lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: 18 Aug 2003 20:54:54 +0530
From: Balwinder Singh <balwinder@....net>
To: bugtraq@...urityfocus.com
Subject: Need help. Proof of concept 100% security.


Hi All,

I have developed an application, which I believe can provide 100%
security against various attacks.I can hear people laughing. Hmm..
The applications is called Execution Flow Control (EFC).
Details of software can be found at http://203.197.88.14/efc

Now the help part:
I have put up a site at http://203.197.88.14 which is protected by EFC.
It is unpatched RH7.0 system with 2.4.20 kernel, no firewall, no IDS.
All holes in the kernel and programs are intentionally kept.
It is put up there for people to attack and try to get into the system.
Gaining root to system is not enough as another level of protection
unfolds when one has become root. There have been 1000+ attacks but
no one could get even a normal user. This is first release and there got
to be bugs in the system. The fact that so far no one could get into the
system, is creating all kinds of complications in me (nervous, sad, bad
...).
Machine is up for past one month and I still have a weeks internet time.
Can you help me by providing your expert guidance on this software
project. Can you help me by breaking into the system and then letting me
know how can I improve the software.
The paper at http://203.197.88.14/efc gives introduction only. detailes
and most recent documentation will be made available as soon as I finish
making it (The job is in the pipeline).
I know about systrace, but have never used it.
----------------------------------------------------------------------


Brief Introduction of EFC
-------------------------

1. Kernel runs in kernel space, which cannot be modified by user space
programs. Each request from program ends up calling a routine in kernel
space called syscall. Lets call syscall with arguments just syscalls

Each program will make a defind set of syscalls to achieve its
objective. Now idea is to watch syscalls that a program is supposed to
make during its run time. A database which describes the syscalls that a
program can make is called behavior model of the program. Lets assume we
can generate a behavior model which perfectly describes an application.
Now any deviation from behavior model of program essentially indicates
an intrusion at real time. Thus a corrective action can be taken. This
makes kernel intelligent which knows which program should do what,
rather than a slave of program in which any program can ask anything and
kernel will provide it.


REGARDS

Balwinder

---------------------------------------------------------------------
We do not allow postman to bedroom but kernel does.
---------------------------------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ