Mục lục bài viết
- 1 Thủ Thuật về What is a piece of programming code usually disguised as something else that causes a computer to behave in an unexpected and usually undesirable mann… 2022
- 2 What is Information Security?
- 3 Security
- 4 Jargon, Principles, and Concepts
- 5 Threats to VoIP Communications Systems
- 6 Defense-in-depth: A recipe for logic locking to prevail
- 6.1 5.1 Vulnerabilities of the key-storage element
- 6.2 Is a set of programs that enables a user to gain administrative access to the computer without the end user’s consent or knowledge?
- 6.3 Which term is defined as an exploit that takes place before the security community or software developer knows about the vulnerability or has been ABL?
- 6.4 Is a large group of computers controlled from one or more remote locations by hackers without the knowledge or consent of their owner?
- 6.5 Is a large group of computers controlled from one or more remote?
- 6.6 đoạn Clip hướng dẫn Share Link Down What is a piece of programming code usually disguised as something else that causes a computer to behave in an unexpected and usually undesirable mann… ?
Thủ Thuật về What is a piece of programming code usually disguised as something else that causes a computer to behave in an unexpected and usually undesirable mann… 2022
Cập Nhật: 2022-08-21 21:35:12,Quý khách Cần kiến thức và kỹ năng về What is a piece of programming code usually disguised as something else that causes a computer to behave in an unexpected and usually undesirable mann…. Bạn trọn vẹn có thể lại Thảo luận ở phía dưới để Mình đc lý giải rõ ràng hơn.
What is Information Security?
Tóm lược đại ý quan trọng trong bài
- What is Information Security?
- Types of attack payloads
- Sample Attacks and Threats
- Jargon, Principles, and Concepts
- Generic Types of Attack
- Threats to VoIP Communications Systems
- ARP Spoofing
- Notes from the Underground…
- Defense-in-depth: A recipe for logic locking to prevail
- 5.1 Vulnerabilities of the key-storage element
- Is a set of programs that enables a user to gain administrative access to the computer without the end user’s consent or knowledge?
- Which term is defined as an exploit that takes place before the security community or software developer knows about the vulnerability or has been ABL?
- Is a large group of computers controlled from one or more remote locations by hackers without the knowledge or consent of their owner?
- Is a large group of computers controlled from one or more remote?
Jason Andress, in
The Basics of Information Security (Second Edition), năm trước
Types of attack payloads
When we look at the types of attacks we might face, we can generally
place them into one of four categories: interception, interruption, modification, and fabrication. Each category can affect one or more of the principles of the CIA triad, as shown in Figure 1.3. Additionally, the lines between the categories of attack and the particular effects they can have are somewhat blurry. Depending on the attack in question, we might argue for it to be included in more than one category or have more than one type of effect.
Figure 1.3. Categories of attack.
Interception attacks allow unauthorized users to access our data, applications, or environments, and are primarily an attack against confidentiality. Interception might take the form of unauthorized file viewing or copying, eavesdropping on phone conversations, or reading e-mail, and can be conducted against data at rest or in motion. Properly executed, interception attacks can be very difficult to
Interruption attacks cause our assets to become unusable or unavailable for our use, on a temporary or permanent basis. Interruption attacks often affect availability but can be an attack on integrity as well. In the case of a DoS attack on a mail server, we would classify this as an availability attack. In the case of an attacker
manipulating the processes on which a database runs in order to prevent access to the data it contains, we might consider this an integrity attack, due to the possible loss or corruption of data, or we might consider it a combination of the two. We might also consider such a database attack to be a modification attack rather than an interruption attack.
Modification attacks involve
tampering with our asset. Such attacks might primarily be considered an integrity attack but could also represent an availability attack. If we access a file in an unauthorized manner and alter the data it contains, we have affected the integrity of the data contained in the file. However, if we consider the case where the file in question is a configuration file that manages how a particular service behaves, perhaps one that is acting as a Web server, we might affect the availability of that
service by changing the contents of the file. If we continue with this concept and say the configuration we altered in the file for our Web server is one that alters how the server đơn hàng with encrypted connections, we could even make this a confidentiality attack.
Fabrication attacks involve generating data, processes, communications, or other similar activities with a system. Fabrication
attacks primarily affect integrity but could be considered an availability attack as well. If we generate spurious information in a database, this would be considered to be a fabrication attack. We could also generate e-mail, which is commonly called spoofing. This can be used as a method for propagating malware, such as we might find being used to spread a worm. In the sense of an availability attack, if we generate enough additional processes, network
traffic, e-mail, Web traffic, or nearly anything else that consumes resources, we can potentially render the service that handles such traffic unavailable to legitimate users of the system.
Read full chapter
John F. Buford, … Eng Keong Lua, in
P2P Networking and Applications, 2009
Sample Attacks and Threats
Theft is an example of an interception attack. Theft attacks can be targeted at the
network, overlay, or application layer with a simple goal of stealing confidential information from others. Theft is the major attack discovered in studies of file sharing system security,479,480,481 in which adversaries took advantage of information leakage and inadvertent disclosures to access confidential information.
Wrapster,486 a không lấy phí utility software initially designed for
Napster users, was released in 2000. It can be used as a tool to enable information leakage in P2P file sharing systems. Wrapster is used to transform any file, such as a program, video, or text, into a file in MP3 format to disguise it. An individual then shares the transformed file as an MP3 file using a P2P file sharing system. A receiving peer uses Wrapster to convert the file to its original format. Thus, using Wrapster together with file sharing software on the company’s network, a
malicious insider could covertly bypass the company security mechanisms and policies, and leak confidential information to anyone participating in the P2P file sharing system.
The most well-known attack is illegal copy and distribution of multimedia content and software. Copyright protection has been a nonstop battle for the Motion Picture Association of America (MPAA) and Recording Industry Association of America (RIAA). According to recent
reports487, U.S. movie studios lose $447 million annually due to trực tuyến piracy. Placing copyrighted content trực tuyến and sharing them freely via P2P file sharing applications has been a key attractor of P2P file sharing and streaming. As a result, MPAA and RIAA have targeted P2P networks as a potential threat. One of the most famous lawsuits perhaps is the RIAA v. Napster case, which led to injunction and shutdown of the original Napster service. The legal controversy has
continued beyond Napster, however. For example, in Elektra v. Barker, RIAA put individual users on the stand. The goal is to prevent unauthorized copying and trực tuyến distribution of music files.
Bandwidth clogging, an example of an interruption class of attack, has been a concern of many corporations and universities. It is especially serious for P2P content distribution applications. The rich multimedia (audio and video) files that P2P
users share are usually large in size. Consequently, P2P multimedia tải về and streaming always cause heavy traffic, which clogs an organization’s network and affects response time and performance of normal business correspondence. The damage escalates when adversaries manipulate peers to issue multimedia tải về or streaming simultaneously. This is the reason that many corporations and universities are banning the use of P2P file-sharing or streaming applications.
Denial of service (DoS) is another important type of interruption attack. Almost any attack that obstructs availability can be categorized as a DoS attack. DoS attacks could cause service breakdown through disruption of physical network components; consumption of resources such as storage, computation, or bandwidth resources; obstruction of communications; and interference with configuration and state information. For example, a DoS attacker may use
malware to max out a user’s CPU time or crash a system by triggering errors in instructions.
P2P networks further open up various possibilities for distributed DoS (DDoS) attacks,488,489,490 networked DoS attacks whereby nodes work together to prevent a system from performing its task. For example, an attacker registers with a P2P overlay, gains access to multiple peer devices, plants zombie processes488 (daemons that perform
the actual attack) on those peer devices, and launches an attack with all the zombies on a target device or service at a predetermined time. With hundreds or thousands of zombies located on a P2P network working together, the victim’s network bandwidth could be easily drained, causing denial of services.
On May 14, 2007, Prolexic Technologies, a network security vendor specializing in protecting web sites from DoS
attacks, issued an alert491 because the company observed an increase in the number and frequency of P2P-based DDoS attacks, which can cause a major local network disruption. “The popularity of peer-to-peer networks has now gained the interest of cyber criminals who see these networks as a huge potential for distributing malware and launching DDoS attacks by convincing 100k+ computers to attack on their behalf. Recently, attackers have found a way to pull off this type of attack
anonymously, and with ease, flooding victims with far more connections than they can handle,” the article stated. According to Prolexic, the most aggressive P2P-DDoS attack is a so-called DC++492 attack, which employs the popular DC++ open-source client for Windows using a Direct Connection network. In a DC++ attack, the adversary acts as a puppet master, instructing peers of a P2P network to connect to a victim’s Website. With a P2P network of size N peers, and each peer
opening m connections simultaneously, the victim’s site could potentially be hit with up to mN connections in short order. Prolexic reported very large DC++ attacks of over 300k (N > 300,000) IP addresses in its article,491 which shows how the DDoS problem constantly evolves. Today, an increasing number of P2P-DDoS attacks are targeting Websites. In these attacks, peers (P2P network client computers, for example) are tricked into requesting a file from
the victim’s site, allowing the adversary to use the P2P network to overwhelm the victim’s site and disrupt its availability. To an adversary, the major advantages of using a DDoS attack include (1) more attack traffic with a large number of distributed or peer resources and (2) more difficulty for the victim to track and shut down the attacking sources or zombies.
DDoS attacks appear in various forms. Mirkovic and Reiher489 classify DDoS attacks
based on degree of automation, communication mechanism, scanning strategy, propagation mechanism, exploited vulnerability, attack rate dynamics, and impact. For example, based on degree of automation, these attacks can be categorized into manual attacks, semiautomatic attacks, and automatic attacks; random, hit list, topological, permutation, and local subnet are several classes that exist in scanning strategy-based classifications. Alternatively, the attacks can be grouped into central,
back-chaining, and autonomous subsets according to their propagation mechanism.
Later in this chapter we look at how P2P overlay networks can be taken advantage of by adversaries to issue DDoS attacks. Some available methods to defend against DoS attacks are also discussed.
The term virus refers to a program that reproduces by introducing a copy of itself and infecting another computer or device without
permission or knowledge of the user. Often the virus is appended to the end of a file or the program header is modified to point to the virus code. A virus, as we all know, can cause severe damage to a system or device. A P2P network offers an attractive platform for attackers to spread viruses. A piece of code, the virus, could appear to be a popular file-sharing program and subsequently when downloaded and accessed could unknowingly affect many peers
in the P2P overlay. The virus gains access to the peers’ devices, modifies data and files on the devices, changes user password or access information, destroys the file system, and more, causing an interception, an interruption, a modification, and/or a fabrication class of attack.
These examples are merely an illustration of the security threats existing in P2P networks. Interested readers can refer to  and  for more discussion.
Read full chapter
Jargon, Principles, and Concepts
Mark Osborne, in
How to Cheat at Managing Information Security, 2006
Generic Types of Attack
When you are analyzing a new system or protocol against malevolent intrusion,
starting at the very basic primitives of CIA can seem self-defeating and long-winded. After all, most attacks inevitably lead to loss of integrity, availability, and confidentiality. For example, a successful buffer overflow attack that allows a hacker shell access will allow that hacker to impact CIA; the same failed attack may compromise availability and integrity, corrupting memory or stalling the applicable service.
Even if you are a great fan of CIA
impact analysis, when it’s applied to specific protocol security analysis many feel it is too abstract and academic. Many prefer to either use common criteria analysis (documented in the next chapter) or to analyze the protocol against generic attack types, as detailed in this section.
Network Enumeration and Discovery
Not really an attack, network enumeration and discovery can be used to assess the extent to
which a network will divulge information about itself. Good examples of bad practices are route protocols that provide routing tables to any peer, just for the asking, and name services and directory services that do the same thing.
Message interception attacks exploit weaknesses in a network’s privacy. If you can intercept
a message and keep a copy (i.e., packet sniffing), you can obtain valuable data.
Message Injection/Address Spoofing
These attacks exploit weaknesses in the way a network establishes transport connections, allowing the attacker to inject traffic masquerade as a valid IP address and thus gain system access. If I know your network management system is on address 10.0.0.1 and your key system is
10.0.0.100, and if I send a system down message to 10.0.0.1 seemingly from 10.0.0.100 in an attempt to cause panic, I am spoofing the source address.
Session hijacking is a combination of interception and injection. It allows an attacker to avoid password protections by taking over an existing connection once authentication is complete. For example, if I am sniffing your
network, I might be aware that you have a Telnet session between your network management system on address 10.0.0.1 and your key system 10.0.0.100. If I send a series of packets to the NMS on 10.0.0.1 that causes you to drop the connection but at the same time continue to send packets to 10.0.0.100 with a spoofed address of 10.0.0.1, I have hijacked the session.
Denial of Service
(DoS) attacks are designed to deny legitimate users access to resources. They can involve many attackers, in which case it is said to be a distributed DoS (DDoS) attack.
Message replay attacks cause disruption by replaying genuine traffic that has been recorded previously using sniffer software.
Social engineering is a term used to describe situations in which an attacker masquerades as a genuine employee and tricks a third party into divulging information (such as a password) that will allow the attacker access to the system. Typical examples include pretending to be an employee, phoning up the help desk, and asking for that employee’s password.
Brute-Force Attacks on Authenticated Services
Brute-force attacks use automated methods to repetitively guess authentication credentials. For example, repeated attempts to log in at the Telnet prompt is an trực tuyến brute-force attack. Offline attacks include using joe-doe or killer-crack to crack a UNIX shadow file or using the crypto workbench to find a secret key.
Read full chapter
Threats to VoIP Communications Systems
Thomas Porter, Michael Gough, in
How to Cheat at VoIP Security, 2007
ARP is a fundamental Ethernet protocol. Perhaps for this reason, manipulation of ARP packets is
a potent and frequent attack mechanism on VoIP networks. Most network administrators assume that deploying a fully switched network to the desktop prevents the ability of network users to sniff network traffic and potentially capture sensitive information traversing the network. Unfortunately, several techniques and tools exist that allow any user to sniff traffic on a switched network because ARP has no provision for authenticating queries or query replies. Additionally, because ARP is a
stateless protocol, most operating systems (Solaris is an exception) update their cache when receiving ARP reply, regardless of whether they have sent out an actual request.
Among these techniques, ARP redirection, ARP spoofing, ARP hijacking, and ARP cache poisoning are related methods for disrupting the normal ARP process. These terms frequently are interchanged and confused. For the purpose of this section, we’ll refer to ARP cache poisoning and ARP
spoofing as the same process. Using freely available tools such as ettercap, Cain, and dsniff, an evil IP device can spoof a normal IP device by sending unsolicited ARP replies to a target host. The bogus ARP reply contains the hardware address of the normal device and the IP address of the malicious device. This “poisons” the host’s ARP cache (see Figure 5.5).
Figure 5.5. ARP Spoofing (Cache Poisoning)
In Figure 5.5, Ned is the attacking computer. When SAM broadcasts an
ARP query for Sally’s IP address, Ned, the attacker, responds to the query stating that the IP address (10.1.1.2) belongs to Ned’s MAC address, BA:DB:AD:BA:DB:AD. Packets sent from Sam supposedly to Sally will be sent to Ned instead. Sam will mistakenly assume that Ned’s MAC address corresponds to Sally’s IP address and will direct all traffic destined for that IP address to Ned’s MAC. In fact, Ned can poison Sam’s ARP cache without waiting for an ARP
query since on Windows systems (9x/NT/2 K), static ARP entries are overwritten whenever a query response is received regardless of whether or not a query was issued.
Sam’s ARP cache now looks like this:
Internet AddressPhysical Address10.1.1.1
This entry will remain until it ages out or a new entry replaces it.
ARP redirection can work bidirectionally, and a spoofing device can insert itself in the middle of a conversation between two IP devices on a switched network (see Figure 5.6). This is probably the most insidious ARP-related attack. By routing packets on to the devices that should truly be
receiving the packets, this insertion (known as a Man/Monkey/Moron in the Middle attack) can remain undetected for some time. An attacker can route packets to /dev/null (nowhere) as well, resulting in a DoS attack.
Figure 5.6. An ARP MITM Attack
Sam’s ARP cache:
Internet AddressPhysical Address10.1.1.1
Sally’s ARP cache:
Internet AddressPhysical Address10.1.1.1
As all IP traffic between the true sender and receiver now passes through the attacker’s device, it is trivial for the attacker to sniff that traffic using freely available tools such as Ethereal or tcpdump. Any unencrypted information (including e-mails, usernames and passwords, and web traffic) can be intercepted and viewed.
This interception has potentially drastic implications for
VoIP traffic. Freely available tools such as vomit and rtpsniff, as well as private tools such as VoipCrack, allow for the interception and decoding of VoIP traffic. Captured content can include speech, signaling and billing information, multimedia, and PIN numbers. Voice conversations traversing the internal IP network can be intercepted and recorded using this technique.
There are a number of variations of the aforementioned techniques. Instead of
imitating a host, the attacker can emulate a gateway. This enables the attacker to intercept numerous packet streams. However, most ARP redirection techniques rely on stealth. The attacker in these scenarios hopes to remain undetected by the users being impersonated. Posing as a gateway may result in alerting users to the attacker’s presence due to unanticipated glitches in the network, because frequently switches behave in unexpected ways when attackers manipulate ARP processes. One unintended
(much of the time) consequence of these attacks, particularly when switches are heavily loaded, is that the switch CAM (Content-Addressable Memory) table—a finite-sized IP address to MAC address lookup table—becomes disrupted. This leads to the switch forwarding unicast packets out many ports in unpredictable fashion. Penetration testers may want to keep this in mind when using these techniques on production networks.
In order to limit damage due to ARP
manipulation, administrators should implement software tools that monitor MAC to IP address mappings. The freeware tool, Arpwatch, monitors these pairings. At the network level, MAC/IP address mappings can be statically coded on the switch; however, this is often administratively untenable. Dynamic ARP Inspection (DAI) is available on newer Cisco Catalyst 6500 switches. DAI is part of Cisco’s Integrated Security (CIS) functionality and is designed to prevent several layer two and layer
three spoofing attacks, including ARP redirection attacks. Note that DAI and CIS are available only on Catalyst switches using native mode (Cisco IOS).
The potential risks of decoding intercepted VoIP traffic can be eliminated by implementing encryption. Avaya’s Media Encryption feature is an example of this. Using Media Encryption, VoIP conversations between two IP endpoints are encrypted using AES encryption. In
highly secure environments, organizations should ensure that Media Encryption is enabled on all IP codec sets in use.
DAI enforces authorized MAC-to-IP address mappings. Media Encryption renders traffic, even if intercepted, unintelligible to an attacker.
The following are some additional examples of call or signal interception and hijacking. This class of threats, though typically more difficult to accomplish than DoS, can result in significant
loss or alteration of data. DoS attacks, whether caused by active methods or inadvertently, although important in terms of quality of service, are more often than not irritating to users and administrators. Interception and hijacking attacks, on the other hand, are almost always active attacks with theft of service, information, or money as the goal. Note that this list is not exhaustive but illustrates some attack scenarios.
VoIP Endpoint Attack Rogue IP endpoint contacts VoIP server by leveraging stolen or guessed identities, credentials, and network access. For example, a rogue endpoint can use an unprotected wall jack and auto-registration of VOIP phones to get onto the network. RAS password guessing can be used to masquerade as a legitimate endpoint. Lax account maintenance (expired user accounts left active) increases risk of exploitation.
Hijacking Registration hijacking occurs when an attacker impersonates a valid UA to a registrar and replaces the registration with its own address. This attack causes all incoming calls to be sent to the attacker.
Proxy Impersonation Proxy impersonation occurs when an attacker tricks a SIP UA or proxy into communicating with a rogue proxy. If an attacker successfully impersonates a proxy, he or she has access to
all SIP messages.
Toll Fraud Rogue or legitimate VoIP endpoint uses a VoIP server to place unauthorized toll calls over the PSTN. For example, inadequate access controls can let rogue devices place toll calls by sending VoIP requests to call processing applications. VoIP servers can be hacked into in order to make không lấy phí calls to outside destinations. Social engineering can be used to obtain outside line prefixes.
Message Tampering Capture, modify, and relay unauthenticated VoIP packets to/from endpoints. For example, a rogue 802.11 AP can exchange flames sent or received by wireless endpoints if no payload integrity check (e.g., WPA MIC, SRTP) is used. Alternatively, these attacks can occur through registration hijacking, proxy impersonation, or an attack on any component trusted to process SIP or
H.323 messages, such as the proxy, registration servers, truyền thông gateways, or firewalls. These represent non-ARP-based MITM attacks.
VoIP Protocol Implementation Attacks Send VoIP servers or endpoints invalid packets to exploit VoIP protocol implementation CVEs. Such attacks can lead to escalation of privileges, installation and operation of malicious programs, and system
compromise. For example, CAN-2004-0054 exploits Cisco IOS H.323 implementation CVEs to execute arbitrary code. CSCed33037 uses unsecured IBM Director agent ports to gain administrative control over IBM servers running Cisco VoIP products.
Notes from the Underground…
Caller ID is a service provided by most telephone companies (for a monthly cost) that will
tell you the name and number of an incoming call. Automatic Number Identification (ANI) is a system used by the telephone company to determine the number of the calling party. To spoof Caller-ID, an attacker sends modem tones over a POTS lines between rings 1 and 2. ANI spoofing is setting the ANI so as to send incorrect ANI information to the PSTN so that the resulting Caller-ID is misleading. Traditionally this has been a complicated process either requiring the assistance of a cooperative
phone company operator or an expensive company PBX system.
In ANI/Caller-ID spoofing, an evildoer hijacks phone number and the identity of a trusted party, such as a ngân hàng nhà nước or a government office, The identity appears on the caller ID box of an unsuspecting victim, with the caller hoping to co-opt valuable information, such as account numbers, or otherwise engage in malicious mischief. This is not a VoIP issue, per se. In fact, one of the big drawbacks about
VoIP trunks is their inability to send ANI properly because of incomplete standards.
Read full chapter
Defense-in-depth: A recipe for logic locking to prevail
M. Tanjidur Rahman, … Mark Tehranipoor, in
5.1 Vulnerabilities of the key-storage element
Protecting the key-storage element is vital for logic locking schemes since the exposure of unlocking key breaks the security of the entire scheme. NVM and OTP memories are
considered as possible key-storage candidates in logic locking schemes. NVMs, like ROM, EEPROM, and Flash, are the prominent candidates for key-storage. The NVM can be realized as off-chip or on-chip memory. As off-chip memory is vulnerable to data interception attack at chip boundary, on-chip NVM is the only suitable choice as secure key storage. Although aforementioned memory technologies are widely deployed by the industry as secure and tamper-proof memories, the main
vulnerability of NVM is the availability of the data stored in the memory during the power-off state. In this state, the memory remains defenseless against any tampering attack. Therefore, an adversary can deploy advanced FA tools to reverse engineer the memory and readout its contents.
Another option for securing key-storage is OTP memory, such as ROM, electric fuse (eFuse) and antifuse. OTP memory facilitates to configure the device before shipping to
the end user once the chip is fabricated. eFuse is a continuous metal or polysilicon shape etched on the silicon surface. An eFuse structure is shown in Fig. 6a. When a voltage is applied to the eFuse, electromigration causes the open circuit in the cell (the broken fuse in Fig. 6a) and program the eFuse . An attacker with access to FA tools can deprocess the entire die and locate the location of eFuse. Later, using the SEM, she can
differentiate between the programmed and unprogrammed eFuse link by observing the metal or silicide link of the eFuse. Similar information can be extracted using electrical probing [13,41]. On the other hand, due to scalability into 7 nm node technology, relatively smaller antifuse cells appear as rising solutions to key-storage element. Antifuse is a standard CMOS transistor which acts as a high resistance in its unprogrammed state. Once electrical stress is
applied to the gate oxide of the transistor (see Fig. 6b), the transistor acts as a low resistance conductive path. Antifuse can also be placed as via between two metal lines in the chip. In such a case, detecting the location of antifuse is difficult with SEM imaging. SEM provides information about the die surface, i.e., the XY plane of the die. However, the lateral information of the metal layers in the die is required to distinguish the antifuse fabricated as via. The
lateral information of the metal layers can only be observed by transmission electron microscopy (TEM). As sample preparation and imaging for TEM are more challenging than SEM, differentiating between the programmed and unprogrammed bits is difficult but not impossible for antifuse. However, once the location of anti-fuse is extracted the stored bit can be probed. Moreover, all the OTPs require higher breakdown voltage and a large peripheral circuit, which introduces area overhead and higher
power consumption .
Fig. 6. (a) Difference between before and after program of a TSMC eFuse structure in Qualcomm Gobi MDM9235 Modem
20 nm HKMG ; (b) 1T-Fuse Bit Cell in DesignWare OTP NVM IP. The cell is programmed by applying a controlled, irreversible breakdown voltage from the gate through the core (gate) oxide to the channel ; (c) Key process steps for 3D Nand fabrication process .
Other conventional examples of NVMs are EEPROM and Flash memories. Each EEPROM cell has two transistors – a floating gate
or storage transistor and a select transistor. The storage transistor has a floating gate which traps the electrons. A Flash cell only has the floating gate transistor and uses the same logic storage mechanism as EEPROM. Since both memory technologies use stored charges in the floating gate for storing the bit values, any attempt to image the memory cell with SEM or TEM can disturb the charges distribution and possibly erase the memory content. Therefore, reverse engineering of such NVMs has
always been considered as a challenging task; even after the recent advancements in FA tools. Nardi et al.  solved the challenge of maintaining the value of stored charge by accessing the memory from the back-side of IC. Once an attacker gets access to the floating gates of EEPROM/Flash, she can use scanning Kelvin probe microscopy (SKPM), scanning probe microscopy (SPM), passive voltage contrast (PVC) or scanning capacitance microscopy (SCM) for extracting the stored value
in the EEPROM/Flash [42,43]. However, the security of the 3D Flash chips (see 3D NAND flash cells in Fig. 6c) have yet to be investigated. In the 3D flash technology, the memory cells, previously organized horizontally, are now stacked vertically and connected with pillar and channels. Although such orientation requires further precaution during polishing the back-side of the chip and PVC analysis, the reverse engineering of 3D NAND memory is, in
principle, still possible.
Physical unclonable functions (PUFs), as other possible candidates for secure key-storage, was developed to generate keys from intrinsic properties of the device . Although PUF has been assumed to be tamper-evident against physical attacks, they have demonstrated vulnerabilities against several non- and semi-invasive attacks, like photonic emission analysis and laser fault injection  Furthermore, the
response of PUF differs for each chip due to process variation which makes it incompatible for ASIC design, where the same mask would be used for fabricating all the chip in the same batch. On the other hand, storing the key value in the battery-backed RAM also does not add any significant security feature to the key-storage as they can be read out through optical attacks, such as thermal laser stimulation (TLS) .
Data remanence in key-storage
like NVM and RAM is another class of vulnerability for all key-storage elements. Data remanence is the residual physical representation (e.g., the trapped charge or voltage) of the data that has been erased from the memory during a tampering attack or regular operation of the chip. A tamper-sensor enclosure can initiate the erasure procedure for memory if the tampering sự kiện is detected. The sensor connects the memory to the ground to zeroized the stored data. However, due to data remanence
effect, an attacker can exploit the residual property of the memory to extract the content of the memory. The data remanence vulnerability occurs when data retention time exceeds the time required by a malicious entity to read out or dump the stored value in another memory location. Consequently, the protection mechanism can be defeated .
Read full article
Is a set of programs that enables a user to gain administrative access to the computer without the end user’s consent or knowledge?
Rootkit is a set of programs that enables the users to gain the administrative access to the computer without the end user’s knowledge or consent. Hence, the correct answer is option “ B ”.
Which term is defined as an exploit that takes place before the security community or software developer knows about the vulnerability or has been ABL?
Zero-day attack. Takes place before the security community or software developer knows about the vulnerability or has been able to repair it.
Is a large group of computers controlled from one or more remote locations by hackers without the knowledge or consent of their owner?
A large group of computers controlled from one or more remote locations by hackers without the knowledge or consent of their owners is called a(n) . ANSWER: botnet 66.
Is a large group of computers controlled from one or more remote?
logic bomb, _____ is a large group of computers controlled from one or more remote locations byhackers, without the knowledge or consent of their owners. Botnets are frequently used todistribute spam and malicious code.
Tải thêm tài liệu tương quan đến nội dung bài viết What is a piece of programming code usually disguised as something else that causes a computer to behave in an unexpected and usually undesirable manner?
– Một số từ khóa tìm kiếm nhiều : ” đoạn Clip hướng dẫn What is a piece of programming code usually disguised as something else that causes a computer to behave in an unexpected and usually undesirable mann… tiên tiến và phát triển nhất , Share Link Cập nhật What is a piece of programming code usually disguised as something else that causes a computer to behave in an unexpected and usually undesirable mann… “.
Thảo Luận vướng mắc về What is a piece of programming code usually disguised as something else that causes a computer to behave in an unexpected and usually undesirable mann…
Bạn trọn vẹn có thể để lại Comments nếu gặp yếu tố chưa hiểu nhé.
#piece #programming #code #disguised #computer #behave #unexpected #undesirable #mann What is a piece of programming code usually disguised as something else that causes a computer to behave in an unexpected and usually undesirable mann…