IT 2030C Chapter 2: Chapter 2: Chapter 2 - Controlling a Computer
Chapter 2 - Controlling a Computer
Buffer Overflows and the Morris Worm
One of the vulnerabilities Morris used was in a networking service called “finger.” The purpose of finger was to
report the status of individual computer users.
Buffer Overflow the program reads too much data into the buffer.
The extra data is written over other data items nearby in RAM.
Morris designed the overflow data to contain two essential components:
A sequence of computer instructions (a program called a “shellcode”) would start a command shell, like “cmd”
on Windows. Instead of taking commands from the keyboard, this shell took its commands from the attacking
host computer. The commands traveled over the same connection it used to attack the finger service.
A storage location contained the return address for the network read function. The overflow data overwrote the
return address.
On Microsoft systems, there is a specific data execution prevention (DEP) feature.
The operating system provides it, but only if applications take the trouble to distinguish between their control
and data sections.
Access Control Strategies
Computer-based access control falls into four categories that correspond to these real-world situations:
Islands: a potentially hostile process is marooned on an island. The process can only use resources brought to
it.
Vaults: a process has the right to use certain resources within a much larger repository. The process must ask
for access to the resources individually, and the system checks its access permissions on a case-by-case basis.
Puzzles: a process uses secret or hidden information in order to retrieve particular data items. This provides
effective protection only if it is not practical to try to guess the unknown information through exhaustive trial and
error.
Patterns: the data items and programs made available to a process are compared against patterns associated
with hostile data. If the data item matches a pattern, the system discards the data or at least blocks access to it
by other processes. This technique is not very reliable and is used as a last resort.
Islands
The operating system gives the process access to its own RAM and to carefully metered turns using the CPU.
The island forms its own security domain, within which the process has free rein.
This type of access control is called “isolation and mediation.” We isolate the process, or group of processes,
to create the island. We then “mediate” its access to other resources. We try to do this with risky processes so
that we may restrict the damage they might do.
Computer-based access control begins by making each process into its own island.
Vaults
Often the operating system provides access to a vault of computing resources. Each request is checked to
ensure the process has permission to use the file or other resource.
Puzzles and Patterns
Most powerful puzzle-based form appears in cryptography, or crypto.
Crypto provides us with a variety of mathematical techniques to hide data through encryption or to
authenticate its contents.
Another puzzle technique is called steganography
We try to hide one collection of information inside another.
Puzzles also provide a popular but less-effective form of protection called security through obscurity,or “STO”
for short.
This approach often relies on hiding to keep resources safe, without weighing the risk of potential attackers
finding the resources through a process of searching.
Open Design
When we practice Open Design, we don’t keep our security mechanisms secret.
Instead, we build a mechanism that is strong by itself but kept secure using a component we easily change.
Open Design acknowledges the fact that attackers may “reverse engineer” a device to figure out how it works.
A well-designed security device still provides protection even after reverse engineering.
Cryptography and Open Design
The concept arises from Kerckhoffs’ principle, in which we assume that potential attackers already know
Document Summary
One of the vulnerabilities morris used was in a networking service called nger. the purpose of nger was to report the status of individual computer users. Bu er over ow the program reads too much data into the bu er. The extra data is written over other data items nearby in ram. Morris designed the over ow data to contain two essential components: A sequence of computer instructions (a program called a shellcode ) would start a command shell, like cmd on windows. Instead of taking commands from the keyboard, this shell took its commands from the attacking host computer. The commands traveled over the same connection it used to attack the nger service. A storage location contained the return address for the network read function. On microsoft systems, there is a speci c data execution prevention (dep) feature. The operating system provides it, but only if applications take the trouble to distinguish between their control and data sections.
