Manifest: Monday 19 November 2001

Assignments Due

• Monday, 26 November: Problem Set 5
• Wednesday, 28 November - Monday, 3 December: Project Presentations
• Wednesday, 5 December: Project Final Report

Links

• Robert Wahbe, Steven Lucco, Thomas E. Anderson, Susan L. Graham. Efficient Software-Based Fault Isolation. SOSP 1993.
• Fred Schneider. Enforceable Security Policies, Cornell TR 1999.
• Ulfar Erlingsson, Fred B. Schneider. SASI Enforcement of Security Policies: A Retrospective. Proceedings of the 1999 New Security Paradigms Workshop.
• David Evans and Andrew Twyman, Flexible Policy-Directed Code Safety, IEEE Symposium on Security and Privacy, Oakland 1999.
• Internet Firewalls - Resources from Purdue COAST
• Check Point Software Technologies
• Intrusion Detection FAQ
• Computer Immune Systems
• Counterpane Internet Security

Questions

• What is a reference monitor?
• What are some interesting security policies that are not safety policies?
• Why is it hard to design safety policies?
• What is a firewall? At what network layer should a firewall operate?
• Why is intrusion detection useful?
• Why is intrusion detection (almost?) impossible?
• How do immune systems work?
• How can computers mimic biological immune systems?

CERT Advisory

The CERT Coordination Center has received reports of weaknesses in Alien/OS that can allow species with primitive information sciences technology to initiate denial-of-service attacks against MotherShip(tm) hosts. One report of exploitation of this bug has been received. When attempting takeover of planets inhabited by such races, a trojan horse attack is possible that permits local access to the MotherShip host, enabling the implantation of executable code with full root access to mission-critical security features of the operating system.

The vulnerability exists in versions of EvilAliens' Alien/OS 34762.12.1 or later, and all versions of Microsoft's Windows/95. CERT advises against initiating further planet takeover actions until patches are available from these vendors. If planet takeover is absolutely necessary, CERT advises that affected sites apply the workarounds as specified below. As we receive additional information relating to this advisory, we will place it in ftp://info.cert.org/pub/cert_advisories/CA-96.13.README. We encourage you to check our README files regularly for updates on advisories that relate to your site.

I. Description - Alien/OS contains a security vulnerability, which strangely enough can be exploited by a primitive race running Windows/95. Although Alien/OS has been extensively field tested over millions of years by EvilAliens, Inc., the bug was only recently discovered during a routine invasion of a backwater planet. EvilAliens notes that the operating system had never before been tested against a race with "such a kick-ass president."

The vulnerability allows the insertion of executable code with root access to key security features of the operating system. In particular, such code can disable the NiftyGreenShield (tm) subsystem, allowing child processes to be terminated by unauthorized users.

Additionally, Alien/OS networking protocols can provide a low-bandwidth covert timing channel to a determined attacker.

II. Impact - Non-privileged primitive users can cause the total destruction of your entire invasion fleet and gain unauthorized access to files.

III. Solution - EvilAliens has supplied a workaround and a patch, as follows:

To prevent unauthorized insertion of executables, install a firewall to selectively vaporize incoming packets that do not contain valid aliens. Also, disable the "Java" option in Netscape.

To eliminate the covert timing channel, remove untrusted hosts from routing tables. As tempting as it is, do not use target species' own satellites against them.

As root, install the "evil" package from the distribution tape. (Optionally) save a copy of the existing /usr/bin/sendmail and modify its permission to prevent misuse.

The CERT Coordination Center thanks Jeff Goldblum and Fjkxdtssss for providing information for this advisory.

If you believe that your system has been compromised, contact the CERT Coordination Center or your representative in the Forum of Incident Response and Security Teams (FIRST). We strongly urge you to encrypt any sensitive information you send by email. The CERT Coordination Center can support a shared DES key and PGP. Contact the CERT staff for more information.

CERT Contact Information

Email    cert@cert.org
Phone    +1 412-268-7090 (24-hour hotline)
                CERT personnel answer 8:30-5:00 p.m. EST
                (GMT-5)/EDT(GMT-4), and are on call for
                emergencies during other hours.
Fax      +1 412-268-6989
Postal address
        CERT Coordination Center
        Software Engineering Institute
        Carnegie Mellon University
        Pittsburgh PA 15213-3890 USA

CERT is a service mark of Carnegie Mellon University.

Author Unknown

If J. Random Websurfer clicks on a button that promises dancing pigs on his computer monitor, and instead gets a hortatory message describing the potential dangers of the applet --- he's going to choose dancing pigs over computer security any day. If the computer prompts him with a warning screen like: "The applet DANCING PIGS could contain malicious code that might to permanent damage to your computer, steal your life's savings, and impair your ability to have children," he'll click "OK" without even reading it. Thirty seconds later he won't even remember that the warning screen even existed.

Bruce Schneier, Secrets and Lies, 2000.

University of Virginia Department of Computer Science CS 588: Cryptology - Principles and Applications

David Evans evans@virginia.edu