Mekdela Amba University

College of Computing and Informatics

Department of Computer Science

Computer Security
Chapter 2
Computer Threat

Leweyehu Y. Department of Computer

2/28/2025 1
Science
 In this chapter
 Malicious code

 Class of Attacks

 Program flaws

 Controls to protect against program flaws in

execution

 Program Security Defenses

Leweyehu Y. Department of Computer

2/28/2025 2
Science
 computer threat
o A computer threat refers to any malicious attempt or action to
compromise the confidentiality, integrity, or availability of data or
systems connected to a computer or network.

o Computer threats can arise from various sources, including malicious

software (malware) such as viruses, Trojans, and ransomware, as well as
social engineering tactics like phishing emails, Pretexting, Baiting and
quid pro quo . Unauthorized access attempts by hackers also pose a
threat to computer systems and networks.

o These threats can lead to the compromise of confidentiality, integrity, or

availability of data or systems.

o It's crucial to implement appropriate security measures and stay vigilant

to prevent and mitigate computer threats.
Leweyehu Y. Department of Computer
2/28/2025 3
Science
Viruses and Other Malicious Code
• Much of the work done by a program is
invisible to users who are not likely to be
aware of any malicious activity.
• Can you tell
– if a game program does anything in addition
to its expected interaction with you?

Leweyehu Y. Department of Computer

2/28/2025 4
Science
 Malicious Code
• None of us like the unexpected, especially in
our programs.
– Malicious code behaves in unexpected ways
• thanks to a malicious programmer's intention
• Malicious code can do anything any other
program can
– writing a message on a computer screen, stopping
a running program, generating a sound, or erasing
a stored file.
– Or malicious code can do nothing at all right now;
it can be planted to lie dormant, undetected, until
some event triggers the code to act (e.g., based
on time)
Leweyehu Y. Department of Computer
2/28/2025 5
Science
 Malicious code
• Malicious code, also known as malware,
is any software designed to harm or
exploit a computer system or network.

• It can take various forms, including

viruses, Trojan horses, worms, spyware,
and ransomware.

Leweyehu Y. Department of Computer

2/28/2025 6
Science
 Malicious Code
• malicious code is still around, and its
effects are more pervasive
– What it looks like and how it works?
– How can malicious code take control of a
system?
– How can it lodge in a system?
– How does malicious code spread?
– How can it be recognized?
– How can it be detected?
– How can it be stopped?
– How can it be prevented?
Leweyehu Y. Department of Computer
2/28/2025 7
Science
 Kinds of Malicious Code
Code Type Characteristics
Virus Attaches itself to program and
propagates copies of itself to other
programs
Worm Propagates copies of itself through
a network
Trojan horse Looks legal/normal programs, but
contains unexpected, additional
functionality
Logic bomb Triggers action when condition
occurs
Time bomb Triggers action when specified time
occurs
Trapdoor/backdoor Allows unauthorized access to
functionality
Rabbit Replicates itself without limit to
exhaust resources
Leweyehu Y. Department of Computer
2/28/2025 8
Science
 General Exploit Timeline
• The general exploit timeline/scenario follows this sequence:
– An attacker discovers a previously unknown vulnerability.
– The manufacturer becomes aware of the vulnerability.
– Someone develops code (called proof of concept) to demonstrate
the vulnerability in a controlled setting.
– The manufacturer develops and distributes a patch or work-
around that counters the vulnerability.
– Users implement the control.
– Someone extends the proof of concept, or the original
vulnerability definition, to an actual attack.
• As long as users receive and implement the control
before the actual attack, no harm occurs.
• An attack before availability of the control is called a
zero day exploit.

Leweyehu Y. Department of Computer

2/28/2025 9
Science
 How Viruses Attach
• For a virus to do its malicious work and spread itself, it
must be activated by being executed
– Many ways to ensure that programs will be executed
– E.g.1, the SETUP program call dozens or hundreds of
other programs
• If any one of these programs contains a virus, the
virus code could be activated
– E.g.2, Running an infected program obtained from
distribution medium, such as a CD, or opening an e-
mail attachment are common way for viruses to get
activated.
• Also, objects such as graphics or photo images can
contain code to be executed by an editor/viewer

Leweyehu Y. Department of Computer

2/28/2025 10
Science
 Viruses
• Self-replicating programs that attach
themselves to other files or programs.
• They spread when the infected file is opened or
executed.
• Impact: File corruption, data deletion, system
disruptions.
• Examples: ILOVEYOU, Chernobyl
virus, Melissa

Leweyehu Y. Department of Computer

2/28/2025 11
Science
 Appended Viruses
• A program virus attaches itself to a
program; then, whenever the program is
run, the virus is activated.

Leweyehu Y. Department of Computer

2/28/2025 12
Science
 Appended Viruses
• A the other situation occurs when the
virus replaces some of its target,
integrating itself into the original code
of the target.

Virus Integrated into a Program

Leweyehu Y. Department of Computer

2/28/2025 13
Science
 Virus Completely Replacing a
Program

Leweyehu Y. Department of Computer

2/28/2025 14
Science
 Boot Sector Viruses

Leweyehu Y. Department of Computer

2/28/2025 15
Science
 Prevention of Virus Infection
• several techniques for building a
reasonably safe community
– Use only commercial software acquired from
reliable, well-established vendors
– Use virus detectors (often called virus
scanners) regularly and update them daily
– Open attachments only when you know them to
be safe
– Make a recoverable system image and store it
safely
– Make and retain backup copies of executable
system files
– Test all new software on an isolated computer

Leweyehu Y. Department of Computer

2/28/2025 16
Science
 Worms
• Self-replicating programs that spread through
networks, exploiting vulnerabilities in operating
systems or applications.

• Impact : Can consume network bandwidth, crash

systems, and disrupt critical infrastructure.

• Examples: Morris worm, Code Red worm, Nimda worm

Leweyehu Y. Department of Computer

2/28/2025 17
Science
 Trojan horses
Malicious programs that hide
themselves as legitimate software.
They often trick users into installing
them by appearing to be harmless
Impact: Can steal data, install other
malware, or take control of the
computer.
Examples: Backdoor.Trojan, Zeus
Trojan, Gameover Zeus

Leweyehu Y. Department of Computer

2/28/2025 18
Science
 Spyware
Programs that secretly collect
information about a user's computer
activity without their knowledge or
consent.
Impact: Can steal personal information,
financial data, and browsing history.
Examples: Pegasus spyware, FinFisher
spyware, Regin spyware

Leweyehu Y. Department of Computer

2/28/2025 19
Science
 Keystroke Logging
• Keystroke logging, often referred to as keylogging, is
a method of monitoring and recording the keystrokes
made by a user on a keyboard.

• Keystroke logging is the practice of capturing every

keystroke entered by a user on a computer or mobile
device. This can include everything from passwords
and emails to messages and commands.

Leweyehu Y. Department of Computer

2/28/2025 20
Science
 Man-in-the-Middle Attacks
• A keystroke logger is a special form of the more
general man-in-the-middle attack
• malicious program interjects itself between two other
programs
• One example of a man-in-the-middle attack could be a
program that operated between your word processor
and the file system
– each time you thought you were saving your file,
the middle program prevented that, or scrambled
your text or encrypted your file.
 Packet Sniffing
 Session Hijacking
 Wi-Fi Eavesdropping
 SSL Stripping

Leweyehu Y. Department of Computer

2/28/2025 21
Science
 Leweyehu Y. Department of Computer
2/28/2025 22
Science
 social engineering

Leweyehu Y. Department of Computer

2/28/2025 23
Science
 Phishing

Leweyehu Y. Department of Computer

2/28/2025 24
Science
 Class of attack
• A method used by attackers to gain unauthorized
access to a system or network
o Reconnaissance
• This refers to the act of gathering
information about a target system or
network to identify vulnerabilities that can
be exploited in later attacks.
• Reconnaissance techniques can include
things like scanning ports, probing for
open services, and social engineering to
extract information from users.

Leweyehu Y. Department of Computer

2/28/2025 25
Science
 Access
Once attackers have identified a
vulnerability, they will attempt to gain
access to the target system or network.
This could involve exploiting software
flaws, using stolen credentials, or
bypassing security controls.

Leweyehu Y. Department of Computer

2/28/2025 26
Science
 Denial of Service (DoS)
• It aims to make a system or network
unavailable to legitimate users.
• This can be achieved by flooding the
system with traffic, crashing critical
services, or compromising resources.

Leweyehu Y. Department of Computer

2/28/2025 27
Science
 Program flaws
• They are defects, errors, or vulnerabilities in
software code that can cause unexpected
behavior, security breaches, or system
crashes.
• They often stem from mistakes in design,
coding, or implementation.
• The types of program flaws are Buffer
overflow, Time-of-check to time-of-use flaws
and Incomplete mediation.

Leweyehu Y. Department of Computer

2/28/2025 28
Science
 Program flaws
– Buffer overflow
A buffer is a temporary storage area in
memory that holds data while it's being
moved from one place to another.
Buffer overflow Occurs when a program
writes more data into a fixed-length buffer
than it can hold.
• Excess data can overwrite adjacent memory
locations, potentially leading to:
• Program crashes
• Execution of arbitrary code
• Data corruption

Leweyehu Y. Department of Computer

2/28/2025 29
Science
 Program flaws
Buffer overflow
Commonly exploited by attackers to gain
control of systems.
Prevention methods include:
– Input validation
– Bounds checking
– Use of safer languages (e.g., Java, Python)

Leweyehu Y. Department of Computer

2/28/2025 30
Science
 Program flaws
 Time-of-Check to Time-of-Use (TOCTOU)
Flaws
 A rise when a condition is checked, but the
state can change before the corresponding
action is taken.
 Attackers can exploit this timing gap to
manipulate the system.
 Example: Checking file permissions before
opening a file, but an attacker replaces the
file with a malicious one before it's opened.
 Prevention methods include:
Atomic operations
Resource locking
Leweyehu Y. Department of Computer
2/28/2025 31
Science
 Program flaws
 Incomplete Mediation
• Occurs when a program fails to properly
validate or enforce all security checks.
• Attackers can bypass incomplete checks to
gain unauthorized access or privileges.
• Example: A program checks user
authentication but fails to validate access
levels for specific resources.
• Prevention methods include:
• Thorough design and review of security checks
• Implementation of comprehensive validation
and authorization mechanisms.
Leweyehu Y. Department of Computer
2/28/2025 32
Science
Controls to protect against program flaws
in execution
• Operating System Support
 Memory Protection:
– Prevents unauthorized access to memory
regions, isolating processes and data.
– Techniques include address space layout
randomization (ASLR) and data execution
prevention (DEP).
 Process Isolation:
– Ensures independent execution of
processes, preventing them from interfering with
each other.
– Implemented through system calls, resource
access control, and virtual memory.

Leweyehu Y. Department of Computer

2/28/2025 33
Science
 Operating System Support Cont’d..
Secure Coding Standards:
– Enforces best practices for code
development to minimize vulnerabilities.
– Examples include input validation, error
handling, and secure memory management.
Patch Management:
– Promptly installs security patches to
address known vulnerabilities.
– Uses automated tools and regular
vulnerability scanning

Leweyehu Y. Department of Computer

2/28/2025 34
Science
 Operating System Support Cont’d..

Least Privilege:
– Grants users and processes only necessary
permissions to perform tasks.
– Limits potential damage from compromised
accounts or processes.
Sandboxing:
– Isolates untrusted code in restricted
environments to contain potential harm.
– Useful for testing or running untrusted
applications.

Leweyehu Y. Department of Computer

2/28/2025 35
Science
 Administrative Controls
o Security Policies:
– Define acceptable use of systems and
resources, including software installation and
execution.
– Address data handling, password
management, and incident response.
o User Awareness Training:
– Educates users about security risks and best
practices to avoid exploitation.
– Covers phishing, social engineering, and safe
browsing habits.

Leweyehu Y. Department of Computer

2/28/2025 36
Science
 Administrative Controls cont’d…
o Incident Handling:
– Establishes procedures to detect, respond
to, and recover from security incidents.
– Includes incident
reporting, investigation, and remediation.
o Auditing and Logging:
– Tracks system events and user activities
for security analysis and forensics.
– Helps identify unauthorized
access, privilege escalation, and potential
attacks.

Leweyehu Y. Department of Computer

2/28/2025 37
Science
 Administrative Controls cont’d…
o Vulnerability Assessments:
– Regularly identifies and prioritizes
system vulnerabilities for remediation.
– Uses vulnerability scanners and
penetration testing tools.
o Penetration Testing:
– Simulates attacks to assess system security
and identify weaknesses.
– Helps validate controls and prioritize
mitigation efforts.
Leweyehu Y. Department of Computer
2/28/2025 38
Science
 Program Security Defenses
• It refer to the measures and strategies implemented to
protect software applications and systems from potential
security threats and vulnerabilities.
Software Development Controls and Testing
Techniques
o Secure Coding Practices:
 Input validation and sanitization to prevent
injection attacks
 Proper error handling to avoid information
leaks
 Use of secure coding standards and guidelines
 Encryption for sensitive data
 Regular code reviews and security audits
Leweyehu Y. Department of Computer
2/28/2025 39
Science
 Program Security Defenses
Software Development Controls and Testing Techniques
o Testing Techniques:
 Static code analysis to identify vulnerabilities early in
development
 Dynamic code analysis to detect vulnerabilities during
execution
 Penetration testing to simulate real-world attacks
 Vulnerability scanning to identify known weaknesses
 Fuzz testing to uncover unexpected errors

Leweyehu Y. Department of Computer

2/28/2025 40
Science
 Program Security Defenses Cont’d…
Database Management Systems Security
• Refers to the measures and practices taken to
protect the DBMS and the data it stores from
unauthorized access, misuse, and
vulnerabilities.
Access Controls:
– Role-based access control (RBAC) to restrict
access to authorized users
– Least privilege principle to grant only necessary
permissions
– Strong authentication mechanisms to verify user
identities

Leweyehu Y. Department of Computer

2/28/2025 41
Science
Database Management Systems Security Cont’d..
Encryption:
– Encryption of sensitive data at rest and in transit
– Use of strong encryption algorithms and key
management practices
 Auditing and Logging:
– Comprehensive logging of database activities
– Regular review of logs to detect anomalies and
potential breaches
 Vulnerability Management:
– Prompt patching of known vulnerabilities.
– Regular security assessments to identify new risks.

Leweyehu Y. Department of Computer

2/28/2025 42
Science
 Ten Most Critical Web Application Security
Vulnerabilities
(http://www.owasp.org)

• Unvalidated Parameters
• Broken Access Control
• Broken Account and Session Management
• Cross-Site Scripting Flaws
• Buffer Overflows
• Command Injection Flaws
• Error Handling Problems
• Insecure Use of Cryptography
• Remote Administration Flaws
• Web and Application Server Misconfiguration

Leweyehu Y. Department of Computer

2/28/2025 43
Science
 Thank You!

Leweyehu Y. Department of Computer

2/28/2025 44
Science