Taxonomy of flaws: Taxonomy of flaws



Yüklə 491 b.
tarix14.04.2018
ölçüsü491 b.
#38359





Taxonomy of flaws:



Genesis

  • Genesis

    • Intentional
      • Malicious: Trojan Horse, Trapdoor, Logic Bomb, Worms, Virus
      • Non-malicious
    • Inadvertent
      • Validation error
      • Domain error
      • Serialization error
      • Identification/authentication error
      • Other error


Software provides functionality

  • Software provides functionality

  • Functionality comes with certain risks

  • Software security aims to manage risk

  • Security is always a secondary concern

  • Security achievement is hard to evaluate when nothing bad happens





Attacker:

  • Attacker:

    • Download the site’s code for offline study
    • Mapping the site  functionality and vulnerabilities
    • Experiment with site  response to supplied data

  • Several vulnerabilities exist from corrupting sites, applications, servers, to other clients



A1-Injection

  • A1-Injection

  • A2-Broken Authentication and Session Management

  • A3-Cross-Site Scripting (XSS)

  • A4-Insecure Direct Object References

  • A5-Security Misconfiguration

  • A6-Sensitive Data Exposure

  • A7-Missing Function Level Access Control

  • A8-Cross-Site Request Forgery (CSRF)

  • A9-Using Components with Known Vulnerabilities

  • A10-Unvalidated Redirects and Forwards

  • https://www.owasp.org/index.php/Category:OWASP_Top_Ten_2013_Project





Virus: a program that attaches copies of itself into other programs. Propagates and performs some unwanted function. Viruses are not programs - they cannot run on their own.

  • Virus: a program that attaches copies of itself into other programs. Propagates and performs some unwanted function. Viruses are not programs - they cannot run on their own.

  • Bacteria: make copies of themselves to overwhelm a computer system's resources. Denying the user access to the resources.



Worm: a program that propagates copies of itself through the network. Independent program. May carry other code, including programs and viruses.

  • Worm: a program that propagates copies of itself through the network. Independent program. May carry other code, including programs and viruses.

  • Trojan Horse: secret, undocumented routine embedded within a useful program. Execution of the program results in execution of secret code.



Logic bomb, time bomb: programmed threats that lie dormant for an extended period of time until they are triggered. When triggered, malicious code is executed.

  • Logic bomb, time bomb: programmed threats that lie dormant for an extended period of time until they are triggered. When triggered, malicious code is executed.

  • Trapdoor: secret, undocumented entry point into a program, used to grant access without normal methods of access authentication.

  • Dropper: Not a virus or infected file. When executed, it installs a virus into memory, on to the disk, or into a file.



Virus lifecycle:

  • Virus lifecycle:

  • Dormant phase: the virus is idle. (not all viruses have this stage)

  • Propagation phase: the virus places an identical copy of itself into other programs of into certain system areas.

  • Triggering phase: the virus is activated to perform the function for which it was created.

  • Execution phase: the function is performed. The function may be harmless or damaging.



Parasitic virus: most common form. Attaches itself to a file and replicates when the infected program is executed.

  • Parasitic virus: most common form. Attaches itself to a file and replicates when the infected program is executed.

  • Memory resident virus: lodged in main memory as part of a resident system program. Virus may infect every program that executes.



Boot Sector Viruses:

  • Boot Sector Viruses:

    • Infects the boot record and spreads when system is booted.
    • Gains control of machine before the virus detection tools.
    • Very hard to notice
    • Carrier files: AUTOEXEC.BAT, CONFIG.SYS,IO.SYS


Stealth virus: a form of virus explicitly designed to hide from detection by antivirus software.

  • Stealth virus: a form of virus explicitly designed to hide from detection by antivirus software.

  • Polymorphic virus: a virus that mutates with every infection making detection by the “signature” of the virus difficult.









Virus V has to be invoked instead of target T.

  • Virus V has to be invoked instead of target T.

    • V overwrites T
    • V changes pointers from T to V

  • High risk virus properties:

    • Hard to detect
    • Hard to destroy
    • Spread infection widely
    • Can re-infect
    • Easy to create
    • Machine independent


Prevention: disallow the download/execution

  • Prevention: disallow the download/execution

  • Detection: determine infection and locate the virus.

  • Identification: identify the specific virus.

  • Removal: remove the virus from all infected systems, so the disease cannot spread further.

  • Recovery: restore the system to its original state.



Prevention:

  • Prevention:

  • Good source of software installed

  • Isolated testing phase

  • Use virus detectors

  • Limit damage:

  • Make bootable diskette

  • Make and retain backup copies important resources



Virus Signature: needs constant update

  • Virus Signature: needs constant update

    • Storage pattern
      • Code always located on a specific address
      • Increased file size
    • Execution pattern
    • Transmission pattern
    • Polymorphic Viruses


Heuristics: monitoring files and how programs access these files

  • Heuristics: monitoring files and how programs access these files

    • Suspicious access  alert

  • Cloud-based detection: perform virus scanning remotely

    • Who do we trust?

  • Firewall-based detection of abnormal activities

    • Not virus detection but abnormal communication patterns


Self-replicating (like virus)

  • Self-replicating (like virus)

  • Objective: system penetration (intruder)

  • Phases: dormant, propagation, triggering, and execution

  • Propagation:

    • Searches for other systems to infect (e.g., host tables)
    • Establishes connection with remote system
    • Copies itself to remote system
    • Execute


Adware: a malware designed to display advertisements in the user’s software

  • Adware: a malware designed to display advertisements in the user’s software

    • Maybe harmless or harmful

  • Spyware: a malware that spies on the user



Malware:

  • Malware:

    • with malicious payloads, or of limited or no benefit
    • Intend to cause shock, anxiety, or the perception of a threat

  • Rapidly increasing, high impact attacks

  • Scareware warnings





Holds a computer system, or the data it contains, hostage against its user by demanding a ransom.

  • Holds a computer system, or the data it contains, hostage against its user by demanding a ransom.

    • Disable an essential system service or lock the display at system startup
    • Encrypt some of the user's personal files

  • Victim has to

    • enter a code obtainable only after wiring payment to the attacker or sending an SMS message
    • buy a decryption or removal tool




Network Security

  • Network Security



Yüklə 491 b.

Dostları ilə paylaş:



Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©genderi.org 2024
rəhbərliyinə müraciət
    Ana səhifə
Psixologiya