College papers academic writing service


The development of security measures of any given operating systems

This is a brief one-chapter introduction to a very large and important topic. This chapter Security deals with protecting systems from deliberate attacks, either internal or external, from individuals intentionally attempting to steal information, damage information, or otherwise deliberately wreak havoc in some manner. Some of the most common types of violations include: Breach of Confidentiality - Theft of private or confidential information, such as credit-card numbers, trade secrets, patents, secret formulas, manufacturing procedures, medical information, financial information, etc.

Breach of Integrity - Unauthorized modification of data, which may have serious indirect consequences. For example a popular game or other program's source code could be modified to open up security holes on users systems before being released to the public.

Breach of Availability - Unauthorized destruction of data, often just for the "fun" of causing havoc and for bragging rites. Vandalism of web sites is a common form of this violation. Theft of Service - Unauthorized use of resources, such as theft of CPU cycles, installation of daemons running an unauthorized file server, or tapping into the target's telephone or networking services. Denial of Service, DOS - Preventing legitimate users from using the system, often by overloading and overwhelming the system with an excess of requests for service.

One common attack is masquerading, in which the attacker pretends to be a trusted third party. A variation of this is the man-in-the-middle, in which the attacker masquerades as both ends of the conversation to two targets. A replay attack involves repeating a valid transmission.

Sometimes this can be the entire attack, such as repeating a request for a money transferor other times the content of the original message is replaced with malicious content. There are four levels at which a system must be protected: Physical - The easiest way to steal data is to pocket the backup tapes. Also, access to the root console will often give the user special privileges, such as rebooting the system as root from removable media.

Even general access to terminals in a computer room offers some opportunities for an attacker, although today's modern high-speed networking environment provides more and more opportunities for remote attacks.

  1. The algorithms described here must have this important property. In this case the buffer-overflow attack would work up to a point, but as soon as it "returns" to an address in the data space and tries executing statements there, an exception would be thrown crashing the program.
  2. If an operating system is designed for specific uses on a more or less fixed range of hardware, with specific software running under it within defined operating scenarios, then security goals can be defined with sufficient accuracy and a threat model can be built. Denial of Service, DOS - Preventing legitimate users from using the system, often by overloading and overwhelming the system with an excess of requests for service.
  3. One of the most well-known worms was launched by Robert Morris, a graduate student at Cornell, in November 1988.

Human - There is some concern that the humans who are allowed access to a system be trustworthy, and that they cannot be coerced into breaching security. However more and more attacks today are made via social engineering, which basically means fooling trustworthy people into accidentally breaching security.

Phishing involves sending an innocent-looking e-mail or web site designed to fool people into revealing confidential information. Dumpster Diving involves searching the trash or other locations for passwords that are written down. Passwords that are too hard to remember, or which must be changed frequently are more likely to be written down somewhere close to the user's station.

Password Cracking involves divining users passwords, either by watching them type in their passwords, knowing something about them like their pet's names, or simply trying all words in common dictionaries. Network - As network communications become ever more important and pervasive in modern computing environments, it becomes ever more important to protect this area of the system.

Both protecting the network itself from attack, and protecting the local system from attacks coming in through the network. This is a growing area of concern as wireless communications and portable devices become more and more prevalent. Only a few are discussed here. One dangerous opening for Trojan horses is long search paths, and in particular paths which include the current directory ". Another classic Trojan Horse is a login emulator, which records a users account name and password, issues a "password incorrect" message, and then logs off the system.

Special Note to UIC students: Beware that someone has registered the domain name of uic. Access to this site is blocked from campus, but you are on your own off campus.

Two solutions to Trojan Horses are to have the system print usage statistics on logouts, and to require the typing of non-trappable key sequences such as Control-Alt-Delete in order to log in. This is why modern Windows systems require the Control-Alt-Delete sequence to commence logging in, which cannot be emulated or caught by ordinary programs.

Spyware is a version of a Trojan Horse that is often included in "free" software downloaded off the Internet. Spyware programs generate pop-up browser windows, and may also accumulate information about the user and deliver it to some central site. This is an example of covert channels, in which surreptitious communications occur.

Another common task of spyware is to send out spam e-mail messages, which then purportedly come from the infected user. Because of the possibility of trap doors, once a system has been in an untrustworthy state, that system can never be trusted again.

Even the backup tapes may contain a copy of some cleverly hidden back door. A clever trap door could be inserted into a compiler, so that any programs compiled with that compiler would contain a security hole.

This is especially dangerous, because inspection of the code being compiled would not reveal any problems. A classic example is the Dead-Man Switch, which is designed to check whether a certain person e. Consider what happens in the following code, for example, if argv[ 1 ] exceeds 256 characters: The strcpy command will overflow the buffer, overwriting adjacent areas of memory.

The problem could be avoided using strncpy, with a limit of 255 characters copied plus room for the null byte. So how does overflowing the buffer cause a security breach? Well the first step is to understand the structure of the stack in memory: The "bottom" of the stack is actually at a high memory the development of security measures of any given operating systems, and the stack grows towards lower addresses.

However the address of an array is the lowest address of the array, and higher array elements extend to higher addresses. In particular, writing past the top of an array, as occurs when a buffer overflows with too much input data, can eventually overwrite the return address, effectively changing where the program jumps to when it returns.

Now that we know how to change where the program returns to by overflowing the buffer, the second step is to insert some nefarious code, and then get the program to jump to our inserted code.

To do this requires compiling a program that contains this instruction, and then using an assembler or debugging tool to extract the minimum extent that includes the necessary instructions.

The bad code is then padded with as many extra bytes as are needed to overflow the buffer to the correct extent, and the address of the buffer inserted into the return address location.

Features of secure OS realization

Note, however, that neither the bad code or the padding can contain null bytes, which would terminate the strcpy. The resulting block of information is provided as "input", copied into the buffer by the original program, and then the return statement causes control to jump to the location of the buffer and start executing the code to launch a shell.

Unfortunately famous hacks such as the buffer overflow attack are well published and well known, and it doesn't take a lot of skill to follow the instructions and start attacking lots of systems until the law of averages eventually works out. Script Kiddies are those hackers with only rudimentary skills of their own but the ability to copy the efforts of others. Fortunately modern hardware now includes a bit in the page tables to mark certain pages as non-executable.

In this case the buffer-overflow attack would work up to a point, but as soon as it "returns" to an address in the data space and tries executing statements there, an exception would be thrown crashing the program.

More details about stack-overflow attacks are available on-line from http: Viruses are delivered to systems in a virus dropper, usually some form of a Trojan Horse, and usually via e-mail or unsafe downloads. Some of the forms of viruses include: File - A file virus attaches itself to an executable file, causing it to run the virus code first and then jump to the start of the original program.

These viruses are termed parasitic, because they do not leave any new files on the system, and the original program is still fully functional.

Boot - A boot virus occupies the boot sector, and runs before the OS is loaded. These are also known as memory viruses, because in operation they reside in memory, and do not appear in the file system.

These viruses can exist in word processing documents or spreadsheet files. Source code viruses look for source code and infect it in order to spread. Polymorphic viruses change every time they spread - Not their underlying functionality, but just their signature, by which virus checkers recognize them.

Encrypted viruses travel in encrypted form to escape detection. In practice they are self-decrypting, which then allows them to infect other files. Stealth viruses try to avoid detection by modifying parts of the system that could be used to detect it. For example the read system call could be modified so that if an infected file is read the infected part gets skipped and the reader would see the original unadulterated file.

Tunneling viruses attempt to avoid detection by inserting themselves into the interrupt handler chain, or into device drivers. Multipartite viruses attack multiple parts of the system, such as files, boot sector, and memory. Armored viruses are coded to the development of security measures of any given operating systems them hard for anti-virus researchers to decode and understand.

In addition many files associated with viruses are hidden, protected, or given innocuous looking names such as ". In 2004 a virus exploited three bugs in Microsoft products to infect hundreds of Windows servers including many trusted sites running Microsoft Internet Information Server, which in turn infected any Microsoft Internet Explorer web browser that visited any of the infected server sites.

One the development of security measures of any given operating systems the back-door programs it installed was a keystroke logger, which records users keystrokes, including passwords and other sensitive information. There is some debate in the computing community as to whether a monoculture, in which nearly all systems run the same hardware, operating system, and applications, increases the threat of viruses and the potential for harm caused by them.

The threats in this section attack the operating system or the network itself, or leverage those systems to launch their attacks.

Worms consume system resources, often blocking out other, legitimate processes. Worms that propagate over networks can be especially problematic, as they can tie up vast amounts of network resources and bring down large-scale systems.

One of the most well-known worms was launched by Robert Morris, a graduate student at Cornell, in November 1988. This worm consisted of two parts: A small program called a grappling hook, which was deposited on the target system through one of three vulnerabilities, and The main worm program, which was transferred onto the target system and launched by the grappling hook program. The three vulnerabilities exploited by the Morris Internet worm were as follows: For example "finger joeUser somemachine.

The debug feature was convenient for administrators, and was often left turned on. The Morris worm exploited the debugger to mail and execute a copy of the grappling hook program on the remote system.

Once in place, the worm undertook systematic attacks to discover user passwords: First it would check for accounts for which the account name and the password were the same, such as "guest", "guest".

Then it would try an internal dictionary of 432 favorite password choices. I'm sure "password", "pass", and blank passwords were all on the list. Finally it would try every word in the standard UNIX on-line dictionary to try and break into user accounts. Once it had gotten access to one or more user accounts, then it would attempt to use those accounts to rsh to other systems, and continue the process. With each new access the worm would check for already running copies of itself, and 6 out of 7 times if it found one it would stop.