Security

Dr. Mageda Sharafeddin

 Security
• The Security Problem
• Program Threats
• System and Network Threats
• Cryptography as a Security Tool
• User Authentication
• Implementing Security Defenses
• Firewalling to Protect Systems and Networks
• Computer-Security Classifications
• An Example: Windows XP
 Objectives
• To discuss security threats and attacks
• To explain the fundamentals of encryption, authentication, and hashing
• To examine the uses of cryptography in computing
• To describe the various countermeasures to security attacks
 The Security Problem
• Security must consider external environment of the system, and protect the
system resources
• Intruders (crackers) attempt to breach security
• Threat is potential security violation
• Attack is attempt to breach security
• Attack can be accidental or malicious
• Easier to protect against accidental than malicious misuse
 Security Violations
Categories
• Breach of confidentiality: This type of violation involves unauthorized reading of
data (or theft of information). Typically, a breach of confidentiality is the goal of an
intruder. Capturing secret data from a system or a data stream, such as credit-card
information or identity information for identity theft, can result directly in money
for the intruder.
• Breach of integrity: This violation involves unauthorized modification of data.
Such attacks can, for example, result in passing of liability to an innocent party or
modification of the source code of an important commercial application.
• Breach of availability: This violation involves unauthorized destruction of data.
Some crackers would rather cause great damage and gain status or bragging rights
than gain financially. Website defacement is a common example of this type of
security breach.
 Security Violations
• Theft of service: This violation involves unauthorized use of resources. For
example, an intruder (or intrusion program) may install a daemon on a
system that acts as a file server.
• Denial of service: This violation involves preventing legitimate use of the
system. Denial-of-service (DOS) attacks are sometimes accidental. The
original Internet worm turned into a DOS attack when a bug failed to delay
its rapid spread.
 Security Violations
• Methods
• Masquerading (breach authentication): gain access that they would not
normally be allowed or escalate their privileges
• Replay attack: consists of the malicious or fraudulent repeat of a valid data
transmission. Sometimes the replay comprises the entire attack, for example,
in a repeat of a request to transfer money.
• Message modification: escalate privileges
• Man-in-the-middle attack
• Session hijacking: an active communication session is intercepted.
Standard Security Attacks
 Security Measure Levels
• Security must occur at four levels to be effective:
1. Physical: machine rooms and the terminals or workstations that have access to the machines must be
secured.
2. Human:Authorization must be done carefully to assure that only appropriate users have access to the
system.
• Avoid social engineering: eg phishing (a legitimate-looking e-mail or web page misleads a user into
entering confidential information), dumpster diving (need to control office prtinted material)
3. Operating System: A runaway process could constitute an accidental denial-of-service attack.A query
to a service could reveal passwords. A stack overflow could allow the launching of an unauthorized
process.
4. Network: data travels through private based lines, internet, wireless connections, ….
• Security is as week as the weakest chain (special care with1 & 2)
 Program Threats
• Processes & Kernels are the only way to accomplish computer related work.
• Most useful to leave behind a back-door daemon to allow easy access or an alternative if original exploit is
blocked.
• Trojan Horse:
• Code segment that misuses its environment: A Trojan horse could be slipped into the user’s path and
executed accidentally. A variation is emulation of login program and giving user a login incorrect
message then providing the genuine login. This can be defeated by OS printing a usage message at the
end of an interactive session.
• Spyware, pop-up browser windows, covert channels: goal is to download ads (eg when certain sites
are visited) and send user data. Usually accompanies freeware and sometimes commertial software. Most
countries do not even consider this crime. An operating system (and, indeed, software in general) should
allow fine-grained control of access and security to make this harder.
 Program Threats
• Trap Door
• The designer of a program or system might leave a hole in the software that only she is
capable of using. Specific user identifier or password that circumvents normal security
procedures.
• Programmers have been arrested for embezzling from banks by including rounding errors
in their code and having the occasional half-cent credited to their accounts. This account
crediting can add up to a large amount of money, considering the number of transactions
that a large bank executes.
• Could be included in a compiler to always generate a trap door.
 Program Threats
• Logic Bomb: Program that initiates a security incident under certain circumstances (also
introduced by the software developer)
• Stack and Buffer Overflow: In this case, the attacker sends more data than the program was
expecting. By using trial and error, or by examining the source code of the attacked program if it
is available, the attacker determines the vulnerability and writes a program to do the following:
1. Overflow an input field, command-line argument, or input buffer—for example, on a network
daemon—until it writes into the stack.
2. Overwrite the current return address on the stack with the address of the exploit code loaded in
step 3.
3. Write a simple set of code for the next space in the stack that includes the commands that the
attacker wishes to execute—for instance, spawn a shell. The result of this attack program’s execution
will be a root shell or other privileged command execution.
 C Program with Buffer-overflow Condition

#include <stdio.h>
#define BUFFER SIZE 256
int main(int argc, char *argv[])
{
char buffer[BUFFER SIZE];
if (argc < 2)
return -1;
else {
strcpy(buffer,argv[1]); //should use strncpy(buffer, argv[1], sizeof(buffer)-1)
return 0;
}
}
Standard Layout of Typical Stack Frame
 Modified Shell Code
#include <stdio.h>
int main(int argc, char *argv[])
{
execvp(‘‘\bin\sh’’,‘‘\bin \sh’’, NULL);// allows full
access to the directory depending on user privileges
return 0;
}
 Hypothetical Stack Frame

Optimizes the alternate

code in assembly and pads
it with NO_OP’s to fit
since the frame size is
Using debugger, the known and then inserts
programmer determines desired return address
this address -------------->

Before attack After attack

Attack is completed when the attacker gives this constructed binary sequence as input to the process
 More on Buffer Overflow
• Can travel over allowed communication channels
• Can occur within protocols that are expected to be used to
communicate with the target machine
• One solution to this problem is for the CPU to have a feature
that disallows execution of code in a stack section of memory.
Available in Sun’s SPARC and Solaris.
• Linux supports it if available in hardware (new bit in page
table to indicate that the page is not executable)