Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Hepatitis C wikipedia , lookup
Human cytomegalovirus wikipedia , lookup
Elsayed Elsayed Wagih wikipedia , lookup
Taura syndrome wikipedia , lookup
Marburg virus disease wikipedia , lookup
Hepatitis B wikipedia , lookup
Orthohantavirus wikipedia , lookup
Influenza A virus wikipedia , lookup
Canine distemper wikipedia , lookup
Canine parvovirus wikipedia , lookup
Malicious Logic and Defenses Malicious Logic • Trojan Horse – A Trojan horse is a program with an overt (documented or known) effect and covert (undocumented or unknown) effects. – A Propagating Trojan horse is a Trojan horse that creates a copy of itself – Example of Trojan horse is the game animal. – The central idea is that the Trojan horse modifies the compiler to insert itself into specific programs, including future version of the compiler itself. Malicious Logic • Computer Viruses – When Trojan horse can propagate freely and insert a copy of itself into another file, it becomes a computer virus. – A computer virus is a program that insert itself into one or more files and then performs some action. – The first phase in which the virus insert itself into a file is called the insertion phase and the second phase, in which it perform some action, is called the execution phase. – Computer viruses have no covert purpose it only have overt purpose which is to infect and execute Malicious Logic • Types of Computer Viruses – Boot Sector Infectors • A boot sector injector is a virus that insert itself into the boot sector of a disk. – Executable Infector • An executable infector is a virus that infects executable program. • Generally .exe, .com files are infected by this virus. – Multipartite viruses • A multipartite virus is one that can infect either boot sector or applications. Malicious Logic – TSR Viruses • A terminate and stay resident (TRS) virus is one that stays active in the memory after application has been terminated. • TSR virus can be boot sector or executable infectors. – Stealth Virus • Stealth viruses are viruses that conceal the infection of files. – Encrypted viruses • An encrypted virus is one that enciphers all the virus code except for a small decryption routine Malicious Logic – Polymorphic Virus • A polymorphic virus is a virus that changes its form each time it inserts itself into another program. – Macro Virus • A macro virus is a virus composed of a sequence of instructions that is interpreted, rather than executed directly. • This type of virus can execute on any system that can interpret the instruction. • It can infect either executable or data files. Malicious Logic • Computer Worms – Computer worm is a program that copies itself from one computer to another computer. • Other Forms of Malicious Logic – Rabbits and Bacteria • A Bacterium or a rabbit is a program that absorbs all of some class of resource. • Creates DOS attacks. – Logic Bombs • A logic bombs is a program that performs an action that violates the security policy when some external event occurs. Defenses • Defending against malicious logic takes advantage of several different characteristics of malicious logic to detect or to block, its execution. • Sandboxing – Sandboxing are Virtual machines implicitly restrict process right. – Common implementation of this approach is to restrict the program by modifying it. – Special instructions inserted into the object code cause traps whenever an instruction violates the security policy. – The executable dynamically loads libraries, special libraries with the desired restrictions replace the standard libraries. Defenses • Information flow metrics – This approach is to limit the distance a virus can spread. • Reducing the rights – The user can reduce her/his associated protection domain when running a suspect program. – It follows the principle of least privilege. • Malicious logic altering files • Proof-carrying code • Notion of trust Introduction to Virtual Machine • Virtual Machine(VM) structure – A VM runs on a virtual monitor. – Monitor virtualizes the resources of the underlying system and presents to each VM the illusion that it and it alone is using the hardware. • Virtual machine monitor(VMM) – The VMM runs at the highest level of privilege. – Keeps track of the state of each VM just as an ordinary Operating System keeps track of the state of its processes. – When a privileged instruction is executed, the hardware cause a trap to the VMM. – The monitor services the interrupt and restores the state of the caller.