Computer Security Threats Patricia Roy Manatee Community College Venice FL 2008 Prentice Hall Operating Systems Internals and Design Principles 6E William Stallings Computer Security Confidentiality ID: 321895
Download Presentation The PPT/PDF document "Chapter 14" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Chapter 14
Computer Security Threats
Patricia RoyManatee Community College, Venice, FL©2008, Prentice Hall
Operating Systems:
Internals and Design Principles, 6/E
William StallingsSlide2
Computer Security
ConfidentialityData confidentialityPrivacyIntegrity
Data integritySystem integrityAvailabiltySlide3
The Security Requirements TriadSlide4
Additional Concepts
AuthenticityAccountabilitySlide5
ThreatsSlide6
ThreatsSlide7
ThreatsSlide8
ThreatsSlide9
Scope of System SecuritySlide10
AssetsSlide11
Intruders
MasqueraderMisfeasorClandestine userSlide12
IntrudersSlide13
IntrudersSlide14
IntrudersSlide15
Backdoor
TrapdoorSecret entry pointUseful for programmers debugginSlide16
Logic Bomb
Explodes when certain conditions are metPresence or absence of certain filesParticular day of the weekParticular user running applicationSlide17
Trojan Horse
Useful program that contains hidden code that when invoked performs some unwanted or harmful functionCan be used to accomplish functions indirectly that an unauthorized user could not accomplish directlyUser may set file permission so everyone has accessSlide18
Mobile Code
Transmitted from remote system to local systemExecuted on local system without the user’s explicit instructionSlide19
Multiple-Threat Malware
Multipartite virus infects in multiple waysBlended attack uses multiple methodsEx: Nimda has worm, virus, and mobile code characteristicsSlide20
Parts of Virus
Infection mechanismTriggerPayloadSlide21
Virus Stages
Dormant phaseVirus is idlePropagation phaseVirus places an identical copy of itself into other programs or into certain system areas on the disk
21Slide22
Virus Stages
Triggering phaseVirus is activated to perform the function for which it was intendedCaused by a variety of system eventsExecution phase
Function is performed
22Slide23
Simple VirusSlide24
Compression VirusSlide25
Virus Classification by Target
Boot sector infectorFile infectorMacro virusSlide26
Virus Classification by Concealment Strategy
Encrypted virusRandom encryption key encrypts remainder of virusStealth virusHides itself from detection of antivirus softwareSlide27
Virus Classification by Concealment Strategy
Polymorphic virusMutates with every infectionMetamorphic virusMutates with every infection
Rewrites itself completely after every iterationSlide28
Macro Viruses
Platform independentMost infect Microsoft Word documentsInfect documents, not executable portions of codeEasily spread
File system access controls are of limited use in preventing spread28Slide29
E-Mail Viruses
AttachmentOpen e-mail Uses e-mail software to replicateSlide30
Worms
Use network connections to spread form system to systemElectronic mail facilityA worm mails a copy of itself to other systems
30Slide31
Worms
Remote execution capabilityA worm executes a copy of itself on another systemRemote log-in capabilityA worm logs on to a remote system as a user and then uses commands to copy itself from one system to the otherSlide32
Worm Propagation ModelSlide33
Bots
Zombie or droneProgram secretly takes of another Internet-attached computerLaunch attacks that are difficult to trace to bot’s creatorCollection of bots is a botnetSlide34
Rootkit
Set of programs installed on a system to maintain administrator (or root) access to that systemHides its existeceSlide35
System Call Table Modification by Rootkit