CSCI6268L23 - Foundations of Network and Computer Security...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
Foundations of Network and Foundations of Network and Computer Security Computer Security J J ohn Black Lecture #23 Oct 26 th 2009 CSCI 6268/TLEN 5550, Fall 2009
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Trojans Malicious code hidden within another object Email attachments can contain trojans This is how many viruses spread Backdoor is usually considered as a synonym Putting a backdoor into login.c qualifies
Background image of page 2
Thompson’s Turing Award Lecture (1995) Thompson and Ritchie won the Turing award for creating Unix Thompson’s is my favorite Turing award lecture “Reflections on Trusting Trust” Please read it (it’s short) His lecture has three stages Stage I: a “Quine” A Quine is a program which outputs its own source code
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
A Quine in C char*f="char*f=%c%s%c;main() {printf(f,34,f,34,10);}%c"; main() {printf(f,34,f,34,10);} We printf the string f, inserting f into itself as a parameter Yow! We could attach any extra code we like here File this away in your head for now: we can write a program which outputs its own source code
Background image of page 4
Thompson, Stage II Note that a C compiler is often written in C Kind of strange chicken-and-egg problem How to bootstrap Interesting “learning behavior” You add a feature, compile compiler with itself, then it “knows” the feature Once you get a rudimentary compiler written, it can be arbitrarily extended
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Thompson, Stage III Add a backdoor to login.c Allow valid passwords plus some “master” password Note that this would be caught soon enough because it exists in the login.c source code Ok, so be sneakier Add code in cc.c (the C compiler) to add the backdoor to login.c whenever compiling login.c Add self-replicating code to the C compiler to reproduce itself plus the login.c backdoor!
Background image of page 6
Implementing the Trojan Now compile login.c Compiler adds the backdoor Compile cc.c Compiler sees that it’s compiling itself and self- replicating code runs to ensure login.c trojan and cc.c trojan are compiled into cc binary Now remove all this new code from cc.c Back door exists only in binary! login.c and cc.c will continue to have trojan even after infinite recompiles
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Moral of the Story The amount of cleverness we haven’t even thought of yet is scary We’re probably never going to have completely secure computers and networks The most we can hope for is “best effort” from those we trust and from ourselves It’s going to be an eternal battle between us and the criminals
Background image of page 8
Denial of Service An old idea Picket lines, blockades, doorbell ditch, false pizza orders, prank phone calls, etc. First technological DoS I know of Denver Taxi company in the 50’s Promised a white driver every time Civil rights protesters called and left phone off hook Tied up phone lines back then
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
In the computer arena Mail bombs Large emails to fill up someone’s hard disk Network traffic
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 41

CSCI6268L23 - Foundations of Network and Computer Security...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online