[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1061220294.1744.59.camel@limit.tm.org>
Date: 18 Aug 2003 20:54:54 +0530
From: Balwinder Singh <balwinder@....net>
To: bugtraq@...urityfocus.com
Subject: Need help. Proof of concept 100% security.
Hi All,
I have developed an application, which I believe can provide 100%
security against various attacks.I can hear people laughing. Hmm..
The applications is called Execution Flow Control (EFC).
Details of software can be found at http://203.197.88.14/efc
Now the help part:
I have put up a site at http://203.197.88.14 which is protected by EFC.
It is unpatched RH7.0 system with 2.4.20 kernel, no firewall, no IDS.
All holes in the kernel and programs are intentionally kept.
It is put up there for people to attack and try to get into the system.
Gaining root to system is not enough as another level of protection
unfolds when one has become root. There have been 1000+ attacks but
no one could get even a normal user. This is first release and there got
to be bugs in the system. The fact that so far no one could get into the
system, is creating all kinds of complications in me (nervous, sad, bad
...).
Machine is up for past one month and I still have a weeks internet time.
Can you help me by providing your expert guidance on this software
project. Can you help me by breaking into the system and then letting me
know how can I improve the software.
The paper at http://203.197.88.14/efc gives introduction only. detailes
and most recent documentation will be made available as soon as I finish
making it (The job is in the pipeline).
I know about systrace, but have never used it.
----------------------------------------------------------------------
Brief Introduction of EFC
-------------------------
1. Kernel runs in kernel space, which cannot be modified by user space
programs. Each request from program ends up calling a routine in kernel
space called syscall. Lets call syscall with arguments just syscalls
Each program will make a defind set of syscalls to achieve its
objective. Now idea is to watch syscalls that a program is supposed to
make during its run time. A database which describes the syscalls that a
program can make is called behavior model of the program. Lets assume we
can generate a behavior model which perfectly describes an application.
Now any deviation from behavior model of program essentially indicates
an intrusion at real time. Thus a corrective action can be taken. This
makes kernel intelligent which knows which program should do what,
rather than a slave of program in which any program can ask anything and
kernel will provide it.
REGARDS
Balwinder
---------------------------------------------------------------------
We do not allow postman to bedroom but kernel does.
---------------------------------------------------------------------
Powered by blists - more mailing lists