COMP 424 Computer SecurityLecture week 8Truths and Misconceptions of Viruses●Truths:–Viruses can modify “hidden” or “read only” files–Viruses cannot remain in memory after a complete power off/power on reboot●Hmmm... The world is changing PDAs for instance are nothing but memory.–Viruses cannot infect hardware–Viruses can be malevolent, benign or benevolent●Misconceptions–Viruses can infect only Microsoft Windows systems–Viruses can appear only in data files, or only in Word documents, or only in programs.–Viruses spread only on disks or only in e-mailCovert Channels●Leak information on otherwise secure information channels●Usually done with a Trojan Horse type of program●The information leaks are sent in coded bits in–Storage channels–Timing channels●A Trojan Horse once activated could easily generate and deliver data to anywhere.●This could be too bold and easily detected resulting in easy identification and prosecution of the perpetrator.●More subtle means are necessary.●Programmers shouldn't have access to sensitive information once their program has been put into operation.●But this information could be very lucrative–Advanced notice of large and unusual stock trades for instance.Storage Channels●The message is coded by the presence or absence of objects in storage●Presence sets bit to 1●Absence sets bit to 0●Example:–A Trojan Horse program that can signal one bit of information by locking or unlocking a file during a predetermined interval.●More than a single bit can be transmitted through the use of preallocated time slices.●Time is broken into intervals.–Next bit of information is “updated” every 60 seconds.–The service program updates the information at the top of every minute.–The spy program looks for information at the bottom of every minute.Timing Channels●Uses the shared resource of Time●Works in timesharing situation where one process sends a message to another by using or not using its allotted timeslot●Receiving process monitors the shared medium during the sending process' timeslot●Covert Channels are a serious security problem●The exploitation of covert channels can be sophisticated.●The actual implementation of a covert channel is not beyond the capabilities of even an avergage