'If people built buildings the way that programmers writ

1
Application Security
2
Malicious Code

• Vulnerable Software
• Hacker toolkits
• Back/Trapdoors
• Greedy Programs / Logic bombs
• Salami Attacks
• Trapdoors
• Worms/Viruses
• Bot Networks

3
Vulnerable Software

• Buffer overflows
• Insecure running environment
• Insecure temporary files
• Insecure program calls
• Weak encryption
• Poor programming
• If people built buildings the way that
  programmers write software, the first woodpecker
  to come along would destroy civilization.

4
Handling Vulnerabilities

• Locating
• Dealing with vendors
• Applying patches
• Disabling services
• Reconfiguring software/services

5
Hacker Toolkits

• Programs that automatically scan for security
  problems on systems
• Useful for system administrators to find problems
  for fixing
• Useful for hackers to find problems for
  exploitation
• Examples
• SATAN
• COPS
• ISS
• Countermeasure Detection Software

6
Back/Trapdoors

• Pieces of code written into applications of
  operating systems to grant programmers easy
  access
• Useful for debugging and monitoring
• Too often, not removed
• Examples
• Dennis Richies loging/compiler hack
• Sendmail DEBUG mode
• Countermeasures
• Sandboxing
• Code Reviews

7
Logic Bombs

• Pieces of code to cause undesired effects when
  event occurs
• Used to enforce licenses (time-outs)
• Used for revenge by disgruntled
• Can be hard to determine malicious
• Examples
• British accounting firm logic bomb
• British bank hack
• Countermeasures
• Personnel security

8
Viruses

• Pieces of code that attach to existing programs
• Not distinct program
• No beneficial use VERY destructive
• Examples
• Michelangelo
• Love letter
• Countermeasures
• Virus detection/disinfection software

9
Structure of a Virus

• Marker determine if a potential carrier program
  has been previously infected
• Infector Seeks out potential carriers and
  infects
• Trigger check Establishes if current conditions
  are sufficient for manipulation
• Manipulation Carry out malicious task

10
Types of Viruses

• Memory-resident
• Hardware
• Buffered
• Hide-and-seek
• Live-and-die
• Boot segment
• Macro

11
Worms

• Stand-alone programs that copy themselves from
  system to system
• Some use in network computation
• Examples
• Dolphin worm (Xerox PARC)
• Code Red (2001, 12B cost)
• Morris Worm (1988, 20M cost)
• Countermeasures
• Sandboxing
• Quick patching fix holes, stop worm

12
Trojan Horses

• Programs that have malicious covert purpose
• Have been used for license enforcement
• Examples
• FIX2001
• AOL4FREE
• RIDBO
• Countermeasures
• Sandboxing
• Code reviews

13
Greedy Programs

• Programs that copy themselves
• Core wars
• Have been used in destructive web pages,
  standalone programs
• Can be very difficult to show deliberate usage
• Countermeasures
• CPU quotas on process families
• Process quotas
• Review of imported software web pages

14
Bot Networks

• Collections of compromised machines
• Typically, compromised by scripts
• Respond to commands, perhaps encrypted
• ExamplesLeavesCode Red II
• Countermeasures Vul patching, Integrity checks