34
Week 05 – Topic 01
Software Attacks
Introduction
Types of Software Attacks
Software Attacks
Attack
An attack is any action that violates security.
An attack has an implicit concept of “intent”.
Router misconfiguration or server crash can also cause loss of availability, but they are not
attacks.
Some Terminologies:
Exploit: An exploit is a technique to compromise a system.
Vulnerability: A vulnerability is an identified weakness of a controlled system whose controls are not
present or are no longer effective.
Security attack: Any actions that compromises the security of information owned by an organization (or
a person).
Security mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
Security Policy: a statement of what is, and is not allowed.
Security Controls: Security controls are safeguards or countermeasures to avoid, detect, counteract, or
minimize security risks to physical property, information, computer systems, or other assets.
Security service: A service that enhances the security of the data processing systems and the information
transfers of an organization. The services make use of one or more security mechanisms to provide the
service.
Technical Definition of attack:
An attack is the deliberate act that exploits vulnerability.
Threat vs Attack
Threat
A potential for violation of security, which exists when there is a circumstance, capability, action, or event
that could breach security and cause harm. That is, a threat is a possible danger that might exploit a
vulnerability.
Attack
An assault on system security that derives from an intelligent threat; that is, an intelligent act that is a
deliberate attempt (especially in the sense of a method or technique) to evade security services and violate
the security policy of a system.
� 35
Week 05 – Topic 02
Types of Software Attacks
There are two types of Software attacks:
1. Active Attacks
Active attacks involve some modification of the data stream or the creation of a false stream and can be
subdivided into four categories:
a) Masquerade.
b) Replay.
c) Modification of messages.
d) Denial of service.
A masquerade takes place when one entity pretends to be a different entity. A masquerade attack usually
includes one of the other forms of active attack. For example, authentication sequences can be captured and
replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few
privileges to obtain extra privileges by impersonating an entity that has those privileges.
Replay involves the passive capture of a data unit and its subsequent retransmission to produce an
unauthorized effect.
Modification of messages simply means that some portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an unauthorized effect. For example, a message meaning
“Allow John Smith to read confidential file accounts” is modified to mean “Allow Fred Brown to read
confidential file accounts.”
The denial of service prevents or inhibits the normal use or management of communications facilities.
This attack may have a specific target; for example, an entity may suppress all messages directed to a
particular destination (e.g., the security audit service).Another form of service denial is the disruption of an
entire network, either by disabling the network or by overloading it with messages so as to degrade
performance.
Active Attacks
� 36
2. Passive attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the
opponent is to obtain information that is being transmitted.
Two types of passive attacks are:
a) Release of message contents.
b) Traffic analysis.
The release of message contents is easily understood. A telephone conversation, an electronic mail
message, and a transferred file may contain sensitive or confidential information. We would like to prevent
an opponent from learning the contents of these transmissions.
A second type of passive attack, traffic analysis, is subtler. Suppose that we had a way of masking the
contents of messages or other information traffic so that opponents, even if they captured the message,
could not extract the information from the message. The common technique for masking contents is
encryption. If we had encryption protection in place, an opponent might still be able to observe the pattern
of these messages. The opponent could determine the location and identity of communicating hosts and
could observe the frequency and length of messages being exchanged. This information might be useful in
guessing the nature of the communication that was taking place.
Passive Attacks
