Information Security

Engr. Syed Rizwan

Welcome!!
Lecture

Program Security
Introduction
 Secure Programming
 Fixing faults
 Non malicious program errors
 Buffer overflow error
 Buffer overflow error- security implication
 Time-of-Check to Time-of-Use Errors
 Viruses and other malicious code
 Types of viruses
 Malicious code

Information Security, IU 3
Secure Programming
 Security implies some degree of trust that the program enforces
expected:
 Confidentiality
 Integrity
 Availability.
 Security and safety are two important aspects of the quality of software.
 Security is the ability of a system to protect itself against accidental
or intentional attacks.
 Safety is the ability of a system operating without risk. performing
normal functions as well as handling exceptional conditions.
 An assessment of security can also be influenced by someone's general
perspective on software quality.

Information Security, IU 4
Fixing Faults
 Fixing faults is one of the approach to check security of a program.
 A module in which 100 faults were discovered and fixed is better
than another in which only 20 faults were discovered and fixed.
 Early approach of checking program security is "Penetrate and
Patch" in which analysts searched for and repaired faults.
 Red Team Or Tiger team tries to crack software, if software
withstands the attack then security is good. This is rarely true.
 Developers try to fix the problems as soon as discovered by Tiger
team that has following disadvantages
 This pressure leads to less attention towards fault

Information Security, IU 5
Fixing Faults
 Non obvious side effects
 The fault could not be fixed properly because system functionality or
performance would suffer as a consequence.
 Fixing one problem leads to another fault.

 The inadequacies of penetrate-and-patch led researchers to seek a

better way to be confident that code meets its security requirements.
 One way to do that is to compare the requirements with the behavior
i.e. we can examine programs to see whether they behave as their
designers intends or users expected. •
 Unexpected behavior a program security flaw; it is inappropriate
program behavior caused by a program vulnerability.
Information Security, IU 6
Non Malicious Program Errors
 Being human, programmers and other developers make many
mistakes, most of which are unintentional and non-malicious.
 Many such errors cause program malfunctions but do not lead to
more serious security vulnerabilities.
 A few classes of errors have been more serious errors for
programmers and security professionals.
 Buffer Overflow Error
 Incomplete mediation
 Time-of-Check to Time-of-Use Errors

Information Security, IU 7
Buffer Overflow Error
 A buffer (for array or string) is a space in which data can be held.
 A buffer insides in memory. Because memory is finite. a buffer's capacity is
finite. For this reason. in many programming languages the programmer
must declare the buffer's maximum size so that the compiler can set aside
that amount of space. For Example
char sample[10];
Sample[10] = A;
 The subscription is out of bounds (that is, it does not fall between° 0
and 9), so we have a problem
 In some programming languages. buffer sizes need not he predefined
 C does not perform array bound checking.
 Similar problems caused by pointers for which there is no way to define
a proper limit

Information Security, IU 8
Buffer Overflow Error
 Damage done by Buffer overflow
 Affects User's data (overwrites user data)
 Affects user's code (changes user's instruction)
 Affects system data (Overwrites OS data)
 Affects system code (changes OS's instruction)

 Implications of buffer overflow

 Attacker can insert malicious data values/instruction codes into
overflow space.
 C programming language specifications do not specify how data is to
be laid out in memory.
 Some implementations of C may leave space between arrays and
variables on the stack. for instance, to minimize aliasing effects.

Information Security, IU 9
Buffer Overflow Security
Implications
 Web server attack is similar to buffer overflow attack: passes very long
string to web server.
 Buffer overflows are still common
 Used by attackers to crash systems and to take over the system by
taking control over.
 Large number of vulnerabilities due to buffer overflows still persists in
many software's and systems.

Information Security, IU 10
Time-of-Check to Time-of-Use
Errors
 Access control is a fundamental part of computer security; we want to make
sure that only those who should access an object are allowed that access.
 Every requested access must be governed by mediated access policy
enforcement agent.
 Incomplete mediation problem occurs when access is not checked
universally.
 The time-of-check to time-of-use (TOCTTOU) flaw concerns mediation
that is performed with a "bait and switch" in the middle.
 It is also known as a serialization or synchronization flaw.

Information Security, IU 11
 Example: DBMS/OS
Pgm I reads value of X=10
Pgm 1 adds X=X+5
Pgm 2 reads X=10, adds 3 to X. writes X=13
Pgm I writes X=15
X ends up with value X=15 while it should be X=18
 Prevention
 Be aware of time lags.
 Use digital signatures and certificates to lock data values after checking
them.
 Security Implication
 Checking one action and performing another is an example of
ineffective access control.

Information Security, IU 12
Viruses and other Malicious code
 Computer data are not usually seen directly by users, malicious people can
make programs serve as vehicles to access and change data and other
programs.
 Malicious code is written just like any other program on the system, but is
written to exploit vulnerabilities of the system.
 Malicious code can change data or other programs.
 Malicious code can do anything any other program can, such as writing a
message on a computer screen, stopping a running program. generating a
sound, or erasing a stored file.
 Malicious code can do nothing at all right now; it can be planted to lie
dormant, undetected, until some event triggers the code to act.

Information Security, IU 13
Viruses and other Malicious code
 The trigger can be a time or date
 An interval (for example after 30 minutes)
 An event (for example, when a particular program is executed)
 A condition (for example, when communication occurs on modem)
 A count (for example, the fifth time something happens)
 Some combination of these, or a random situation.

Information Security, IU 14
Types of Viruses
 Hoax Viruses
a. Them are hundreds or hoax viruses that spread like chain letters through
email.
b. They cause little or no long-term damage, these hoaxes can be as
disruptive as real malicious code
c. The standard response of most people when receiving a virus warning is to
pass it on to all people in their organization and most likely everyone else
in their contacts lists.
d. This sets up a chain reaction that not only wastes Internet bandwidth, but
also wastes the valuable time of recipients.

Information Security, IU 15
Types of Viruses
 Memory-Resident Viruses
a. Some parts of the operating system and most user programs execute,
terminate. and disappear, with their space in memory being available for
anything executed later.
b. For very frequently used pans of the operating system and for a few
specialized user program., it would take too long to reload the program
each time it was needed. Such code remains in memory and is called
"resident" code.
c. Examples of resident code are the routine that interprets keys pressed on the
keyboard. the code that handles error conditions that arise during a
program's execution, or a program that acts like an alarm clock, sounding a
signal at a time the user determine.

Information Security, IU 16
Malicious Code
 Malicious code or a rogue program is the general name for unanticipated
or undesired effects in programs or program parts, caused by an agent intent
on damage.
 This definition eliminates unintentional errors, although they can also have
a serious negative effect.
 A virus is a program that can pass on malicious code to other non malicious
programs by modifying them.
 The term "virus" was coined because the affected program acts like a
biological virus: It infects other healthy subjects by attaching itself to the
program and either destroying it or coexisting with it.
 A good program can be modified to include a copy of the virus program. so
the infected good program itself begins to at as a virus, infecting other
programs.
Information Security, IU 17
Malicious Code
 A virus can be of two types
 Transient: Its life that depends on the life of its host; the virus runs when its
attached program executes and terminates when its attached program ends.
 Resident: A resident virus locates itself in memory; then it can remain active
or be activated as a stand-alone program, even after its attached program ends.

 Types of malicious code

 Trojan horse: It is malicious code that, in addition to its primary effect, has a
second, non obvious malicious effect.
 It gets installed with legitimate infected program.
 Effects of trojan horse are deleting or editing files, transmitting files to
intruders, installing malicious code that can gain network access.
 Privilege elevation attack.

Information Security, IU 18
Targeted Malicious Code
 Malicious code is written for a particular system for a particular application. and
for a particular purpose. Similar to viruses but with the addition of new techniques
 Trapdoor: An undocumented entry point to a module.
 Instead for code development
 Hooks to add additional future enhancements
 Can be legitimate or non-legitimate
 Software Testing
 Unit Testing
 Integration Testing
 Stubs and Driver, routines that inject information during testing
 Control Stubs, used to invoke debugging code
 Accidently left in place
 Poor Error Checking

Information Security, IU 19
Thank you