itself • Tries to run itself as “root” on the system (UNIX administrator) • Resides between user and OS • Intercepts commands in order to keep itself hidden • Rootkit Revealer – program written to reveal rootkits • XCP rootkit – used to help prevent copying of music
Others • Privilege Escalation-Attack is a means for malicious code to be launched by a user with lower privileges but run with higher privileges • Interface Illusions - spoofing an attack in which all or part of a web page is false • Keystroke Logging – keeps a copy of everything pressed • Man-in-the-Middle Attack- Malicious program exists between tow programs • Timing Attack – identify how fast something happens
Covert Channels • Communication information to people/systems that should not have it • Unnoticed communication and accompanies other information • Data written to a drive, sent across a network, placed in a file or printout • Storage Channel – passes information based on presence or non-presence of data • File lock Channel – lock or non-lock of file • Timing Channels – varying speed in system or not using assigned computational time
Controls Against Program Threats • Development of Controls • Specify the system • Design the system • Implement the system • Test the system • Review the system at various stages • Document the system • Manage the system • Maintain the systems • Typically it is not one person that does all of these
Designing Secure and Usable Systems • You can’t retrofit usable security • Tools aren’t a solution • Min the upper layers • Keep the customers satisfied • Think Locally; act locally
Modularity • Small self-contained units • Modularity • Isolates • Hides • Keep it isolated from the effects of other components • Encapsulation – is isolation • Information Hiding – each component hides its precise implementation of some other design decision from others.
Modularization • Process of dividing into subtasks • Goal of Modular Units • Single-purpose • Small • Simple • Independent • Advantages of Modularity • Maintenance • Understandability • Reuse • Correctness • Testing
Modularity • High Cohesion • All the elements of a component have a logical and functional reason for being there • Low Coupling • The degree with which a component depends on other components in the system • Encapsulation – does not mean complete isolation • Information Hiding – a “black box” approach
Mutual Suspicion • Programs are not always trustworthy • Mutual suspicion – each program operates as if other routines in the system were malicious or incorrect • Confinement – program is strictly prohibited in what system resources can be accessed
Peer Reviews • Peer review • Hazard analysis • Testing • Good design • Predictions • Static analysis • Configuration management • Analysis of mistakes
Types of Peer Review • Review- presented formally • Walk-Through – creator leads and controls the discussion • Inspection – formal detailed analysis • Finding a fault and dealing with it: • By learning how, when, and why errors occur • By taking action to prevent mistakes • By scrutinizing products to find the instances and effects of errors that were missed.
Hazard Analysis/Testing • Hazard Analysis – set of systematic techniques to expose potentially hazardous system states. • Hazards and Operability Studies • Failure Modes and effects analysis • Fault tree analysis • Testing • Unit Testing • Integration Testing • Function Testing • Performance Testing • Acceptance Testing • Installation Testing • Regression Testing • Black-box Testing • Clear-box Testing • Independent Testing • Penetration Testing
Good Design • Using a philosophy of fault tolerance • Having a consistent policy for handling failures • Capturing the design rationale and history • Using design patterns • Passive fault detection – waiting for a system to fail • Active fault detection – construct a system that reacts to a failure
Good Design • Handling Problems • Retrying – restoring the system to previous state and try again • Correcting – resorting the system to previous state and correcting some system characteristic before trying again • Reporting – restoring and reporting but not trying again
Configuration Management • Who is making the changes • Corrective change • Adaptive change • Perfective change • Preventive change • Configuration Management – is the process by which we control changes during development and maintenance • Configuration identification • Configuration control and change management • Configuration auditing • Status accounting