Attacks and OS security

Download Report

Transcript Attacks and OS security

Cosc 4765
Nature of Attacks and OS security.
Common “attacks”
• This is not a complete list:
– Trojan Horse
– Trapdoor
– Input Validation problems of all sorts.
• Stack and Buffer Overflows
• SQL Injection Attacks
–
–
–
–
–
Worms, Viruses, malware, phishing, and spear phishing
Targeted attacks
Botnets, zombie computers, etc…
Denial of Service (DoS) and Distributed DoS (DDoS)
Attacks against the browser
• Cross-site Scripting (XXS)
• Cross-site Request Forgeries (CSRF)
• Drive by attacks.
Trojan Horse
• A program that appears to do something nice and
does something in the background that is bad
– a program fragment that does something malicious in the
background that the services spec does not specify.
– usually put in by a programmer
– example:
•
•
bank interest: put a fraction of a penny in your own account for
every transaction on the system
A program that claims to be a game, but actually reformats your
hard
Trapdoor (backdoor)
• an unspecified feature of the system
– an undocumented feature that may be exploited
to perform unauthorized access
– programmer may not know about it or may have
written it in.
– usually required knowledge of the design
– Could be included in a compiler
Input Validation
• Stack and Buffer Overflows
– Exploits a bug/vulnerability in a program
• overflow either the stack or memory buffers.
– common mistake
• SQL Injection Attacks
– Input is an sql command, instead of the “correct”
input, which then does what the attackers wants.
• And many more types of attacks.
Worms, Viruses, and malware
•
Worms
• Worm Program is designed to copy itself from 1 PC to another – via e-mail,
TCP/IP
• Goal is to infect as many machines as possible
• not interested in multiple copies on the same machine
•
• Relies less (or not at all) on human intervention to propagate
Virus
•
•
Computer program designed to spread over as many files as possible on a single computer
• Spreads to other computers because of humans or “Worm” techniques
• Viruses may damage or modify data, cause the computer to crash, display
messages, lie dormant until “trigger” event, etc …
malware
•
short for malicious software, is software designed to secretly access a computer system
without the owner's informed consent. The expression is a general term used by computer
professionals to mean a variety of forms of hostile, intrusive, or annoying software or program
code.
Phishing and Spear Phishing
• Phishing
– Fake emails that attempt to acquire sensitive
information such as usernames, passwords, credit
card, and bank account details by masquerading
as a trustworthy entity, such as a bank, ebay, and
paypal.
• Spear Phishing
– Like Phishing, but the emails are targeted.
– Example, targeting only UW employees with a fake
email from UWYO bank.
Browser attacks
• Cross-site Scripting (XXS)
– Broadly defined as tricking web pages into displaying
web surfer supplied data capable of altering the page
for the viewer.
• Cross-site Request Forgeries (CSRF)
– exploits the trust that a site has in a user's browser to
run unauthorized commands
• Drive by attacks.
– Using vulnerabilities in the browser to attack a user
computer. The user doesn’t need to take any action
other then to visit the a infected site.
Denial of Service
• Denial of Service (DoS) and Distributed DoS
(DDoS)
– a type of attack on a network that is designed to
bring the network to its knees by flooding it with
useless traffic.
– The system because unusable, because it is to
busy dealing with useless traffic
– The intent is not necessary to crash the system.
Botnet
• A collection of software agents that run automatically
– a command and control structure is used to send
commands to botnet
• A computer becomes infected with malware of certain
botnet group. It’s now a zombie/bot computer for that
botnet.
• The botnet can be used for just about any kind of
attacks. A botnet controller is normally in it for the
money.
– The conficker botnet was estimated to have 10,000,000+
bots at it’s height.
rootkit
• software that enables continued privileged access to a computer
while actively hiding its presence from administrators by subverting
standard operating system functionality or other applications.
• Typically, an attacker installs a rootkit on a computer after first
obtaining root-level access, by another means.
• Once a rootkit is installed, it allows an attacker to mask the ongoing
intrusion and maintain privileged access to the computer by
circumventing normal authentication and authorization
mechanisms.
• Although rootkits can serve a variety of ends, they have gained
notoriety primarily as malware, hiding applications that appropriate
computing resources or steal passwords without the knowledge of
administrators and users of affected systems.
Target Attacks
• Some one/group really wants into one specific
site/target. Uses all these attacks and more to
break in.
• Example: Stuxnet
– some experts believe the Stuxnet weapon was
targeted at the Bushehr nuclear power plant in Iran.
– The New York Times adds that Israeli experts dispute
the suggestion that Stuxnet is an Israeli weapon
against Iran, arguing instead that their studies indicate
the virus is either "high-level industrial espionage
against Siemens [whose systems the virus takes
advantage of, or] a kind of academic experiment.”
Social Networks
• They provide an avenue of easy attack to users
who are willing to click on every link they
receive. In addition to malware, there's the
problem with accidental disclosure of
important details, like we've seen with the
military through Facebook and politicians
using Twitter.
DLL Hijacking
• This has been a know issue for 10+ years and
resurfaced in 2010
• What's interesting is that new research
uncovered it as both an attack method for
gaining control of a system and a method for
malware to use as persistence. To make
matters worse for security pros, new code
released through the Metasploit Project made
it incredibly easy to exploit.[1]
Embedded Systems
• Embedded systems made their way to the spotlight as
more attacks were focused on printers, smart meters,
industrial control systems, and the like.
• The VxWorks vulnerabilities published in August
demonstrated how easy it is to exploit fiber channel
switches, printers, and SCADA devices that were easily
found via Shodan.
• Of course, working with the vendor and understanding
what, if any, network access these devices have is
critical when deploying them because they could
provide an easy entry point into your network.
Shodan
• Shodan garnered a lot of attention in 2010
when security researchers showed just how
easy it was to find vulnerable systems on the
Internet without scanning for them.
• With Shodan, they could leverage scans
performed by someone else, and for a small
cost export all of that data and feed it into
their attack tools.
Lastly: Governance
• Not an attack, but contributes to them.
• Governance is a threat to both the sanity and
effectiveness of nearly every security professional.
• It can be a silent killer to the best-planned security
program when C-level executives do not back up the
security efforts because they don't understand where
their data is and what needs to be done to secure it.
• Effective communication of business risks and how to
reduce that risk without impacting the bottom line too
much is key.
Recall
• Object: “safe computing”
– Plan: assess risk
– Goals: privacy, integrity, availability
– Detection and recovery
Vulnerability management
• Define roles and responsibilities
–
–
–
–
Incident handling teams
Vulnerability assessments/scans
Review current threats
Educate and communicate
• Identify and evaluate assets
• Develop metrics
– Incidents/month
– Recovery time/costs
• Determine ACCEPTABLE RISK
A Quick Review of O/S
• Operating System:
– The most important part of the system software,
makes the system usable, Interface between
hardware and user software.
•
•
•
•
O/S is software that makes a computer usable
controls the functions of hardware
provides a user interface that is usable
allows system to be used by several different users/
processes (non-batch systems)
O/S Components
•
•
•
•
•
•
•
Process management
I/O management
Main Memory management
File & Storage Management
Protection
Networking
Command Interpreter
Process Management
• Process (or job): A program or a fraction of a
program that is loaded in main memory and
executing.
– We do not need the entire program code at once.
To process an instruction, CPU fetches and
executes one instruction of a process after
another in the main memory.
Tasks of Process Management
• Create, load, execute, suspend, resume, and terminate
processes
• Switch system among multiple processes in the main
memory (process scheduling)
• Provides communication mechanisms so that
processes can send (or receive) data to (or from) each
other (process communication).
• Control concurrent* access to shared data to keep
shared data consistent (process synchronization).
• Allocate/de-allocate resources properly to prevent or
avoid deadlock situation**
I/O Management
• Motivations:
– Provide the abstract level of H/W devices and keep
the details from applications to ensure proper use of
devices, to prevent errors, and to provide users with
convenient and efficient programming environment.
• Tasks of I/O Management of OS:
– Hide the details of H/W devices
– Manage main memory for the devices using cache,
buffer, and spooling
– Maintain and provide device driver interfaces
Main Memory management
• Process must be mapped to physical addresses
and loaded into main memory to be executed.
• Motivations:
– Increase system performance by increasing “hit” ratio
(e.g., optimum: when CPU read data or instruction, it
is in the main memory always)
– Maximize memory utilization
• Tasks of Main Memory Management of OS:
– Keep track of which memory area is used by whom.
– Allocate/de-allocated memory as need
File & Storage Management
• Motivation:
– Almost everything is stored in secondary storage.
Therefore, secondary storage access must be
efficient (i.e., performance) and convenient (i.e.,
easy to program I/O function in application level)
– Important data is duplicated and/or stored in
ternary storage.
File & Storage Management (2)
• Tasks of File Management
– Create, manipulate, delete files and directories
• Tasks of Storage Management
– Allocate, de-allocate, and defrag blocks[1]
– Bad block marking
– Scheduling for multiple I/O request to optimize
the performance
Networking
• Allow communications between computers
(more important for Client/Server OS and
Distributed OS).
Protection
• Protect hardware resources, Kernel code,
processes, files, and data from erroneous
programs and malicious programs.
Layered O/S
• Large single program but
internally broken up into
layers providing different
functionalities.
• Information hiding
between layers 
Increased security and
protection
• Easy to debug, test, and
modify O/S
• If one layer stops
working, entire system
will stop
• Example:
System Calls
Memory Management
Process Scheduling
I/O Management
Device Drivers
Unix O/S structure
A Kernel I/O Structure
DOS O/S Structure
MS-DOS
Layer
Structure
The Security question?
• Reasons for:
– Keep integrity of data
– privacy of users and data
– availability of system services
• security is the most important aspect of
system design & it must be designed in from
the start.
Security vs Protection
• Protection
– the actual mechanisms used to make it secure
• security
– Overall problem of making sure that no
unauthorized access occurs in a system service
Protection
• Operating system consists of a collection of objects,
hardware or software
• Each object has a unique name and can be accessed
through a well-defined set of operations.
• Protection problem - ensure that each object is
accessed correctly and only by those processes that
are allowed to do so.
Domain Structure
• Access-right = <object-name, rights-set>
where rights-set is a subset of all valid
operations that can be performed on the
object.
• Domain = set of access-rights
Hardware Protection
Examples that can be prevented:
1. An application program is trying to write in OS
kernel code in the main memory.
2. An application program is trying to write on
another program in the main memory.
3. An application runs infinite loop and hold CPU
time infinitely.
4. An application program prints indefinitely long
data repeatedly.
Hardware Protection
• Modern computer systems attack this
problem by using “dual-mode operation”.
– only OS can access I/O devices, memory, and CPU
in its “monitor” mode.
– Application programs access these resources
through “system calls” indirectly.
• OS may needs CPU timer and two additional
memory registers (base and limit)
The Security Problem
• Security must consider external environment of the
system, and protect it from:
– unauthorized access.
– malicious modification or destruction
– accidental introduction of inconsistency.
• Easier to protect against accidental than malicious misuse.
• We need to identify what types of attacks there are
– Can we create a complete list?
• Why or why not?
2 approaches for security
(Normally used in conjunction)
1. Use protection mechanisms
– know what intruders you are protecting from
– design a system to ensure no unauthorized
access from a class of intruders
– design principles must be correct & testing is
important
2 approaches for security (2)
2. Intrusion detection
–
–
–
–
some way of detecting a security violation
assume a system is not completely secure
provide mechanisms to monitor system during operation
some look for things that are not normal in the system.
monitor: load, time of use, etc.
– monitor system operations and report any unusual
activity to the system administrator in a timely manner.
Threat Monitoring
• Check for suspicious patterns of activity – i.e., several
incorrect password attempts may signal password
guessing.
• Audit log – records the time, user, and type of all
accesses to an object; useful for recovery from a
violation and developing better security measures.
• Scan the system periodically for security holes; done
when the computer is relatively unused.
Threat Monitoring (Cont.)
• Check for:
– Short or easy-to-guess passwords
– Unauthorized set-uid programs
– Unauthorized programs in system directories
– Unexpected long-running processes
– Improper directory protections
– Improper protections on system data files
– Dangerous entries in the program search path
(Trojan horse)
Library monitoring
• If a the O/S is comprised by an attack
• viruses, worms, whatever
– One of things that can happen is replacement of key O/S
libraries/DLLs.
• So now the attacker can probably get back in at will.
– So have to check for changes to system programs and
libraries:
• tripwire and other programs can do this nightly
• Problem: patches and updates
– They also change these libraries and system programs as
well.
Library monitoring (2)
• To verify libraries we could use hashing or
actually any part of the O/S.
– One possibility is to have the O/S use a hash
function (maybe MD5 or SHA-1) against important
programs/libraries before it actually uses them.
• This would prevent many viruses and worms from
simply overwriting them with their own code.
• But can you see the problems of this?
Using Hashing for O/S security
• Again we have transformed a security problem
with cryptography, but have caused new
security issues.
– Management of the stored hash values for the
programs and libraries.
• A virus writer must now insert the new hash value
• There will have to some way to do this, since patches
will update these programs as well.
– Protection of the program doing the hashing as
well.
OS Security Problem
• Flaws within the software of the OS
– incomplete parameter validation
•
•
•
•
•
–
–
–
–
–
data type and size
number and order
value and range
access rights
Bad if lower privileged process is calling more privileged process
leak of privileged data
race conditions (time-of-check to time-of-use)
inadequate authentication/authorization
table/stack/memory overflows
logic errors (exploiting side effects, unintended uses)
NSA security check list
• The National Security Agency is publishing a
number of unclassified Security
Recommendation Guides for Windows, *nix,
databases, routers, etc are available at
• http://www.nsa.gov/snac/
Q&A