Embed Size (px)
Citation preview
Cosc 4765
Nature of Attacks and OS security.
Common “attacks”• This is not a complete list:
– Trojan Horse– Trapdoor– Input Validation problems of all sorts.
• Stack and Buffer Overflows• SQL Injection Attacks
– Worms, Viruses, malware, phishing, and spear phishing – Targeted attacks– Botnets, zombie computers, etc…– Denial of Service (DoS) and Distributed DoS (DDoS)– Attacks against the browser
• Cross-site Scripting (XXS)• Cross-site Request Forgeries (CSRF)• Drive by attacks.
Trojan Horse
• A program that appears to do something nice and does something in the background that is bad– a program fragment that does something malicious in the
background that the services spec does not specify.– usually put in by a programmer– example:
• bank interest: put a fraction of a penny in your own account for every transaction on the system
• A program that claims to be a game, but actually reformats your hard
Trapdoor (backdoor)
• an unspecified feature of the system– an undocumented feature that may be exploited
to perform unauthorized access– programmer may not know about it or may have
written it in.– usually required knowledge of the design– Could be included in a compiler
Input Validation
• Stack and Buffer Overflows– Exploits a bug/vulnerability in a program• overflow either the stack or memory buffers.
– common mistake• SQL Injection Attacks– Input is an sql command, instead of the “correct”
input, which then does what the attackers wants.• And many more types of attacks.
Worms, Viruses, and malware• Worms
• Worm Program is designed to copy itself from 1 PC to another – via e-mail, TCP/IP
• Goal is to infect as many machines as possible • not interested in multiple copies on the same machine
• Relies less (or not at all) on human intervention to propagate • Virus
• Computer program designed to spread over as many files as possible on a single computer
• Spreads to other computers because of humans or “Worm” techniques • Viruses may damage or modify data, cause the computer to crash, display
messages, lie dormant until “trigger” event, etc …• malware
• short for malicious software, is software designed to secretly access a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.
Phishing and Spear Phishing
• Phishing– Fake emails that attempt to acquire sensitive
information such as usernames, passwords, credit card, and bank account details by masquerading as a trustworthy entity, such as a bank, ebay, and paypal.
• Spear Phishing– Like Phishing, but the emails are targeted.– Example, targeting only UW employees with a fake
email from UWYO bank.
Browser attacks
• Cross-site Scripting (XXS)– Broadly defined as tricking web pages into displaying web
surfer supplied data capable of altering the page for the viewer.
• Cross-site Request Forgeries (CSRF)– exploits the trust that a site has in a user's browser to run
unauthorized commands• Drive by attacks.– Using vulnerabilities in the browser to attack a user
computer. The user doesn’t need to take any action other then to visit the a infected site.
Denial of Service
• Denial of Service (DoS) and Distributed DoS (DDoS)– a type of attack on a network that is designed to
bring the network to its knees by flooding it with useless traffic.
– The system because unusable, because it is to busy dealing with useless traffic
– The intent is not necessary to crash the system.
Botnet
• A collection of software agents that run automatically– a command and control structure is used to send
commands to botnet• A computer becomes infected with malware of certain
botnet group. It’s now a zombie/bot computer for that botnet.
• The botnet can be used for just about any kind of attacks. A botnet controller is normally in it for the money.– The conficker botnet was estimated to have 10,000,000+
bots at it’s height.
rootkit• software that enables continued privileged access to a computer
while actively hiding its presence from administrators by subverting standard operating system functionality or other applications.
• Typically, an attacker installs a rootkit on a computer after first obtaining root-level access, by another means.
• Once a rootkit is installed, it allows an attacker to mask the ongoing intrusion and maintain privileged access to the computer by circumventing normal authentication and authorization mechanisms.
• Although rootkits can serve a variety of ends, they have gained notoriety primarily as malware, hiding applications that appropriate computing resources or steal passwords without the knowledge of administrators and users of affected systems.
Target Attacks
• Some one/group really wants into one specific site/target. Uses all these attacks and more to break in.
• Example: Stuxnet– some experts believe the Stuxnet weapon was targeted at the
Bushehr nuclear power plant in Iran.– The New York Times adds that Israeli experts dispute the
suggestion that Stuxnet is an Israeli weapon against Iran, arguing instead that their studies indicate the virus is either "high-level industrial espionage against Siemens [whose systems the virus takes advantage of, or] a kind of academic experiment.”
Social Networks
• They provide an avenue of easy attack to users who are willing to click on every link they receive. In addition to malware, there's the problem with accidental disclosure of important details, like we've seen with the military through Facebook and politicians using Twitter.
DLL Hijacking
• This has been a know issue for 10+ years and resurfaced in 2010
• What's interesting is that new research uncovered it as both an attack method for gaining control of a system and a method for malware to use as persistence. To make matters worse for security pros, new code released through the Metasploit Project made it incredibly easy to exploit.[1]
Embedded Systems
• Embedded systems made their way to the spotlight as more attacks were focused on printers, smart meters, industrial control systems, and the like.
• The VxWorks vulnerabilities published in August demonstrated how easy it is to exploit fiber channel switches, printers, and SCADA devices that were easily found via Shodan.
• Of course, working with the vendor and understanding what, if any, network access these devices have is critical when deploying them because they could provide an easy entry point into your network.
Shodan
• Shodan garnered a lot of attention in 2010 when security researchers showed just how easy it was to find vulnerable systems on the Internet without scanning for them.
• With Shodan, they could leverage scans performed by someone else, and for a small cost export all of that data and feed it into their attack tools.
Lastly: Governance
• Not an attack, but contributes to them.• Governance is a threat to both the sanity and
effectiveness of nearly every security professional. • It can be a silent killer to the best-planned security
program when C-level executives do not back up the security efforts because they don't understand where their data is and what needs to be done to secure it.
• Effective communication of business risks and how to reduce that risk without impacting the bottom line too much is key.
Recall
• Object: “safe computing”– Plan: assess risk– Goals: privacy, integrity, availability– Detection and recovery
Vulnerability management
• Define roles and responsibilities– Incident handling teams– Vulnerability assessments/scans– Review current threats– Educate and communicate
• Identify and evaluate assets• Develop metrics– Incidents/month– Recovery time/costs
• Determine ACCEPTABLE RISK
A Quick Review of O/S
• Operating System:– The most important part of the system software,
makes the system usable, Interface between hardware and user software.• O/S is software that makes a computer usable• controls the functions of hardware• provides a user interface that is usable• allows system to be used by several different users/
processes (non-batch systems)
O/S Components
• Process management• I/O management• Main Memory management• File & Storage Management• Protection• Networking• Command Interpreter
Process Management
• Process (or job): A program or a fraction of a program that is loaded in main memory and executing. – We do not need the entire program code at once.
To process an instruction, CPU fetches and executes one instruction of a process after another in the main memory.
Tasks of Process Management
• Create, load, execute, suspend, resume, and terminate processes
• Switch system among multiple processes in the main memory (process scheduling)
• Provides communication mechanisms so that processes can send (or receive) data to (or from) each other (process communication).
• Control concurrent* access to shared data to keep shared data consistent (process synchronization).
• Allocate/de-allocate resources properly to prevent or avoid deadlock situation**
I/O Management
• Motivations: – Provide the abstract level of H/W devices and keep
the details from applications to ensure proper use of devices, to prevent errors, and to provide users with convenient and efficient programming environment.
• Tasks of I/O Management of OS: – Hide the details of H/W devices– Manage main memory for the devices using cache,
buffer, and spooling– Maintain and provide device driver interfaces
Main Memory management
• Process must be mapped to physical addresses and loaded into main memory to be executed.
• Motivations:– Increase system performance by increasing “hit” ratio
(e.g., optimum: when CPU read data or instruction, it is in the main memory always)
– Maximize memory utilization• Tasks of Main Memory Management of OS:– Keep track of which memory area is used by whom.– Allocate/de-allocated memory as need
File & Storage Management
• Motivation: – Almost everything is stored in secondary storage.
Therefore, secondary storage access must be efficient (i.e., performance) and convenient (i.e., easy to program I/O function in application level)
– Important data is duplicated and/or stored in ternary storage.
File & Storage Management (2)
• Tasks of File Management– Create, manipulate, delete files and directories
• Tasks of Storage Management– Allocate, de-allocate, and defrag blocks[1]
– Bad block marking– Scheduling for multiple I/O request to optimize
the performance
Networking
• Allow communications between computers (more important for Client/Server OS and Distributed OS).
Protection
• Protect hardware resources, Kernel code, processes, files, and data from erroneous programs and malicious programs.
Layered O/S
• Large single program but internally broken up into layers providing different functionalities.
• Information hiding between layers Increased security and protection
• Easy to debug, test, and modify O/S• If one layer stops working, entire system will
stop
• Example:System CallsMemory ManagementProcess SchedulingI/O ManagementDevice Drivers
Unix O/S structure
A Kernel I/O Structure
DOS O/S Structure
MS-DOSLayerStructure
The Security question?
• Reasons for:– Keep integrity of data– privacy of users and data– availability of system services
• security is the most important aspect of system design & it must be designed in from the start.
Security vs Protection
• Protection– the actual mechanisms used to make it secure
• security– Overall problem of making sure that no
unauthorized access occurs in a system service
Protection
• Operating system consists of a collection of objects, hardware or software
• Each object has a unique name and can be accessed through a well-defined set of operations.
• Protection problem - ensure that each object is accessed correctly and only by those processes that are allowed to do so.
Domain Structure
• Access-right = <object-name, rights-set>where rights-set is a subset of all valid operations that can be performed on the object.
• Domain = set of access-rights
Hardware Protection
Examples that can be prevented:1. An application program is trying to write in OS
kernel code in the main memory.2. An application program is trying to write on
another program in the main memory.3. An application runs infinite loop and hold CPU
time infinitely.4. An application program prints indefinitely long
data repeatedly.
Hardware Protection
• Modern computer systems attack this problem by using “dual-mode operation”.– only OS can access I/O devices, memory, and CPU
in its “monitor” mode.– Application programs access these resources
through “system calls” indirectly.• OS may needs CPU timer and two additional
memory registers (base and limit)
The Security Problem
• Security must consider external environment of the system, and protect it from:– unauthorized access.– malicious modification or destruction– accidental introduction of inconsistency.
• Easier to protect against accidental than malicious misuse.
• We need to identify what types of attacks there are– Can we create a complete list?
• Why or why not?
2 approaches for security
(Normally used in conjunction)1. Use protection mechanisms– know what intruders you are protecting from– design a system to ensure no unauthorized
access from a class of intruders– design principles must be correct & testing is
important
2 approaches for security (2)
2. Intrusion detection– some way of detecting a security violation– assume a system is not completely secure– provide mechanisms to monitor system during operation– some look for things that are not normal in the system.
monitor: load, time of use, etc.– monitor system operations and report any unusual
activity to the system administrator in a timely manner.
Threat Monitoring
• Check for suspicious patterns of activity – i.e., several incorrect password attempts may signal password guessing.
• Audit log – records the time, user, and type of all accesses to an object; useful for recovery from a violation and developing better security measures.
• Scan the system periodically for security holes; done when the computer is relatively unused.
Threat Monitoring (Cont.)
• Check for:– Short or easy-to-guess passwords– Unauthorized set-uid programs– Unauthorized programs in system directories– Unexpected long-running processes– Improper directory protections– Improper protections on system data files– Dangerous entries in the program search path
(Trojan horse)
Library monitoring
• If a the O/S is comprised by an attack• viruses, worms, whatever
– One of things that can happen is replacement of key O/S libraries/DLLs.• So now the attacker can probably get back in at will.
– So have to check for changes to system programs and libraries:• tripwire and other programs can do this nightly
• Problem: patches and updates– They also change these libraries and system programs as
well.
Library monitoring (2)
• To verify libraries we could use hashing or actually any part of the O/S.– One possibility is to have the O/S use a hash
function (maybe MD5 or SHA-1) against important programs/libraries before it actually uses them.• This would prevent many viruses and worms from
simply overwriting them with their own code.
• But can you see the problems of this?
Using Hashing for O/S security
• Again we have transformed a security problem with cryptography, but have caused new security issues.– Management of the stored hash values for the
programs and libraries.• A virus writer must now insert the new hash value• There will have to some way to do this, since patches
will update these programs as well.– Protection of the program doing the hashing as
well.
OS Security Problem
• Flaws within the software of the OS– incomplete parameter validation
• data type and size• number and order• value and range• access rights• Bad if lower privileged process is calling more privileged process
– leak of privileged data– race conditions (time-of-check to time-of-use)– inadequate authentication/authorization– table/stack/memory overflows– logic errors (exploiting side effects, unintended uses)
NSA security check list
• The National Security Agency is publishing a number of unclassified Security Recommendation Guides for Windows, *nix, databases, routers, etc are available at
• http://www.nsa.gov/snac/
QA&
