Security in Computing Chapter 3, Program Security. Summary created by Kirk Scott. 3.1 Secure Programs 3.2 Non-Malicious Program Errors 3.3 Viruses and Other Malicious Code 3.4 Targeted Malicious Code 3.5 Controls Against Program Threats 3.6 Summary of Program Threats and Controls.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Summary created by
“Fitness for purpose” is the “winner” of the previous list
Patches focus on the immediate problem, ignoring its context and overall meaning
The book presents some terminology for talking about software security
Program Security Flaw: This is defined as inappropriate program behavior caused by a vulnerability.
It is essentially impossible to list and test all of the things that code should not allow.
There’s no natural boundary on what the user might submit into the buffer.
A sophisticated attack would replace valid system code with altered system code
The classic version of this attack would modify the system code so that it granted higher level (administrator) privileges to a user process
A more sophisticated attack would change either the calling address or the return address of one of the procedure calls on the stack.
Do not try anything like this over the Web unless you have an unrequited desire to share a same-sex room-mate in a federal facility
The book uses the same kind of scenario used to illustrate buffer overflow
In a certain sense, TOCTTOU problems are just a special kind of mediation problem
In a networked environment the need to have malicious code execute more than once receives less emphasis
2. Another pattern is the presence of a jump at the beginning of code
5. TSR viruses exit, but in general, viruses can persist through system shutdowns, simply reloading on restart
It changes the address value for interrupt 6, unused, to the address of the legitimate disk read interrupt handling code
The virus marks the sectors it uses “faulty” so that the O/S doesn’t attempt to use them
If other disks are inserted into drives on the system, the virus intercepts reads to them
The loader had to send a password back to the source machine before the virus code would be transmitted
4. It opened a trapdoor by copying code into several server directories allowing command execution from those locations
Even when vulnerabilities are discovered, it is difficult to devote the time, energy, and resources to installing patches
Lack of error checking/input validation or poorly implemented checking can also lead to problems
Non-standard input causing “interesting” effects goes all the way to the machine code level
The bottom line is that trapdoors may be intentionally included in software for security or other testing
Just like with regular embezzlement, the first clue of a problem might be the behavior of the employee involved (mink coats and Mercedes even on a programmer’s salary…)
A computer security expert named Mark Russinovich developed a program that compared the output of a file listing program with the information about a system found by issuing system calls directly
In order to avoid a backlash, Sony made an uninstaller available through a Web page
Strike 3: From a security standpoint, the cure might have been worse than the disease
Using digital tools it’s not hard to create one thing that looks exactly like another and appears to have the same functionality, but with different effects
Note the similarity and difference between interface illusions and persons of indeterminate gender in the middle
The technical details are fuzzy, but the thumbnail idea provides a nice illustration of the idea
The CPU is an unavoidable shared resource unless the spy simply isn’t allowed to run on the secured system where the service program runs
The spy process doesn’t have read (or write) access to the confidential resource
In a more elaborate setup, it would even be possible for the spy to modify the confidential data
On the other hand, in a modern, high-speed, networked environment the places where data could be hidden are almost limitless
Regression Test: This is a test that is run after changes have been made to an installed system
"If our history can challenge the next wave of musicians to keep moving and changing, to keep spiritually hungry and horny, that's what it's all about.“
History is more or less bunk. It's tradition. We don't want tradition. We want to live in the present and the only history that is worth a tinker's dam is the history we made today.
“Most people are prisoners, thinking only about the future or living in the past. They are not in the present, and the present is where everything begins.”
Education is what remains after one has forgotten everything he learned in school.
“A university is what a college becomes when the faculty loses interest in students.”
A university professor set an examination question in which he asked what is the difference between ignorance and apathy. The professor had to give an A+ to a student who answered: I don't know and I don't care. Richard Pratt, Pacific Computer Weekly, 20 July 1990