let's say you're a security researcher and you're trying to demonstrate some security problem that involves viruses... it's relatively easy to write your deomonstration code as a non-replicating proof of concept exploit and simply say "this could easily be attached to a virus" and leave it at that - it's perfectly true that it could be attached to a virus, any function you like can be added to a computer virus, they're just programs after all...
that's all well and good if you're dealing with a normal desktop pc or some other platform for which we already know viruses are possible, but what if you're dealing with a system where viruses are as yet unheard of like an internet connected toaster, an assembly line robot, or an electronic voting machine? it may not be enough to just assume viruses are possible on such platforms, of course, because the proof you were trying to construct for the existence/feasability of whatever threat you were trying to demonstrate won't really be much of a proof anymore... you could try proving that the system in question satisfies the requirements of a general purpose computer, after all virus infectability is inherent to the general purpose computing platform, but that's probably going to go over most people's heads...
so try this instead: first show that you can introduce your own code into the system and get the system to execute it, then show that the code you introduce can write a secondary program (like a hello world program) to the systems storage memory and execute it... at this point you've proven self-replication is possible on the system, because if your main program can write a secondary program to the system's storage memory it can also write a copy of itself there...
now, let's say you want more than just basic self-replication, lets say file infection... have your main program do one of the following: write it's secondary program overtop of an existing host program on the system, rename an existing host program to something else and then give your secondary program the name the host program used to have, or change whatever pointer the system used to locate the existing host program so that it points to your new secondary program instead... you have now demonstrated the potential for file infection and so far have still not created a virus...
but wait, there's more - what if that's still not enough (and lets be honest, messing around with a single computer system doesn't really have the impact it used to), what if you need your hypothectical virus to spread to other systems over a network (a network worm)?... this too is relatively simple, instead of having your main program write a secondary program to the local computer's storage memory, have it send the secondary program to a second system along with whatever tricks you need to get the second system to execut it... this demonstrates network spreading because your main program could have just as easily sent a copy of itself rather than a dummy program.... and if you want it to have some real visual appeal, make your hello world program print "i'm infected" instead of "hello world"...
at this point you'll have demonstrated all of the viral characteristics that would be necessary for your larger security proof without actually writing a virus, therefore making the writing of viruses for security proofs (even security proofs for computing platforms for which real viruses are unheard of) unnecessary...
0 comments:
Post a Comment