Download Security Threats, Errors and their types

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
Document related concepts
no text concepts found
Transcript 
Lecture 4:
Security Threats, Errors
and their types
138$
What is Security engineering?
Security engineering
is concerned with lowering the
risk of intentional unauthorized harm
to valuable assets to level that is
acceptable to the system’s
stakeholders by preventing and
reacting to malicious harm, misuse,
threats, and security risks.
Firesmith,$2003$
139
Outline
•  Malware types
•  Seven pernicious kingdoms
•  Security threats
–  Examples in distributed systems
•  Attack trees
141$
Outline
•  Malware types
•  Seven pernicious kingdoms
•  Security threats
–  Examples in distributed systems
•  Attack trees
https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101/
142$
Malicious software
https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101/
•  Software used to cause harm to the computer
–  Compromise computer functions
–  Steal data
–  Bypass access controls
–  …
144$
Malicious software
https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101/
•  Symptoms:
– 
– 
– 
– 
– 
– 
– 
– 
– 
Increased CPU usage
Slow computer or web browser speeds
Problems connecting to networks
Freezing or crashing
Modified or deleted files
Appearance of strange files, programs, or desktop icons
Programs running, turning off, or reconfiguring themselves
Strange computer behavior
Emails/messages being sent automatically and without user’s
knowledge
145$
Malicious software
https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101/
•  Symptoms:
– 
– 
– 
– 
– 
– 
– 
– 
– 
Increased CPU usage
Slow computer or web browser speeds
Rootkit
Problems Adware
connecting to networks
Spyware
Trojan horse
Freezing or
crashing
Virus
Modified orBot
deleted files
Bug
Worm or desktop icons
Appearance
of strange files, programs,
Programs Ransomware
running, turning off, Spam
or reconfiguring themselves
Strange computer behavior
Emails/messages being sent automatically and without user’s
knowledge
146$
Malware types
https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101/
•  Adware
(advertising supported software)
–  automatically delivers
advertisements
–  Pop-up ads on Websites
–  Come with spyware
•  to track-user activities
•  to steal information
•  Spyware
–  spy on user activity without
their knowledge
•  activity monitoring
•  collecting keystrokes
•  data harvesting
(account information, logins,
financial data)
147$
Malware types
https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101/
•  Bot
•  Bug
–  automatically perform
specific operations
–  used in botnets – collections
of computers to be
controlled by third parties
•  DDoS attacks
•  spambots
–  A flaw that produces an
undesired outcome
–  Security bugs are the most
severe type of bugs
•  Attackers can
–  bypass user
authentication
–  override access privileges
–  steal data
148$
Malware types
https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101/
•  Ransomware
–  holds a computer system
captive while demanding a
ransom
–  restricts user access to the
computer
•  encrypting files
•  locking down the system
and displaying messages
to force the user to pay the
malware creator
•  Rootkit
–  remotely access or control a
computer without being
detected
• 
• 
• 
• 
remotely execute files
access/steal information
modify system configurations
alter software (especially
security software that could
detect the rootkit)
•  install concealed malware
•  control the computer as part of
a botnet
149$
Malware types
https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101/
•  Virus
–  copying itself and spreading
to other computers
•  by attaching themselves to
various programs, executing
code when a user launches
those programs
•  through script files, documents,
and cross-site scripting
vulnerabilities in web apps
–  used to
•  steal information, money
•  harm host computers and
networks
•  create botnets
•  render advertisements
•  Worm
–  spread over computer networks
by exploiting operating system
vulnerabilities
–  harm to host networks by
consuming bandwidth and
overloading web servers
–  Have the ability to self-replicate
and spread independently
–  Worms often spread by sending
mass emails with infected
attachments to users’ contacts
150$
Malware types
https://www.veracode.com/blog/2012/10/common-malware-types-cybersecurity-101/
•  Trojan Horse
–  disguises itself as a normal
file or program to trick users
into downloading and
installing malware
–  can give a malicious party
remote access
–  once an attacker has
access to an infected
computer
• 
• 
• 
• 
• 
• 
to steal data
install more malware
modify files
monitor user activity
use the computer in botnets
…
•  Spam
–  electronic sending of mass
unsolicited messages
•  email, instant messages, texting,
blogs, web forums, search engines,
social media
–  it is very common for
malware to spread through
spamming
•  when infected computers (with
viruses, worms, …) are used
to distribute spam messages
containing more malware
151$
Outline
•  Malware types
•  Seven pernicious kingdoms
•  Security threats
–  Examples in distributed systems
•  Attack trees
Tsipenyuk K., Chess B., McGraw G., Seven Pernicious Kingdoms: A Taxonomy of
Software Security Errors, IEEE Security and Privacy, 2005
152$
Seven
Pernicious Kingdoms
1. Input validation and
Representation
2. API Abuse
3. Security Features
4. Time and State
5. Error Handling
6. Code Quality
7. Encapsulation
* Environment
$154$$
1. Input validation and
Representation
2. API Abuse
3. Security Features
4. Time and State
5. Error Handling
6. Code Quality
7. Encapsulation
* Environment
•  Caused by
o  Meta-characters, alternate encoding,
numeric representation
•  Problems result from
o  Lack of input validation
o  Representation issues
• 
easy target
• 
often-used point of attack
•  Resulting problems
o 
o 
o 
o 
o 
o 
o 
Buffer overflows
Cross-site scripting attacks
SQL injection
Command injection
Setting Manipulation
String termination error
…
$155$$
1. Input validation and
Representation
5. Error Handling
6. Code Quality
7. Encapsulation
2. API Abuse
•  An API is a contract between a
3. caller
Security
Features
and a callee
4. Time and State
* Environment
•  Caused by
o  The callee failing to honor its end of
the contract
•  Case
o  If a program fails to call chdir() after
calling chroot(), it violates the
contract that specifies how to change
the active root directory in a secure
fashion
•  Resulting problems
o  Dangerous functions
o  Often misused exception
handling
o  Unchecked return value
o  Directory restriction
o  …
$156$$
1. Input validation and
Representation
5. Error Handling
6. Code Quality
7. Encapsulation
2. API Abuse
3. Security Features
•  Software security is not security software
4.
Time and State
* Environment
•  Caused by
o  Incorrect implementation
o  Incorrect use of security features
like
• 
Authenticity, Access control,
Cryptography, Digital signatures, …
•  Resulting problems
o 
o 
o 
o 
o 
Insecure randomness
Missing access control
Password management
Privacy violation
…
$157$$
1. Input validation and
Representation
2. API Abuse
3. Security Features
4. Time and State
•  In order for more than one component
to communicate, state must be
Environment
shared,
and all that takes time
•  Caused by
o 
o 
o 
o 
5. Error Handling
6. Code Quality
7. Encapsulation
Distributed computing
Sharing state
Multithreading
A programmer’s belief that
everything happens in one
continuous sequence
*
•  Resulting problems
o  Deadlock
o  Failure to begin a new session
upon authentication
o  Insecure temporary file
o  File access race condition
(TOCTOU)
o  …
$158$$
1. Input validation and
Representation
2. API Abuse
3. Security Features
4. Time and State
5. Error Handling
•  Errors and error handling represent
6.aCode
class ofQuality
API
• 7.Errors
related to error handling are
Encapsulation
so common that they deserve a
special kingdom of their own
* Environment
•  Caused by
o  Unexpected input – unexpected
behaviour
o  Concept of exceptions in modern
programming languages
o  Insecure use and handling of
exceptions
•  Resulting problems
o 
o 
o 
o 
o 
Catch NullPointerException
Empty catch block
Overly-broad catch block
Overly broad throw declaration
Unchecked return value
$159$$
1. Input validation and
Representation
2. API Abuse
3. Security Features
4. Time and State
5. Error Handling
6. Code Quality
7. Encapsulation
* Environment
•  Caused by
Lack of compliance with design
Insecure code is buggy code
Code readability
Complexity of code vs.
complexity the human brain is
able to manage
o  Forgetting to remove old code
o 
o 
o 
o 
•  Resulting problems
o 
o 
o 
o 
o 
o 
o 
o 
Inconsistent implementation
Memory leak
Obsolete code
Underfined behaviour
Uninitalised variable
Unreleased resource
Use after free
$160$$
…
1. Input validation and
Representation
2. API Abuse
3. Security Features
4. Time and State
5. Error Handling
6. Code Quality
7. Encapsulation
* Environment
•  Caused by
•  Resulting problems
o  Lack of clear boundaries
• 
• 
• 
Between WebApp and system
resources
Between validated and unvalidated
data
Between classes with various methods
o  Lack of attention to trust models
and trust boundaries
Comparing classes by name
Data leaking between users
Leftover debug code
Mobile code: non-final public
field
o  Trust boundary violation
o  …
o 
o 
o 
o 
$161$$
1. Input validation and
Representation
2. API Abuse
3. Security Features
4. Time and State
•  Caused by
5. Error Handling
6. Code Quality
7. Encapsulation
* Environment
•  Resulting problems
o  The software you are developing
running on a machine…
o  ... with an operating systems…
o  … and other software…
o  … quite possibly connected to other machines
through a network…
o  … all the stuff that is outside the code but is
still critical to the security of the created
software
o  Misconfiguration issues
o  Insecure compiler
optimisation
o  …
$162$$
Outline
•  Malware types
•  Seven pernicious kingdoms
•  Security threats
–  Examples in Distributed Systems
•  Attack trees
Uzunov A. V., E. B. Fernandez, An extensible pattern-based library and taxonomy of
security threats for distributed systems, Computer Standards & Interfaces, 36 (4), 2014,
June 734-747.
163$
Functional Decomposition
•  User interaction
–  Interfacing and/or interacting
with users
•  Data/storage management
–  Storing and management of
applications or information
•  Distribution control
–  Component collaboration
–  Coordination of local/remote
execution
–  Synchronization/concurrency
control
•  Communication
–  Network communication
•  Resource management
–  Resource allocation, global
scheduling, process migration,
–  Dynamic configuration of
active software components
•  Addressing
–  Address, identifier and/or name
allocation, distribution and
discovery/lookup
166$
Threats to the System
(first level threats)
•  Identify attacks
•  Network communication
attacks
•  Network protocol attacks
•  Passing illegal data
attacks
•  Stored data attacks
•  Remote information
inference
•  Loss of accountability
•  Uncontrolled operations
167$
Threats to the System
(first level threats)
•  Identify attacks
•  Network communication
attacks
•  Network protocol attacks
•  Passing illegal data
attacks
•  Stored data attacks
•  Remote information
inference
•  Loss of accountability
•  Uncontrolled operations
•  Attacker attempts to
fabricate or misuse identities
in a system
•  Examples
–  Identity spoofing
–  Advantageous identity allocation
168$
Threats to the System
(first level threats)
•  Threats to communication between
•  Identify attacks
distributed components
•  Network
communication attacks
•  Examples
•  Network protocol attacks
–  Message secrecy violation
•  Passing illegal data
–  Message integrity violation
–  Message authenticity violation
attacks
–  Traffic analysis, protocol sniffing
•  Stored data attacks
–  Covert network channel
•  Remote information
–  Session hijacking
inference
–  Session state poisoning
–  Route poisoning
•  Loss of accountability
–  Message flooding
•  Uncontrolled operations
169$
Threats to the System
(first level threats)
•  Threats to communication between
•  Identify attacks
distributed components
•  Network
communication attacks
•  Examples
•  Network protocol attacks
–  Message secrecy violation
•  Passing illegal data
–  Message integrity violation
–  Message authenticity violation
attacks
–  Traffic analysis, protocol sniffing
•  Stored data attacks
–  Covert network channel
•  Remote information
–  Session hijacking
inference
–  Session state poisoning
–  Route poisoning
•  Loss of accountability
–  Message flooding
•  Uncontrolled operations
170$
Threats to the System
(first level threats)
•  Threats to communication between
•  Identify attacks
distributed components
•  Network
communication attacks
•  Examples
•  Network protocol attacks
–  Message secrecy violation
•  Passing illegal data
–  Message integrity violation
–  Message authenticity violation
attacks
–  Traffic analysis, protocol sniffing
•  Stored data attacks
–  Covert network channel
•  Remote information
–  Session hijacking
inference
–  Session state poisoning
–  Route poisoning
•  Loss of accountability
–  Message flooding
•  Uncontrolled operations
171$
Threats to the System
(first level threats)
•  Threats to communication between
•  Identify attacks
distributed components
•  Network
communication attacks
•  Examples
•  Network protocol attacks
–  Message secrecy violation
•  Passing illegal data
–  Message integrity violation
–  Message authenticity violation
attacks
–  Traffic analysis, protocol sniffing
•  Stored data attacks
–  Covert network channel
•  Remote information
–  Session hijacking
inference
–  Session state poisoning
Messages in transit
–  Route poisoning
•  Loss of accountability
•  intercepted and their contents read
–  Message flooding
by an attacker
•  Uncontrolled operations
•  intercepted and modified, replaced,
corrupted or simply deleted by an
172$
attacker
Threats to the System
(first level threats)
•  Threats to communication between
•  Identify attacks
distributed components
•  Network
communication attacks
•  Examples
•  Network protocol attacks
–  Message secrecy violation
•  Passing illegal data
–  Message integrity violation
–  Message authenticity violation
attacks
–  Traffic analysis, protocol sniffing
•  Stored data attacks
–  Covert network channel
•  Remote information
–  Session hijacking
inference
–  Session state poisoning
Messages in transit
–  Route poisoning
•  Loss of accountability
•  intercepted and their contents read
–  Message flooding
by an attacker
•  Uncontrolled operations
•  intercepted and modified, replaced,
corrupted or simply deleted by an
173$
attacker
Threats to the System
(first level threats)
•  Threats to communication between
•  Identify attacks
distributed components
•  Network
communication attacks
•  Examples
•  Network protocol attacks
–  Message secrecy violation
•  Passing illegal data
–  Message integrity violation
–  Message authenticity violation
attacks
–  Traffic analysis, protocol sniffing
•  Stored data attacks
–  Covert network channel
•  Remote information
–  Session hijacking
inference
–  Session state poisoning
–  Routecommunication
poisoning
•  Loss of accountability
Secure
–  message
Message flooding
• 
encryption
•  Uncontrolled operations
•  message hashing, error
detection codes
174$
Threats to the System
(first level threats)
•  Identify attacks
•  Network communication
attacks
•  Network protocol attacks
•  Passing illegal data attacks
•  Stored data attacks
•  Remote information
inference
•  Loss of accountability
•  Uncontrolled operations
•  Threats specifically to the
network protocols used for
communication
•  Examples
– 
– 
– 
– 
– 
Message replay
Message reuse
Protocol field modification
Use of abnormal packet size
Use of abnormal package
sequencing
–  Use of reserved protocol packet
175$
Threats to the System
(first level threats)
•  Identify attacks
•  Network communication
attacks
•  Network protocol attacks
•  Passing illegal data
attacks
•  Stored data attacks
•  Remote information
inference
•  Loss of accountability
•  Uncontrolled operations
•  Input data is manipulated by
attacker for some malicious
purpose
•  Examples
–  Injection
176$
Threats to the System
(first level threats)
•  Identify attacks
•  Network communication
attacks
•  Network protocol attacks
•  Passing illegal data
attacks
•  Stored data attacks
•  Remote information
inference
•  Loss of accountability
•  Uncontrolled operations
•  Input data is manipulated by
attacker for some malicious
purpose
•  Examples
–  Corruption
177$
Threats to the System
(first level threats)
•  Identify attacks
•  Network communication
attacks
•  Network protocol attacks
•  Passing illegal data
attacks
•  Remote information
inference
•  Loss of accountability
•  Uncontrolled operations
•  Extracting information from a
component or remotely, i.e.,
over network
•  Examples
– 
– 
– 
– 
Scanning (information gathering
Probing (vulnerability checking)
Output information disclosure
Data inference
178$
Threats to the System
(first level threats)
•  Identify attacks
•  Network communication
attacks
•  Network protocol attacks
•  Passing illegal data
attacks
•  Remote information
inference
•  Loss of accountability
•  Uncontrolled operations
•  Impact accountability
attributes
•  Examples
–  Track erasing
–  Repudiation
179$
Threats to the System
(first level threats)
•  Exploits existing system functionality
•  Identify attacks
in ways that would not normally be
•  Network communication
allowed (e.g., race conditions,
attacks
access to data)
•  Network protocol attacks
•  Passing illegal data
•  Examples
–  Unauthorized access
attacks
–  Invoking unauthorized operations
•  Remote information
–  Spoofing privileged processes
inference
–  Unsafe code execution
–  Exploitation of tight component coupling
•  Loss of accountability
–  Process overflow attack
–  Exploiting concurrency flaws
•  Uncontrolled
–  Resource exhaustion
operations
–  Targeted process crashing
180$
Threats to Security Infrastructure
(second level threats)
•  Cryptography attacks
•  Countermeasure
design
•  Configuration/
administration
•  Network protocol
threats
182$
Threats to Security Infrastructure
(second level threats)
•  Cryptography attacks •  Threats to countermeasures
using cryptography
•  Countermeasure
design
•  Examples
•  Configuration/
–  Forging cryptographic credentials
–  Abuse of weak algorithm
administration
–  Exploiting vulnerable security
protocol
•  Network protocol
–  Password attacks (guessing,
threats
brute force, rainbow tables)
183$
Threats to Security Infrastructure
(second level threats)
•  Cryptography attacks •  Threats to the way certain
countermeasures are (or
•  Countermeasure
may be) designed
design
•  Configuration/
•  Examples
–  Use of default credentials
administration
–  Bypassing controls
•  Network protocol
–  Leveraging authorization model
threats
184$
Threats to Security Infrastructure
(second level threats)
•  Cryptography attacks •  Threats related to
configuration and/or
•  Countermeasure
administration of the security
design
system
•  Configuration/
•  Examples
administration
–  Exploiting bad policies
•  Network protocol
–  Unauthorized modification of rights
threats
185$
Threats to Security Infrastructure
(second level threats)
•  Cryptography attacks •  Also at the first level
•  Threats applicable to secure
•  Countermeasure
protocol design
design
•  Configuration/
administration
•  Network protocol
threats
186$
Outline
•  Malware types
•  Seven pernicious kingdoms
•  Security threats
–  Examples in distributed systems
•  Attack trees
Schneier B., Attack Trees: Modeling security threats, Dr. Dobb's Journal December 1999
187$
189$
What did we learn today?
•  Malware types
•  Seven pernicious kingdoms
•  Security threats
–  Examples in distributed systems
•  Attack trees
192$
$193$$
193$
Related documents
Web server software
Web server software
No Slide Title
No Slide Title
Introduction to Information Security Chapter N
Introduction to Information Security Chapter N
E-Commerce and Bank Security
E-Commerce and Bank Security
Chapter 2 - Department of Accounting and Information Systems
Chapter 2 - Department of Accounting and Information Systems
Customer markets
Customer markets
Slayt 1
Slayt 1
Honeynet Project
Honeynet Project
Introduction to Information Security Chapter N
Introduction to Information Security Chapter N