Skip to content

INF4831 - Cyber Security

Ch 3 - Programs and Programming

Assessment criteria

1.     Describe secure programs.

2.     Discuss programming errors and complexity leading to vulnerabilities in computer systems.

3.     Demonstrate an understanding of the various types of malicious software, their effect, and how to defend against them.

4.     Understand and apply controls against program threats.

5.     Discuss operating system security methods.

6.     Demonstrate an understanding of memory and address protection in operating systems.

7.     Demonstrate an understanding of file protection mechanisms, access control and authentication in operating systems.

8.     Discuss security policies as they relate to operating systems.

9.     Discuss and evaluate the models of security as they apply to operating systems.

10. Demonstrate an understanding of the methods of designing a secure operating system.

Unintentional Programming oversights

Buffer overflows: writing over the boundary of the allocated memory for the variable/stack etc. - It is used by attackers to first cause a system crash and then a controlled failure with a serious security implication. - The countermeasure is staying within bounds and double checking the boundary condition.

Incomplete mediation: Mediation means checking. Incomplete mediation means that there is a vulnerability in the checking process. 

Time-of-check to time-of-use errors: Data is changed between the access check and the use. e.g. a file name and instruction is sent to the OS, the OS copies the file name and user name into local storage and performs a check to see if that user is validated to operate on that file, while it is doing the check, the file name/instruction is changed. When the OS returns, it then passes the changed name/instruction to be executed (it would assume its validated and not do a second validation).

Undocumented access point/backdoor: Programmer creates an undocumented entry point or execution mode (debug function or test function) while developing a program, but forgets to remove it when programs goes into development.

Off-by-one - should it be i <= n or i < n. Can cause issues where an error is undetected for a long time and only fails when a buffer fills (or the edge case causes an overflow error)

Race condition: order and timing of two or more processes accessing the same resource can cause errors. Similar to TOCTOU above, after one process is initiated, the other is timed in such a way that causes unintended consequences.

Viruses

Virus: A program that can replicate itself and pass on malicious code to other non-malicious programs by modifying them. It spreads through any medium. 

Worm: A program that spreads copies of itself through a network. It spreads through a network 

Trojan horse: Malicious code that, in addition to its primary effect, has a second, non-obvious, malicious effect. 

Rabbit: duplicates itself Logic bomb: triggers actions when certain conditions occur Time bomb: triggers actions when certain time passes Dropper: Hostile mobile code agent: Script attack: malicious javascript in a website RAT: remote access trojan, gives access to remote user Spyware: tracks/intercepts data and transmits to another device Bot: autonomous agent (can be malicious) Zombie: an infected computer that can now be used in attacks Browser hijacker: redirects users to specific sites Rootkit: boots before the OS Trapdoor/backdoor: access to a program not via the login seciont Toolkit: an array of tools used to do pen-testing or other security testing, can also be a hacker toolkit Scareware: false warning of an attack to prompt some action

Transmission of viruses - setup/installer - installing an exe (human iniated) - attached files - document virus - embedded in the macros of documents - autorun - appended viruses - propagation - integrated viruses

Counter measures

Testing

Testing of program components

It is important to test program component therefore know the following testing a) module testing, b) component testing, c) integration  testing, d) function testing, e) performance testing, f) acceptance testing and g) installation testing h) regression testing i) black-box testing and j) clear-box testing.

A system can also be validated using requirements checking, design and code reviews and system testing.

  • module/unit testing - a specific module is tested in isolation to make sure it works as expected.
  • integration testing - making sure that module now works in the context of the larger system.
  • function testing - testing the functionality of the system to make sure it performs all requirements in the specs.
  • performance testing - how well does the software perform.
  • acceptance testing - done by the user to see from their side if it performs all the requirements in the specs.
  • installation testing - testing the deployed software.
  • regression testing - normally done in maintenance, done to make sure a change does not break other areas of the system.
  • black-box testing - testing as if the inner workings are not known
  • clear-box testing - testing as if the inner working are known

Software engineering techniques

Creating good programs increases security and leaves less room for vulnerabilities - Modularity - simple, independant parts that make up the whole - Encapsulation - isolating data and functionality within a module - Information hiding - implementation is hidden, only the interface is exposed - Mutual suspicion - - Confinement/sand boxing - limiting the runtime space a program can operate in - Simplicity - Genetic diversity - use parts from multiple vendors.

See also