The attack of choice for a professional attacker is system subversion: the insertion of a trap door that allows the attacker to bypass an operating system’s protection controls. This attack provides significant capabilities and a low risk of detection. One potential design is a trap door that itself accepts new programming instructions. This allows an attacker to decide the capabilities of the artifice at the time of attack rather than prior to its insertion. Early tiger teams recognized the possibility of this design and compared it to the two-card bootstrap loader used in mainframes, since both exhibit the characteristics of compactness and adaptability. This thesis demonstrates that it is relatively easy to create a bootstrapped trap door. The demonstrated artifice consists of 6 lines of C code that, when inserted into the Windows XP operating system, accept additional arbitrary code from the attacker, allowing subversion in any manner the attacker chooses. The threat from subversion is both extremely potent and eminently feasible. Popular risk mitigation strategies that rely on defense-in-depth are ineffective against subversion. This thesis focuses on how the use of the principles of layering, modularity, and information hiding can contribute to high-assurance development methodologies by increasing system comprehensibility.
Populaire auteurs
Cram101 Textbook Reviews (948) J.S. Bach (447) Wolfgang Amadeus Mozart (306) Collectif (268) Schrijf als eerste een recensie over dit item (265) Doug Gelbert (238) Charles Dickens (222) Princess of Patterns (211) Jules Verne (199) R.B. Grimm (197) William Shakespeare (190) Anonymous (188) Carolyn Keene (187) Gilad Soffer (187) Mark Twain (187) Philipp Winterberg (181) Edgar Allan Poe (173) Youscribe (172) Lucas Nicolato (170) Herman Melville (169)Populaire gewichtsboeken
418 KB 425 KB 435 KB 459 KB 474 KB 386 KB 445 KB 439 KB 455 KB 413 KB 432 KB 421 KB 471 KB 493 KB 472 KB 485 KB 416 KB 451 KB 369 KB 427 KB