DOCSLIB.ORG

Security Flaws in Mainstream Linux Distributions

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Turkish Journal of Physiotherapy and Rehabilitation; 32(3) ISSN 2651-4451 | e-ISSN 2651-446X SECURITY FLAWS IN MAINSTREAM LINUX DISTRIBUTIONS Shubham Saini1, Devansh Patel2, G.K. Sandhia3 1School of Computing, SRMIST Chennai 2School of Computing, SRMIST Chennai 3Assistant Professor, School of Computing, SRMIST Chennai ABSTRACT: This paper aims to analyze the research that has been done in the field of Operating Systems and the software used by them. Recently Linux has started to play a pivotal role in regular operating systems, so security is the main concerning factor based on the large market share of different distributions of linux. In this paper, comparisons have been made between OpenSSL with LibreSSL, systemD with other init systems, musl with glibc and Xorg with Wayland. I. INTRODUCTION: Linux is a UNIX like operating system . Actually, linux is a kernel but people confuse it as an operating system. A Finnish-American software engineer named Linus Torvalds, released the kernel on 5 October 1991. Being written from scratch, it does not contain any legacy code. A model of free and open source software is used and then packaged into an operating system which usually contains an init system, linux kernel, coreutils etc. The source code can be distributed, used and modified as the kernel is released under GPL license. Some of the popular Linux distributions include Fedora, Ubuntu, Linux Mint, Debian, Red Hat, Arch Linux, and SUSE Linux organization server. Many Linux distributions are called “Distros” in short. Distributions use a package manager such as apt, zipper, yum, portage or pacman to install, modify and remove all of the system's software from one location. As many systems run linux as their daily driver, it becomes very important to secure it properly. With a market share of nearly 37% and it’s usage in large businesses, linux has been widely used worldwide. Most of the time, people are using mainstream distributions of linux like Ubuntu, Arch, Fedora, RedHat etc. In this paper, we’re going to demonstrate how that can be insecure and bad for your business. In this paper, a clear comparison and security standards have been made between the code present in mainstream distributions with those of open source alternatives present. II. COMPARISON OF OPENSSL WITH LIBRESSL 2.1 What is LibreSSL? LibreSSL is a fork of openSSL 1.0.1g by OpenBSD. It is an open-source implementation of the transport layer security (TLS) and many newer features added since the fork. It is generally the crypto stack which is responsible for handling secure communications against eavesdropping or need to identify the party at the other end over computer networks. It is widely used in web servers and most of the HTTPS websites. After the HeartBleed vulnerability, the OpenBSD team decided to audit the source code of OpenSSL and decided to fork it to remove dangerous code. 2.2 Why is LibreSSL more secure? As of November 2020, OpenSSL has 664,111 lines of code whereas 377,749 lines of code. More lines of code means that your code is more prone to bugs and vulnerabilities. If you provide a lawyer with a document which contains 500 lines and another document with 1000 lines, the lawyer will be able to find more legal flaws in the latter one. This is evident because since its release OpenSSL has 203 vulnerabilities and LibreSSL has only 7. Moreover there was no high risk CVE (Common Vulnerability Exposure)in LibreSSL. www.turkjphysiotherrehabil.org 3272 Turkish Journal of Physiotherapy and Rehabilitation; 32(3) ISSN 2651-4451 | e-ISSN 2651-446X 2.3 LibTLS LibreSSL uses libtls which is a new API to replace the OpenSSL compatible API’s that are in use today. OpenSSL API is very complex and difficult to use. The OpenSSL application is unsuitable for production use. On the other hand, libtls is designed to make easier more foolproof applications. Libtls is more secure, not only that, it is also legacy compatible. TLS connections made with libtls uses a set of functions throughout their life cycle. tls_init() tls_config_set() tls_configure() tls_server() or tls_client() tls_server() or tls_client() tls_accept() or tls_connect() tls_handshake() tls_read() and tls_write() tls_close() tls_free() The Traditional OpenSSL API does not follow semantics of read() and write(). Also, it can do strange things like connect to a different daemon when you do a read or write or block on a descriptor (/dev/Xrandom). You can easily convert an existing program to use TLS if the semantics are similar. But we can’t use the same semantics, these are not single system calls. The goal of LibreSSL is to make read() and write() similar to tls_read() and tls_write() can use it with a minimum of fuss. The loop for tls_write() is similar to write(). The code for tls_write on a blocking file descriptor is as follows: while (len >0){ ssize_t ret; ret = tls_write(ctx, buf, len); if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) continue; if (ret<0){ if (errno == EAGAIN || errno ==EINTR) continue; err(1, “write: %s”, tls_error(ctx)); } buf +=ret; len -=ret; } Similar semantics are used in Libtls to maintain coherence. At this stage, tls_read() and tls_write() free the global errno variable to prevent callers from abusing the error conditions. To get an error message on failure, Libtls provides tls_error(). 2.4 Removed redundant code The libreSSL fork removed 90,000 lines of code from the openSSL code base. It also split out non-crypto things from libcrypto. And make it independent from the libreSSL code by splitting it from its code base. III. COMPARISON OF SYSTEMD WITH OTHER INIT SYSTEMS 3.1 What is an init system? A computer’s startup or boot process begins with the BIOS. After completing hardware initializations and checks, the BIOS starts the bootloader. The bootloader accesses the MBR(master boot record) or UEFI(Unified Extensible Firmware Interface) on your storage device. It uses the data in the drive and starts the kernel. Then, the kernel loads into memory, decompresses itself and initializes. After kernel loads, a temporary file system is created in RAM by a utility known as initramfs. This allows the required drivers to be initialized and loaded. Also, allows the userspace www.turkjphysiotherrehabil.org 3273 Turkish Journal of Physiotherapy and Rehabilitation; 32(3) ISSN 2651-4451 | e-ISSN 2651-446X file system to load and prepare the environment. An init system is the first process started after the kernel. It handles the creation of the user-space environment and gets PID 1 on the system. The init process is always executed by the kernel after the early stages of bootup are completed by the BIOS and bootloader. 3.2 A project that doesn’t follow philosophy of UNIX Systemd does not follow the Unix philosophy which focuses on making your project simple, short and modular which can be easily maintained by developers other than the creator. This can be seen from the large code base of the project. The whole project consists of 575k lines of code, compared to 16k of openrc, 8.5k of sysvinit and 1.1k of runit. With a massive code base it becomes very difficult for other programmers to maintain it and do security checks. Also a huge code base can lead to breaking the project more often and attack surface is increased manifolds. As linux is a open source project and systemd is maintained by RedHat, the open source community is also becoming centralized because of RedHat alone taking control of the project. Besides, it handle things like device management, power management, mount points, cron, encryption, syslog, network configuration etc. which are responsibilities that exceed those of a simple init system. Also the author of the project has no respect for the IEEE computer society, nor the POSIX standard. In fact, he encouraged developers to ignore POSIX. 3.3 Slow startup times Let’s get more technical and compare it with other init systems present in the market. systemd is much more than an init replacement. It’s a whole suite of software with approximately 70 binaries that handle logging, journaling, daemons, cron jobs and services besides system initialization. This bulk has nothing to do with system initialization. Some of these are systemd-udevd, systemd-logind, systemd-resolvd, systemd-networkd, systemd-tmpfiles, systemd-homed etc. All of these features that systemd provides already existed in linux. To add all of this functionality again just makes your system bloated and increases your attack surface. These bulky services that comes with it lead to a slow startup time. Also some of them are not compatible with other projects like openvpn. 3.4 Binary logging In binary logging, the tools used to parse the logs will have to be aware of its format and know how to deal with ways when it can be corrupted. The binary logging feature provides faster indexing but binary logs are more easily corrupted. Right now, only journald, with journalctl knows the format of the binary logging structure used by systemd. 3.5 CVEs and issues As of Nov 20, systemd has nearly 59 CVEs registered which is a lot just for an init system. It’s a huge security risk as hackers can use these to take control of the whole operating system. As systemd is assigned PID 1 and is responsible for initializing other daemons and services, a bad actor with proper tools can abuse that to launch malicious services. There are also 1341 open issues on github, where the whole codebase of systemd is present. 3.6 Renaming network interfaces The project shifted more often that it breaks backward compatibility. In systemd version 239, the project named the network interfaces differently that its previous versions.
Recommended publications
  • A Story of an Embedded Linux Botnet

    A Story of an Embedded Linux Botnet

    A Moose Once Bit My Honeypot A Story of an Embedded Linux Botnet by Olivier Bilodeau (@obilodeau) $ apropos Embedded Linux Malware Moose DNA (description) Moose Herding (the Operation) What’s New? Take Aways $ whoami Malware Researcher at ESET Infosec lecturer at ETS University in Montreal Previously infosec developer, network admin, linux system admin Co-founder Montrehack (hands-on security workshops) Founder NorthSec Hacker Jeopardy Embedded Linux Malware What marketing likes to call "Internet of Things Malware" Malware Running On An Embedded Linux System Like consumer routers DVR Smart TVs IP Camera monitoring systems … Caracteristics of Embedded Linux Systems Small amount of memory Small amount of flash Non x86 architectures: ARM, MIPS Wide-variety of libc implementations / versions Same ABI-compatible Linux kernel (2.4 < x < 4.3) Support ELF binaries Rarely an integrated UI Networked Why Threats On These Systems Matters? Hard to detect Hard to remediate Hard to fix Low hanging fruit for bad guys It’s Real Several cases disclosed in the last two years A lot of same-old background noise (DDoSer) Things are only getting worse Wait, is IoT malware really about things? NNoo.. NNoott yyeett.. So what kind of malware can we find on such insecure devices? Linux/Aidra Linux/Bassobo ChinaZ family (XOR.DDoS, …) Linux/Dofloo Linux/DNSAmp (Mr Black, BillGates) Linux/Gafgyt (LizardStresser) Linux/Hydra Linux/Tsunami … LLeessssoonn LLeeaarrnneedd ##00 Statically-linked stripped binaries Static/stripped ELF primer No imports (library calls) present
  • Libressl Presentatie2

    Libressl Presentatie2

    Birth of LibreSSL and its current status Frank Timmers Consutant, Snow B.V. Background What is LibreSSL • A fork of OpenSSL 1.0.1g • Being worked on extensively by a number of OpenBSD developers What is OpenSSL • OpenSSL is an open source SSL/TLS crypto library • Currently the de facto standard for many servers and clients • Used for securing http, smtp, imap and many others Alternatives • Netscape Security Services (NSS) • BoringSSL • GnuTLS What is Heartbleed • Heartbleed was a bug leaking of private data (keys) from both client and server • At this moment known as “the worst bug ever” • Heartbeat code for DTLS over UDP • So why was this also included in the TCP code? • Not the reason to create a fork Why did this happen • Nobody looked • Or at least didn’t admit they looked Why did nobody look • The code is horrible • Those who did look, quickly looked away and hoped upstream could deal with it Why was the code so horrible • Buggy re-implementations of standard libc functions like random() and malloc() • Forces all platforms to use these buggy implementations • Nested #ifdef, #ifndefs (up to 17 layers deep) through out the code • Written in “OpenSSL C”, basically their own dialect • Everything on by default Why was it so horrible? crypto_malloc • Never frees memory (Tools like Valgrind, Coverity can’t spot bugs) • Used LIFO recycling (Use after free?) • Included debug malloc by default, logging private data • Included the ability to replace malloc/free at runtime #ifdef trees • #ifdef, #elif, #else trees up to 17 layers deep • Throughout the complete source • Some of which could never be reached • Hard to see what is or not compiled in 1.

  • It's Complicated but It's Probably Already Booting Your Computer

    FAQ SYSTEMD SYSTEMD It’s complicated but it’s probably already booting your computer. dynamically connect to your network, a runlevel of 1 for a single-user mode, GRAHAM MORRISON while syslogd pools all the system runlevel 3 for the same command messages together to create a log of prompt we described earlier, and Surely the ‘d’ in Systemd is everything important. Another daemon, runlevel 5 to launch a graphical a typo? though it lacks the ‘d’, is init – famous environment. Changing this for your No –it’s a form of Unix notation for being the first process that runs on next boot often involved editing the used to signify a daemon. your system. /etc/inittab file, and you’d soon get used to manually starting and stopping You mean like those little Isn’t init used to switch your own services simply by executing devils inhabiting Dante’s between the command-line the scripts you found. underworld? and the graphical desktop? There is a link in that Unix usage For many of us, yes. This was the You seem to be using the past of the term daemon supposedly main way of going from the tense for all this talk about the comes from Greek mythology, where desktop to a command line and back init daemon… daemons invisibly wove their magic again without trying to figure out which That’s because the and benign influence. The word is today processes to kill or start manually. aforementioned Systemd wants more commonly spelt ‘demon’, which Typing init 3 would typically close any to put init in the past.
  • Getting to Grips with Unix and the Linux Family

    Getting to Grips with Unix and the Linux Family

    Getting to grips with Unix and the Linux family David Chiappini, Giulio Pasqualetti, Tommaso Redaelli Torino, International Conference of Physics Students August 10, 2017 According to the booklet At this end of this session, you can expect: • To have an overview of the history of computer science • To understand the general functioning and similarities of Unix-like systems • To be able to distinguish the features of different Linux distributions • To be able to use basic Linux commands • To know how to build your own operating system • To hack the NSA • To produce the worst software bug EVER According to the booklet update At this end of this session, you can expect: • To have an overview of the history of computer science • To understand the general functioning and similarities of Unix-like systems • To be able to distinguish the features of different Linux distributions • To be able to use basic Linux commands • To know how to build your own operating system • To hack the NSA • To produce the worst software bug EVER A first data analysis with the shell, sed & awk an interactive workshop 1 at the beginning, there was UNIX... 2 ...then there was GNU 3 getting hands dirty common commands wait till you see piping 4 regular expressions 5 sed 6 awk 7 challenge time What's UNIX • Bell Labs was a really cool place to be in the 60s-70s • UNIX was a OS developed by Bell labs • they used C, which was also developed there • UNIX became the de facto standard on how to make an OS UNIX Philosophy • Write programs that do one thing and do it well.
  • Survivor: a Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems

    Survivor: a Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems

    Survivor: A Fine-Grained Intrusion Response and Recovery Approach for Commodity Operating Systems Ronny Chevalier David Plaquin HP Labs HP Labs CentraleSupélec, Inria, CNRS, IRISA [email protected] [email protected] Chris Dalton Guillaume Hiet HP Labs CentraleSupélec, Inria, CNRS, IRISA [email protected] [email protected] ABSTRACT 1 INTRODUCTION Despite the deployment of preventive security mechanisms to pro- Despite progress in preventive security mechanisms such as cryp- tect the assets and computing platforms of users, intrusions even- tography, secure coding practices, or network security, given time, tually occur. We propose a novel intrusion survivability approach an intrusion will eventually occur. Such a case may happen due to to withstand ongoing intrusions. Our approach relies on an orches- technical reasons (e.g., a misconfiguration, a system not updated, tration of fine-grained recovery and per-service responses (e.g., or an unknown vulnerability) and economic reasons [39] (e.g., do privileges removal). Such an approach may put the system into a the benefits of an intrusion for criminals outweigh their costs?). degraded mode. This degraded mode prevents attackers to reinfect To limit the damage done by security incidents, intrusion re- the system or to achieve their goals if they managed to reinfect covery systems help administrators restore a compromised system it. It maintains the availability of core functions while waiting for into a sane state. Common limitations are that they do not preserve patches to be deployed. We devised a cost-sensitive response se- availability [23, 27, 34] (e.g., they force a system shutdown) or that lection process to ensure that while the service is in a degraded they neither stop intrusions from reoccurring nor withstand re- mode, its core functions are still operating.
  • Arxiv:1911.09312V2 [Cs.CR] 12 Dec 2019

    Arxiv:1911.09312V2 [Cs.CR] 12 Dec 2019

    Revisiting and Evaluating Software Side-channel Vulnerabilities and Countermeasures in Cryptographic Applications Tianwei Zhang Jun Jiang Yinqian Zhang Nanyang Technological University Two Sigma Investments, LP The Ohio State University [email protected] [email protected] [email protected] Abstract—We systematize software side-channel attacks with three questions: (1) What are the common and distinct a focus on vulnerabilities and countermeasures in the cryp- features of various vulnerabilities? (2) What are common tographic implementations. Particularly, we survey past re- mitigation strategies? (3) What is the status quo of cryp- search literature to categorize vulnerable implementations, tographic applications regarding side-channel vulnerabili- and identify common strategies to eliminate them. We then ties? Past work only surveyed attack techniques and media evaluate popular libraries and applications, quantitatively [20–31], without offering unified summaries for software measuring and comparing the vulnerability severity, re- vulnerabilities and countermeasures that are more useful. sponse time and coverage. Based on these characterizations This paper provides a comprehensive characterization and evaluations, we offer some insights for side-channel of side-channel vulnerabilities and countermeasures, as researchers, cryptographic software developers and users. well as evaluations of cryptographic applications related We hope our study can inspire the side-channel research to side-channel attacks. We present this study in three di- community to discover new vulnerabilities, and more im- rections. (1) Systematization of literature: we characterize portantly, to fortify applications against them. the vulnerabilities from past work with regard to the im- plementations; for each vulnerability, we describe the root cause and the technique required to launch a successful 1.
  • Crypto Projects That Might Not Suck

    Crypto Projects That Might Not Suck

    Crypto Projects that Might not Suck Steve Weis PrivateCore ! http://bit.ly/CryptoMightNotSuck #CryptoMightNotSuck Today’s Talk ! • Goal was to learn about new projects and who is working on them. ! • Projects marked with ☢ are experimental or are relatively new. ! • Tried to cite project owners or main contributors; sorry for omissions. ! Methodology • Unscientific survey of projects from Twitter and mailing lists ! • Excluded closed source projects & crypto currencies ! • Stats: • 1300 pageviews on submission form • 110 total nominations • 89 unique nominations • 32 mentioned today The People’s Choice • Open Whisper Systems: https://whispersystems.org/ • Moxie Marlinspike (@moxie) & open source community • Acquired by Twitter 2011 ! • TextSecure: Encrypt your texts and chat messages for Android • OTP-like forward security & Axolotl key racheting by @trevp__ • https://github.com/whispersystems/textsecure/ • RedPhone: Secure calling app for Android • ZRTP for key agreement, SRTP for call encryption • https://github.com/whispersystems/redphone/ Honorable Mention • ☢ Networking and Crypto Library (NaCl): http://nacl.cr.yp.to/ • Easy to use, high speed XSalsa20, Poly1305, Curve25519, etc • No dynamic memory allocation or data-dependent branches • DJ Bernstein (@hashbreaker), Tanja Lange (@hyperelliptic), Peter Schwabe (@cryptojedi) ! • ☢ libsodium: https://github.com/jedisct1/libsodium • Portable, cross-compatible NaCL • OpenDNS & Frank Denis (@jedisct1) The Old Standbys • Gnu Privacy Guard (GPG): https://www.gnupg.org/ • OpenSSH: http://www.openssh.com/
  • Post-Quantum Authentication in Openssl with Hash-Based Signatures

    Post-Quantum Authentication in Openssl with Hash-Based Signatures

    Recalling Hash-Based Signatures Motivations for Cryptographic Library Integration Cryptographic Libraries OpenSSL & open-quantum-safe XMSS Certificate Signing in OpenSSL / open-quantum-safe Conclusions Post-Quantum Authentication in OpenSSL with Hash-Based Signatures Denis Butin, Julian Wälde, and Johannes Buchmann TU Darmstadt, Germany 1 / 26 I Quantum computers are not available yet, but deployment of new crypto takes time, so transition must start now I Well established post-quantum signature schemes: hash-based cryptography (XMSS and variants) I Our goal: make post-quantum signatures available in a popular security software library: OpenSSL Recalling Hash-Based Signatures Motivations for Cryptographic Library Integration Cryptographic Libraries OpenSSL & open-quantum-safe XMSS Certificate Signing in OpenSSL / open-quantum-safe Conclusions Overall Motivation I Networking requires authentication; authentication is realized by cryptographic signature schemes I Shor’s algorithm (1994): most public-key cryptography (RSA, DSA, ECDSA) breaks once large quantum computers exist I Post-quantum cryptography: public-key algorithms thought to be secure against quantum computer attacks 2 / 26 Recalling Hash-Based Signatures Motivations for Cryptographic Library Integration Cryptographic Libraries OpenSSL & open-quantum-safe XMSS Certificate Signing in OpenSSL / open-quantum-safe Conclusions Overall Motivation I Networking requires authentication; authentication is realized by cryptographic signature schemes I Shor’s algorithm (1994): most public-key
  • Sureview® Memory Integrity Advanced Linux Memory Analysis Delivers Unparalleled Visibility and Verification

    Sureview® Memory Integrity Advanced Linux Memory Analysis Delivers Unparalleled Visibility and Verification

    SureView® Memory Integrity Advanced Linux Memory Analysis Delivers Unparalleled Visibility and Verification Promoting trustworthy and repeatable analysis of volatile system state Benefits Increased Usage of Linux in Forensics Field Guide for Linux Global Enterprises Systems2,” the apparent goal n Enables visibility into the state n Scans thousands of The use of Linux is everywhere of these attackers is to steal all systems with hundreds of of systems software while in the world. Linux is used in types of information. Perhaps of gigabytes of memory executing in memory our stock exchange transactions, greatest concern are the synchro- on Linux systems n Provides a configurable social media, network storage nized, targeted attacks against n Delivers malware detection using scanning engine for automated devices, smartphones, DVR’s, Linux systems. For several years, scans of remote systems an integrity verification approach online purchasing web sites, organized groups of attackers to verify that all systems software throughout an enterprise running is known and unmodified and in the majority of global (a.k.a. threat actors) have been n Incorporates an easy-to- Internet traffic. The Linux infiltrating Linux systems and to quickly identify threats use GUI to quickly assess Foundation’s 2013 Enterprise have been communicating with n Allows the integration and interpret results End User Report indicates that command and control (C2) of memory forensics into n Delivers output in a structured 80% of respondents planned servers and exfiltrating data enterprise security information data format (JSON) to to increase their numbers of from compromised Linux sys- and event management facilitate analytics systems (SIEMS) supporting Linux servers over the next five tems.
  • Black-Box Security Analysis of State Machine Implementations Joeri De Ruiter

    Black-Box Security Analysis of State Machine Implementations Joeri De Ruiter

    Black-box security analysis of state machine implementations Joeri de Ruiter 18-03-2019 Agenda 1. Why are state machines interesting? 2. How do we know that the state machine is implemented correctly? 3. What can go wrong if the implementation is incorrect? What are state machines? • Almost every protocol includes some kind of state • State machine is a model of the different states and the transitions between them • When receiving a messages, given the current state: • Decide what action to perform • Which message to respond with • Which state to go the next Why are state machines interesting? • State machines play a very important role in security protocols • For example: • Is the user authenticated? • Did we agree on keys? And if so, which keys? • Are we encrypting our traffic? • Every implementation of a protocol has to include the corresponding state machine • Mistakes can lead to serious security issues! State machine example Confirm transaction Verify PIN 0000 Failed Init Failed Verify PIN 1234 OK Verified Confirm transaction OK State machines in specifications • Often specifications do not explicitly contain a state machine • Mainly explained in lots of prose • Focus usually on happy flow • What to do if protocol flow deviates from this? Client Server ClientHello --------> ServerHello Certificate* ServerKeyExchange* CertificateRequest* <-------- ServerHelloDone Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished --------> [ChangeCipherSpec] <-------- Finished Application Data <-------> Application Data
  • If Data Is Confidential and Available but Altered Decryption of Altered Data Usually Gives Garbage Exception: Electronic-Codeboo

    If Data Is Confidential and Available but Altered Decryption of Altered Data Usually Gives Garbage Exception: Electronic-Codeboo

    38 40 If Data is Confidential and Available but Altered Encryption • do not use ECB–Mode • use CBC– or CTR–mode (recommendation Schneier/Ferguson) • use AES or one of the finalists – Twofish (Schneier, Ferguson, Kelsey, Whiting, Wagner, Hall) decryption of altered data usually gives garbage – Serpent (Anderson, Biham, Knudsen) – MARS (Coppersmith et al., IBM) exception: electronic-codebook-mode (ECB) (uses independent blocks) – RC6 (Rivest, patented by RSA) 39 41 ECB-Mode Encrypted Penguin If Data is Non-Alterable and Confidential but not Available ,,Your message with authenticator 08931281763e1de003e5f930c449bf791c9f0db6 encryption is block by block has been received, but unfortunately the server is down. ❀ every block gets another color Your mail-service will never be accessible.” Example: lavabit.com, Snowden’s e-Mail-Provider 42 44 Authorization: Who is Allowed to Do All This? Problem: Person/Process/Role ⇐⇒ String (2) How to link a person to a string? • Person knows something (password, secret cryptographic key). • Person has something (token, USB–key, chipcard). Authorized entities only. • Person is something (biometrics, fingerprint etc.). Only Bob is allowed to enter here. We have to identify persons, processes and their roles. 43 45 Problem: Person/Process/Role ⇐⇒ String (1) Proof of Identity is Called Authentication Person identified by picture String identified by equality relation. 46 48 Proof of Identity: Links Person to a String Third party guarantees real identity. Has something: ID–card. 47 49 Proof of True Source is Called Authenticity
  • Malware Trends

    Malware Trends

    NCCIC National Cybersecurity and Communications Integration Center Malware Trends Industrial Control Systems Emergency Response Team (ICS-CERT) Advanced Analytical Laboratory (AAL) October 2016 This product is provided subject only to the Notification Section as indicated here:http://www.us-cert.gov/privacy/ SUMMARY This white paper will explore the changes in malware throughout the past several years, with a focus on what the security industry is most likely to see today, how asset owners can harden existing networks against these attacks, and the expected direction of developments and targets in the com- ing years. ii CONTENTS SUMMARY .................................................................................................................................................ii ACRONYMS .............................................................................................................................................. iv 1.INTRODUCTION .................................................................................................................................... 1 1.1 State of the Battlefield ..................................................................................................................... 1 2.ATTACKER TACTIC CHANGES ........................................................................................................... 2 2.1 Malware as a Service ...................................................................................................................... 2 2.2 Destructive Malware ......................................................................................................................