Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
5Activity
0 of .
Results for:
No results containing your search query
P. 1
Malicious Software in Ubiquitous Computing

Malicious Software in Ubiquitous Computing

Ratings: (0)|Views: 129|Likes:
Published by sifumoraga
[Published as a chapter in the book Data Centric Systems and Applications, Consent to Publish
– Data Centric Systems and Applications Edited by M. Carey, S. Ceri]
Malware (Malicious Software) is rampant in our information technology infrastructures and is likely to be so for the foreseeable future. We will look at various types of malware and their characteristics and see what defenses currently exist to combat them. Various aspects of ubiquitous computing will likely prove game changers for malware and we will look into how the problem will evolve as UbiComp gets deployed.
[Published as a chapter in the book Data Centric Systems and Applications, Consent to Publish
– Data Centric Systems and Applications Edited by M. Carey, S. Ceri]
Malware (Malicious Software) is rampant in our information technology infrastructures and is likely to be so for the foreseeable future. We will look at various types of malware and their characteristics and see what defenses currently exist to combat them. Various aspects of ubiquitous computing will likely prove game changers for malware and we will look into how the problem will evolve as UbiComp gets deployed.

More info:

Categories:Types, Research, Science
Published by: sifumoraga on Dec 14, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

06/10/2013

pdf

text

original

 
1Malicious Software in Ubiquitous Computing
Morton Swimmer
IBM Z¨urich Research Laboratory GmbH
Summary.
Malware (Malicious Software) is rampant in our information technologyinfrastructures and is likely to be so for the foreseeable future. We will look atvarious types of malware and their characteristics and see what defenses currentlyexist to combat them. Various aspects of ubiquitous computing will likely provegame changers for malware and we will look into how the problem will evolve asUbiComp gets deployed.
When in August 2005, thousands of spectators at an athletics event inFinland received an unsolicited application via Bluetooth, many were toodistracted and perhaps trusting to avoid accepting it for installation. Theproblem was that even though the recipient could always decline the installa-tion, the nearby mobile phone that was infected with the Cabir worm wouldcontinuously try to reinfect all phones in its ad-hoc personal area network.The only defense was to turn off Bluetooth or move out of range. In a sta-dium environment, the latter was not realistic as the more users accepted andinstalled the worm, the harder it was to find a ‘quiet’ spot. If the worm hadbeen able to circumvent the user, the worm would surely had taken over allthe stadium’s compatible phones in a very short time.
1
As it was, only a fewdozen phones were reported infected, but this example shows how worms mayaffect an environment where networking is ubiquitous and ad-hoc.Malicious software, malware for short, has the tendency of circumventingthe security mechanisms that may be in place. Even when the security is well-designed and implemented, malware will either coerce the user to circumventit, or exploit a vulnerability somewhere in the system to spread itself or act.In this chapter, we will first look at what malware is, then we will look athow current systems can be defended against malware and how effective thesemeasures are. Lastly we will look into the ubiquitous computing future andsee how this development will change the landscape for malware.
1
http://www.theregister.co.uk/2005/08/12/cabir stadium outbreak/
 
2 Morton Swimmer
1.1 Types of Malware
Malicious software (malware) can be viewed as intentionally dysfunction soft-ware [1]. Ordinary software always contains a number of bugs which maymanifest themselves in negative ways, perhaps causing data loss or leakage.The bugs may be caused by honest mistakes or sloppiness, but not maliciousintent. In the case of malware, the data loss or leakage, or other negativeaspects of the software are entirely intended by the malware writer. In manyborderline cases, it may be hard to determine the intent of the programmer,leaving the final classification difficult for those who must do this.
1.1.1 Trojan horses
A
trojan 
(short for
Trojan horse
) is a program that is presumed by the user tobe bona fide, but in which a malicious and undocumented payload has beenintentionally placed.The standard definition of a trojan is:
Definition 1 (trojan).
A
Trojan horse
is defined as a piece of malicioussoftware that, in addition to its primary effect, has a second, non-obviousmalicious payload.
The definition hinges on the payload as there are no other measurablecharacteristics.
Definition 2 (payload).
The
payload
of a malware is the effect it has on other system objects.
We can further refine the payload’s capabilities to violations of 
integrity 
,
confidentiality 
and/or
availability 
as well as
malware dropping 
.Trojan authors can release their prodigy in a completely untargeted man-ner, for instance using Usenet news or spamming to coax enough users torun it. This method is used to create a large pool of “bots” (compromisedmachines) that can be used for spamming or other purposes, often rented orsold on a for-fee basis by criminal hackers. On the other hand, the perpetratormay have a specific target and may hack into the target systems to install thetrojan.So, on the whole, the common definition of a trojan is a weak one becauseit is not specific enough to help an anti-malware analyst determine whether itis a trojan or an ordinary piece of software. For some sub-types of trojan wemay be able to define more specific characteristics that we can use to identifya subclass of the entire Trojan horse set. There are currently products on themarket, or in the research labs that attempt to do just that but with onlymoderate success so far.
 
1 Malicious Software in Ubiquitous Computing 3
Backdoor trojan
A particularly interesting variant of trojan is the
backdoor trojan 
which isconfidentiality violating by allowing access to the target system by the hacker.It is one thing to hold the credentials to access a system, but as these canbe revoked, it is far better for the malicious hacker to create a backdoorcircumventing the security to begin with.As with many trojans, the line between legitimate programs and backdoorsis very thin. Witness various remote access programs, such as VNC
2
that areviewed as legitimate, and BackOrifice 2000
3
which usually is not. However,both programs have similar functionalities.
Spyware
spyware
is a name for a specific kind of confidentiality violating trojan thatspies on the user’s activity or account contents and relays this data to theattacker. It is different from the backdoor trojan in that the attacker doesnot access the machine themselves. Spyware is also different from typical tro- jans in that they try to gain some legitimacy by surreptitiously stating theirintentions in the EULA
4
. However, they are still considered trojans as thespyware functionality is usual quite unrelated to the primary functionality of the software.
Droppers
A further type of trojan is purely of the type malware dropping. This can beuseful for various reasons. For one, some malware cannot exist naturally as afile and must be inserted into memory by the dropper so that they can run aswas the case with the CodeRed worm. Another reason to use a dropper is toheavily obfuscate the contained malware payload to avoid detection. Droppersare always local-acting.
Definition 3 (local-acting).
Malware is
local-acting
if its target is on thesame machine as itself.
Exploits
We use the term
exploit 
to mean those programs that inject code into a runningprogram. The job of the exploit is to establish communication with the targetprogram and bring it to the point where the code can be inserted usuallyvia a buffer-overflow vulnerability. The insertion requires padding the code
2
see
http://www.realvnc.com
3
see
http://www.bo2k.com
4
End User License Agreement

Activity (5)

You've already reviewed this. Edit your review.
1 hundred reads
naiq liked this
rarariz liked this
Rohit Singh liked this
miguel1051 liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->