chapter 3 – program security section 3.1 secure programs section 3.2 nonmalicious program errors...
TRANSCRIPT
![Page 1: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/1.jpg)
Chapter 3 – Program SecuritySection 3.1 Secure Programs
Section 3.2 Nonmalicious Program ErrorsSection 3.3 Viruses and Other Malicious Code
![Page 2: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/2.jpg)
In this SectionProgramming errors with security
implicationsMalicious Code
Program Development and ControlsControls to protect against flaws in execution
Programs (lots of them)have errorsHow do we keep programs from flaws?How do we protect computing resources
against programs that contain flaws?
![Page 3: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/3.jpg)
Secure ProgramsWhat is a secure program?Everyone has there own requirement of
secure.Part of assessing software qualityDoes it meet security requirements in
specification? (is requirements complete?)
In general, we often look at quantity and types of faults for evidence of security (or lack of it). We track these things.
![Page 4: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/4.jpg)
Who’s Fault is it?Finding lots of faults in software early.
NOT GOOD.Early approaches were “Penetrate” and then
“Patch”NOT GOOD.
Repairing with a patch is a narrow focus and not the more important requirements.
Patches can cause other problems.Non obvious side effectsFix one places – fails anotherPerformance or function suffers
![Page 5: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/5.jpg)
Types of FlawsValidation error (incomplete or inconsistent):
permissions checksDomain error: controlled access to dataSerialization and aliasing: program flow
orderInadequate identification and authentication:
basis for authorizationBoundary condition violation: failure on first
or last caseOther exploitable logic errors
![Page 6: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/6.jpg)
Unexpected BehaviorUnexpected behavior is a program security
flaw.Does the program behave as it was designed?Behavior can be:
Vulnerability (class of fault)Flaw (fault or failure)
Flaw (human)InadvertentIntentional
![Page 7: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/7.jpg)
Nonmalicious Program ErrorsBuffer Overflows
Excess information provided – overfilling the bucket
Buffer – space in which data is held (array or string)
char sample[10] or char sample[i]For (i=0; I<=9; i++)
sample[i] = ‘A’;sample[10] = ‘B’;
![Page 8: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/8.jpg)
Figure 3-1 Places Where a Buffer Can Overflow.
![Page 9: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/9.jpg)
Nonmalicious Program ErrorsIncomplete Mediation
Supplying the wrong type of data being requested.Supplying the wrong length of data being
requested.Problem
System Fails Supply of Bad Data
Must be checked by programmerClient side verses Server Side
Time-of-Check to Time-of-Use ErrorsOld bait-n-switch
![Page 10: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/10.jpg)
Viruses and Other Malicious CodeWhy worry about it?
HarmWhat is it?
Unexpected or undesired effects in program or data caused by an agent intent on damage.
Agent is the writer of the codeMistakes are not malicious (human error)Virus – program that replicates itself to other
programs by altering the program code. Transient virus – runs when host runs Resident virus – resides in memory (active as a stand
alone)
![Page 11: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/11.jpg)
Trojan Horse – in addition to primary effect, has a second, non-obvious malicious effect. Passwords
Logic Bomb – only on a conditionTime bomb – only at certain timeTrapdoor (backdoor) – other means of
privileged access; intentional and non-intentional
Worm – spreads virus via network Rabbit – replicates to exhaust recourses
Viruses can append, surround and integrate
![Page 12: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/12.jpg)
Figure 3-4 Virus Appended to a Program.
![Page 13: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/13.jpg)
Figure 3-5 Virus Surrounding a Program.
![Page 14: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/14.jpg)
Figure 3-6 Virus Integrated into a Program.
![Page 15: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/15.jpg)
Figure 3-7 Virus Completely Replacing a Program.
![Page 16: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/16.jpg)
Viruses (Continued)Document Virus
Within the format of a documentMacro Virus
Appealing Qualities for Virus WritersHard to detectNot easily destroyedSpreads widelyRe-infects easilyEasy to createMachine and OS independent
![Page 17: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/17.jpg)
Viruses (Continued)Where do they live?
One-Time Execution Virus – come in on EMAIL; these are popular
Boot Sector Virus From the bootsrap (bootup); bootse ctor of the hard
disk
![Page 18: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/18.jpg)
Viruses (Continued)Where do they live?
Memory-Resident Viruses Terminate and Stay Resident (TSR) Infects Windows System Registry to reload
ApplicationsMacrosScriptsLibrariesImagesDocuments
![Page 19: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/19.jpg)
Viruses (Continued)Virus Signatures
Viruses are no completely invisibleThey all leave a signature pattern (DNA)Patterns are found with Virus ScannersVirus patterns
Always at same location Top of file location File size grows Strange code; jump statements Hash or checksum change (later chapters)
![Page 20: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/20.jpg)
Figure 3-9 Recognizable Patterns in Viruses.
![Page 21: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/21.jpg)
Viruses (Continued)Transmission PatternsPolymorphic Virus – every changing virusEncrypting Virus – tries to hide
PreventionCommercial software applicationsTest all softwareOpening attachmentsMake system imagesKeep copies of executable files and data filesVirus Detection Software
![Page 22: Chapter 3 – Program Security Section 3.1 Secure Programs Section 3.2 Nonmalicious Program Errors Section 3.3 Viruses and Other Malicious Code](https://reader036.vdocument.in/reader036/viewer/2022062313/56649cec5503460f949b7e1c/html5/thumbnails/22.jpg)
Viruses (Continued)Truths and Misconceptions about Viruses
Viruses infect only Windows (False)Viruses can modify “hidden” or “read-only” files
(True)Files only appear in executable files (False)Viruses spread only on disks or only through EMAIL
(false)Viruses cannot remain in memory when power is off
(True/False)Viruses can not infect hardware. (True/False)Viruses can be malevolent, benign or benevolent
(True)