Software and Security(PPT-260).ppt_第1页
Software and Security(PPT-260).ppt_第2页
Software and Security(PPT-260).ppt_第3页
Software and Security(PPT-260).ppt_第4页
Software and Security(PPT-260).ppt_第5页
已阅读5页,还剩255页未读 继续免费阅读

下载本文档

版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领

文档简介

part4 software1 softwareandsecurity part4 software2 whysoftware whyissoftwareasimportanttosecurityascrypto accesscontrolandprotocols virtuallyallofinformationsecurityisimplementedinsoftwareifyoursoftwareissubjecttoattack yoursecurityisbrokenregardlessofstrengthofcrypto accesscontrolorprotocolssoftwareisapoorfoundationforsecurity part4 software3 badsoftware badsoftwareiseverywhere nasamarslander cost 165million crashedintomarserrorinconvertingenglishandmetricunitsofmeasuredenverairportbuggybaggagehandlingsystemdelayedairportopeningby11monthscostofdelayexceeded 1million daymv 22ospreyadvancedmilitaryaircraftliveshavebeenlostduetofaultysoftware part4 software4 softwareissues attackersactivelylookforbugsandflawslikebadsoftware andtrytomakeitmisbehaveattacksystemsthrubadsoftware normal usersfindbugsandflawsbyaccidenthatebadsoftware butmustlearntolivewithitmustmakebadsoftwarework part4 software5 complexity complexityistheenemyofsecurity paulkocher cryptographyresearch inc system linesofcode loc anewcarcontainsmorelocthanwasrequiredtolandtheapolloastronautsonthemoon part4 software6 linesofcodeandbugs conservativeestimate 5bugs 1000locdothemathtypicalcomputer 3 000exe sof100keachconservativeestimateof50bugs exeabout150kbugspercomputer30 000nodenetworkhas4 5billionbugssupposethatonly10 ofbugssecurity criticalandonly10 ofthoseremotelyexploitablethen only 4 5millioncriticalsecurityflaws part4 software7 softwaresecuritytopics programflaws unintentional bufferoverflowincompletemediationraceconditionsmalicioussoftware intentional viruseswormsotherbreedsofmalware part4 software8 programflaws anerrorisaprogrammingmistaketoerrishumananerrormayleadtoincorrectstate faultafaultisinternaltotheprogramafaultmayleadtoafailure whereasystemdepartsfromitsexpectedbehaviorafailureisexternallyobservable error fault failure part4 software9 example chararray 10 for i 0 i 10 i array i a array 10 b thisprogramhasanerrorthiserrormightcauseafaultincorrectinternalstateifafaultoccurs itmightleadtoafailureprogrambehavesincorrectly external weusethetermflawforalloftheabove part4 software10 securesoftware insoftwareengineering trytoinsurethataprogramdoeswhatisintendedsecuresoftwareengineeringrequiresthatthesoftwaredoeswhatisintended andnothingmoreabsolutelysecuresoftwareisimpossibleabsolutesecurityisalmostneverpossible howcanwemanagetherisks part4 software11 programflaws programflawsareunintentionalbutstillcreatesecurityriskswe llconsider3typesofflawsbufferoverflow smashingthestack incompletemediationraceconditionsmanyotherflawscanoccurthesearemostcommon part4 software12 bufferoverflow part4 software13 typicalattackscenario usersenterdataintoawebformwebformissenttoserverserverwritesdatatobuffer withoutcheckinglengthofinputdatadataoverflowsfrombuffersometimes overflowcanenableanattackwebformattackcouldbecarriedoutbyanyonewithaninternetconnection part4 software14 bufferoverflow q whathappenswhenthisisexecuted a dependingonwhatresidesinmemoryatlocation buffer 20 mightoverwriteuserdataorcodemightoverwritesystemdataorcode intmain intbuffer 10 buffer 20 37 part4 software15 simplebufferoverflow considerbooleanflagforauthenticationbufferoverflowcouldoverwriteflagallowinganyonetoauthenticate buffer f t f o u r s c booleanflag insomecases attackerneednotbesoluckyastohaveoverflowoverwriteflag part4 software16 memoryorganization text codedata staticvariablesheap dynamicdatastack scratchpaper dynamiclocalvariablesparameterstofunctionsreturnaddress stack heap data text highaddress lowaddress sp part4 software17 simplifiedstackexample high voidfunc inta intb charbuffer 10 voidmain func 1 2 buffer ret a b returnaddress low sp sp sp sp part4 software18 smashingthestack high whathappensifbufferoverflows buffer a b ret low sp sp sp sp ret overflow program returns towronglocation not acrashislikely overflow part4 software19 smashingthestack high attackerhasabetteridea evilcode a b low sp sp sp sp ret ret codeinjectionattackercanrunanycodeonaffectedsystem part4 software20 smashingthestack attackermaynotknowaddressofevilcodelocationofretonstacksolutionsprecedeevilcodewithnop landingpad insertlotsofnewret evilcode ret ret nop nop ret ret part4 software21 stacksmashingsummary abufferoverflowmustexistinthecodenotallbufferoverflowsareexploitablethingsmustlineupcorrectlyifexploitable attackercaninjectcodetrialanderrorlikelyrequiredlotsofhelpavailableonlinesmashingthestackforfunandprofit alephonealsopossibletooverflowtheheapstacksmashingis attackofthedecade part4 software22 stacksmashingexample programasksforaserialnumberthattheattackerdoesnotknowattackeralsodoesnothavesourcecodeattackerdoeshavetheexecutable exe programquitsonincorrectserialnumber part4 software23 example bytrialanderror attackerdiscoversanapparentbufferoverflow notethat0 x41is a lookslikeretoverwrittenby2bytes part4 software24 example next disassemblebo exetofind thegoalistoexploitbufferoverflowtojumptoaddress0 x401034 part4 software25 example findthat0 x401034is p4 inascii byteorderisreversed why x86processorsare little endian part4 software26 example reversethebyteorderto 4 p and success we vebypassedserialnumbercheckbyexploitingabufferoverflowoverwrotethereturnaddressonthestack part4 software27 example attackerdidnotrequireaccesstothesourcecodeonlytoolusedwasadisassemblertodetermineaddresstojumptocanfindaddressbytrialanderrornecessaryifattackerdoesnothaveexeforexample aremoteattack part4 software28 example sourcecodeofthebufferoverflow flaweasilyfoundbyattackerevenwithoutthesourcecode part4 software29 stacksmashingprevention 1stchoice employnon executablestack noexecute nxbit ifavailable seemslikethelogicalthingtodo butsomerealcodeexecutesonthestack javadoesthis 2ndchoice usesafelanguages java c 3rdchoice usesafercfunctionsforunsafefunctions therearesaferversionsforexample strncpyinsteadofstrcpy part4 software30 stacksmashingprevention canaryrun timestackcheckpushcanaryontostackcanaryvalue constant0 x000aff0dorvaluedependsonret high buffer a b low overflow ret canary overflow part4 software31 microsoft scanary microsoftaddedbuffersecuritycheckfeaturetoc with gscompilerflagusescanary or securitycookie q whattodowhencanarydies a checkforuser suppliedhandlerhandlermaybesubjecttoattackclaimedthatattackercanspecifyhandlercodeifso formerlysafebufferoverflowsbecomeexploitablewhen gsisused part4 software32 bufferoverflow the attackofthedecade for90 swillbetheattackofthedecadefor00 scanbepreventedusesafelanguages safefunctionseducatedevelopers usetools etc bufferoverflowswillexistforalongtimelegacycodebadsoftwaredevelopment part4 software33 incompletemediation part4 software34 inputvalidation consider strcpy buffer argv 1 abufferoverflowoccursiflen buffer len argv 1 softwaremustvalidatetheinputbycheckingthelengthofargv 1 failuretodosoisanexampleofamoregeneralproblem incompletemediation part4 software35 inputvalidation considerwebformdatasupposeinputisvalidatedonclientforexample thefollowingisvalid part4 software36 incompletemediation linuxkernelresearchhasrevealedmanybufferoverflowsmanyoftheseareduetoincompletemediationlinuxkernelis good softwaresinceopen sourcekernel writtenbycodinggurustoolsexisttohelpfindsuchproblemsbutincompletemediationerrorscanbesubtleandtoolsusefultoattackerstoo part4 software37 raceconditions part4 software38 racecondition securityprocessesshouldbeatomicoccur allatonce raceconditionscanarisewhensecurity criticalprocessoccursinstagesattackermakeschangebetweenstagesoften betweenstagethatgivesauthorization butbeforestagethattransfersownershipexample unixmkdir part4 software39 mkdirracecondition mkdircreatesnewdirectoryhowmkdirissupposedtowork 1 allocatespace mkdir 2 transferownership part4 software40 mkdirattack notreallya race butattacker stimingiscritical 1 allocatespace mkdir 3 transferownership 2 createlinktopasswordfile themkdirracecondition part4 software41 raceconditions raceconditionsarecommonraceconditionsmaybemoreprevalentthanbufferoverflowsbutraceconditionshardertoexploitbufferoverflowis lowhangingfruit todaytopreventraceconditions makesecurity criticalprocessesatomicoccurallatonce notinstagesnotalwayseasytoaccomplishinpractice part4 software42 malware part4 software43 malicioussoftware malwareisnotnew fredcohen sinitialvirusworkin1980 susedvirusestobreakmlssystemstypesofmalware lotsofoverlap virus passivepropagationworm activepropagationtrojanhorse unexpectedfunctionalitytrapdoor backdoor unauthorizedaccessrabbit exhaustsystemresources part4 software44 viruses worms wheredoviruseslive bootsectortakecontrolbeforeanythingelsememoryresidentstaysinmemoryapplications macros data etc libraryroutinescompilers debuggers viruschecker etc theseareparticularlynasty part4 software45 malwaretimeline preliminaryworkbycohen early80 s brainvirus 1986 morrisworm 1988 codered 2001 sqlslammer 2004 futureofmalware part4 software46 brain firstappearedin1986moreannoyingthanharmfulaprototypeforlatervirusesnotmuchreactionbyuserswhatitdidplaceditselfinbootsector andotherplaces screeneddiskcallstoavoiddetectioneachdiskread checkedbootsectortoseeifbootsectorinfected ifnot goto1braindidnothingmalicious part4 software47 morrisworm firstappearedin1988whatittriedtododeterminewhereitcouldspreadspreaditsinfectionremainundiscoveredmorrisclaimeditwasatestgonebad flaw inwormcode ittriedtore infectalready infectedsystemsledtoresourceexhaustionadverseeffectwaslikeaso calledrabbit part4 software48 morrisworm howtospreaditsinfection triedtoobtainaccesstomachinebyuseraccountpasswordguessingexploitedbufferoverflowinfingerdexploitedtrapdoorinsendmailflawsinfingerdandsendmailwerewell knownatthetime butnotwidelypatched part4 software49 morrisworm onceaccesshadbeenobtainedtomachine bootstraploader senttovictimconsistedof99linesofccodevictimmachinecompiledandexecutedcodebootstraploaderthenfetchedtherestofthewormvictimevenauthenticatedthesender part4 software50 morrisworm howtoremainundetected iftransmissionofthewormwasinterrupted allcodewasdeletedcodewasencryptedwhendownloadeddownloadedcodedeletedafterdecryptingandcompilingwhenrunning thewormregularlychangeditsnameandprocessidentifier pid part4 software51 resultofmorrisworm shockedtheinternetcommunityof1988internetdesignedtowithstandnuclearwaryetitwasbroughtdownbyagraduatestudent atthetime morris fatherworkedatnsa couldhavebeenmuchworse notmalicioususerswhodidnotpanicrecoveredquickestcertbegan increasedsecurityawarenessthoughlimitedactionstoimprovesecurity part4 software52 coderedworm appearedinjuly2001infectedmorethan250 000systemsinabout15hoursintotal infected750 000outof6 000 000susceptiblesystemsexploitedbufferoverflowinmicrosoftiisserversoftwarethenmonitoredtrafficonport80forothersusceptibleservers part4 software53 coderedworm whatitdidday1to19ofmonth triedtospreadinfectionday20to27 distributeddenialofserviceattackonwww whitehouse govlaterversions severalvariants includedtrapdoorforremoteaccessrebootedtoflushworm leavingonlytrapdoorhasbeenclaimedthatcoderedmayhavebeen betatestforinformationwarfare part4 software54 sqlslammer infected250 000systemsin10minutes coderedtook15hourstodowhatslammerdidin10minutesatitspeak slammerinfectionsdoubledevery8 5secondsslammerspreadtoofast burnedout availablebandwidth part4 software55 sqlslammer whywasslammersosuccessful wormfitinone376byteudppacketfirewallsoftenletsmallpacketthru assumingitcoulddonoharmbyitselfthenfirewallmonitorstheconnectionexpectationwasthatmuchmoredatawouldberequiredforanattackslammerdefiedassumptionsof experts part4 software56 trojanhorseexample atrojanhasunexpectedfunctionprototypeoftrojanforthemacfileiconforfreemusic mp3 forarealmp3 doubleclickoniconitunesopensmusicinmp3fileplaysbutforfreemusic mp3 unexpectedresults part4 software57 trojanexample doubleclickonfreemusic mp3itunesopens expected wildlaugh probablynotexpected messagebox unexpected part4 software58 trojanexample howdoesfreemusic mp3trojanwork this mp3 isanapplication notdata thistrojanisharmless but couldhavedoneanythingusercandodeletefiles downloadfiles launchapps etc part4 software59 malwaredetection threecommonmethodssignaturedetectionchangedetectionanomalydetectionwe llbrieflydiscusseachoftheseandconsideradvantagesanddisadvantagesofeach part4 software60 signaturedetection asignatureisastringofbitsfoundinsoftware orcouldbeahashvalue supposethatavirushassignature0 x23956a58bd910345wecansearchforthissignatureinallfilesifwefindthesignaturearewesurewe vefoundthevirus no samesignaturecouldappearinotherfilesbutatrandom chanceisverysmall 1 264softwareisnotrandom soprobabilityishigher part4 software61 signaturedetection advantageseffectiveon traditional malwareminimalburdenforusers administratorsdisadvantagessignaturefilecanbelarge 10 000 s makingscanningslowsignaturefilesmustbekeptuptodatecannotdetectunknownvirusescannotdetectsomenewtypesofmalwarebyfarthemostpopulardetectionmethod part4 software62 changedetection virusesmustlivesomewhereonsystemifwedetectthatafilehaschanged itmaybeinfectedhowtodetectchanges hashfilesand securely storehashvaluesrecomputehashesandcompareifhashvaluechanges filemightbeinfected part4 software63 changedetection advantagesvirtuallynofalsenegativescanevendetectpreviouslyunknownmalwaredisadvantagesmanyfileschange andoftenmanyfalsealarms falsepositives heavyburdenonusers administratorsifsuspiciouschangedetected thenwhat mightstillneedsignature basedsystem part4 software64 anomalydetection monitorsystemforanything unusual or virus like orpotentiallymaliciouswhatisunusual fileschangeinsomeunusualwaysystemmisbehavesinsomewayunusualnetworkactivityunusualfileaccess etc etc butmustfirstdefine normal andnormalcanchange part4 software65 anomalydetection advantageschanceofdetectingunknownmalwaredisadvantagesunproveninpracticeattackercanmakeanomalylooknormalmustbecombinedwithanothermethod suchassignaturedetection alsopopularinintrusiondetection ids adifficultunsolved unsolvable problem asdifficultasai part4 software66 futureofmalware polymorphicandmetamorphicmalwarefastreplication warholwormsflashworms slowworms etc futureisbrightformalwaregoodnewsforthebadguys badnewsforthegoodguysfutureofmalwaredetection part4 software67 polymorphicmalware polymorphicworm usually encryptednewkeyisusedeachtimewormpropagatestheencryptionisweak repeatedxor wormbodyhasnofixedsignaturewormmustincludecodetodecryptitselfsignaturedetectionsearchesfordecryptcodedetectablebysignature basedmethodthoughmorechallengingthannon polymorphic part4 software68 metamorphicmalware ametamorphicwormmutatesbeforeinfectinganewsystemsuchawormcanavoidsignature baseddetectionsystemsthemutatedwormmustdothesamethingastheoriginalanditmustbe differentenough toavoiddetectiondetectioniscurrentlyunsolvedproblem part4 software69 metamorphicworm toreplicate thewormisdisassembledwormisstrippedtoabaseformrandomvariationsinsertedintocoderearrangejumpsinsertdeadcodemanyotherpossibilitiesassembletheresultingcoderesultisawormwithsamefunctionalityasoriginal butverydifferentsignature part4 software70 warholworm inthefutureeverybodywillbeworld famousfor15minutes andywarholawarholwormisdesignedtoinfecttheentireinternetin15minutesslammerinfected250 000systemsin10minutes burnedout bandwidthslammercouldnothaveinfectedallofinternetin15minutes toobandwidthintensivecanawormdo better thanslammer part4 software71 warholworm oneapproachtoawarholworm seedwormwithaninitialhitlistcontainingasetofvulnerableipaddressesdependsontheparticularexploittoolsexistforfindingvulnerablesystemseachsuccessfulinitialinfectionwouldattackselectedpartofipaddressspacenowormthissophisticatedhasyetbeenseeninthewild asof2004 slammergeneratedrandomipaddressescouldinfectentireinternetin15minutes part4 software72 flashworm possibletodo better thanwarholworm canentireinternetbeattackedin 15min searchingforvulnerableipaddressesisslowpartofanywormattacksearchingmightbebandwidthlimitedlikeslammera flashworm isdesignedtoinfectentireinternetalmostinstantly part4 software73 flashworm predetermineallvulnerableipaddressesdependsontheparticularexploitembedallknownvulnerableaddressesinwormresultisahugeworm perhaps400kb wheneverthewormreplicates itsplitsvirtuallynowastedtimeorbandwidth originalworm 1stgeneration 2ndgeneration part4 software74 flashworm estimatedthatidealflashwormcouldinfecttheentireinternetin15seconds muchfasterthanhumanscouldrespondaconjectureddefenseagainstflashwormsdeploymany personalidss masteridswatchesoverthepersonalidsswhenmasteridsdetectsunusualactivity letsitproceedonafewnodes blocksitelsewhereifsacrificialnodesadverselyaffected attackispreventedalmosteverywhere part4 software75 computerinfections analogiesaremadebetweencomputerviruses wormsandbiologicaldiseasestherearedifferencescomputerinfectionsaremuchquickerabilitytointerveneincomputeroutbreakismorelimited vaccination biodiseasemodelsoftennotapplicable distance almostmeaninglessoninternetbuttherearesomesimilarities part4 software76 computerinfections cyber diseases vsbiologicaldiseasesonesimilarityinnature toofewsusceptibleindividualsanddiseasewilldieoutintheinternet toofewsusceptiblesystemsandwormmightfailtotakeholdonedifferenceinnature diseasesattackmore or lessatrandomcyberattackersselectmost desirable targetscyberattacksaremorefocusedanddamaging part4 software77 miscellaneousattacks part4 software78 miscellaneousattacks numerousattacksinvolvesoftwarewe lldiscussafewissuesthatdonotfitinpreviouscategoriessalamiattacklinearizationattacktimebombcanyouevertrustsoftware part4 software79 salamiattack whatissalamiattack programmer slicesoff moneyslicesarehardforvictimtodetectexamplebankcalculatesinterestonaccountsprogrammer slicesoff anyfractionofacentandputsitinhisownaccountnocustomernoticesmissingpartialcentbankmaynotnoticeanyproblemovertime programmermakeslotsofmoney part4 software80 salamiattack suchattacksarepossibleforinsidersdosalamiattacksactuallyoccur programmeraddedafewcentstoeveryemployeepayrolltaxwithholdingbutmoneycreditedtoprogrammer staxprogrammergotabigtaxrefund rent a carfranchiseinfloridainflatedgastankcapacitytooverchargecustomers part4 software81 salamiattacks employeereprogrammedtacobellcashregister
人人文库> 全部分类> 应用文书 > 事务文书

温馨提示

  • 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
  • 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
  • 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
  • 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
  • 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
  • 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
  • 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

最新文档

评论

0/150

提交评论