computer worms
play

Computer Worms A program that copies itself from one computer to - PowerPoint PPT Presentation

Dec 05, 2022 •500 likes •861 views

Computer Worms A program that copies itself from one computer to another Origins: distributed computations Schoch and Hupp: animations, broadcast messages Segment: part of program copied onto workstation Segment processes

  1. Computer Worms • A program that copies itself from one computer to another • Origins: distributed computations – Schoch and Hupp: animations, broadcast messages – Segment: part of program copied onto workstation – Segment processes data, communicates with worm’s controller – Any activity on workstation caused segment to shut down May 24, 2005 ECS 153, Introduction to Computer Slide #1 Security

  2. Example: Internet Worm of 1988 • Targeted Berkeley, Sun UNIX systems – Used virus-like attack to inject instructions into running program and run them – To recover, had to disconnect system from Internet and reboot – To prevent re-infection, several critical programs had to be patched, recompiled, and reinstalled • Analysts had to disassemble it to uncover function • Disabled several thousand systems in 6 or so hours May 24, 2005 ECS 153, Introduction to Computer Slide #2 Security

  3. Example: Christmas Worm • Distributed in 1987, designed for IBM networks • Electronic letter instructing recipient to save it and run it as a program – Drew Christmas tree, printed “Merry Christmas!” – Also checked address book, list of previously received email and sent copies to each address • Shut down several IBM networks • Really, a macro worm – Written in a command language that was interpreted May 24, 2005 ECS 153, Introduction to Computer Slide #3 Security

  4. Rabbits, Bacteria • A program that absorbs all of some class of resources • Example: for UNIX system, shell commands: while true do mkdir x chdir x done • Exhausts either disk space or file allocation table (inode) space May 24, 2005 ECS 153, Introduction to Computer Slide #4 Security

  5. Logic Bombs • A program that performs an action that violates the site security policy when some external event occurs • Example: program that deletes company’s payroll records when one particular record is deleted – The “particular record” is usually that of the person writing the logic bomb – Idea is if (when) he or she is fired, and the payroll record deleted, the company loses all those records May 24, 2005 ECS 153, Introduction to Computer Slide #5 Security

  6. Defenses • Distinguish between data, instructions • Limit objects accessible to processes • Inhibit sharing • Detect altering of files • Detect actions beyond specifications • Analyze statistical characteristics May 24, 2005 ECS 153, Introduction to Computer Slide #6 Security

  7. Data vs. Instructions • Malicious logic is both – Virus: written to program (data); then executes (instructions) • Approach: treat “data” and “instructions” as separate types, and require certifying authority to approve conversion – Keys are assumption that certifying authority will not make mistakes and assumption that tools, supporting infrastructure used in certifying process are not corrupt May 24, 2005 ECS 153, Introduction to Computer Slide #7 Security

  8. Example: LOCK • Logical Coprocessor Kernel – Designed to be certified at TCSEC A1 level • Compiled programs are type “data” – Sequence of specific, auditable events required to change type to “executable” • Cannot modify “executable” objects – So viruses can’t insert themselves into programs (no infection phase) May 24, 2005 ECS 153, Introduction to Computer Slide #8 Security

  9. Example: Duff and UNIX • Observation: users with execute permission usually have read permission, too – So files with “execute” permission have type “executable”; those without it, type “data” – Executable files can be altered, but type immediately changed to “data” • Implemented by turning off execute permission • Certifier can change them back – So virus can spread only if run as certifier May 24, 2005 ECS 153, Introduction to Computer Slide #9 Security

  10. Limiting Accessibility • Basis: a user (unknowingly) executes malicious logic, which then executes with all that user’s privileges – Limiting accessibility of objects should limit spread of malicious logic and effects of its actions • Approach draws on mechanisms for confinement May 24, 2005 ECS 153, Introduction to Computer Slide #10 Security

  11. Information Flow Metrics • Idea: limit distance a virus can spread • Flow distance metric fd ( x ): – Initially, all info x has fd ( x ) = 0 – Whenever info y is shared, fd ( y ) increases by 1 – Whenever y 1 , …, y n used as input to compute z , fd ( z ) = max( fd ( y 1 ), …, fd ( y n )) • Information x accessible if and only if for some parameter V , fd ( x ) < V May 24, 2005 ECS 153, Introduction to Computer Slide #11 Security

  12. Example • Anne: V A = 3; Bill, Cathy: V B = V C = 2 • Anne creates program P containing virus • Bill executes P – P tries to write to Bill’s program Q • Works, as fd (P) = 0, so fd (Q) = 1 < V B • Cathy executes Q – Q tries to write to Cathy’s program R • Fails, as fd (Q) = 1, so fd (R) would be 2 • Problem: if Cathy executes P, R can be infected – So, does not stop spread; slows it down greatly, though May 24, 2005 ECS 153, Introduction to Computer Slide #12 Security

  13. Implementation Issues • Metric associated with information , not objects – You can tag files with metric, but how do you tag the information in them? – This inhibits sharing • To stop spread, make V = 0 – Disallows sharing – Also defeats purpose of multi-user systems, and is crippling in scientific and developmental environments • Sharing is critical here May 24, 2005 ECS 153, Introduction to Computer Slide #13 Security

  14. Reducing Protection Domain • Application of principle of least privilege • Basic idea: remove rights from process so it can only perform its function – Warning: if that function requires it to write, it can write anything – But you can make sure it writes only to those objects you expect May 24, 2005 ECS 153, Introduction to Computer Slide #14 Security

  15. Example: ACLs and C-Lists • s 1 owns file f 1 and s 2 owns program p 2 and file f 3 – Suppose s 1 can read, write f 1 , execute p 2 , write f 3 – Suppose s 2 can read, write, execute p 2 and read f 3 • s 1 needs to run p 2 – p 2 contains Trojan horse • So s 1 needs to ensure p 12 (subject created when s 1 runs p 2 ) can’t write to f 3 – Ideally, p 12 has capability { ( s 1 , p 2 , x ) } so no problem • In practice, p 12 inherits s 1 ’s rights—bad! Note s 1 does not own f 3 , so can’t change its rights over f 3 • Solution: restrict access by others May 24, 2005 ECS 153, Introduction to Computer Slide #15 Security

  16. Authorization Denial Subset • Defined for each user s i • Contains ACL entries that others cannot exercise over objects s i owns • In example: R( s 2 ) = { ( s 1 , f 3 , w) } – So when p 12 tries to write to f 3 , as p 12 owned by s 1 and f 3 owned by s 2 , system denies access • Problem: how do you decide what should be in your authorization denial subset? May 24, 2005 ECS 153, Introduction to Computer Slide #16 Security

  17. Karger’s Scheme • Base it on attribute of subject, object • Interpose a knowledge-based subsystem to determine if requested file access reasonable – Sits between kernel and application • Example: UNIX C compiler – Reads from files with names ending in “.c”, “.h” – Writes to files with names beginning with “/tmp/ctm” and assembly files with names ending in “.s” • When subsystem invoked, if C compiler tries to write to “.c” file, request rejected May 24, 2005 ECS 153, Introduction to Computer Slide #17 Security

  18. Lai and Gray • Implemented modified version of Karger’s scheme on UNIX system – Allow programs to access (read or write) files named on command line – Prevent access to other files • Two types of processes – Trusted (no access checks or restrictions) – Untrusted (valid access list controls access) • VAL initialized to command line arguments plus any temporary files that the process creates May 24, 2005 ECS 153, Introduction to Computer Slide #18 Security

  19. File Access Requests 1. If file on VAL, use effective UID/GID of process to determine if access allowed 2. If access requested is read and file is world-readable, allow access 3. If process creating file, effective UID/GID controls allowing creation – Enter file into VAL as NNA (new non-argument); set permissions so no other process can read file 4. Ask user. If yes, effective UID/GID controls allowing access; if no, deny access May 24, 2005 ECS 153, Introduction to Computer Slide #19 Security

  20. Example • Assembler invoked from compiler as x.s /tmp/ctm2345 and creates temp file /tmp/as1111 – VAL is x.s /tmp/ctm2345 /tmp/as1111 • Now Trojan horse tries to copy x.s to another file – On creation, file inaccessible to all except creating user so attacker cannot read it (rule 3) – If file created already and assembler tries to write to it, user is asked (rule 4), thereby revealing Trojan horse May 24, 2005 ECS 153, Introduction to Computer Slide #20 Security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On Instant Messaging Worms, Analysis and Countermeasures Mohammad Mannan School of Computer

On Instant Messaging Worms, Analysis and Countermeasures Mohammad Mannan School of Computer

COMP 4108 Presentation - Sept 20, 2005 On Instant Messaging Worms, Analysis and Countermeasures Mohammad Mannan School of Computer Science Carleton University, Canada Goals of this talk Discuss a few IM worms Analyze well-known

402 views • 26 slides
Malware: Worms CS 161 - Computer Security Profs. Vern Paxson &amp; David Wagner TAs: John

Malware: Worms CS 161 - Computer Security Profs. Vern Paxson &amp; David Wagner TAs: John

Malware: Worms CS 161 - Computer Security Profs. Vern Paxson &amp; David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ April 14, 2010 The Problem of Worms

582 views • 22 slides
FILARIAL WORMS Found mainly in tropical regions in Asia Threadlike worms live in the

FILARIAL WORMS Found mainly in tropical regions in Asia Threadlike worms live in the

FILARIAL WORMS Found mainly in tropical regions in Asia Threadlike worms live in the blood and lymph vessels of birds and mammals. They are transmitted by mosquitoes. Cause severe infections Worms block passage of lymph

390 views • 8 slides
Early DoS and Worms Examples of recent worms and DoS attacks Slammer Worm Shaft DoS attack

Early DoS and Worms Examples of recent worms and DoS attacks Slammer Worm Shaft DoS attack

Outline Introduction to worms Potential damage that *could* be caused (theoretical) Early DoS and Worms Examples of recent worms and DoS attacks Slammer Worm Shaft DoS attack Ben Wilde Mstream DoS attack 7 February, 2005

718 views • 14 slides
Worms, Botnets and The Underground Economy CS 161 - Computer Security Profs. Vern Paxson &amp;

Worms, Botnets and The Underground Economy CS 161 - Computer Security Profs. Vern Paxson &amp;

Worms, Botnets and The Underground Economy CS 161 - Computer Security Profs. Vern Paxson &amp; David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ April 16,

445 views • 19 slides
Worms &amp; Botnets CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Worms &amp; Botnets CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Worms &amp; Botnets CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed &amp; Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ April 21, 2011 Announcements HKN reviewing today, 12:15PM Final exam

987 views • 31 slides
Viruses &amp; Worms CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Viruses &amp; Worms CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Viruses &amp; Worms CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed &amp; Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ April 19, 2011 Announcements Matthias out for at least this coming week :-(

468 views • 46 slides
Viruses &amp; Worms CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Viruses &amp; Worms CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Viruses &amp; Worms CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed &amp; Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ April 19, 2011 Announcements Matthias out for at least this coming week :-(

864 views • 31 slides
Malware: Worms and Botnets CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva

Malware: Worms and Botnets CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva

Malware: Worms and Botnets CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin, Mitar Milutinovic, Rishabh Poddar, Rebecca

700 views • 49 slides
Malware: Viruses, Worms, Rootkits, Botnets Spring 2015

Malware: Viruses, Worms, Rootkits, Botnets Spring 2015

CSE 484 / CSE M 584: Computer Security and Privacy Malware: Viruses, Worms, Rootkits, Botnets Spring 2015 Franziska (Franzi) Roesner

403 views • 37 slides
Malicious Logic Trojan Horses Viruses Worms Fall 2010 CS 334: Computer Security Slide #1

Malicious Logic Trojan Horses Viruses Worms Fall 2010 CS 334: Computer Security Slide #1

Malicious Logic Trojan Horses Viruses Worms Fall 2010 CS 334: Computer Security Slide #1 Introduction Malicious Logic: a set of instructions that cause violation of security policy Idea taken from Troy: to breach an impenetrable

1.3k views • 109 slides
fka Can of Worms Harrison Community Center June 13, 2016 Purpose To introduce the

fka Can of Worms Harrison Community Center June 13, 2016 Purpose To introduce the

fka Can of Worms Harrison Community Center June 13, 2016 Purpose To introduce the potential Twin Ports Interchange (TPI) project. Jct I-35/I- 535/Hwy 53 fka Can of Worms I-535 at Garfield Avenue Gather community input

225 views • 18 slides
More Malware Last Class Worms: Morris Worm Stuxnet Conficker Web-based

More Malware Last Class Worms: Morris Worm Stuxnet Conficker Web-based

More Malware Last Class Worms: Morris Worm Stuxnet Conficker Web-based malware: Exploit kits Fake AV Ransomware Today (continuation) How Malware Spreads Adware Computer Virus A type of malicious

647 views • 23 slides
SELF-PROPAGATING MALWARE Ben Livshits, Microsoft Research Overview of Todays Lecture 2

SELF-PROPAGATING MALWARE Ben Livshits, Microsoft Research Overview of Todays Lecture 2

WORMS AND SELF-PROPAGATING MALWARE Ben Livshits, Microsoft Research Overview of Todays Lecture 2 Malware: taxonomy JavaScript worms History, evolution, and Spectator : JavaScript progression of worms: worm detection and an

643 views • 51 slides
Responding to Mobile Worms with Location-Based Quarantine Boundaries Baik Hoh (baikhoh@winlab)

Responding to Mobile Worms with Location-Based Quarantine Boundaries Baik Hoh (baikhoh@winlab)

Responding to Mobile Worms with Location-Based Quarantine Boundaries Baik Hoh (baikhoh@winlab) Marco Gruteser (gruteser@winlab) Research Review 2006 1 Threats of Mobile Worms Current Trends in Pervasive Devices Multi-radio support :

791 views • 20 slides
Honeypots against Worms 101 Honeypots against Worms 101 Black Hat Asia 2003 oudot at oudot at

Honeypots against Worms 101 Honeypots against Worms 101 Black Hat Asia 2003 oudot at oudot at

Honeypots against Worms 101 Honeypots against Worms 101 Black Hat Asia 2003 oudot at oudot at rstack rstack.org .org http://www.rstack http://www. rstack.org/ .org/oudot oudot team rstack.org Overview Overview 1. About Worms

733 views • 51 slides
Communication Systems Firewalls University of Freiburg Computer Science Computer Networks and

Communication Systems Firewalls University of Freiburg Computer Science Computer Networks and

Communication Systems Firewalls University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer Organization I. Data and voice communication in IP networks II. Security issues in networking

909 views • 39 slides
Cryptography in the Age of Quantum Computers Mark Zhandry MIT Based on joint works with:

Cryptography in the Age of Quantum Computers Mark Zhandry MIT Based on joint works with:

Cryptography in the Age of Quantum Computers Mark Zhandry MIT Based on joint works with: Dan Boneh, zgr Dagdelen, Marc Fischlin, Anja Lehmann, Christian Schaffner Typical Crypto Application m ! Solution: (Private Key) Encryption c ! c

865 views • 58 slides
Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv

Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv

Definitions Constructions Active Adversaries Foundation of Cryptography (0368-4162-01), Lecture 8 Encryption Schemes Iftach Haitner, Tel Aviv University January 3 17, 2012 Definitions Constructions Active Adversaries Section 1

1.33k views • 112 slides
Symmetric Cryptography Nadia Heninger and Deian Stefan Some slides adopted from Kirill Levchenko

Symmetric Cryptography Nadia Heninger and Deian Stefan Some slides adopted from Kirill Levchenko

CSE 127: Computer Security Symmetric Cryptography Nadia Heninger and Deian Stefan Some slides adopted from Kirill Levchenko and Dan Boneh Cryptography Cryptography Is: A tremendous tool The basis for many security mechanisms

783 views • 67 slides
...Let them hate so long as they fear... oderint dum metuant /WARNING!/:

...Let them hate so long as they fear... oderint dum metuant /WARNING!/:

#UFONet = ( To0L.AlienWare ) / ninja [ DDoS + DoS ] \ (multi- ProXY / DarkNet ( HTTP(s) / WebAbuse [ Layer7 ] ) +(extra[Layer3]+d0rKng+eVas(h)iVe(CA- che/ge0) +FngPrinting+ sTAT[RanKiNgs+F0RuMS + WarGameS (P2P/ClAns-RanKings)] Denial of

690 views • 51 slides
Software Vulnerabilities in Programming Languages and Applications A presentation to Ada Europe

Software Vulnerabilities in Programming Languages and Applications A presentation to Ada Europe

Software Vulnerabilities in Programming Languages and Applications A presentation to Ada Europe 2010 Stephen Michell, Maurya Software, Ottawa, Canada Security There are people out there trying to attack every computer that we own. Most

503 views • 48 slides
3 Industrial Communication Networks Automation Overview 3 Industrial Communication Networks 3.1

3 Industrial Communication Networks Automation Overview 3 Industrial Communication Networks 3.1

EPFL, Spring 2017 3 Industrial Communication Networks Automation Overview 3 Industrial Communication Networks 3.1 Field bus principles 3.2 Field bus operation 3.3 Standard field busses 3.4 Industrial wireless communication Industrial

1.26k views • 87 slides
All Units...Pick up your Charter Renewal Packet &amp; Schedule your Charter Turn-in (about 15

All Units...Pick up your Charter Renewal Packet &amp; Schedule your Charter Turn-in (about 15

All Units...Pick up your Charter Renewal Packet &amp; Schedule your Charter Turn-in (about 15 minutes) The Dates are: 27 January, Wed. 7 to 9 pm at the Scout office 13 February, Tues. 9 am to 1 pm at Salem Church in Eastover 20

217 views • 19 slides

More recommend