Information Security cs 526 Topic 10



Download 1,29 Mb.
bet8/8
Sana13.07.2022
Hajmi1,29 Mb.
#789595
1   2   3   4   5   6   7   8
Bog'liq
14 526 topic10 (2)

Types of Rootkits

  • User-level rootkits
    • Replace utilities such as ps, ls, ifconfig, etc
    • Replace key libraries
    • Detectable by utilities like tripwire
  • Kernel-level rootkits
    • Replace or hook key kernel functions
    • Through, e.g., loadable kernel modules or direct kernel memory access
    • A common detection strategy: compare the view obtained by enumerating kernel data structures with that obtained by the API interface
    • Can be defended by kernel-driver signing (required by 64-bit windows)
  • CS526
  • Topic 10: Malware

More Rootkits

  • Bootkit (variant of kernel-level rootkit)
    • Replace the boot loader (master boot record)
    • Used to attack full disk encryption key
    • Malicious boot loader can intercept encryption keys or disable requirement for kernel-driver signing
  • Hypervisor-level rootkits
  • Hardware/firmware rootkits
  • Whoever gets to the lower level has the upper hand.
  • CS526
  • Topic 10: Malware

How does a computer get infected with malware or being intruded?

  • CS526
  • Topic 10: Malware
  • Executes malicious code via user actions (email attachment, download and execute trojan horses, or inserting USB drives)
  • Buggy programs accept malicious input
    • daemon programs that receive network traffic
    • client programs (e.g., web browser, mail client) that receive input data from network
    • Programs Read malicious files with buggy file reader program
  • Configuration errors (e.g., weak passwords, guest accounts, DEBUG options, etc)
  • Physical access to computer

Coming Attractions …

  • CS526
  • Web Security
  • Topic 10: Malware

Download 1,29 Mb.

Do'stlaringiz bilan baham:
1   2   3   4   5   6   7   8



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish