Download Malicious Logic and Defenses

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
Document related concepts

Hepatitis C wikipedia , lookup

Human cytomegalovirus wikipedia , lookup

Elsayed Elsayed Wagih wikipedia , lookup

Taura syndrome wikipedia , lookup

Marburg virus disease wikipedia , lookup

Hepatitis B wikipedia , lookup

Orthohantavirus wikipedia , lookup

Influenza A virus wikipedia , lookup

Canine distemper wikipedia , lookup

Canine parvovirus wikipedia , lookup

Plant virus wikipedia , lookup

Henipavirus wikipedia , lookup

Transcript 
Malicious Logic and Defenses
Malicious Logic
• Trojan Horse
– A Trojan horse is a program with an overt
(documented or known) effect and covert
(undocumented or unknown) effects.
– A Propagating Trojan horse is a Trojan horse that
creates a copy of itself
– Example of Trojan horse is the game animal.
– The central idea is that the Trojan horse modifies
the compiler to insert itself into specific programs,
including future version of the compiler itself.
Malicious Logic
• Computer Viruses
– When Trojan horse can propagate freely and insert a
copy of itself into another file, it becomes a computer
virus.
– A computer virus is a program that insert itself into
one or more files and then performs some action.
– The first phase in which the virus insert itself into a
file is called the insertion phase and the second phase,
in which it perform some action, is called the
execution phase.
– Computer viruses have no covert purpose it only have
overt purpose which is to infect and execute
Malicious Logic
• Types of Computer Viruses
– Boot Sector Infectors
• A boot sector injector is a virus that insert itself into the
boot sector of a disk.
– Executable Infector
• An executable infector is a virus that infects executable
program.
• Generally .exe, .com files are infected by this virus.
– Multipartite viruses
• A multipartite virus is one that can infect either boot sector
or applications.
Malicious Logic
– TSR Viruses
• A terminate and stay resident (TRS) virus is one that
stays active in the memory after application has been
terminated.
• TSR virus can be boot sector or executable infectors.
– Stealth Virus
• Stealth viruses are viruses that conceal the infection of
files.
– Encrypted viruses
• An encrypted virus is one that enciphers all the virus
code except for a small decryption routine
Malicious Logic
– Polymorphic Virus
• A polymorphic virus is a virus that changes its form
each time it inserts itself into another program.
– Macro Virus
• A macro virus is a virus composed of a sequence of
instructions that is interpreted, rather than executed
directly.
• This type of virus can execute on any system that can
interpret the instruction.
• It can infect either executable or data files.
Malicious Logic
• Computer Worms
– Computer worm is a program that copies itself from
one computer to another computer.
• Other Forms of Malicious Logic
– Rabbits and Bacteria
• A Bacterium or a rabbit is a program that absorbs all of some
class of resource.
• Creates DOS attacks.
– Logic Bombs
• A logic bombs is a program that performs an action that
violates the security policy when some external event
occurs.
Defenses
• Defending against malicious logic takes advantage of
several different characteristics of malicious logic to
detect or to block, its execution.
• Sandboxing
– Sandboxing are Virtual machines implicitly restrict process
right.
– Common implementation of this approach is to restrict the
program by modifying it.
– Special instructions inserted into the object code cause
traps whenever an instruction violates the security policy.
– The executable dynamically loads libraries, special libraries
with the desired restrictions replace the standard libraries.
Defenses
• Information flow metrics
– This approach is to limit the distance a virus can
spread.
• Reducing the rights
– The user can reduce her/his associated protection
domain when running a suspect program.
– It follows the principle of least privilege.
• Malicious logic altering files
• Proof-carrying code
• Notion of trust
Introduction to Virtual Machine
• Virtual Machine(VM) structure
– A VM runs on a virtual monitor.
– Monitor virtualizes the resources of the underlying system and
presents to each VM the illusion that it and it alone is using the
hardware.
• Virtual machine monitor(VMM)
– The VMM runs at the highest level of privilege.
– Keeps track of the state of each VM just as an ordinary Operating
System keeps track of the state of its processes.
– When a privileged instruction is executed, the hardware cause a trap
to the VMM.
– The monitor services the interrupt and restores the state of the caller.
Related documents
Name______________________________________Hour 1-2 3
Name______________________________________Hour 1-2 3
Viruses - StantonAPBiology
Viruses - StantonAPBiology
Understanding viruses classwork
Understanding viruses classwork
IHNV (Infectious Hematopoietic Necrosis Virus) is one of the most
IHNV (Infectious Hematopoietic Necrosis Virus) is one of the most
Computer Virus Could Become Biological
Computer Virus Could Become Biological
Deardorff COBRE seminar 082913 (PDF)
Deardorff COBRE seminar 082913 (PDF)
Virus Textbook Assignment
Virus Textbook Assignment
Contagion Worksheet
Contagion Worksheet
brehlik , kapás , váczi - ITIS Cannizzaro Colleferro
brehlik , kapás , váczi - ITIS Cannizzaro Colleferro
Chapter 24- Viruses, section review answers
Chapter 24- Viruses, section review answers