Hello world,
Do you know a simple text editor like gedit contains 128 total source files along with 3 more directories. Counting all 128 files and 3 directories yields 70,484 Lines of code. The ration of legitimate application LOC to malware is over 500 to 1.
A keynote by Mudge compared malware LOC with count for security product shows that for every 1 LOC of offensive firepower, defenders write 10,000 LOC
Malware plays a part in most computer intrusion and security incidents. Any software that cause harm to a user, computer can be considered as malware. Malware analysis is the art of dissecting malware to understand how it works, how to identify it and how to defeat of eliminate it.
Flaws that would allow an attacker access a system
- Design Flaw
- Hardware Flaw
- Human Factor
- Bugs in the Program.
Program Flaw
- Application software - SQL injection
- System Software - Buffer overflow and overread, Heap - Double free, use after free, Integer overflow, Format string
- Side channel attacks - Cache timing attacks, power analysis attack, Fault injection attack.
While focusing on program bugs in this post we will see C and C++ programs. Because most of the Operating System, Virtual Machines and their underlying libraries are written in C and C++ program only. There are some bugs related to application software like SQL injection but we’re not learn about this now.
side channel attacks on the other hand, could be attacks on programs which are actually co-react correctly without any presence of any bug
These attacks can be prevented by designing a system which is flawless. We can place the sytem under closed box and analyse using mathematically by static analysis. a formal proof assistants which has a COQ model checkers and therefore certify that the system is completely flawless
But it is not possible to develop a system which is completely flawless. It can’t scalable to large codes, this can be possible only in academic level. one such effort was made by an Australian group called NICTA where they actually develop an operating system called SeL4 and they have been able to prove that SeL4is flawless under certain assumptions
Second approach testing the system under sandbox environment. In sandbox environment we can contron the malware activity by restricting it to only in that specific environment itself.
Third approach is to Detect and Mitigate attacks like a antivirus software do.