Transcript CHAPTER 4 Methodology

CHAPTER 4
METHODOLOGY
1
Types of Problems
Discuss about vulnerability methodology
 Process how to attack a product or system
 Three different classes of problems: black
box, translucent box and crystal box
 Refers to level of visibility into the
workings of the system we want to attack

2
Black Box





Chip and unknown Remote Host
Any component or part of a system whose inner
functions are hidden from the user of the system
Accepts input and produces output
No exposed setting or controls, not intended to be
open or modified
Chip that don’t have identifying marks where
difficult to determine what kind of chip is it
(Integrated Circuit, IC)
3
Black Box
Unknown ICs good example of black box
 Host across a network where you will be
forced to access it
 Limited to its input and output and have no
visibility into its inner working, this another
example of black box
 This kind of host using operating system
(OS) that being developed from scratch, has
unique identity that support by government

4
Black Box
Call FRED, using OS that nobody know
 Difficult to hack or get any information
using any of tools or technique
 The only way wait for any of information
leakage

5
Information Leakage






Open the chip and study it but only can works for
physically available for you
FRED cannot, but can use other way
FRED has user interface (UI) and fact its speaks
TCP/IP
Get any information using TCP/IP sniffer trace
Suppose FRED run on web, can use DoS tools to
hit FRED and waiting for any reaction
To guess the commands line, perhaps using
username/password concept
6
Black Box
Can figure out as long as the thing was
designed by human
 Use all techniques and combination of them

7
Translucent Box
On theory black boxes not exist but
Translucent Box with various degrees of
transparency
 Methods on how attacking software that is
under your control
 Tools

– Have programs will see the UI, so need to
know what are inside
8
Translucent Box

Tools
– Before break it need to determine what it uses
for input
– Could be files, packets, environments variables
etc
– System Monitoring Tools
» High level where to determine what kind of files and
other resources the program accesses
» Example tools, Filemon, Regmon, HandEx (NT)
9
Translucent Box

Tools
– System Monitoring Tools
» Filemon, monitor a running program, what files it
access, reading or writing, where and what other file
it’s looking for
» Regmon, monitor much the same for the Window
Registry, what keys it’s accessing, modifying,
reading, looking etc
» HandEx, same as Regmon but in NT and were
organized by process, file handled and what is
pointing to
10
Translucent Box

Tools
– System Monitoring Tools
» Unix, trace, strace, ktrace and truss (tracing
program)
» Example: strace, show system (kernel) calls, and
what the parameters are
– Packet Sniffing
» Network attack, need to determine what constitutes
a unit of info
» Data flows as one single stream, divided up into
fields
11
Translucent Box

Tools
– Packet Sniffing
» Field is a piece of the input that the host processes
separately
» Details in Chapter 9
– Debuggers, Decompiler and Related Tools
(Attacks on binary code)
» Debuggers, software that can take control another
program, stop and change
» Decompilers, takes binary code, turns to higher level
language, such as assembly language (Disassembler)
12
Crystal Box
Hardware that you have schematics or
software you have source code
 Problems

– Lack of info and difficulty to obtain more
– To know vulnerabilities done by this method
– Must have a certain minimal knowledge

How to Secure Against These Methodology
– Limits info given away, no 100% protection
just make it difficult
13
End Of Chapter 4
14