Академический Документы
Профессиональный Документы
Культура Документы
Fall 2013
MALWARE
LEARNING OUTCOMES:
a) Assess the vulnerability of an access control policy to malware
b) Recognize malware types
c) Recognize metamorphic code
d) Analyze virus fragments
1
1. Access rights and malware
Assume the following access control matrix:
2
2. Flaw in virus program
In class, the following program was used a sample of a virus program. If has a flaw in it.
What is it?
3
3. Another Flaw
The question arises as to whether it is possible to develop a program that can anlysze a
piece of software to determine if it is a virus.
Consider that you have a program D that is supposed to be able to do just that. In other
words, for any program P, if we run D(P), the result is:
TRUE if P is virus
FALSE if P is not a virus.
Consider the following program:
Program CV :=
{ ………
main-program :=
{if D(CV) then goto next :
else infect-executable;
}
next:
}
4
4. Metamorphic code
The following code fragments show a sequence of viruses instructions and a
metamorphic version of the virus. Describe the effect produced by the metamorphic
code:
5
5. Desiging malicious code
The point of this problem is to demonstrate the type of puzzles that must be solved in
the design of malicious code and therefore, the type of mindset that one wishing to
counter such attacks must adopt.
a. Consider the following C program:
begin
print (*begin print (); end.*);
end
What do you think the program was intended to do? Does it work?
6
6. Type of malware
Consider the following fragment in an authentication program:
username = read_username();
password = read_password();
if username is “ 133t h4ch0r” return ALLOW_LOGIN ;
if username and password valid return ALLOW_LOGIN
else return DENY_LOGIN
7. Program sabotage
A program is written to computer the sum of the integers from 1 to 10. The programmer,
well trained in reusability and maintainability, writes the program so that it computes the
sum of the numbers from k to n. However, a team of security specialists scrutinized the
code. The team certified that the program properly set k to 1 and n to 10; therefore, the
program is certified as being properly restricted in that it always operate on precisely the
range 1 to 10. List different ways that this program can be sabotaged , so that during
execution it computes a different sum, for example, 3 to 20.