The National Academies Press

Currently Skimming:

Appendix E: Technical Vulnerabilities Targeted by Cyber Offensive Actions
Pages 360-368

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 360... ... Software Software constitutes the most obvious set of vulnerabilities that an attacker might exploit. In a running operating system or application, vulnerabilities may be present as the result of faulty program design or implementation, and the exploitation of such vulnerabilities may become possible when the targeted system comes into contact with a hostile trigger (either remotely or close up) Read the entire page →
From page 361... ... Whereas vulnerabilities due to faulty design and implementation may be uncovered during the testing process or exposed during system operation and then fixed, vulnerabilities associated with unintended functionality may go undetected because the problem is tantamount to proving a negative. Today, applications and operating systems are made up of millions of lines of code, not all of which can possibly be audited for every changed line of source code. Read the entire page →
From page 362... ... For example, compilers are used to generate object code from source code. The compiler itself must be secure, for it could introduce object code that subversively and subtly modifies the functionality represented in the source code. Moreover, maliciously constructed code intentionally introduced to implant vulnerabilities in a system for later exploitation is typically more difficult to detect than are vulnerabilities that arise in the normal course of software development. Attackers highly skilled in the art of obfuscating malicious code can make finding intentionally introduced vulnerabilities a much harder problem than finding accidental flaws. Read the entire page →
From page 363... ... Vulnerabilities could be deliberately introduced by a cyberattacker, and there is no guarantee that the open source inspection process will uncover such vulnerabilities. For example, a particular sequence of instructions and input combined with a given system state could take advantage of an obscure and poorly known characteristic of hardware functioning, which means that programmers working for an attacking government and well versed in minute behavioral details of the machine on which their code will be running could introduce functionality that would likely go undetected in any review of it. As an example of how outsourcing can be used to introduce vulnera Defense Science Board, "Report of the Defense Science Board Task Force on Mission Impact of Foreign Influence on DoD Software," U.S. Department of Defense, September 2007, p. Read the entire page →
From page 364... ... Hardware includes microprocessors, microcontrollers, firmware, circuit boards, power supplies, peripherals such as printers or scanners, storage devices, and communications equipment such as network cards. Tampering with such components may require physical access at some point in the hardware's life cycle, which includes access to the software and libraries of the CAD/CAM tools used to design Ed Adams, "Biggest Information Security Mistakes That Organizations Make," Security Innovation, Inc., Wilmington, Mass., available at http://www.issa.org/Downloads/ Whitepapers/Biggest-Information-Security-Mistakes_Security-Innovation.pdf. Read the entire page →
From page 365... ... developed two general-purpose methods for designing malicious processors, and used these methods to implement attacks that could steal passwords, enable privilege escalation, and allow automatic logins into compromised systems.11 Furthermore, the implementation of these attacks required only small amounts of modification to the baseline uncompromised processor. (For example, implementation of the login attack used only 1,341 additional logic gates, or 0.08 percent of the 1,787,958 logic gates used in the baseline; yet an attacker using this attack would gain complete and high-level access to the machine.) Read the entire page →
From page 366... ... Configuration management -- the task of ensuring that a system is configured in accordance with actual user desires -- is often challenging and difficult, and errors in configuration can result in security vulnerabilities. (Many errors are the result of default configurations that turn off security functionality in order 13 Defense Science Board, "Report of the Defense Science Board Task Force on Mission Impact of Foreign Influence on DoD Software," U.S. Read the entire page →
From page 367... ... Other configuration errors result from explicit user choices made to favor convenience -- for example, a system administrator may configure a system to allow remote access through a dial-in modem attached to his desktop computer so that he can work at home, but the presence of such a feature can also be used by an attacker. Configuration-based vulnerabilities are in some sense highly fragile, because they can be fixed on very short notice. Read the entire page →

From page 360...

... Software Software constitutes the most obvious set of vulnerabilities that an attacker might exploit. In a running operating system or application, vulnerabilities may be present as the result of faulty program design or implementation, and the exploitation of such vulnerabilities may become possible when the targeted system comes into contact with a hostile trigger (either remotely or close up)

Read the entire page →

From page 361...

... Whereas vulnerabilities due to faulty design and implementation may be uncovered during the testing process or exposed during system operation and then fixed, vulnerabilities associated with unintended functionality may go undetected because the problem is tantamount to proving a negative. Today, applications and operating systems are made up of millions of lines of code, not all of which can possibly be audited for every changed line of source code.

Read the entire page →

From page 362...

... For example, compilers are used to generate object code from source code. The compiler itself must be secure, for it could introduce object code that subversively and subtly modifies the functionality represented in the source code. Moreover, maliciously constructed code intentionally introduced to implant vulnerabilities in a system for later exploitation is typically more difficult to detect than are vulnerabilities that arise in the normal course of software development. Attackers highly skilled in the art of obfuscating malicious code can make finding intentionally introduced vulnerabilities a much harder problem than finding accidental flaws.

Read the entire page →

From page 363...

... Vulnerabilities could be deliberately introduced by a cyberattacker, and there is no guarantee that the open source inspection process will uncover such vulnerabilities. For example, a particular sequence of instructions and input combined with a given system state could take advantage of an obscure and poorly known characteristic of hardware functioning, which means that programmers working for an attacking government and well versed in minute behavioral details of the machine on which their code will be running could introduce functionality that would likely go undetected in any review of it. As an example of how outsourcing can be used to introduce vulnera Defense Science Board, "Report of the Defense Science Board Task Force on Mission Impact of Foreign Influence on DoD Software," U.S. Department of Defense, September 2007, p.

Read the entire page →

From page 364...

... Hardware includes microprocessors, microcontrollers, firmware, circuit boards, power supplies, peripherals such as printers or scanners, storage devices, and communications equipment such as network cards. Tampering with such components may require physical access at some point in the hardware's life cycle, which includes access to the software and libraries of the CAD/CAM tools used to design Ed Adams, "Biggest Information Security Mistakes That Organizations Make," Security Innovation, Inc., Wilmington, Mass., available at http://www.issa.org/Downloads/ Whitepapers/Biggest-Information-Security-Mistakes_Security-Innovation.pdf.

Read the entire page →

From page 365...

... developed two general-purpose methods for designing malicious processors, and used these methods to implement attacks that could steal passwords, enable privilege escalation, and allow automatic logins into compromised systems.11 Furthermore, the implementation of these attacks required only small amounts of modification to the baseline uncompromised processor. (For example, implementation of the login attack used only 1,341 additional logic gates, or 0.08 percent of the 1,787,958 logic gates used in the baseline; yet an attacker using this attack would gain complete and high-level access to the machine.)

Read the entire page →

From page 366...

... Configuration management -- the task of ensuring that a system is configured in accordance with actual user desires -- is often challenging and difficult, and errors in configuration can result in security vulnerabilities. (Many errors are the result of default configurations that turn off security functionality in order 13 Defense Science Board, "Report of the Defense Science Board Task Force on Mission Impact of Foreign Influence on DoD Software," U.S.

Read the entire page →

From page 367...

... Other configuration errors result from explicit user choices made to favor convenience -- for example, a system administrator may configure a system to allow remote access through a dial-in modem attached to his desktop computer so that he can work at home, but the presence of such a feature can also be used by an attacker. Configuration-based vulnerabilities are in some sense highly fragile, because they can be fixed on very short notice.

Read the entire page →

← Previous Chapter Skim

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

Appendix E: Technical Vulnerabilities Targeted by Cyber Offensive Actions Pages 360-368

Appendix E: Technical Vulnerabilities Targeted by Cyber Offensive Actions
Pages 360-368