CPSC 6126 Computer Security

1
CPSC 6126 Computer Security

• Information Assurance

2
Chapter 3 Program Security

• Programming errors with security
  implications-buffer overflows, incomplete access
  control
• Malicious code-viruses, worms, Trojan horses
• Program development controls against malicious
  code and vulnerabilities-software engineering
  principles and practices
• Controls to protect against program flaws in
  execution-operating system support and
  administrative controls

3
Program Security

• How do we keep programs free from flaws?
• How do we protect computing resources against
  programs that contain flaws?
• Presented with a finished product, for example, a
  commercial software package, how can you tell how
  secure it is or how to use it in its most secure
  way?

4
SECURE PROGRAMS

• Security implies some degree of trust that the
  program enforces expected confidentiality,
  integrity, and availability.
• How can we look at software component and assess
  its security?

5
Fixing Faults

• Software that has many faults early on is likely
  to have many others still waiting to be found.
• Early computer security work used penetrate and
  patch method where analysts searched for and
  repaired faults (tiger team)
• Often patch efforts made system less secure

6
Fixing Faults

• Pressure to repair encourages a narrow focus on
  the fault and not its context.
• Fixing the fault often introduces side effects.
• Fault not fixed properly cause it will cause
  performance problems.

7
Unexpected Behavior

• Compare program requirements with behavior to
  identify program security flaws
• Flaw is either a fault or failure
• Vulnerability is a class of flaws (e.g. buffer
  overflows)
• Need to determine how to prevent harm caused by
  possible flaws
• Program security flaws can derive from any kind
  of software fault.
• Inadvertent human flaws
• Malicious, intentionally induced flaws

8
Unexpected Behavior

• Hindrances for eliminating program security flaws
• How do we test for what a program shouldnt do?
• Programming and software engineering techniques
  evolve more rapidly than computer security
  techniques

9
Types of Flaws

• Intentional
• Malicious
• Nonmalicious
• Inadvertent
• Validation error (incomplete / inconsistent)
• Domain error
• Serialization and aliasing
• Inadequate identification and authentication
• Boundary condition violation
• Other exploitable logic errors

10
Nonmalicious Program Errors

• Buffer Overflows
• char sample10
• for (i1 ilt10 i) samplei A
• Last A goes into user data, user code, system
  data, or system code
• If data is overwritten, can affect results
• If system is overwritten, unpredictable results

11
Nonmalicious Program Errors

• Buffer Overflows Security Implication
• Attacker replaces code in the system space and
  takes control back from the operating system
• Attacker uses the stack pointer or return
  register to execute other code
• How to write buffer overflows
• Smashing the Stack for Fun and Profit

12
Nonmalicious Program Errors

• Buffer Overflows Security Implication
• Parameter passing to web server
• http//www.somesite.com/subpage/dataparm1(808)55
  5-1212parm22004Jan01
• What if one of the parameters is made longer?
• Microsoft's Phone Dialer contains a buffer
  overrun that allows execution of arbitary code

13
Nonmalicious Program Errors

• Incomplete Mediation (data checking)
• http//www.somesite.com/subpage/dataparm1(808)55
  5-1212parm22004Jan01
• What if parm2 is 1800Jan01 or 2004Feb30
• Use dropdown lists to force the input, test
  ranges
• Even then, the user could send incorrect data to
  the server
• Security Implication
• Easy to exploit Things, Inc. example

14
Nonmalicious Program Errors

• Time-of-Check to Time-of-Use Errors
• Mediation is performed with a bait and switch
  in the middle (synchronization flaw)
• Security Implication
• to avoid checking one action and performing
  another use digital signatures and certificates

15
Viruses and Other Malicious Code

• When was the last time you saw a bit?
• Do you know in what form a document file is
  stored?
• Can you find where a document resides on a disk?
• Can you tell if a game program does anything in
  addition to its expected interaction with you?
• Which files are modified by a word processor when
  you create a document?

16
Viruses and Other Malicious Code

• Malicious code has been around since the 70s
• How can malicious code take control of a system?
• How can it lodge in a system?
• How does malicious code spread?
• How can it be recognized?
• How can it be detected?
• How can it be stopped?
• How can it be prevented?

17
Kinds of Malicious Code

• Virus code that attaches to another program and
  copies itself to other programs
• Transient virus life depends on life of its
  host
• Resident virus locates inside memory
• Trojan Horse malicious effect is hidden from
  user
• Logic bomb triggered by an event
• Time bomb triggered by a time or date
• Trapdoor (backdoor) feature that allows access
  to program other than through normal channels
• Worm program that spreads copies of itself
  through a network
• Rabbit virus/worm that self-replicates without
  bound

18
How Viruses Attack

• A virus is attached to a program
• The virus is activated by executing the program
• Most common viruses today are attached to e-mail
  when the attachment is opened, virus is active

19
Ways Viruses are attached

• Appended Viruses (see Fig. 3-4) virus code is
  inserted before first instruction, last virus
  instruction points to first program instruction
• Virus surrounds program (See Fig. 3-5) 2nd part
  of virus cleans up evidence
• Integrated Viruses and Replacements (see Fig. 3-6)

20
Types of Viruses

• Boot Sector Virus virus is part of the
  bootstrap program (many earlier viruses)
• Memory-Resident Virus most program viruses stay
  in the memory when program is first run
• Document (Macro) Virus virus is part of the
  macro associated with a document

21
Antivirus Software

• Virus Signature (virus scanner looks for
  signatures)
• Storage Patterns (virus scanner looks for
  suspicious patterns)
• Execution Patterns
• Transmission Patterns
• Polymorphic Viruses

22
Prevention of Virus Infections

• Use only commercial software acquired from
  reliable, well-established vendors
• Test all new software on an isolated computer
• Open attachments only when you know them to be
  safe
• Make a recoverable system image and store it
  safely
• Make and retain backup copies of executable
  system files.
• Use virus detectors daily and update them
  regularly

23
Truths and Misconceptions about viruses

• Viruses can infect only Microsoft Windows systems
  FALSE
• Viruses can modify hidden or read-only files
  TRUE
• Viruses can appear only in data files, or only in
  Word documents, or only in programs FALSE
• Viruses spread only on disks or only in e-mail
  FALSE
• Viruses cannot remain in memory after a COLD BOOT
  TRUE
• Viruses cannot infect hardware TRUE
• Viruses can be malevolent, benign, or benevolent
  - TRUE

24
EXAMPLES

• Pakistani Brain Virus
• Internet Worm
• Code RED Worm
• SQL-Server Slammer
• Web Bugs (spyware)

25
Targeted Malicious Code

• Trapdoor undocumented entry point to a module
• Salami Attack (Ex. Interest computation)
• Covert Channels programs that leak information
  (Ex. Hide data in output)
• Storage Channels pass information by using
  presence or absence of objects in storage
• Timing Channels pass information using the
  speed at which things happen

26
Controls Against Program Threats

• Prevent Threats during software development
• Modularity security analysts must be able to
  understand each component as an independent unit
  and be assured of its limited effect on other
  components
• Encapsulation minimize interfaces to reduce
  covert channels
• Information hiding components will have limited
  effect on other components

27
Controls Against Program Threats

• Peer Reviews
• Hazard Analysis set of systematic techniques to
  expose potentially hazardous system states
• Testing unit testing, integration testing,
  function testing, performance testing, acceptance
  testing, installation testing, regression testing
• Good Design
• Using a philosophy of fault tolerance
• Have a consistent policy for handling failures
• Capture the design rationale and history
• Use design patterns

28
Controls Against Program Threats

• Prediction predict the risks involved in
  building and using the system
• Static Analysis Use tools and techniques to
  examine characteristics of design and code to see
  if the characteristics warn of possible faults
• Configuration Management control changes during
  development and maintenance
• Analysis of Mistakes
• Proofs of Program Correctness Can we prove that
  there are no security holes?

29
Operating System Controls on Use of Programs

• Trusted Software code has been rigorously
  developed and analyzed
• Functional correctness
• Enforcement of integrity
• Limited privilege
• Appropriate confidence level
• Mutual Suspicion assume other program is not
  trustworthy
• Confinement limit resources that program can
  access
• Access Log list who access computer objects,
  when, and for how long

30
Administrative Controls

• Standards of Program Development
• Standards of design
• Standards of documentation, language, and coding
  style
• Standards of programming
• Standards of testing
• Standards of configuration management
• Security Audits
• Separation of Duties

31
Ten Most Critical Web Application Security
Vulnerabilities(http//www.owasp.org

• Unvalidated Parameters
• Broken Access Control
• Broken Account and Session Management
• Cross-Site Scripting Flaws
• Buffer Overflows
• Command Injection Flaws
• Error Handling Problems
• Insecure Use of Cryptography
• Remote Administration Flaws
• Web and Application Server Misconfiguration