ls Based Integrity Levels
Project Members
Prajwal Hegde
Prajwal Hegde
Abstract
The ls or the list files command lists the directory contents of the current directory in a UNIX environment. The scope of this project has been scaled down from the functionalities of an operating system to the functionalities of ls. The ls command as described by Wells (2000) supports over 50 command-line options which the user can list the files according to his/her requirements. For instance, if an attacker is able to replace the source code for the ‘ls’ command with the source code for the ‘ls –a’ command, the user will end up displaying all hidden files in his directory every time he uses the ls command. In this manner, an attacker can make use of these different options and exploit them to trigger different security vulnerabilities within the operating system. This project will identify the feasibility and use of defining normal and infected states given different approaches for breaking ls into discrete computational units and identifying malware. The idea here is to separate the different functionalities of ls into discrete computational units by breaking down the source code. Once that is done, this paper discusses the changes induced in the behavior of these computational units when a particular malware is injected into the system. Understanding the changes in the control flow after a system has been compromised, the paper tries to define integrity levels corresponding to different control flow stages that help in gracefully degrading the functionality of the system.