Security flaws in Windows XP due to Kernel Complexity

1
Security flaws in Windows XP due to Kernel
Complexity
Presented by Zubin Lalani Daniel
Beech Professor Mike Burmester
2
Presentation Outline

• Windows Vs Linux Kernel Organization
• Windows Security Model
• Security Flaws in Windows
• Microsoft Future plans for security

3
Windows Kernel Organization

• Originally designed as stand alone offline
  system
• Over 3000 System calls
• Supports over 4000 distinct system configuration
• Over 50 million lines of code
• 600 million Windows copies (figures of July
  2004)
• Windows 2000 supports more than 7,000 devices

4
Linux Kernel Organization

• Less than 255 system calls for linux
• Linux 2.6 has not more than 4 million phyiscal
  line of code
• Approximate 18 million users
• Lack of distinct hardware support

5
Kernel Organization
Kernel-mode organized into NTOS (kernel-mode
services) Run-time Library, Scheduling,
Executive services, object manager, services for
I/O, memory, processes, Hal (hardware-adaptation
layer) Insulates NTOS drivers from hardware
dependencies Providers facilities, such as
device access, timers, interrupt servicing,
clocks, spinlocks  
6
LINUX ARCHITECTURE
7
Windows Security Model

• Security Model based on securable objects
• Based on per-object rights Generic read,
  write and execute
• Model Involves following concepts
• Security Identifiers
• Access Tokens
• Security Descriptors
• Access Control Lists and Privileges

8
WINDOWS SECURITY MODEL
9
FAMOUS FLAWS

• Mellissa Virus
• Forced Microsoft to completely turn off
  their email system
• Started to affect in March 1999
• More than 80 million
• I Love You Virus
• Affected May 2000
• Brought down www.skyinet.net, deleted
  .mp3 and .jpg files and mails to every contact
  in microsoft Outlook
• 1 Billion financial loss in North America
  alone and more than 2.5 in total
• Affected more than 600000 computer

10
FAMOUS FLAWS

• Code Red
• The economic cost more than 2 billion
• Was so powerful that it forced White House
  to change its numerical
• IP address and prompted the Pentagon to
  takes its website offline
• Blaster Worm
• 500 million or more estimate in Financial loss
• 16 million or more system fell victim
• Exploited the DCOM(Distributed component object
  Model) vulnerability
• Happened in August 2003

11
LATEST SECURITY THREATS

• SPYWARE
• Not a virus but a complete program
• Tracks internet habits and nags you with
  advertisment
• About 2/3rd personal computers are infected
• How it works? - Piggybacked software
  installation,
• Drive-by download, Browser add-ons, Masquerading
  
• as anti-spy ware

12
FUTURE PLANS
Include Windows Anti Spy-ware Technology Improveme
nts in Windows Update Site Singularity
prototype OS - said to be Very Secure
13
Biblography

• http//www.acmqueue.org/modules.php?nameContent
  pashowpagepid159page5
• http//archives.cnn.com/2001/TECH/internet/08/08/
  code.red.II/
• http//computer.howstuffworks.com/virus4.htm
• http//www.exn.ca/nerds/virus.cfm
• http//www.legalelite.com/articles/a-kpasich-0500
  -iloveyoubug.htm
• http//news.com.com/2100-1001-240304.html?legacy
  cnet
• http//users.dot.net.au/rick/ms/culp.html
• http//www.microsoft.com