Vocabulary Dear Mr. Winston. Fault noun When you are at fault, you have made a mistake.
Program Security Week-2. Programming Fault: When a human makes a mistake, called an error, in...
-
Upload
miles-stanley -
Category
Documents
-
view
215 -
download
1
Transcript of Program Security Week-2. Programming Fault: When a human makes a mistake, called an error, in...
Program Security
Week-2
ProgrammingFault: When a human makes a mistake, called an error, in performing some software
activity, the error may lead to a fault, or an incorrect step, command, process, or data
definition in a computer program.
• For example, a designer may misunderstand a requirement and create a design that
does not match the actual intent of the requirements analyst and the user.
Failure: a departure from the system's required behavior. It can be discovered before
or after system delivery, during testing, or during operation and maintenance.
A Flaw can be either a fault or failure, and a Vulnerability usually describes a class of
flaws, such as a buffer overflow.
Programming contd.Functional Requirements: The Functional Requirement document defines the
capabilities and functions that a System must be able to perform successfully.
Security Requirements: Types and levels of protection necessary for equipment, data,
information, applications, and facilities.
Unexpected Behaviour: The inadequacies of penetrate-and-patch led researchers to
seek a better way to be confident that code meets its security requirements. One way
to do that is to compare the requirements with the behavior.
Programming contd.Organised Design
• Top-down: is essentially the breaking down of a system to gain insight into its
compositional sub-systems.
• Bottom-up: is the piecing together of systems to give rise to grander systems, thus
making the original systems sub-systems of the emergent system.
• Waterfall Model
Programming contd.Organised Design
• CASE (Computer Aided Software Engineering) tool: it allows system developers to
create prototype screens and report generators rapidly and easily.
Language Choice
• Strongly Typed - each type of data is predefined as part of the programming language
Example: Ruby , Python and so forth.
• “structured programming”, modularity, complexity
• Analyzable and Rigorous Semantics
Nonmalicious (unintentional) Programming ErrorsBuffer-overflows
• A buffer overflow is the computing equivalent of trying to pour two liters of water
into a one-liter pitcher: Some water is going to spill out and make a mess.
• A buffer (or array or string) is a space in which data can be held. A buffer resides in
memory. Because memory is finite, a buffer's capacity is finite.
Nonmalicious (unintentional) Programming ErrorsIncomplete mediation is another security problem that has been with us for decades.
Attackers are exploiting it to cause security problems.
http://www.somesite.com/subpage/userinput.asp?parm1=(808)555-1212
&parm2=2009Jan17
• Using verification techniques can reduce the problem.
Time-of-Check to Time-of-Use Errors
• Check for access permission occurs before use; condition changes between check
and use.
• The time-of-check to time-of-use (TOCTTOU) flaw can be in a scenario of Web
application that allows a user to edit pages, and also allows administrators to lock
pages to prevent editing.
Virus and Other Malicious CodeTypes (Note: terminology is nonstandard)
Virus: A virus is a program that can replicate itself and pass on malicious code to other
nonmalicious programs by modifying them. Eg. Transient and Resident Virus.
Worms: A worm is a program that spreads copies of itself through a network.
Difference between a worm and a virus is that a worm operates through networks,
and a virus can spread through any medium.
A Trojan horse is malicious code that, in addition to its primary effect, has a second,
nonobvious malicious effect.
Virus and Other Malicious CodeTypes (Note: terminology is nonstandard)
Trapdoor/backdoor: a program features that allows others to gain access other than
obvious or direct means.
Logic bomb: malicious code that is triggered or detonated or goes off when a specified
condition is met. A time bob is a logic bomb that whose trigger is a time or data
Virus and Other Malicious CodeTransmission
• links
• executable code in data files (macros, autorun code, helper applications)
Gaining Control
Virus and Other Malicious CodeExecution
• one-time
• on system startup or reboot
• on every activation of a program
• on an event
Recognition
• signature, patterns
• polymorphic, viruses
• encrypted viruses
Targeted (intentional) Malicious CodeTrapdoor: undocumented entry point to a program, for example, developers do this
during testing.
Salami attacks: “small thin slices” – typical example involve interest calculations. Small
amounts of money (pennies) are accumulated elsewhere.
Rootkits: It is a piece of malicious code that goes to great lengths not to be discovered
or, if discovered and removed, to reestablish itself whenever possible.
• The name rootkit refers to the code's attempt to operate as root, the superprivileged
user of a Unix system.
Privilege escalation attack is a means for malicious code to be launched by a user with
lower privileges but run with higher privileges.
Targeted (intentional) Malicious Code
• Interface Illusion – fake websites
• Keystroke loggers – retain copies of all keys presses.
• Man-In-The-Middle Attack – a program interjects itself between two the programs –
e.g. user-input and application results.
• Covert channels – programs that leak information
Controls• Depend in part on means of transmission of malicious code
• Some controls are not fool proof:
- programming environment
- testing (absence of flaws in testing does not imply absence of flaws in code)
• “vetting” or clearing programmers; using only programmers from a particular nation
or having a particular certification
- everyone makes human mistakes at some time
- even well-vetted individuals can be malicious
- programmers have method and opportunity; motive is hard to control
completely
Controls• Software development (programming environment and practices) controls
• testing (many types)
• program structure
• mutual suspicion
• genetic diversity
• Confined execution environment
• See many operating system confinement approaches in Chapter 3.
Thank You !