Download Attacks on Desktop Computers - Introduction to Computer Security - Lecture Slides and more Slides Computer Security in PDF only on Docsity!
Attacks on Desktop Computers:
Malicious Code Hardware attacks
Program Flaws
Taxonomy of flaws:
- how (genesis)
- when (time)
- where (location)
the flaw was introduced into the system
Kinds of Malicious Codes
- Virus : a program that attaches copies of itself into other programs. Propagates and performs some unwanted function.
- Rabbit (Bacteria) : program that consumes system resources by replicating itself.
Kinds of Malicious Code
- Worm : a program that propagates copies of itself through the network. Usually performs some unwanted function. - Does not attach to other programs
- Trojan Horse : secret, undocumented routine embedded within a useful program. Execution of the program results in execution of secret code.
Kinds of Malicious Code
- Rootkits : aims to hide the presence of itself and other malicious code on the computer by corrupting detection capabilities. Usually limited to the corrupted computer.
- Zombies and Botnets : computers under the control of a remote entity. Attackers goals: spreading virus, attacking internet communications, stealing personal data, manipulating online polls, DOS.
Virus
Virus lifecycle:
1. Dormant phase : the virus is idle. (not all viruses have this stage) 2. Propagation phase : the virus places an identical copy of itself into other programs of into certain system areas. 3. Triggering phase : the virus is activated to perform the function for which it was created. 4. Execution phase : the function is performed. The function may be harmless or damaging.
Virus Types
- Boot Sector Viruses :
- Infects the boot record and spreads when system is booted.
- Gains control of machine before the virus detection tools.
- Very hard to notice
- Carrier files: AUTOEXEC.BAT, CONFIG.SYS,IO.SYS
Virus Types
- Stealth virus : a form of virus explicitly designed to hide from detection by antivirus software.
- Polymorphic virus : a virus that mutates with every infection making detection by the “signature” of the virus difficult.
How Viruses Append
Original program
virus Original program
Virus-
Virus surrounding a program
Virus-
How Viruses Append
Original program
virus
Original program
Virus-
Virus integrated into program
Virus-
Virus- Virus-
Virus Signatures
- Storage pattern
- Code always located on a specific address
- Increased file size
- Execution pattern
- Transmission pattern
- Polymorphic Viruses
Antivirus Approaches
- Detection : determine infection and locate the virus.
- Identification : identify the specific virus.
- Removal : remove the virus from all infected systems, so the disease cannot spread further.
- Recovery : restore the system to its original state.
Worm
- Self-replicating (like virus)
- Objective: system penetration (intruder)
- Phases: dormant, propagation, triggering, and execution
- Propagation:
- Searches for other systems to infect (e.g., host tables)
- Establishes connection with remote system
- Copies itself to remote system
- Execute
Hardware Attacks
- Basic Input/Output System (BIOS)
- USB Devices
- Cell Phones
- Physical Theft