|
|
|
Modern Operating Systems by Herbert Bos and Andrew S. Tanenb...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf
Showing 670 out of 1137
Modern Operating Systems by Herbert Bos and Andrew...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Modern Operating Systems by Herbert...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Page 670
SEC. 9.7
EXPLOITING SOFTWARE
639
9.7 EXPLOITING SOFTWARE
One of the main ways to break into a user’s computer is by exploiting vulnera-
bilities in the software running on the system to make it do something different
than the programmer intended. For instance, a common attack is to infect a user’s
browser by means of a
drive-by-download
.
In this attack, the cybercriminal
infects the user’s browser by placing malicious content on a Web server. As soon
as the user visits the Website, the browser is infected. Sometimes, the Web servers
are completely run by the attackers, in which case the attackers should find a way
to lure users to their Web site (spamming people with promises of free software or
movies might do the trick). However, it is also possible that attackers are able to
put malicious content on a legitimate Website (perhaps in the ads, or on a dis-
cussion board). Not so long ago, the Website of the Miami Dolphins was compro-
mised in this way, just days before the Dolphins hosted the Super Bowl, one of the
most anticipated sporting events of the year. Just days before the event, the Website
was extremely popular and many users visiting the Website were infected. After
the initial infection in a drive-by-download, the attacker’s code running in the
browser downloads the real zombie software (
malware
), executes it, and makes
sure it is always started when the system boots.
Since this is a book on operating systems, the focus is on how to subvert the
operating system. The many ways one can exploit software bugs to attack Websites
and data bases are not covered here. The typical scenario is that somebody discov-
ers a bug in the operating system and then finds a way to exploit it to compromise
computers that are running the defective code. Drive-by-downloads are not really
part of the picture either, but we will see that many of the vulnerabilities and
exploits in user applications are applicable to the kernel also.
In Lewis Caroll’s famous book
Through the Looking Glass
, the Red Queen
takes Alice on a crazy run. They run as fast as they can, but no matter how fast they
run, they always stay in the same place. That is odd, thinks Alice, and she says so.
‘‘In our country you’d generally get to somewhere else—if you ran very fast for a
long time as we’ve been doing.’’ ‘‘A slow sort of country!’’ said the Queen. ‘‘Now,
here, you see, it takes all the running you can do, to keep in the same place. If you
want to get somewhere else, you must run at least twice as fast as that!’’
The
Red Queen effect
is typical for evolutionary arms races. In the course of
millions of years, the ancestors of zebras and lions both evolved. Zebras became
faster and better at seeing, hearing and smelling predators—useful, if you want to
outrun the lions. But in the meantime, lions also became faster, bigger, stealthier
and better camouflaged—useful, if you like zebra. So, although the lion and the
zebra both ‘‘improved’’ their designs, neither became more successful at beating
the other in the hunt; both of them still exist in the wild.
Still, lions and zebras are
locked in an arms race. They are running to stand still. The Red Queen effect also
applies to program exploitation. Attacks become ever more sophisticated to deal
with increasingly advanced security measures.
Ace your assessments! Get Better Grades
Browse thousands of Study Materials & Solutions from your Favorite Schools
Concordia University
Concordia_University
School:
Operating_Systems
Course:
Great resource for chem class. Had all the past labs and assignments
Leland P.
Santa Clara University
Introducing Study Plan
Using AI Tools to Help you understand and remember your course concepts better and faster than any other resource.
Find the best videos to learn every concept in that course from Youtube and Tiktok without searching.
Save All Relavent Videos & Materials and access anytime and anywhere
Prepare Smart and Guarantee better grades
Know more
Students also viewed documents
lab 18.docx
lab_18.docx
Course
Course
3
Module5QuizSTA2023.d...
Module5QuizSTA2023.docx.docx
Course
Course
10
Week 7 Test Math302....
Week_7_Test_Math302.docx.docx
Course
Course
30
Chapter 1 Assigment ...
Chapter_1_Assigment_Questions.docx.docx
Course
Course
5
Week 4 tests.docx.do...
Week_4_tests.docx.docx
Course
Course
23
Week 6 tests.docx.do...
Week_6_tests.docx.docx
Course
Course
106
