Lecture 8_Buffer_Overruns

Lecture 8_Buffer_Overruns - Operating System Security...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
COMP 6370 – Buffer Overflows – Lecture 8 1 Operating System Security Trojan Horses Does NOT self-replicate Free program made available to unsuspecting user Actually contains code to do harm Place altered version of utility program on victim's computer trick user into running that program la /usr/mal/ls Rootkits Remote Access Tools PCAnywhere Laplink Back Orifice
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
COMP 6370 – Buffer Overflows – Lecture 8 2 Login Spoofing (a) Correct login screen (b) Phony login screen
Background image of page 2
COMP 6370 – Buffer Overflows – Lecture 8 3 Worms A viral or reproductive program that copies and spreads itself without associating with a particular host program. Worms date back to the Morris Worm. Classifying worms (Nachenberg 99) By transport mechanism Email Worms Arbitrary Protocol Worms spread via protocols other than email protocols such as TCP/IP sockets By launching mechanism Self-launching worms ex. Morris Worm (rare) Script viruses such as bubbleboy that exploit unpatched Outlook qualify User-launched worms must be executed by a user and therefore require a degree of social engineering Hybrid launch use both mechanisms.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
COMP 6370 – Buffer Overflows – Lecture 8 4 Logic Bombs Company programmer writes program potential to do harm OK as long as he/she enters password daily ff programmer fired, no password and bomb explodes
Background image of page 4
COMP 6370 – Buffer Overflows – Lecture 8 5 Trap Doors (a) Normal code. (b) Code with a trapdoor inserted
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
COMP 6370 – Buffer Overflows – Lecture 8 6 Buffer Overflow (a) Situation when main program is running (b) After program A called (c) Buffer overflow shown in gray
Background image of page 6
COMP 6370 – Buffer Overflows – Lecture 8 7 Generic Security Attacks Typical attacks Request memory, disk space, tapes and just read Try illegal system calls Start a login and hit DEL, RUBOUT, or BREAK Try modifying complex OS structures Try to do specified DO NOTs Convince a system programmer to add a trap door Beg admin's sec’y to help a poor user who forgot password
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
COMP 6370 – Buffer Overflows – Lecture 8 8 Design Principles for Security 1. System design should be public 2. Default should be no access 3. Check for current authority 4. Give each process least privilege possible 5. Protection mechanism should be - simple - uniform - in lowest layers of system 6. Scheme should be psychologically acceptable And … keep it simple
Background image of page 8
COMP 6370 – Buffer Overflows – Lecture 8 9 RC5-64 On 14-Jul-2002, a relatively characterless PIII-450 in Tokyo returned the winning key to the distributed.net keyservers. The key 0x63DE7DC154F4D039 produces the plaintext output: The unknown message is: some things are better left unread So, after 1,757 days and 58,747,597,657 work units tested the winning key was found! While it's debatable that the duration of this project does much to
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 28

Lecture 8_Buffer_Overruns - Operating System Security...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online