A Demonstration of the subversion threat : facing a critical responsibility in the defense of cyberspace
Anderson, Emory A.
MetadataShow full item record
This thesis demonstrates that it is reasonably easy to subvert an information system by inserting software artifices that would enable a knowledgeable attacker to obtain total and virtually undetectable control of the system. Recent security incidents are used to show that means, motive, and opportunity exist for an attack of this nature. Subversion is the most attractive option to the professional attacker willing to invest significant time and money to avoid detection and obtain a significant payoff. The objective here is to raise awareness of the risk posed by subversion so that the decision makers responsible for the security of information systems can make informed decisions. To this end, this work provides a complete demonstration of a subverted system. It is shown how a few lines of code can result in a very significant vulnerability. The responsibility to defend information systems cannot adequately be met without considering this threat. Addressing this threat gets to the very nature of the security problem, which requires proving the absence of something - namely, a malicious artifice. Several techniques for demonstrating security are shown to be inadequate in the face of this threat. Finally, a solution is presented with a proposal for future work.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
A framework for dynamic subversion Rogers, David T. (Monterey, California. Naval Postgraduate School, 2003-06);The subversion technique of attacking an operating system is often overlooked in information security. Operating Systems are vulnerable throughout their lifecycle in that small artifices can be inserted into an operating ...
Subversion as a Threat in Information Warfare Anderson, Emory A.; Irvine, Cynthia E.; Schell, Roger R. (Monterey, California. Naval Postgraduate School, 2004-06-00);As adversaries develop Information Warfare capabilities, the threat of information system subversion presents a significant risk. System subversion will be defined and characterized as a warfare tool. Through recent security ...
An exfiltration subversion demonstration Murray, Jessica L. (Monterey, California. Naval Postgraduate School, 2003-06);A dynamic subversion attack on the Windows XP Embedded operating system is demonstrated to raise awareness in developers and consumers of the risk of subversion in commercial operating systems that may be safety critical. ...