SlideShare ist ein Scribd-Unternehmen logo

Program security chapter 3

E
Education

Computer Network Security Chapter 3

Ingenieurwesen
1 von 13
Downloaden Sie, um offline zu lesen
Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 1 Program security Two types of program flaws  Non-malicious program flaws  Malicious program flaws Non malicious program errors Being human, programmers and other developers make many mistakes, most of which are unintentional and non-malicious. Many such errors cause program malfunctions but do not lead to more serious security vulnerabilities.  Buffer overflows  Incomplete mediation  Time-of-check to time-of-use errors Buffer overflow A buffer overflow is the computing equivalent of trying to pour two liters of water into a one- liter pitcher: Some water is going to spill out and make a mess. And in computing, what a mess these errors have made. A buffer (or array or string) is a space in which data can be held. A buffer resides in memory. Because memory is finite, a buffer's capacity is finite. For this reason, in many programming languages the programmer must declare the buffer's maximum size so that the compiler can set aside that amount of space.  The computer equivalent of trying to pour two litre of water into a one-litre pitcher  A buffer is a space in which data can be held  Since memory is finite, so is the buffer  The programmer must declare the buffer size  char sample[10] sets a side ten bytes of memory The compiler sets aside 10 bytes to store this buffer, one byte for each of the ten elements of the array, sample[0] through sample[9]. Now we execute the statement  sample[10]=‘A’;  sample[i]=‘A’;  All program and data are in memory during execution, sharing the space with the OS, other code and resident routines  If the extra character overwrites user’s data, it may affect the program’s results but not other programs  If it overflows into the user’s program area, and overwrites an instruction to be executed the machine will try to execute 0x41 Security implications If the buffer overflows into system code space, the attacker merely inserts overflow data that correspond to the machine code for instructions. The attacker may make use of the stack pointer or the return register. Sub procedures calls are handled with a stack, a data structure in which the most recent item inserted is the next one removed (last arrived, first served).An alternative style of buffer overflow
Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 2 occurs when parameter values are passed into a routine, especially when the parameters are passed to a web server on the Inter-net.  The attacker may replace code in system space by other instructions which will cause control to be transferred to the attacker with OS privileges  The attacker could replace the return address  Identify what you are trying to protect.  Determine what you are trying to protect them from.  Determine how likely the threats are.  Implement steps that protect your assets in a cost effective manner  Review the process continuously making improvements when you find a weakness Incomplete mediation Incomplete mediation is another security problem that has been with us for decades. Attackers are exploiting it to cause security problems. Failure to perform “sanity checks” on data can lead to random or carefully planned flaws.  http://www.somesite.com/subpage/userinput&param1=(808)555- 1212&param2=2002Jan01  What if param2 were 1800Jan01? Or 1800Feb30? Or 2048Min32? Or 1Aardvark2Many?  A routine could fail on a data type error  Receiving program generates wrong result  The receiving program might have a default condition The two parameters look like a telephone number and a date. Probably the client's (user's) web browser enters those two values in their specified format for easy processing on the server's side. What would happen if parm2 were submitted as 1800Jan01? Or 1800Feb30? Or 2048Min32? Or 1Aardvark2Many? Something would likely fail. As with buffer overflows, one possibility is that the system would fail catastrophically, with a routine's failing on a data type error as it tried to handle a month named "Min" or even a year (like 1800) which was out of range. Another possibility is that the receiving program would continue to execute but would generate a very wrong result. (For example, imagine the amount of interest due today on a billing error with a start date of 1 Jan 1800.) Then again, the processing server might have a default condition, deciding to treat 1Aardvark2Many as 3 July 1947. The possibilities are endless. Time-to-check to time-of-use errors  Its Involves in synchronization.  Modern OSs and processors usually change the order of instruction execution to increase performance.  Instructions that appear to be adjacent may not be executed immediately after each other, because of intentionally changed order or the effects of other processes in concurrent execution.
Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 3  we want to make sure that only those who should access an object are allowed that access Every requested access must be governed by an access policy stating who is allowed access to what, then the request must be mediated by an access policy enforcement agent  An incomplete mediation problem occurs if the access is not checked universally. It is also known as a serialization or synchronization flaw.  A person draws five $20 bills from his pocket, carefully counts them and places them in front of the seller. When the seller turns around to make his bill, he takes back one $20 bill, hands over the stack of bills, takes his buy and leaves  An application request access to a file and passes a data structure. The mediator stores the filename locally and checks for access rights. While the mediator checks for access, the user may modify the locally stored file name and gain access to a different file The problem is called a time-of-check to time-of-use flaw because it exploits the delay between the two times. That is, between the time the access was checked and the time the result of the check was used, a change occurred, invalidating the result of the check. Security implication Checking one action and performing another is an example of ineffective access control. We must be wary whenever there is a time lag, making sure that there is no way to corrupt the check's results during that interval.  Solutions:  Digital signatures and certificates. Time-of-check is when someone signs and time-of-use is when anyone verifies the signature. If the private key is exposed, the key must be revoked Failures due to non-malicious flaws  ARPANET had hard coded 347 as the size of the node table  When a host’s node table reached 348, it crashed Viruses and other malicious code Malicious code can be a program or part of a program; a program part can even attach itself to another (good) program so that malicious effect occurs whenever the good program runs.occurs whenever the good program runs.  Much of the work done by programs is invisible to users. How can you tell if a game program does nothing in addition to its expected interaction with you?  Malicious people can make programs serve as vehicles to access and change data and other programs  Unanticipated or undesired effects in program parts Example of Malicious code-possibilities  Write a message to the screen  Stopping a running program  Generating a sound  Erasing a stored file Kinds of malicious code  Virus
Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 4  Trojan horse  Logic bomb  Backdoor  Worm  Rabbit Code Type Characteristics Virus Attaches itself to program and propagates copies of itself to other programs Trojan horse Contains unexpected, additional functionality Logic bomb Triggers action when condition occurs Time bomb Triggers action when specified time occurs Trapdoor Allows unauthorized access to functionality Worm Propagates copies of itself through a network Rabbit Replicates itself without limit to exhaust resource Virus  A program that can pass on malicious code to other non-malicious programs by modifying them  Virus can be transient or resident  Transient virus’s life depends on the life of its host: the virus runs when the host does  A resident virus locates itself in memory A program that pass on malicious code to other non malicious (program) by modifying them. Infects a program by attaching the program . A good program, once infected becomes a carrier and infects other program.
Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 5 Trojan horse Trojans are malicious programs that perform actions that have not been authorized by the user. These actions can include: Deleting data, blocking data, Modifying data, and Copying data, disrupting the performance of computers or computer networks.  A Trojan horse is malicious code that, in addition to its primary effect, has a second, nonobvious malicious effect.  As an example of a computer Trojan horse, consider a login script that solicits a user’s identification and password, passes the identification information on to the rest of the system for login processing, but also retains a copy of the information for later, malicious use. Logic bomb  A logic bomb is a class of malicious code that “detonates” or goes off when a specified condition occurs.  A time bomb is a logic bomb whose trigger is a time or date. Backdoor  A trapdoor or backdoor is a feature in a program by which someone can access the program other than by the obvious, direct call, perhaps with special privileges.  For instance, an automated bank teller program might allow anyone entering the number 990099 on the keypad to process the log of everyone’s transactions at that machine. Worm  A worm is a program that spreads copies of itself through a network.  The primary difference between a worm and a virus is that a worm operates through networks, and a virus can spread through any medium (but usually uses copied program or data files).  Additionally, the worm spreads copies of itself as a standalone program, whereas the virus spreads copies of itself as a program that attaches to or embeds in other programs. Rabbit  Some literature also defines a rabbit as a virus or worm that self-replicates without bound, with the intention of exhausting some computing resources.  A rabbit might create copies of itself and store them on disk, in an effort to completely fill the disk, How viruses attach Virus can attach itself to program or data by: •Appending itself, so virus code is activated when program is run. (Variation: Virus code before and after program.) •Integrating itself into program, so virus code is spread out over its target program. Integrating itself into data, e.g. as an executable text macro.  A virus will do nothing and will not spread unless it is executed. There are many ways to ensure that a virus is executed  A setup program may call dozens or even hundreds of other programs, on the distribution disk, already residing on the computer, or resident in memory  Human intervention is necessary to start the process  Email attachments  The virus code can be embedded in an executable file attachment  Objects such as graphics files can contain code to be executed by the editor, so they can be transmission agents for viruses
Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 6 Appended viruses A program virus attaches itself to a program; then, whenever the program is run, the virus is activated. This kind of attachment is usually easy to program.  Usually a virus inserts a copy of itself before the first executable instruction in a program.  This kind of attachment is Simple and usually effective  Typically the user does not notice the effects of the virus since the program does its job as usual Viruses that surround a program  An alternative to the attachment is a virus that runs the original program but has control before and after a program execution.  a virus writer might want to prevent the virus from being detected. If the virus is stored on disk, its presence will be given away by its file name, or its size will affect the amount of space used on the disk.  A virus’ presence may be given away by the file size of the program, so the virus writer may infect the file listing display program to regain control after the file listing is generated but before it is displayed Integrated viruses and replacements  When the virus replaces some of its target, integrating itself into the original code of the target.  The virus writer has to know the exact structure of the original program to know where to insert which pieces of the virus.  Could replace the entire target
Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 7 Document viruses  Most popular  Which is implemented within a formatted document, such as a written document, a database, a slide presentation, or a spreadsheet.  These documents are highly structured files that contain both data (words or numbers) and commands (such as formulas, formatting controls, links).  User sees only the contents of the document, so the virus writers includes the virus in the commands How viruses gain control  The virus (V) has to be invoked instead of the target (T).  The virus has to either seem to be the target, or has to push the target out of the way and become a substitute  A virus could replace a target by assuming its name  The virus can overwrite the target on disk  How viruses gain control  The virus can change the pointers in the file tables so that the virus is located instead of the target Desirable qualities in viruses  Hard to detect  Not easily destroyed or deactivated.  Spreads widely  Re-infect its home program or other programs  Easy to create
Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 8  Machine independent and OS independent Few viruses meet all these criteria. The virus writer chooses from these objectives when deciding what the virus will do and where it will reside. The challenge for the virus writer was to write code that would be executed repeatedly so that the virus could multiply. One execution is enough to ensure widespread distribution. Many viruses are transmitted by e-mail, using either of two routes. Homes for viruses  One time execution  Boot sector viruses  Memory-resident viruses  Other homes One-time execution  Majority of viruses today execute only once, spreading their infection and causing their effect in that one execution  A virus often arrives as an email attachment of a document virus and is executed just by opening it Boot sector viruses  A given hardware platform can run many different OS  The boot sector contains a boot loader to load the particular OS into memory and run it  To accommodate large boot loaders, chaining is used  The virus may break the chain anywhere and insert itself  Appeal: virus gains control early, when no detection tool is running, and is invisible to file listing When a computer is started, control begins with firmware that determines which hardware components are present, tests them, and transfers control to an operating system. The boot sector is an especially appealing place to house a virus. The virus gains control very early in the boot process, before most detection tools are active, so that it can avoid, or at least complicate, detection. The files in the boot area are crucial parts of the operating system. Memory resident viruses Some parts of the operating system and most user programs execute, terminate, and disappear, with their space in memory being available for anything executed later. For very frequently used parts of the operating system and for a few specialized user programs, it would take too long to reload the program each time it was needed. Such code remains in memory and is called "resident" code
Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 9  Some portions of the OS and a few specialized user programs would take too long to reload each time they are needed, so they are kept in memory and are called resident code  e.g., routines that interpret keys pressed on the keyboard, error control, alarm clock Virus writers also like to attach viruses to resident code because the resident code is activated many times while the machine is running Other homes for viruses One popular home for a virus is an application program. Many applications, such as word processors and spreadsheets, have a "macro" feature, by which a user can record a series of commands and repeat them with one invocation. Such programs also provide a "start-up macro" that is executed every time the application is executed. Libraries are also excellent places for malicious code to reside. Because libraries are used by many programs, the code in them will have a broad effect. Executing code in a library can pass on the viral infection to other transmission media. Compilers, loaders, linkers, runtime monitors, runtime debuggers, and even virus control programs are good candidates for hosting viruses because they are widely shared.  Application macros  Libraries  Compilers, linkers  Runtime monitors, runtime debuggers  Anti-virus Virus signatures  A virus cannot be completely invisible  Code must be stored somewhere and must be in memory to execute.  A virus executes in a particular way and uses a certain method to spread  Each of these characteristics yields a tell-tale (presence of something) pattern called a signature. A virus scanner that can automatically detect and, in some cases, remove viruses. The scanner searches memory and long-term storage, monitoring execution and watching for the signatures of viruses .When the scanner recognizes a known virus's pattern, it can then block the virus, inform the user, and deactivate or remove the virus. A virus scanner is effective only if it has been kept up-to-date Virus effects and causes Virus Effect How It Is Caused Attach to executable program  Modify file directory  Write to executable program file Attach to data or control file  Modify directory  Rewrite data  Append to data  Append data to self Remain in memory handler address  Intercept interrupt by modifying interrupt
Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 10 table  Load self in no transient memory area Infect disks  Intercept interrupt  Intercept operating system call (to format disk, for example)  Modify system file  Modify ordinary executable program Conceal self-falsify result  Intercept system calls that would reveal self and  Classify self as "hidden" file Spread infection  Infect boot sector  Infect systems program  Infect ordinary program  Infect data ordinary program reads to control its execution Prevent deactivation de-activation  Activate before deactivating program and block  Store copy to rein fact after deactivation Execution patterns  A virus writer may want a virus to do several things at the same time  Spread infection  Avoid detection  Cause harm Most virus writers seek to avoid detection for themselves and their creations. Because a disk's boot sector is not visible to normal operations (for example, the contents of the boot sector do not show on a directory listing) One virus can erase files, another an entire disk; one virus can prevent a computer from booting, and another can prevent writing to disk. The damage is bounded only by the creativity of the virus's author Transmission patterns A virus is effective only if it has some means of transmission from one location to another.  Viruses can travel  During the boot process  Over a network connection  Host’s execution  Remain in memory to infect other diskettes Since a virus can execute any instructions a program can, virus travel is not confined to any single medium or execution pattern. Polymorphic viruses The virus signature may be the most reliable way for a virus scanner to identify a virus A clever virus writer can cause something other than specific strings to be in portions where a virus scanner would look for those strings.
Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 11 A virus that can change its appearance is called a polymorphic virus (Poly means "many" and morph means "form".)  Two-form virus can be treated as two independent viruses, so the virus writer will want a large or unlimited number of forms  A polymorphic virus has to randomly reposition all parts of itself and randomly change all fixed data  A virus may randomly intersperse harmless instructions throughout its code A simple variety of polymorphic virus uses encryption under various keys to make the stored form of the virus different. These are sometimes called encrypting viruses. Prevention of virus infection The only way to prevent the infection of a virus is not to share executable code with an infected source. This was easy to do because it was easy to tell if a file was executable or not. Today’s files are more complex, and a seemingly no executable file can contain executable.  Programs are usually configured to activate this code automatically, such as open attachments.  The file type is hidden in a field at the start of a file, so Windows would try to open an executable file with a non-executable extension, with the appropriate program, failing which the executable code will be run  Since you cannot know which sources are infected, assume that every outside source is infected Prevention  Use only software acquired from reliable and well-established vendors  Test all software on an isolated computer Test the computer with a copy of an up-to-date virus scanner, created before running the suspect program. Only if the program passes these tests should it be installed on a less isolated machine.  Open attachments only when you know them to be safe an attachment from an unknown source is of questionable safety. You might also distrust an attachment from a known source but with a peculiar message.  Make a recoverable system image and store it safely if your system does become infected, this clean version will let you reboot securely because it overwrites the corrupted system files with clean copies.  Make and retain backup copies of executable system files. This way, in the event of a virus infection, you can remove infected files and reinstall from the clean backup copies (stored in a secure, offline location, of course).  Use virus detectors (often called virus scanners) regularly and update them daily Many of the virus detectors available can both detect and eliminate infection from viruses Trapdoors  A trapdoor is an undocumented entry point to a module  The trapdoor Inserted during code development, perhaps to test the module, or to provide hooks by which to connect future modifications, or enhancements, or to allow access if the module should fail in the future  In addition to these legitimate uses, trapdoors can allow a programmer access to a program once it is placed in production.
Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 12 Trapdoors-Examples Computing systems are complex structures, programmers usually develop and test systems in a modular manner, taking advantage of the way the system is composed of modules or components. Each small component of the system is tested first, separate from the other components, in a step called unit testing, to ensure that the component works correctly by itself. Components are tested together during integration testing, to see how they function as they send messages and data from one to the other.  Rather than paste all modules together in a big bang approach, the modules are grouped into several logical clusters of a few components each  Each cluster is tested in a way that allows testers to control and understand what might make a component or its interface fail.  During component testing, the tester cannot use the surrounding routines that prepare input or work with output, so they write “stubs” and “drivers” to inject data in and extract results.  These stubs and drivers are later discarded because they are replaced by the actual components.  The programmers embed debugging code into suspicious components.  To control stubs or invoke debugging code, the programmer embeds special control sequences in the component's design, specifically to support testing.  Command insertion is a recognized testing practice, if left in place after testing, the extra commands can become a problem.  The Internet Worm spread itself due to exactly this kind of a trapdoor in an email program  Poor error checking is another source of trapdoors  Trapdoors can be useful for system auditing or testing, but they must be documented and access must be protected Trapdoors-causes  Trapdoors can persist(continue firmly) in programs because the developer:  forgot to remove them  Intentionally left it there for testing  Intentionally left it for maintenance  intentionally leave them in the program as a covert means of access to the component after it becomes an accepted part of a production system The first case is an unintentional security blunder, the next two are serious exposures of the system's security, and the fourth is the first step of an outright attack. It is important to remember that the fault is not with the trapdoor itself, which can be a very useful technique for program testing, correction, and maintenance. Rather, the fault is with the system development process, which does not ensure that the trapdoor is "closed" when it is no longer needed. That is, the trapdoor becomes a vulnerability if no one notices it or acts to prevent or control its use in vulnerable situations. Covert channels  Programs that communicate information to people who shouldn’t receive it  The communication accompanies other perfectly proper communications e.g., a student may communicate correct answer choices by coughing once for ‘a’, clearing her throat for ‘b’ and so on  A programmer for a bank has no need to access the names or balances in depositors' accounts.
Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 13  One way for the programmer to have a covert channel is to write to a file, print it out  A programmer should not have access to data once the program is in operation. How to create covert channels A programmer can always find ways to communicate data values covertly. Running a program that produces a specific output report or displays a value may be too obvious. For example, in some installations, a printed report might occasionally be scanned by security staff before it is delivered to its intended recipient. The programmer can encode the data values in another innocuous report by varying the format of the output, changing the lengths of lines, or printing or not printing certain values. For example, changing the word "TOTAL" to "TOTALS" in a heading would not be noticed, but this creates a 1-bit covert channel. The absence or presence of the S conveys one bit of information. Numeric values can be inserted in insignificant positions of output fields, and the number of lines per page can be changed.  A printed report would be too obvious  Encode data values into a different report format Storage channels: pass information by using the presence or absence of objects in storage e.g., lock or not lock a file to signal one bit of information. A simple example of a covert channel is the file lock channel. In multiuser systems, files can be "locked" to prevent two people from writing to the same file at the same time (which could corrupt the file, if one person writes over some of what the other wrote). The operating system or database management system allows only one program to write to a file at a time, by blocking, delaying, or rejecting write requests from other programs. A covert channel can signal one bit of information by whether or not a file is locked Timing channels: pass information by the speed at which things happen e.g., using or not using an assigned amount of computing time (quantum). In the simple case, a multi programmed system with two user processes divides time into blocks and allocates blocks of processing alternately to one process and the other. A process is offered processing time, but if the process is waiting for another event to occur and has no processing to do, it rejects the offer. How to prevent these flaws  Good software engineering practices  Operating system controls  Administrative controls  Program controls in general

Empfohlen

Ns
NsNs
NsDeepenti123
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5AfiqEfendy Zaen
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Web Security
Web SecurityWeb Security
Web SecurityBharath Manoharan
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating systemG Prachi
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 

Empfohlen

Ns
NsNs
NsDeepenti123
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5AfiqEfendy Zaen
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Web Security
Web SecurityWeb Security
Web SecurityBharath Manoharan
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Protection in general purpose operating system
Protection in general purpose operating systemProtection in general purpose operating system
Protection in general purpose operating systemG Prachi
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
Program Threats
Program ThreatsProgram Threats
Program Threatsguestab0ee0
 
protection in general-purpose_OS.ppt
protection in general-purpose_OS.pptprotection in general-purpose_OS.ppt
protection in general-purpose_OS.pptMariam749277
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
System security
System securitySystem security
System securitysommerville-videos
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIADheeraj Kataria
 
System security
System securitySystem security
System securityinvertis university
 
Risks threats and vulnerabilities
Risks threats and vulnerabilitiesRisks threats and vulnerabilities
Risks threats and vulnerabilitiesManish Chaurasia
 
Administering security
Administering securityAdministering security
Administering securityG Prachi
 
Lecture 3
Lecture 3Lecture 3
Lecture 3Education
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks Anuradha Moti T
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
Rootkits
RootkitsRootkits
RootkitsTharinduUdaraRanasin
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerabilityA. Shamel
 
Module 20 (buffer overflows)
Module 20 (buffer overflows)Module 20 (buffer overflows)
Module 20 (buffer overflows)Wail Hassan
 
Program security
Program securityProgram security
Program securityG Prachi
 

Weitere ähnliche Inhalte

Was ist angesagt?

Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
protection in general-purpose_OS.ppt
protection in general-purpose_OS.pptprotection in general-purpose_OS.ppt
protection in general-purpose_OS.pptMariam749277
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIADheeraj Kataria
 
Risks threats and vulnerabilities
Risks threats and vulnerabilitiesRisks threats and vulnerabilities
Risks threats and vulnerabilitiesManish Chaurasia
 
Administering security
Administering securityAdministering security
Administering securityG Prachi
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating systemAbou Bakr Ashraf
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerabilityA. Shamel
 

Was ist angesagt? (20)

Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
Program Threats
Program ThreatsProgram Threats
Program Threats
 
protection in general-purpose_OS.ppt
protection in general-purpose_OS.pptprotection in general-purpose_OS.ppt
protection in general-purpose_OS.ppt
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
System security
System securitySystem security
System security
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
 
System security
System securitySystem security
System security
 
Risks threats and vulnerabilities
Risks threats and vulnerabilitiesRisks threats and vulnerabilities
Risks threats and vulnerabilities
 
Administering security
Administering securityAdministering security
Administering security
 
Lecture 3
Lecture 3Lecture 3
Lecture 3
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
 
Security & protection in operating system
Security & protection in operating systemSecurity & protection in operating system
Security & protection in operating system
 
Denial of service
Denial of serviceDenial of service
Denial of service
 
Rootkits
RootkitsRootkits
Rootkits
 
User authentication
User authenticationUser authentication
User authentication
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
 

Ähnlich wie Program security chapter 3

Module 20 (buffer overflows)
Module 20 (buffer overflows)Module 20 (buffer overflows)
Module 20 (buffer overflows)Wail Hassan
 
Program security
Program securityProgram security
Program securityG Prachi
 
Computer security system Unit1.pptx
Computer security system Unit1.pptxComputer security system Unit1.pptx
Computer security system Unit1.pptxVIRAJDEY1
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Komal Mehfooz
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec TrainingMike Spaulding
 
Ids 008 buffer overflow
Ids 008 buffer overflowIds 008 buffer overflow
Ids 008 buffer overflowjyoti_lakhani
 
presentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptxpresentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptxAadityaRauniyar1
 
The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking - Mark - Fullbright
 
Software security
Software securitySoftware security
Software securityjes_d
 
1.8 Exercises1. Distinguish between vulnerability, threat, and con.docx
1.8 Exercises1. Distinguish between vulnerability, threat, and con.docx1.8 Exercises1. Distinguish between vulnerability, threat, and con.docx
1.8 Exercises1. Distinguish between vulnerability, threat, and con.docxhacksoni
 
Processing tech malicioussoftware_ecommerce
Processing tech malicioussoftware_ecommerceProcessing tech malicioussoftware_ecommerce
Processing tech malicioussoftware_ecommerceChittagong University
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptschwarz10
 
What is Remote Buffer Overflow Attack.pdf
What is Remote Buffer Overflow Attack.pdfWhat is Remote Buffer Overflow Attack.pdf
What is Remote Buffer Overflow Attack.pdfuzair
 
Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2Education
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with phpMohmad Feroz
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxAjayKumar73315
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxdawitTerefe5
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilitiesricharddxd
 

Ähnlich wie Program security chapter 3 (20)

Module 20 (buffer overflows)
Module 20 (buffer overflows)Module 20 (buffer overflows)
Module 20 (buffer overflows)
 
Program security
Program securityProgram security
Program security
 
Computer security system Unit1.pptx
Computer security system Unit1.pptxComputer security system Unit1.pptx
Computer security system Unit1.pptx
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-security
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz)
 
Bank One App Sec Training
Bank One App Sec TrainingBank One App Sec Training
Bank One App Sec Training
 
Ids 008 buffer overflow
Ids 008 buffer overflowIds 008 buffer overflow
Ids 008 buffer overflow
 
presentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptxpresentation_security_1510578971_320573.pptx
presentation_security_1510578971_320573.pptx
 
The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking
 
Software security
Software securitySoftware security
Software security
 
1.8 Exercises1. Distinguish between vulnerability, threat, and con.docx
1.8 Exercises1. Distinguish between vulnerability, threat, and con.docx1.8 Exercises1. Distinguish between vulnerability, threat, and con.docx
1.8 Exercises1. Distinguish between vulnerability, threat, and con.docx
 
Processing tech malicioussoftware_ecommerce
Processing tech malicioussoftware_ecommerceProcessing tech malicioussoftware_ecommerce
Processing tech malicioussoftware_ecommerce
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
 
What is Remote Buffer Overflow Attack.pdf
What is Remote Buffer Overflow Attack.pdfWhat is Remote Buffer Overflow Attack.pdf
What is Remote Buffer Overflow Attack.pdf
 
Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptx
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptx
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilities
 

Mehr von Education

A friendly introduction to differential equations
A friendly introduction to differential equationsA friendly introduction to differential equations
A friendly introduction to differential equationsEducation
 
High-order Assembly Language/Shuttle (HAL/S)
High-order Assembly Language/Shuttle (HAL/S)High-order Assembly Language/Shuttle (HAL/S)
High-order Assembly Language/Shuttle (HAL/S)Education
 
assembly language programming and organization of IBM PC" by YTHA YU
assembly language programming and organization of IBM PC" by YTHA YUassembly language programming and organization of IBM PC" by YTHA YU
assembly language programming and organization of IBM PC" by YTHA YUEducation
 
Data warehousing labs maunal
Data warehousing labs maunalData warehousing labs maunal
Data warehousing labs maunalEducation
 

Mehr von Education (10)

A friendly introduction to differential equations
A friendly introduction to differential equationsA friendly introduction to differential equations
A friendly introduction to differential equations
 
High-order Assembly Language/Shuttle (HAL/S)
High-order Assembly Language/Shuttle (HAL/S)High-order Assembly Language/Shuttle (HAL/S)
High-order Assembly Language/Shuttle (HAL/S)
 
assembly language programming and organization of IBM PC" by YTHA YU
assembly language programming and organization of IBM PC" by YTHA YUassembly language programming and organization of IBM PC" by YTHA YU
assembly language programming and organization of IBM PC" by YTHA YU
 
Lecture 7
Lecture 7Lecture 7
Lecture 7
 
Lecture 6
Lecture 6Lecture 6
Lecture 6
 
Lecture 5
Lecture 5Lecture 5
Lecture 5
 
Lecture 4
Lecture 4Lecture 4
Lecture 4
 
Lecture 2
Lecture 2Lecture 2
Lecture 2
 
Lecture 1
Lecture 1Lecture 1
Lecture 1
 
Data warehousing labs maunal
Data warehousing labs maunalData warehousing labs maunal
Data warehousing labs maunal
 

Kürzlich hochgeladen

CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Christo Ananth
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 

Kürzlich hochgeladen (20)

CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 

Program security chapter 3

  • 1. Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 1 Program security Two types of program flaws  Non-malicious program flaws  Malicious program flaws Non malicious program errors Being human, programmers and other developers make many mistakes, most of which are unintentional and non-malicious. Many such errors cause program malfunctions but do not lead to more serious security vulnerabilities.  Buffer overflows  Incomplete mediation  Time-of-check to time-of-use errors Buffer overflow A buffer overflow is the computing equivalent of trying to pour two liters of water into a one- liter pitcher: Some water is going to spill out and make a mess. And in computing, what a mess these errors have made. A buffer (or array or string) is a space in which data can be held. A buffer resides in memory. Because memory is finite, a buffer's capacity is finite. For this reason, in many programming languages the programmer must declare the buffer's maximum size so that the compiler can set aside that amount of space.  The computer equivalent of trying to pour two litre of water into a one-litre pitcher  A buffer is a space in which data can be held  Since memory is finite, so is the buffer  The programmer must declare the buffer size  char sample[10] sets a side ten bytes of memory The compiler sets aside 10 bytes to store this buffer, one byte for each of the ten elements of the array, sample[0] through sample[9]. Now we execute the statement  sample[10]=‘A’;  sample[i]=‘A’;  All program and data are in memory during execution, sharing the space with the OS, other code and resident routines  If the extra character overwrites user’s data, it may affect the program’s results but not other programs  If it overflows into the user’s program area, and overwrites an instruction to be executed the machine will try to execute 0x41 Security implications If the buffer overflows into system code space, the attacker merely inserts overflow data that correspond to the machine code for instructions. The attacker may make use of the stack pointer or the return register. Sub procedures calls are handled with a stack, a data structure in which the most recent item inserted is the next one removed (last arrived, first served).An alternative style of buffer overflow
  • 2. Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 2 occurs when parameter values are passed into a routine, especially when the parameters are passed to a web server on the Inter-net.  The attacker may replace code in system space by other instructions which will cause control to be transferred to the attacker with OS privileges  The attacker could replace the return address  Identify what you are trying to protect.  Determine what you are trying to protect them from.  Determine how likely the threats are.  Implement steps that protect your assets in a cost effective manner  Review the process continuously making improvements when you find a weakness Incomplete mediation Incomplete mediation is another security problem that has been with us for decades. Attackers are exploiting it to cause security problems. Failure to perform “sanity checks” on data can lead to random or carefully planned flaws.  http://www.somesite.com/subpage/userinput&param1=(808)555- 1212&param2=2002Jan01  What if param2 were 1800Jan01? Or 1800Feb30? Or 2048Min32? Or 1Aardvark2Many?  A routine could fail on a data type error  Receiving program generates wrong result  The receiving program might have a default condition The two parameters look like a telephone number and a date. Probably the client's (user's) web browser enters those two values in their specified format for easy processing on the server's side. What would happen if parm2 were submitted as 1800Jan01? Or 1800Feb30? Or 2048Min32? Or 1Aardvark2Many? Something would likely fail. As with buffer overflows, one possibility is that the system would fail catastrophically, with a routine's failing on a data type error as it tried to handle a month named "Min" or even a year (like 1800) which was out of range. Another possibility is that the receiving program would continue to execute but would generate a very wrong result. (For example, imagine the amount of interest due today on a billing error with a start date of 1 Jan 1800.) Then again, the processing server might have a default condition, deciding to treat 1Aardvark2Many as 3 July 1947. The possibilities are endless. Time-to-check to time-of-use errors  Its Involves in synchronization.  Modern OSs and processors usually change the order of instruction execution to increase performance.  Instructions that appear to be adjacent may not be executed immediately after each other, because of intentionally changed order or the effects of other processes in concurrent execution.
  • 3. Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 3  we want to make sure that only those who should access an object are allowed that access Every requested access must be governed by an access policy stating who is allowed access to what, then the request must be mediated by an access policy enforcement agent  An incomplete mediation problem occurs if the access is not checked universally. It is also known as a serialization or synchronization flaw.  A person draws five $20 bills from his pocket, carefully counts them and places them in front of the seller. When the seller turns around to make his bill, he takes back one $20 bill, hands over the stack of bills, takes his buy and leaves  An application request access to a file and passes a data structure. The mediator stores the filename locally and checks for access rights. While the mediator checks for access, the user may modify the locally stored file name and gain access to a different file The problem is called a time-of-check to time-of-use flaw because it exploits the delay between the two times. That is, between the time the access was checked and the time the result of the check was used, a change occurred, invalidating the result of the check. Security implication Checking one action and performing another is an example of ineffective access control. We must be wary whenever there is a time lag, making sure that there is no way to corrupt the check's results during that interval.  Solutions:  Digital signatures and certificates. Time-of-check is when someone signs and time-of-use is when anyone verifies the signature. If the private key is exposed, the key must be revoked Failures due to non-malicious flaws  ARPANET had hard coded 347 as the size of the node table  When a host’s node table reached 348, it crashed Viruses and other malicious code Malicious code can be a program or part of a program; a program part can even attach itself to another (good) program so that malicious effect occurs whenever the good program runs.occurs whenever the good program runs.  Much of the work done by programs is invisible to users. How can you tell if a game program does nothing in addition to its expected interaction with you?  Malicious people can make programs serve as vehicles to access and change data and other programs  Unanticipated or undesired effects in program parts Example of Malicious code-possibilities  Write a message to the screen  Stopping a running program  Generating a sound  Erasing a stored file Kinds of malicious code  Virus
  • 4. Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 4  Trojan horse  Logic bomb  Backdoor  Worm  Rabbit Code Type Characteristics Virus Attaches itself to program and propagates copies of itself to other programs Trojan horse Contains unexpected, additional functionality Logic bomb Triggers action when condition occurs Time bomb Triggers action when specified time occurs Trapdoor Allows unauthorized access to functionality Worm Propagates copies of itself through a network Rabbit Replicates itself without limit to exhaust resource Virus  A program that can pass on malicious code to other non-malicious programs by modifying them  Virus can be transient or resident  Transient virus’s life depends on the life of its host: the virus runs when the host does  A resident virus locates itself in memory A program that pass on malicious code to other non malicious (program) by modifying them. Infects a program by attaching the program . A good program, once infected becomes a carrier and infects other program.
  • 5. Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 5 Trojan horse Trojans are malicious programs that perform actions that have not been authorized by the user. These actions can include: Deleting data, blocking data, Modifying data, and Copying data, disrupting the performance of computers or computer networks.  A Trojan horse is malicious code that, in addition to its primary effect, has a second, nonobvious malicious effect.  As an example of a computer Trojan horse, consider a login script that solicits a user’s identification and password, passes the identification information on to the rest of the system for login processing, but also retains a copy of the information for later, malicious use. Logic bomb  A logic bomb is a class of malicious code that “detonates” or goes off when a specified condition occurs.  A time bomb is a logic bomb whose trigger is a time or date. Backdoor  A trapdoor or backdoor is a feature in a program by which someone can access the program other than by the obvious, direct call, perhaps with special privileges.  For instance, an automated bank teller program might allow anyone entering the number 990099 on the keypad to process the log of everyone’s transactions at that machine. Worm  A worm is a program that spreads copies of itself through a network.  The primary difference between a worm and a virus is that a worm operates through networks, and a virus can spread through any medium (but usually uses copied program or data files).  Additionally, the worm spreads copies of itself as a standalone program, whereas the virus spreads copies of itself as a program that attaches to or embeds in other programs. Rabbit  Some literature also defines a rabbit as a virus or worm that self-replicates without bound, with the intention of exhausting some computing resources.  A rabbit might create copies of itself and store them on disk, in an effort to completely fill the disk, How viruses attach Virus can attach itself to program or data by: •Appending itself, so virus code is activated when program is run. (Variation: Virus code before and after program.) •Integrating itself into program, so virus code is spread out over its target program. Integrating itself into data, e.g. as an executable text macro.  A virus will do nothing and will not spread unless it is executed. There are many ways to ensure that a virus is executed  A setup program may call dozens or even hundreds of other programs, on the distribution disk, already residing on the computer, or resident in memory  Human intervention is necessary to start the process  Email attachments  The virus code can be embedded in an executable file attachment  Objects such as graphics files can contain code to be executed by the editor, so they can be transmission agents for viruses
  • 6. Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 6 Appended viruses A program virus attaches itself to a program; then, whenever the program is run, the virus is activated. This kind of attachment is usually easy to program.  Usually a virus inserts a copy of itself before the first executable instruction in a program.  This kind of attachment is Simple and usually effective  Typically the user does not notice the effects of the virus since the program does its job as usual Viruses that surround a program  An alternative to the attachment is a virus that runs the original program but has control before and after a program execution.  a virus writer might want to prevent the virus from being detected. If the virus is stored on disk, its presence will be given away by its file name, or its size will affect the amount of space used on the disk.  A virus’ presence may be given away by the file size of the program, so the virus writer may infect the file listing display program to regain control after the file listing is generated but before it is displayed Integrated viruses and replacements  When the virus replaces some of its target, integrating itself into the original code of the target.  The virus writer has to know the exact structure of the original program to know where to insert which pieces of the virus.  Could replace the entire target
  • 7. Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 7 Document viruses  Most popular  Which is implemented within a formatted document, such as a written document, a database, a slide presentation, or a spreadsheet.  These documents are highly structured files that contain both data (words or numbers) and commands (such as formulas, formatting controls, links).  User sees only the contents of the document, so the virus writers includes the virus in the commands How viruses gain control  The virus (V) has to be invoked instead of the target (T).  The virus has to either seem to be the target, or has to push the target out of the way and become a substitute  A virus could replace a target by assuming its name  The virus can overwrite the target on disk  How viruses gain control  The virus can change the pointers in the file tables so that the virus is located instead of the target Desirable qualities in viruses  Hard to detect  Not easily destroyed or deactivated.  Spreads widely  Re-infect its home program or other programs  Easy to create
  • 8. Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 8  Machine independent and OS independent Few viruses meet all these criteria. The virus writer chooses from these objectives when deciding what the virus will do and where it will reside. The challenge for the virus writer was to write code that would be executed repeatedly so that the virus could multiply. One execution is enough to ensure widespread distribution. Many viruses are transmitted by e-mail, using either of two routes. Homes for viruses  One time execution  Boot sector viruses  Memory-resident viruses  Other homes One-time execution  Majority of viruses today execute only once, spreading their infection and causing their effect in that one execution  A virus often arrives as an email attachment of a document virus and is executed just by opening it Boot sector viruses  A given hardware platform can run many different OS  The boot sector contains a boot loader to load the particular OS into memory and run it  To accommodate large boot loaders, chaining is used  The virus may break the chain anywhere and insert itself  Appeal: virus gains control early, when no detection tool is running, and is invisible to file listing When a computer is started, control begins with firmware that determines which hardware components are present, tests them, and transfers control to an operating system. The boot sector is an especially appealing place to house a virus. The virus gains control very early in the boot process, before most detection tools are active, so that it can avoid, or at least complicate, detection. The files in the boot area are crucial parts of the operating system. Memory resident viruses Some parts of the operating system and most user programs execute, terminate, and disappear, with their space in memory being available for anything executed later. For very frequently used parts of the operating system and for a few specialized user programs, it would take too long to reload the program each time it was needed. Such code remains in memory and is called "resident" code
  • 9. Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 9  Some portions of the OS and a few specialized user programs would take too long to reload each time they are needed, so they are kept in memory and are called resident code  e.g., routines that interpret keys pressed on the keyboard, error control, alarm clock Virus writers also like to attach viruses to resident code because the resident code is activated many times while the machine is running Other homes for viruses One popular home for a virus is an application program. Many applications, such as word processors and spreadsheets, have a "macro" feature, by which a user can record a series of commands and repeat them with one invocation. Such programs also provide a "start-up macro" that is executed every time the application is executed. Libraries are also excellent places for malicious code to reside. Because libraries are used by many programs, the code in them will have a broad effect. Executing code in a library can pass on the viral infection to other transmission media. Compilers, loaders, linkers, runtime monitors, runtime debuggers, and even virus control programs are good candidates for hosting viruses because they are widely shared.  Application macros  Libraries  Compilers, linkers  Runtime monitors, runtime debuggers  Anti-virus Virus signatures  A virus cannot be completely invisible  Code must be stored somewhere and must be in memory to execute.  A virus executes in a particular way and uses a certain method to spread  Each of these characteristics yields a tell-tale (presence of something) pattern called a signature. A virus scanner that can automatically detect and, in some cases, remove viruses. The scanner searches memory and long-term storage, monitoring execution and watching for the signatures of viruses .When the scanner recognizes a known virus's pattern, it can then block the virus, inform the user, and deactivate or remove the virus. A virus scanner is effective only if it has been kept up-to-date Virus effects and causes Virus Effect How It Is Caused Attach to executable program  Modify file directory  Write to executable program file Attach to data or control file  Modify directory  Rewrite data  Append to data  Append data to self Remain in memory handler address  Intercept interrupt by modifying interrupt
  • 10. Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 10 table  Load self in no transient memory area Infect disks  Intercept interrupt  Intercept operating system call (to format disk, for example)  Modify system file  Modify ordinary executable program Conceal self-falsify result  Intercept system calls that would reveal self and  Classify self as "hidden" file Spread infection  Infect boot sector  Infect systems program  Infect ordinary program  Infect data ordinary program reads to control its execution Prevent deactivation de-activation  Activate before deactivating program and block  Store copy to rein fact after deactivation Execution patterns  A virus writer may want a virus to do several things at the same time  Spread infection  Avoid detection  Cause harm Most virus writers seek to avoid detection for themselves and their creations. Because a disk's boot sector is not visible to normal operations (for example, the contents of the boot sector do not show on a directory listing) One virus can erase files, another an entire disk; one virus can prevent a computer from booting, and another can prevent writing to disk. The damage is bounded only by the creativity of the virus's author Transmission patterns A virus is effective only if it has some means of transmission from one location to another.  Viruses can travel  During the boot process  Over a network connection  Host’s execution  Remain in memory to infect other diskettes Since a virus can execute any instructions a program can, virus travel is not confined to any single medium or execution pattern. Polymorphic viruses The virus signature may be the most reliable way for a virus scanner to identify a virus A clever virus writer can cause something other than specific strings to be in portions where a virus scanner would look for those strings.
  • 11. Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 11 A virus that can change its appearance is called a polymorphic virus (Poly means "many" and morph means "form".)  Two-form virus can be treated as two independent viruses, so the virus writer will want a large or unlimited number of forms  A polymorphic virus has to randomly reposition all parts of itself and randomly change all fixed data  A virus may randomly intersperse harmless instructions throughout its code A simple variety of polymorphic virus uses encryption under various keys to make the stored form of the virus different. These are sometimes called encrypting viruses. Prevention of virus infection The only way to prevent the infection of a virus is not to share executable code with an infected source. This was easy to do because it was easy to tell if a file was executable or not. Today’s files are more complex, and a seemingly no executable file can contain executable.  Programs are usually configured to activate this code automatically, such as open attachments.  The file type is hidden in a field at the start of a file, so Windows would try to open an executable file with a non-executable extension, with the appropriate program, failing which the executable code will be run  Since you cannot know which sources are infected, assume that every outside source is infected Prevention  Use only software acquired from reliable and well-established vendors  Test all software on an isolated computer Test the computer with a copy of an up-to-date virus scanner, created before running the suspect program. Only if the program passes these tests should it be installed on a less isolated machine.  Open attachments only when you know them to be safe an attachment from an unknown source is of questionable safety. You might also distrust an attachment from a known source but with a peculiar message.  Make a recoverable system image and store it safely if your system does become infected, this clean version will let you reboot securely because it overwrites the corrupted system files with clean copies.  Make and retain backup copies of executable system files. This way, in the event of a virus infection, you can remove infected files and reinstall from the clean backup copies (stored in a secure, offline location, of course).  Use virus detectors (often called virus scanners) regularly and update them daily Many of the virus detectors available can both detect and eliminate infection from viruses Trapdoors  A trapdoor is an undocumented entry point to a module  The trapdoor Inserted during code development, perhaps to test the module, or to provide hooks by which to connect future modifications, or enhancements, or to allow access if the module should fail in the future  In addition to these legitimate uses, trapdoors can allow a programmer access to a program once it is placed in production.
  • 12. Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 12 Trapdoors-Examples Computing systems are complex structures, programmers usually develop and test systems in a modular manner, taking advantage of the way the system is composed of modules or components. Each small component of the system is tested first, separate from the other components, in a step called unit testing, to ensure that the component works correctly by itself. Components are tested together during integration testing, to see how they function as they send messages and data from one to the other.  Rather than paste all modules together in a big bang approach, the modules are grouped into several logical clusters of a few components each  Each cluster is tested in a way that allows testers to control and understand what might make a component or its interface fail.  During component testing, the tester cannot use the surrounding routines that prepare input or work with output, so they write “stubs” and “drivers” to inject data in and extract results.  These stubs and drivers are later discarded because they are replaced by the actual components.  The programmers embed debugging code into suspicious components.  To control stubs or invoke debugging code, the programmer embeds special control sequences in the component's design, specifically to support testing.  Command insertion is a recognized testing practice, if left in place after testing, the extra commands can become a problem.  The Internet Worm spread itself due to exactly this kind of a trapdoor in an email program  Poor error checking is another source of trapdoors  Trapdoors can be useful for system auditing or testing, but they must be documented and access must be protected Trapdoors-causes  Trapdoors can persist(continue firmly) in programs because the developer:  forgot to remove them  Intentionally left it there for testing  Intentionally left it for maintenance  intentionally leave them in the program as a covert means of access to the component after it becomes an accepted part of a production system The first case is an unintentional security blunder, the next two are serious exposures of the system's security, and the fourth is the first step of an outright attack. It is important to remember that the fault is not with the trapdoor itself, which can be a very useful technique for program testing, correction, and maintenance. Rather, the fault is with the system development process, which does not ensure that the trapdoor is "closed" when it is no longer needed. That is, the trapdoor becomes a vulnerability if no one notices it or acts to prevent or control its use in vulnerable situations. Covert channels  Programs that communicate information to people who shouldn’t receive it  The communication accompanies other perfectly proper communications e.g., a student may communicate correct answer choices by coughing once for ‘a’, clearing her throat for ‘b’ and so on  A programmer for a bank has no need to access the names or balances in depositors' accounts.
  • 13. Chapter No 3 Computer Network Security Written by Engr. Muhammad Waseem 13  One way for the programmer to have a covert channel is to write to a file, print it out  A programmer should not have access to data once the program is in operation. How to create covert channels A programmer can always find ways to communicate data values covertly. Running a program that produces a specific output report or displays a value may be too obvious. For example, in some installations, a printed report might occasionally be scanned by security staff before it is delivered to its intended recipient. The programmer can encode the data values in another innocuous report by varying the format of the output, changing the lengths of lines, or printing or not printing certain values. For example, changing the word "TOTAL" to "TOTALS" in a heading would not be noticed, but this creates a 1-bit covert channel. The absence or presence of the S conveys one bit of information. Numeric values can be inserted in insignificant positions of output fields, and the number of lines per page can be changed.  A printed report would be too obvious  Encode data values into a different report format Storage channels: pass information by using the presence or absence of objects in storage e.g., lock or not lock a file to signal one bit of information. A simple example of a covert channel is the file lock channel. In multiuser systems, files can be "locked" to prevent two people from writing to the same file at the same time (which could corrupt the file, if one person writes over some of what the other wrote). The operating system or database management system allows only one program to write to a file at a time, by blocking, delaying, or rejecting write requests from other programs. A covert channel can signal one bit of information by whether or not a file is locked Timing channels: pass information by the speed at which things happen e.g., using or not using an assigned amount of computing time (quantum). In the simple case, a multi programmed system with two user processes divides time into blocks and allocates blocks of processing alternately to one process and the other. A process is offered processing time, but if the process is waiting for another event to occur and has no processing to do, it rejects the offer. How to prevent these flaws  Good software engineering practices  Operating system controls  Administrative controls  Program controls in general