jan24 - CS 426 class Jan 24, 2012

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 426 class Jan 24, 2012 www.cs.purdue.edu/homes/ssw/cs426/{index.html,syll.pdf,outline} (General purpose) Program security These ideas apply also to OS and DB. Read Chapter 3 Targeted malicious code attacks a particular machine, not a type of machine or OS A trapdoor is an undocumented entry point to a system. Some are created inadvertently due to not checking input data. Example: fingerd in Morris's Internet Worm Some are added to facilitate testing during pgm development. Some are left in for further testing, maintenance or covert entry. An undefined opcode is a trapdoor in hardware. A salami attack steals a tiny amount, usually < 1 cent, from many accounts. Example. A bank programmer computes interest on each account, rounds down to the next whole cent, and adds all the fractional cents to his own account. Hard to find because small errors are considered normal. Rootkit = malicious code that hides and reestablishes itself when discovered. (Root = UNIX superuser) Example. Intercept an "ls" command, edit its output to omit record of itself. Rootkit revealer = looks for rootkit by listing files
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 3

jan24 - CS 426 class Jan 24, 2012

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online