Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Lecture 30 Security II Based on Silberschatz & Galvin’s slides And Stallings’ slides 30.1 System Threats • • • Most operating systems provide a means for processes to spawn other processes. In such an environment, it is possible to create a situation where operating-system resources and user files are misused Methods for achieving this misuse – Worms – Viruses – Bacteria 30.2 System Threats • Worms – Use network connections to spread form system to system – Electronic mail facility a worm mails a copy of itself to other systems – Remote execution capability a worm executes a copy of itself on another system – Remote log-in capability a worm logs on to a remote system as a user and then uses commands to copy itself from one system to the other 30.3 System Threats • Viruses – Program that can infect other programs by modifying them modification includes copy of virus program the infected program can infect other programs 30.4 Virus Stages • • Dormant phase – virus is idle Propagation phase – virus places an identical copy of itself into other programs or into certain system areas on the disk 30.5 Virus Stages • • Triggering phase – virus is activated to perform the function for which it was intended – caused by a variety of system events Execution phase – function is performed 30.6 Types of Viruses • • Parasitic – attaches itself to executable files and replicates – when the infected program is executed, it looks for other executables to infect Memory-resident – lodges in main memory as part of a resident system program – once in memory, it infects every program that executes 30.7 Types of Viruses • • Boot sector – infects boot record – spreads when system is booted from the disk containing the virus Stealth – designed to hide itself form detection by antivirus software – may use compression 30.8 Types of Viruses • Polymorphic – mutates with every infection, making detection by the signature of the virus impossible – creates copies of itself that are functionally equivalent but have distinctly different bit patterns 30.9 Antivirus Approaches • First-generation – scanner identifies virus by its signature – virus has same structure and bit pattern in all copies – maintains a record of the length of the programs and looks for changes in length 30.10 Antivirus Approaches • Second-generation – uses heuristic rules to search for probable virus infection – looks for fragments of code that are often associated with viruses 30.11 Antivirus Approaches • Third-generation – memory-resident programs that identify a virus by its actions rather than its structure – intervene when these actions take place 30.12 Antivirus Approaches • Fourth-generation – consists of a variety of antivirus techniques used in conjunction 30.13 System Threats • Bacteria – Purpose is to replicate themselves – Reproduce exponentially take up all the processor capacity take up memory take up disk space deny users access to resources 30.14 Threat Monitoring • Check for suspicious patterns of activity – i.e., several incorrect password attempts may signal password guessing. • Audit log – records the time, user, and type of all accesses to an object; useful for recovery from a violation and developing better security measures. • Scan the system periodically for security holes; done when the computer is relatively unused. 30.15 Threat Monitoring (Cont.) • Check for: – Short or easy-to-guess passwords – Unauthorized set-uid programs – Unauthorized programs in system directories – Unexpected long-running processes – Improper directory protections – Improper protections on system data files – Dangerous entries in the program search path (Trojan horse) – Changes to system programs: monitor checksum values 30.16