Lecture 3 – Program Security & Lab 3 - Modern Cryptography (Review Questions)

Secure Programs

Security implies some degree of trust that the program enforces expected confidentiality, integrity and availability but from the point of view of a program or programmer, the meaning of secure software component or program fragment is different. The answer about the secure program is also different from different people. This difference occurs because the importance of the characteristics depends on who is analyzing the software. For example, one person may decide that code is because it takes too long to break through its security controls.
One approach to judging quality in security has been fixing faults. The developer will track the fault based on software requirements, software design and code inspection. However, the patch efforts were largely useless which is making the system less secure rather than more secure because they frequently introduced new faults.

Types of Flaws

• validation error
• domain error
• serialization and aliasing
• inadequate identification and authentication
• boundary condition violation
• other exploitable logic errors

Attack associated to programs error

• Cross site scripting
• Injection flaws
• Malicious file execution
• Insecure direct object reference
• Cross site request forgery
• Information leakage and improper error handling
• Broken authentication and session management
• Insecure crypto storage
• Insecure comms
• Failure to restrict URL access

Malicious Code

unanticipated or undesired effects in programs generated on the intent of damage
damage could be in form of :
modification/destruction
stolen data
unauthorized access
damage on system
or other forms not intended by users

Viruses and ”Malicious Programs”

Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing number of computers. They originally spread by people sharing floppy disks. Now they spread primarily over the Internet (a “Worm”).

Other “Malicious Programs” may be installed by hand on a single machine. They may also be built into widely distributed commercial software packages. These are very hard to detect before the payload activates (Trojan Horses, Trap Doors, and Logic Bombs).

Taxanomy of Malicious Programs




Examples of malicious codes:
Worm - a program which replicates itself and causes execution of the new copy.
Bacteria - replicates until it fills all disk space, or CPU cycles
Logic bomb - malicious code that activates on an event (e.g., date).
Trap Door (or Back Door) - undocumented entry point written into code for debugging that can allow unwanted users.




Viruses

Personal computer viruses exploit the lack of effective access controls in these systems
modify files and OS itself
Characteristics of a virus:
replication
requires a host program as a carrier
activated by external action
replication limited to (virtual) system
Viruses are currently designed to attack single platforms.
A virus can be referred to for example, as an IBM-PC virus (referring to the hardware) or a DOS virus (referring to the hardware)
The unexpected and uncontrollable replication of viruses makes them so dangerous.

How Viruses Attach

Append viruses - execute first then transfers control to original program.
Surround virus -has control before and after regular program.
Integrated viruses - replace some of the target program or all of the target and give the effect that the target program worked.


Virus Appended to a Program




Example of cod red worm sign

GET/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0

Virus Phases

Dormant phase - the virus is idle
Propagation phase - the virus places an identical copy of itself into other programs
Triggering phase – the virus is activated to perform the function for which it was intended
Execution phase – the function is performed

Preventing Virus Infection

Protection against viruses
detection tools
example : scanners, vulnerability monitors, modification detection programs
identification tools
example : scanners
removal tools
example : disinfectors
Scanners and disinfectors are the most popular classes of anti-virus software.
Personal and administrative practices and institutional policies with regard to shared or external software usage should form the first line of defense.

Worms

Characteristics of a worm:
self-contained, do not require a host
replication
activated by creating process
for network worms, replication occurs across communication links
Worms exploit flaws in the operating system or inadequate system management to replicate.
Release of a worm usually results in brief but spectacular outbreaks, shutting down entire networks.
Protection against Worms
requires a combination of basic system security and good network security
add-on tools:
configuration review tools
checksum-based change detection tools
intrusion detection tools
network security tools:
wrapper program : filter network connections
firewall system
The most important means of defense is the identification & authentication (I&A) controls, which are usually integrated into the system. If poorly managed, these controls become a vulnerability which is easily exploited.

Controls Against Program Threats

Software Engineering
Modularity, Encapsulation, and Information Hiding
Peer reviews
Hazard Analysis HAZOP, FMEA, FTA
Independent Testing
Good Design
Prediction
Static Analysis
Configuration Management
Proofs of Program Correctness
Operating System Controls - trusted software, confinement, audit log
Administrative Controls - Standards of program development


Pillar of software security

Risk Management
Touchpoints
Knowledge

Risk Management

Business understands the idea of risk even software risk
Technical perfection is impossible
There no such thing as 100% security
Perfect quality is a myth
Technical problem do not always spur action
Answer the So what? Question explicitly
Help user undesrtand what they should do about risk
Build better software

Touchpoints




Knowledge catalog

Principles
Guidelines
Rules
Attack patterns
Vulnerabilities
Historical Risks



Summary of Program Threats and Controls

Sites to research for Viruses, Worms, Hoaxes and other Malicious Code:
The Department of Energy's CIAC Hoax page
http://ciac.llnl.gov/ciac/CIACHoaxes.html
The Symantec Corporation (Norton Anti-virus Home) SARC database
http://www.symantec.com/avcenter/hoax.html
Network Associates (McAfee and Dr. Solomon Anti-virus) web page
http://vil.nai.com/villib/alpha.asp
The CERT (Computer Emergency Response Team) http://www.cert.org/
The SANS Institute (System Administration, Networking, and Security)
http://www.sans.org/newlook/home.htm


Viruses come in different forms
Some are mere nuisances, some come with devastating consequences
E-mail worms are self replicating and clogs the networks with unwanted traffic
Virus codes are not necessarily complex
It is necessary to scan the systems/networks for infections on a periodic basis for protection against viruses
Anti-dotes to new virus releases are promptly made available by security companies and the forms the major counter measure.

END OF LECTURE 3

Review Questions - Lab 3