Outline for October 23, 2014

Reading: text, § 22.4–22.5, 22.7, 23.3–23.4
  1. Types of malicious logic
    1. Computer worm
    2. Bacterium, rabbit
    3. Logic bomb
  2. Ideal: program to detect malicious logic
    1. Can be shown: not possible to be precise in most general case
    2. Can detect all such programs if willing to accept false positives
    3. Can constrain case enough to locate specific malicious logic
  3. Some defenses
    1. Type checking (data vs. instructions)
    2. Limiting rights (sandboxing)
    3. Limiting sharing
    4. Preventing or detecting changes to files
    5. Prevent code from acting beyond specification (proof carrying code)
    6. Static signature checking
    7. Behavioral analysis
    8. Check statistical characteristics of programs
  4. Vulnerability models
    1. PA model
    2. RISOS
    3. NRL
    4. Aslam
  5. Example Flaws
    1. fingerd buffer overflow
    2. xterm race condition
  6. RISOS
    1. Goal: Aid managers, others in understanding security issues in OSes, and work required to make them more secure
    2. Incomplete parameter validation—failing to check that a parameter used as an array index is in the range of the array;
    3. Inconsistent parameter validation—if a routine allowing shared access to files accepts blanks in a file name, but no other file manipulation routine (such as a routine to revoke shared access) will accept them;
    4. Implicit sharing of privileged/confidential data—sending information by modulating the load average of the system;
    5. Asynchronous validation/Inadequate serialization—checking a file for access permission and opening it non-atomically, thereby allowing another process to change the binding of the name to the data between the check and the open;
    6. Inadequate identification/authentication/authorization—running a system program identified only by name, and having a different program with the same name executed;
    7. Violable prohibition/limit—being able to manipulate data outside one’s protection domain; and
    8. Exploitable logic error—preventing a program from opening a critical file, causing the program to execute an error routine that gives the user unauthorized rights.

You can also obtain a PDF version of this. Version of October 21, 2014 at 10:51PM

ECS 235A, Computer and Information Security
Fall Quarter 2014