thread model
sallytay
20180212223035appendix_e_528_5311.pdf
52 8 A p p e n d ı× E ı C a s e S tu d ie s
= A tta c k s a g a in s t th e r o u tin g s e r v ic e (E o p , ta m p e r in g , s p o o fin g )
= A tta c k s a g a in s t th e return d a ta flo w (ta m p e r in g , s p o o fin g )
3 T h e "
c u s to m e r e ffe c tiv e te lc o "
c a n s e e th e O T T
4 S y s te m s d e s ig n e cl to im p r o v e te x t m e s s a g e p r o c e s s in g c a n s e e t h e O
P o s s ib le R e d e s ig n s
In fo r m a tio n clis c lo s u r e th r e a ts c a n b e a d d r e s s e d b y a d d in g c r y p to g r a p h ic fu n c tio n s Sim p lifie d v e r s io n s o f w a y s to d o th a t in c lu d e th e fo llo w in g
= S e n d a n o n c e , e n c r y p te d to a k e y h e ld o n a s m a r 中 h o n e , th e n s e n d th e
d e c r y p te d n o n c e to th e a u th e n tic a tio n s e r v e r (m e s s a g e 1 = e p h o n e (n o n c e . ), m e s s a g e 2 - n o n c e
. ) T h e n th e s e r v e r c h e c k s w h e th e r th e n o n c e
n is th e o n e
th a t it e n c r y p te d fo r th e p h o n e , a p p r o v in g th e tr a n s a c tio n if it is
= S e n d a n o n c e to th e s m a r 中 h o n e , a n d th e n s e n d a s ig n e d v e r s io n o f th e n o n c e to th e s e r v e r [m e s s a g e 1 = n o n c e
p h . . E l m e s s a g e 2 = s ig n k e y (p h o n e )
(n o n c e p h . . .
) ] T h e s e r v e r v a lid a te s th a t th e s ig n a tu r e o n th e n o n c e p h . . .
Is fr o m th e e x p e c te d p h o n e
'
s k e y , a n d is a g o o d s ig n a tu r e o n th e e x p e c te d n o n c e If b o th th o s e c h e c k s p a s s , th e n th e s e r v e r a p p r o v e s th e tr a n s a c tio n
= S e n d a n o n c e to th e s m a r tp h o n e T h e s m a r tp h o n e h a s h e s th e n o n c e w ith a s e c r e t v a lu e it h o ld s
, a n d s e n d s b a c k th e h a s h
F o r e a c h o f th e s e , it
'
s im p o r ta n t to m a n a g e th e k e y s a p p r o p r ia te ly, a n d it '
s
p r o b a b ly u s e ħrl to in c lu d e tim e s ta m p s , m e s s a g e a d d r e s s in g , a n d o th e r e le m e n ts to m a k e th e s y s te m fu lly s e c u r e In c lu d in g th o s e in th is d is c u s s io n m a k e s it h a r d to s e e h o w c r y p to g r a p h ic b u ild in g b lo c k s c o u ld b e a p p lie d
T h e k e y in a ll d e s ig n c h a n g e s is u n d e r s ta n d in g th e d iffe r e n c e s in tr o d u c e d b y th e c h a n g e s , a n d h o w th o s e c h a n g e s in te r a c t w ith th e s o ftw a r e r e q u ir e m e n ts a s a w h o le
R e d e s ig n s th a t fo c u s o n u s in g th e p h o n e a s a p r o c e s s o r p r e c lu d e th e u s e o f a n o ld fa s h io n e d te le p h o n e , o r e v e n a m o b ile p h o n e (o f th e k in d w h e r e th e e n d u s e r c a n
' t e a s ily in s ta ll s o ftw a r e ) B e c a u s e s u c h p h o n e s s till e x is t
, it m a yb e th a t th e th r e a ts ju s t e n u m e r a te d a r e c o n s id e r e d a c c e p ta b le r is k , o r e v e n a n
im p r o v e m e n t o v e r tr a d itio n a ı p a s s w o r d s
S a m p le fo r Y o u to M o d e ı
Y o u c a n u s e th e m o d e ls p r e s e n te d a b o v e a s tr a in in g m o d e ls w ith a n s w e r k e y s(T h a t is , u s e th e s o ftw a r e m o d e l in F ig u r e E 1 a n d th e o p e r a tio n a l m o d e l in F ig u r eE 2 a n d fin d th r e a ts a g a in s t th e m y o u r s e lf Y o u c a n tr e a t th e e x a m p le th r e a ts
r A p p e n d ı× E ı C a s e S t u d ıe s 5 2 9
a s a tl a n
sw e r k e y b u
t if y o u d o , p le a s e d o n '
t fe e l lim ite d to o r c o n s tr a in e d b y
T h e r e a r e o th e r e x a m p le th r e a ts ) In c o n tr a s t th is s e c tio n p r e s e n ts a m o d e l
: k " " s w e , ' " It
ı
s a 1 : g h tly e d ite d v e r s io n o f , c '" " " . . ' " a s
c re a te d
b y M ic h a e l H o w a r
d a n d u s e d a t M ic r o s o ft fo r y e a r s ĺ t '
s in c lu d e d w ith
th e ir k in d p e r
m is s io n I '
v e p e r s o n a lly ta u g h t m a n y c la s s e s u s in g th is m o d e l, a n el
it is su ffic ie n tly
d e ta ile d fo r n e w c o m e r s to th r e a t m o d e lin g to fin d m a n y th r e a ts
B a c kg ro u n d
T h is to o l , n a m e d iN T e g r ity is a s im p le file in te g r ity c h e c k in g to o l th a t r e a d s
re s o u r c e s l s
u c h a s file s in th e file s y s te m , d e te r m in in g w h e th e r a n y fiıe s o r r e g
istry k e y s h a v e b e e n c h a n g e d s in c e th e la s t c h e c k T h is is p e r fo r m e d b y lo o k in g
a t th e fo llo w in g
= F ile o r k e y n a m e s
= F ile s iz e o r r e g is tr y d a ta
= L a s t u p d a te d tim e a n d d a te
= D a ta c h e c k s u m (M D 5 a n d /o r S H A I h a s h )
A r c h ite c tu r a lly , th e to o l is s p lit in to tw o p a r ts : a h o s t c o m p o n e n t a n d a n
a d m in is tr a tiv e c o n s o le A s s h o w n in F ig u r e E 4 , o n e c lie n t c a n c o m m u n ic a te
w ith m u ltip le s e r v e r s , r a th e r th a n r u n n in g th e to o l lo c a lly o n e a c h c o m p u te r
T
53 0 AP【Edı× E ı C a s e S tu d ıe s
b tıt n o t u s in g th e p o te n tia lly c o m p r o m is e d O S T h e h o s t p r o c e s s d o e s n o t r u n
a s a W in d o w s s e r v ic e in th is m o d e , b u t a s a s ta n d a ıo n e c o n s o le a p p lic a tio n
T h e H o s t C o m p o n e n t
T h is s m a ll h o s t c o m p o n e n t is w r itte n in C + + a n d r u n s a s a s e r v ic e o n a W in d o w s
s e r v e r Its r o le is to ta k e r e q u e s ts fr o m th e a d m in c o n s o le a n d r e s p o n d to th o s e
re q u e s ts V a lid r e q u e s ts in c lu d e g e ttin g in fo r m a tio n a b o u t h o s t c o m p o n e n t v e r
s io n , a n d r e c u rs iv e a n d n o n r e c u r s iv e file p r o p e r tie s N o te th a t th e
h o s t s o ftw a r e
p e r fo r m s n o a n a ly s is it s e n d s ra w in te g r ity d a ta (file n a m e s , s iz e s , h a s h e s , A C L s , a n d s o o n ) to th e a d m in c o n s o le
, w h ic h p e r fo r m s th e c o r e a n a ly s is
T h e A d m in C o n s o ıe
T h e a d m in c o n s o le c o d e s to r e s a n d a n a ly z e s r e s o u r c e (file , r e g is tr y) v e r s io n in fo r m a tio n th a t c o m e s fr o m o n e o r m o r e h o s t p r o c e s s e s A u s e r c a n in s tr u c t
th e a d m in c o n s o le to c o n n e c t to a h o s t r u n n in g th e iN T e g r ity h o s t s o ftw a r e ,
g e t r e s o u r c e in fo r m a tio n , a n d th e n c o m p a r e th a t d a ta w ith a lo c a l, tr u s te d d a ta
s to r e o f p a s t r e s o u r c e in fo r m a tio n to s e e if a n y th in g h a s c h a n g e d
T h e iN T e g rity D a ta F lo w D ia g ra m s
lin e iN T e g r ity d a ta flo w d ia g r a m s a r e sh o w n in F ig u r e s E 5 a n d E 6
iN Te g rity A pplica tio n
R e s o u rc e ın teg rity in fo rm a tio n
A dm in
, o n s o ıe
Fıg u re E 5 C o n te x t d ia g ra m
■ ılE 丽园 T h e ıN T e w ity e x a m p ıe c o m e s fro m a tım e w h e n th e s ta n d a rd a d v ic e w a s to c re a te a c o n te x t d ia g ra m , w h ic h c a n b e h e lp fu l w h e n a n e x te rn a l th re a t m o d e ıln g c o n s u lta n t ls b e in g u s e d , a c tin g a s a fo rc in g fu n c tio n to c o n s id e r th e s c o p e a n d b o u n d a r ie s o f th e th re a t m o d e l
, P p e n d ix E = C a s e S tu d ıe s 5 3 1
ĺ registry
R e gis try da ta
filesyste m / \
\ R aw FSS d t
l S ttĝ ĝ a dm in ıs
tra to r :
i, įR e s o ブ ;; 罗尐 ― ―
C o n fig da ta In tegrity files
do m a in a dm in
Fig u re E 6 M a in D FD
Ex e rc is e s
T h e fo llo w in g e x e r c is e s w e r e d e s
ig n e d to w a lk s tu d e
n ts th r o u gh th e a c tiv itie s
1 Id e n tify a ll th e D F D e le m e n ts (P e o p
le o fte n m is s th e d a ta
flo w s )
3 Id e n tify th r e e o r m o r e th r e
a ts : o n e fo r a d a ta
flo w , o n e fo r a d a
ta s to r e ,
4 Id e n ū fy fir s t o r d e r m itig a
tio n s fo r e a c h th r
e a t
E x tr a c r e d it : T h e le v e l l d ia g r a
m is n o t p e r
fe c t w h a t w o u
ld y o u c h a n g e ,
a dd , o r r e m o v e ?
