Bugtraq mailing list archives
Need help. Proof of concept 100% security.
From: Balwinder Singh <balwinder () gmx net>
Date: 18 Aug 2003 20:54:54 +0530
Hi All, I have developed an application, which I believe can provide 100% security against various attacks.I can hear people laughing. Hmm.. The applications is called Execution Flow Control (EFC). Details of software can be found at http://203.197.88.14/efc Now the help part: I have put up a site at http://203.197.88.14 which is protected by EFC. It is unpatched RH7.0 system with 2.4.20 kernel, no firewall, no IDS. All holes in the kernel and programs are intentionally kept. It is put up there for people to attack and try to get into the system. Gaining root to system is not enough as another level of protection unfolds when one has become root. There have been 1000+ attacks but no one could get even a normal user. This is first release and there got to be bugs in the system. The fact that so far no one could get into the system, is creating all kinds of complications in me (nervous, sad, bad ...). Machine is up for past one month and I still have a weeks internet time. Can you help me by providing your expert guidance on this software project. Can you help me by breaking into the system and then letting me know how can I improve the software. The paper at http://203.197.88.14/efc gives introduction only. detailes and most recent documentation will be made available as soon as I finish making it (The job is in the pipeline). I know about systrace, but have never used it. ---------------------------------------------------------------------- Brief Introduction of EFC ------------------------- 1. Kernel runs in kernel space, which cannot be modified by user space programs. Each request from program ends up calling a routine in kernel space called syscall. Lets call syscall with arguments just syscalls Each program will make a defind set of syscalls to achieve its objective. Now idea is to watch syscalls that a program is supposed to make during its run time. A database which describes the syscalls that a program can make is called behavior model of the program. Lets assume we can generate a behavior model which perfectly describes an application. Now any deviation from behavior model of program essentially indicates an intrusion at real time. Thus a corrective action can be taken. This makes kernel intelligent which knows which program should do what, rather than a slave of program in which any program can ask anything and kernel will provide it. REGARDS Balwinder --------------------------------------------------------------------- We do not allow postman to bedroom but kernel does. ---------------------------------------------------------------------
Current thread:
- Need help. Proof of concept 100% security. Balwinder Singh (Aug 15)
- Re: Need help. Proof of concept 100% security. Nicholas Weaver (Aug 15)
- Re: Need help. Proof of concept 100% security. Clifton Royston (Aug 15)
- Re: Need help. Proof of concept 100% security. Balwinder Singh (Aug 18)
- Re: Need help. Proof of concept 100% security. Kyle Roger Hofmann (Aug 19)
- Re: Need help. Proof of concept 100% security. Balwinder Singh (Aug 18)
- Re: Need help. Proof of concept 100% security. Crispin Cowan (Aug 15)
- Re: Need help. Proof of concept 100% security. Alaric B Snell (Aug 18)
- Re: Need help. Proof of concept 100% security. Anil Madhavapeddy (Aug 18)
- Re: Need help. Proof of concept 100% security. ari (Aug 20)
- Re: Need help. Proof of concept 100% security. Anil Madhavapeddy (Aug 18)
- Re: Need help. Proof of concept 100% security. Stefano Zanero (Aug 18)
- <Possible follow-ups>
- RE: Need help. Proof of concept 100% security. Joyce, MP (Matthew) (Aug 18)
(Thread continues...)