1 / 32

TMK 264: COMPUTER SECURITY

TMK 264: COMPUTER SECURITY. CHAPTER THREE : SECURITY SYSTEM. INTRODUCTION. Consider what we mean when we say that a program is ‘secure’. We saw in chapter 1 that security implies some degree of trust that the program enforces expected confidentiality, integrity and availability.

cana
Télécharger la présentation

TMK 264: COMPUTER SECURITY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. TMK 264: COMPUTER SECURITY CHAPTER THREE : SECURITY SYSTEM Prepared By: Razif Razali

  2. INTRODUCTION • Consider what we mean when we say that a program is ‘secure’. • We saw in chapter 1 that security implies some degree of trust that the program enforces expected confidentiality, integrity and availability. • From the point of view of a program or a programmer, how can we look at a software component or code fragment and asses its security? Prepared By: Razif Razali

  3. VIRUSES AND OTHER MALICIOUS CODE • By themselves, programs are seldom security threats. • The programs operate on data, taking action only when data and state changes trigger it. • Much of the work done by a program is invisible to users, so they are not likely to be aware of any malicious activity. Prepared By: Razif Razali

  4. WHAT IS THE MALICIOUS CODE? • Malicious Code or a rogue program is the general name for unanticipated or undesired effects in programs or program parts. • Cause by agents that the computer system can be affected. • The agent is the writer of the program or the person or the person who causes its distribution. • Malicious code can do anything any other program can, such as writing a message on a computer screen, stopping a running program, generating a sound or erasing a stored file. • Malicious code runs under the user authority. Prepared By: Razif Razali

  5. KINDS OF MALICIOUS CODE Prepared By: Razif Razali

  6. WORM • Is a self relocating computer program. • Use network to send copies to other node. • Always harm the network, where viruses always infect on targeted PC. • Can consume memory or network, bandwidth which can cause a computer to crash. • Worm is similar to virus by its design, and is considered to be a sub class of a virus. • Example: Sasser Worm, Blaster Worm, ILOVEYOU, CodeRed, Nimbda. Prepared By: Razif Razali

  7. TROJAN HORSE • Trojan horse is a program that unlike a virus contains or installs a malicious code. • Trojan horse may appear to be useful or interesting programs to an unsuspecting user, but are actually harmful when executed. • Also known to create backdoor on your computer that gives malicious code users access to your system. Prepared By: Razif Razali

  8. LOGIC BOMB • Also called slag code; is a programming code, inserted surreptitiously or intentionally, that is designed to execute under circumstances. • When exploded, may design to display or print a spurious message delete or corrupt data, or have other undesirable effects. Prepared By: Razif Razali

  9. VIRUS DEFINITIONS • A computer virus is a block of executable code that would replicate itself by attaching to other files or replacing another program. • Attack of a computer or a computer system by virus spread over the network or the Internet. • A virus is a program that can pass on malicious code to other no malicious programs by modifying them. • What do computer viruses do? • A computer virus’s main purpose is to replicate itself and copy its code into as many other files as possible. Prepared By: Razif Razali

  10. Figure: How computer virus spread Prepared By: Razif Razali

  11. CATEGORIES OF VIRUS • A virus can be either transient or resident. • Transient • Life that depends on the life of its hosts. • The virus runs when its attached program executes and terminates when its attached program ends. • During its execution, the transient virus may have spread its infection to other programs. • Resident • Locates itself in memory; then it can remain active or be activated as a stand-alone program, even its attached program ends. Prepared By: Razif Razali

  12. VIRUS SYMPTOMS Prepared By: Razif Razali

  13. HOW VIRUS ATTACH? • Virus is attached by using three methods: • Appended to program • Surrounding a program • Integrating into program Prepared By: Razif Razali

  14. Virus appended to a program • The program virus attached itself to a program, then, whenever the program is run, the virus is activated. • This kind of attachment is simple and effective. • In the simplest case, a virus inserts a copy of itself into the executable program file before the first executable instruction. • Then, all the virus instructions execute first; after the last virus instruction, control flows naturally to what used to be the first program instruction. Prepared By: Razif Razali

  15. Figure: Virus appended to a program Prepared By: Razif Razali

  16. Virus Surrounding & Integrating • Virus surrounding a program • Virus that runs the original program but has control before and after its executions. • Example: the virus writer might want to prevent the virus from being detected. • Virus Integrated into a program • The virus replaces some of its target, integrating itself into the original code of the target. • The virus writer has to know the exact structure of the original program and must know where to insert the piece of the virus. Prepared By: Razif Razali

  17. Prepared By: Razif Razali

  18. HOMES FOR VIRUSES • Since a virus can be rather smaller, its code can be ‘hidden’. • Two hundred lines of a virus could be separated into one hundred packets of two lines of code. • The virus writer may find these qualities appealing in a virus: • It is hard to detect • It is not easily destroyed and deactivated. • It spread infection widely. • It can reinfect it home program or other programs. • It is easy to create. • It is machine independent and operating system independent. Prepared By: Razif Razali

  19. Issues of virus resident • One-Time Execution • The majority of viruses today execute only once, spreading their infection and causing their effect in that one execution. • A virus often arrives as an email attachment of a document virus. • Boot Sector Viruses • When a computer is started, control begins with firmware that determines which hardware component is present, tests them and transferred to the operating system. • A boot sector is an especially appealing place to house a virus. Prepared By: Razif Razali

  20. Issues of virus resident • Memory Resident Viruses • Some parts of the operating system and most user programs execute, terminate and disappear, with their space in memory being available for anything executed later. • Example of resident code is the routine that interprets keys pressed on the keyboard, the code that handles error condition that arises during program executions. • Other homes for viruses • A virus that does not take up residence in one of these cozy establishments has to fend more for it. • One popular home for a virus is an application program. • Many applications, such as word processors and spreadsheet, have a ‘macro’ feature, by which a user can record a series of commands and repeat them with one invocation. Prepared By: Razif Razali

  21. VIRUS SIGNATURE • A virus cannot be completely invisible. • Code must be stored somewhere, and the code must be in memory to execute. • Moreover, the virus executes in a particular way, using certain method to spread. • Each of these characteristics yields a telltale pattern, called a signature. • Specific strings of binary code in most viruses (except polymorphic ones) that allow antivirus software to detect them. • New viruses contain new signatures, which is why it is essential to keep signature files up to date. • The virus signature is important for creating a program, called a virus scanner. • The scanner searches memory to search the virus signatures Prepared By: Razif Razali

  22. Figure: Example of Virus Signature Prepared By: Razif Razali

  23. Prepared By: Razif Razali

  24. DENIAL OF SERVICE (DOS) • Also known as Distributed Denial of Service Attack. • DOS is an attempt to make a computer resource unavailable to the intended users. • It simply aims to prevent legitimate users from accessing the system. Prepared By: Razif Razali

  25. HOW VIRUS GAIN CONTROL? • Virus can control the program by • Overwriting the part of the program • The virus can overwrite T in storage (simply replacing the copy of T in storage, for example (a)) • Changing the pointers. • Alternatively, the virus can change the pointers in the file table so that the virus is located instead of T whenever T is accessed through the file system. (See example (b)) Prepared By: Razif Razali

  26. Figure: Virus completely replacing a program Prepared By: Razif Razali

  27. HOW VIRUSES MAY EFFECT FILES • Viruses can affect any files; however, usually attack .com, .exe, .sys, .bin, .pif or any data files. • Increase the files size, however this can be hidden. • It can delete files as the file is run. • It can corrupt files randomly. • It can because write protect errors when executing .exe files from a write protected disk. • It can convert .exe files to .com files. • It can reboot the computer when executed. Prepared By: Razif Razali

  28. VIRUS EFFECTS AND CAUSES Prepared By: Razif Razali

  29. PREVENTION OF VIRUS INFECTION • The only way to prevent the infection of a virus is not to share executable code with an infected source. • Techniques used to control virus: • Use only commercial software acquired from reliable, well establish vendor. • Test all new software on an isolated computer. • Open attachments only when you know them to be safe. • Make a recoverable system image and store it safely. • Make and retain backup copies of executable system files. • Use virus detectors regularly and update them daily. Prepared By: Razif Razali

  30. TRUTH ABOUT VIRUS • Viruses can infect only Microsoft Windows operating systems – FALSE • Viruses can modify ‘hidden’ or’ read only file’. – TRUE • Virus can appear only in data files, or only in word document, or programs – FALSE • Virus spread only on disks or only in e-mail.- FALSE • Virus cannot remain in memory after a complete power off/power on reboot – TRUE • Virus cannot infect hardware – TRUE • Virus can be malevolent, benign or benevolent - TRUE Prepared By: Razif Razali

  31. SALAMI ATTACK • This approach gets its name from the way odd bits of meat and fat are fused together in a sausage or salami. • Some books refer salami attack as a salami shaving. • In the same way, a salami attack merges bits of seemingly inconsequential data to yield powerful result. • Example of salami attack: • With salami shaving, a programmer alters a program to subtract a very small amount of money from an account – say, two cents- and diverts the funds to the embezzler’s account. • Ideally, the sum is so small that it’s never noticed. • In a business that handles thousand of accounts, an insider could skim tens of thousands of dollars per year using this method. Prepared By: Razif Razali

  32. CONCLUSIONS • Introduction • Virus and malicious code • What is malicious code? • Kinds of malicious code • Virus Definition • How virus attach • Appended virus • Surround a program • Integrated viruses • Home for virus • Virus signature • How viruses may effect files • Virus effect and cause • Prevention of virus infection • Truth about virus • Salami attack • Example of salami attack Prepared By: Razif Razali

More Related