Attack from Inside the System

Trojan Horses

  • A seemingly innocent program contains code to perform an unexpected and undesirable function
  • The function includes:
    1. modifying, deleting, or encrypting the user file
    2. copying user files to a place where the cracker can retrieve later
    3. sending the files to the cracker or a temporary safe hiding place via email/FTP
  • To run a Trojan horse, the person must first executed the program. (often found in free games, MP3, or something attract users’ attention)
  • Once it starts, Trojan horse can do anything the user can do and it does not require the author of the Trojan horse to break into victim’s computer.
  • Unix path variable is another way to inserting Trojan horse to the machine

Login Spoofing

  • get the username and password by making a fake login page that tricks the users to enter their passwods
    –> Windows asks users to hit Ctrl+Alt+Del before the login page for this reason.

Logic Bombs

  • A piece of code written by one of a company’s (currently employed) programmer and was secretly inserted into the production operating system.
  • The programmer feeds it a daily password and if fired one day by the company, no password will be provided to the program and the logic bomb “goes off”
    –> Happened in payroll
  • “Going off” might mean cleaning disk, erasing files at random, or other hard-to-detect changes to key programs.
  • The company can call the police, but will never get the files back.

Trap Doors

  • Allow a system programmer to bypass the whole authentication
    –> i.e. To select a login name that no matter what the password the user type, the access is granted
  • This can be prevented by Code Review, which is to have the programmers explain their code line by line periodically.

Buffer Overflow

  • Particular for C programming
  • C compiler don’t have array bound checking, so it is possible to overwrite some byte of memory outside an array.
    • Suppose a dynamic array is copied to a static array (e.g. Name)
    • If the characters of the dynamic array exceeds the size of the static array, the name will overflow in the static and overwrite the address and corrupt it.
  • Prevention process
    1. feed it with a reasonable size first and see if it dumps core.
    2. Analyze core dump to see where the long stream is stored.
    3. Figure out the overwritten data from there.

Generic Security Attack

  • tiger/penetration team: a group of experts hired by the company to see if they can break in the system
  • Common successful attacks:
    1. Request memory pages, disk space, or tapes and just read them
    2. Try illegal system calls, or legal calls with illegal parameters, or legal calls and legal but not reasonable parameter.
    3. Start logging in and hit break keys (e.g. DEL) to kill the login checking program
    4. Try modifying complex operating system structure kept in user space
    5. Look at manual and do the “Do not do…”
    6. Convince the system programmer to add a trap door with your user name
    7. Bribe the secretary

Design Principles

  1. The system design should be public
  2. The default should be no access.
  3. Check for current authority
  4. Give each process the least privilege possible
  5. The protection mechanism should be simple, uniform, and built into the lowest layers of the system.
  6. The scheme chosen must be psychologically acceptable.

View PDF