Computer Security Lecture 9: Viruses and Self-Reproducing Code, Study notes of Computer Science

A transcript from a computer science lecture on february 7, 2005, focusing on viruses and self-reproducing code. The lecture covers the basics of viruses, their self-reproduction, and their attachment to other programs. It also discusses the challenges of writing viruses in different programming languages and the characteristics of successful viruses. The lecture also covers the concept of worms and their spread between network hosts through buffer overflow attacks.

Typology: Study notes

Pre 2010

Uploaded on 03/19/2009

koofers-user-l4p
koofers-user-l4p 🇺🇸

10 documents

1 / 12

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Feb 7, 2005 -- Lecture 9
22C:169
Computer Security
Douglas W. Jones
Department of Computer Science
Viruses
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Computer Security Lecture 9: Viruses and Self-Reproducing Code and more Study notes Computer Science in PDF only on Docsity!

Feb 7, 2005 -- Lecture 9

22C:

Computer Security

Douglas W. Jones Department of Computer Science

Viruses

Self Reproducing Code Simple to write in reflexive languages eg: assembly language Difficult in compiled languages (eg C) main(a) { a="main(a){a=%c%s%c;printf(a,34,a,34);}"; printf(a,34,a,34); } #define q(k)main(){puts(#k"\nq("#k")");} q(#define q(k)main(){puts(#k"\nq("#k")");})

A Virus is: A self-reproducing code fragment That attaches itself to other programs instead of merely outputting itself Therefore, it must contain code to Search out targets Edit targets In addition to basic self-reproduction

Successful viruses: Attach to files likely to be exported MS-Word documents Games Evade notice No obvious side effects No heavy disk usage No huge file-size increment

Detect viral code Does P include code that does X Generally: Equivalent to Halting Problem We rely on approximations Large catalogs of known viruses Patterns of "dangerous operations" Either miss some viruses or prevent some legitimate operation

Worms John Bruner's Shockwave Rider , 1975 First Implemented, Xerox PARC, 1978 Self reproducing code Spreads between network hosts Spread via network links Requirements Read from link executes code Deliberately or not

How can worms invade? Error in network interface that allows injection of code where data intended Buffer Overflow Attack Debugging interfaces left in place Beware: Sensible development tools can be dangerous in production

Buffer Overflow Vulnerability: int f( int i ) { char a[32]; gets( a ); return lookup(a); }