SECURED SOFTWARE SYSTEMS
Författare
Biodoumoye George Bokolo
Last Updated
för 5 år sedan
Licens
Creative Commons CC BY 4.0
Sammanfattning
Buffer overflow attacks, Integer overflow attacks and other forms of attack.
Buffer overflow attacks, Integer overflow attacks and other forms of attack.
\documentclass[english]{article}
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}
\usepackage{babel}
\usepackage{amsmath}
\usepackage{graphicx}
\usepackage{fancyhdr}
\pagestyle{fancy}
\fancyhf{}
\renewcommand{\headrulewidth}{0pt}
\setlength{\headheight}{40pt}
\begin{document}
\title{\bf SECURED SOFTWARE SYSTEMS}
\author{Biodoumoye George Bokolo }
\maketitle
\thispagestyle{fancy}
\begin{center}
(Affiliations)\textsuperscript{1} INDEPENDENT STUDY:CSIS 6033\\
(Affiliations)\textsuperscript{2} Instructed and Guided by Dr. Luis Cueva Parra\\
(Affiliations)\textsuperscript{3} Department of Mathematics and Computer Science: Cyber-Systems and Information Security Graduate Program\\
(Affiliations)\textsuperscript{4} Auburn University at Montgomery, Alabama, USA.\\
(Affiliations)\textsuperscript{5} Study Material Credit: Carnegie Mellon University (https://www.ece.cmu.edu/~ece732/s18/)\\
\end{center}
\vspace{1cm}
\begin{center}
{\bf ABSTRACT}
\end{center}
The is a research based on a an independent study class in summer 2018 with Dr. Cueva Parra. The research, codes and papers was based on writing and improving on already written codes from Dhaval Kapil, Jmanico and Andrew Smith's codes and my own research and modification of those codes to suit the target of this research. There are 2 sections to this paper and research. The first section deals with different types of Secured software systems and programs in C language explaining the different vulnerabilities and attacks. The second session is strictly researched based papers. This paper is mainly based on understanding, explaining and making an explicit explanation for anyone else to read and understand the concepts of Buffer overflow attacks, Integer overflow attack and format strings. The other half of the paper is a researched based paper on scholarly reviewed journals, papers, essays, research and my own findings and conclusions on Memory Protections, Virtual Machines, Control Flow integrity, Runtime Enforcements and a little bit of Digital Forensics.
\begin{center}
{\bf SECTION I}
\end{center}
\begin{center}
{\bf 1. INTRODUCTION}
\end{center}
Buffer Overflow attack, Integer Overflow attack and Format String attacks has been a huge programmer error since programming languages but it was not noticed by attackers because languages are new and there were little or no attackers. All that was needed in the past was to do wonderful calculations that man can not do with programming, and many other human impossibilities and hackers got certified to be ethical hackers but then everything that has a good aspect somehow creates a bad aspect while doing good -hence programming.
\vspace{0.2CM}
The vulnerabilities in programming languages are its worst enemies and hence overflow attacks. When a buffer, memory size, data type, or sting use is overflown or unsafe to use and still being used, then the use of the code defeats it's purpose of creating a buffer or using those strings in the first place. This vulnerabilities are mostly common in C and C++ codes, hence our concentration.
\vspace{0.2CM}
This paper goes into details explain the different vulnerabilities of this programs using C codes and how they can be explioted, what harm they could do and how it generally works against the programmer which in most cases is a legitimate company.
\vspace{0.2CM}
Some independent study on Runtime Enforcement, Virtual Machines, CFI and Digital Forensics are written in the second section of this paper.
\begin{center}
{\bf 2. BUFFER OVERFLOW}
\end{center}
Buffer overflow is the most common form of insecurity and vulnerability in IT, networking, Internet and many more software systems. Buffer overflow is when a program or a process writes more data into a fixed size block of memory than the designated memory can hold. Buffers are blocks of memory with restricted size content of data and when more data is written in a location and it is more than the needed size, then there is a buffer overflow and this happens very often.
\vspace{0.2CM}
Buffer overflow is a temporary data space area that has a limited spaces allocated to a single task. During buffer overflow, the alloted buffer memory can contain what ever is related to the task, but an overflow occurs when more inputs of data keeps coming in and the buffer cannot not reject it, so it keeps taking more and more data and thereby overwriting the data already stored that is critical to the task in that buffer. Input could be direct interaction, receiving a data file, remote request, or general data processing.
\vspace{0.5CM}
\begin{center}
{\bf 2.1 BUFFER OVERFLOW ATTACKS}
\end{center}
Buffer overflow can provide incorrect instructions and results, jeopardize security bridges or Now there are vulnerabilities that are accompanied with buffer overflow and that will be discussed in the future.
\vspace{0.1CM}
Since buffer overflow are the most common and popular vulnerabilities, they are most remote penetration attacks that any organization should be concerned about because they are easy to exploit and they give the attacker the ability to inject and execute attack codes easily.
\vspace{0.1CM}
Buffer overflow attacks is when the flows in error handling and input checks are exploited during the process of passing more data to the buffer than it can handle eg bad networking, bad input handling, allows for unpredictable situations like the attack.
There are two ways to gain control of the host by using an attack code, they include:
\begin{itemize}
\item Inject it: A string of code is inputed to a program that stores in a buffer. This strings are actually CPU instructions and the attack code is stored in the buffer. In this case, the buffer does not need to be over flowed to do this, it can be injected at the right size of the buffer. It does not also matter where the buffer is located weather on the stack, heap or static data area, the attack can be effective.
\item It is already in there: Most of the time, the code the attacker needs is already written by the victim in the programs address space. The attacker just need to parameterize the code and make the program to jump to that location. This jump can be done by using activation records, function pointers, or long jump buffers.
\end{itemize}
\vspace{0.5CM}
\begin{center}
{\bf 2.2 SOLUTIONS TO BUFFER OVERFLOW ATTACKS AND VULNERABILITIES}
\end{center}
The aim of the attacker is to subvert the function of a code or program to take control of the host and control the program.
There are four basic approaches to defending buffer overflow attacks and vulnerabilities:
\begin{itemize}
\item Brute force methods
\item Operating system approach: This helps to make the storage areas of buffers non-executable and prevents hackers from injecting codes for attack.
\item Direct Compiler approach: this does array bounds checks on all array accesses and overflow buffer attacks are completely impossible but it very expensive to maintain.
\item Indirect Compiler approach: This is an integrity check on code pointers before dereferencing is done can definitely stop buffer overflow attack.
\end{itemize}
Mostly buffer overflow attacks can be stopped by doing the above and the following:
\begin{itemize}
\item Stopping data when buffer is filled up. Boundary protections
\item Constant monitoring during updates and upgrades
\item Using some programming languages that are not vulnerable to buffer overflow attacks eg C, C++, etc.
\end{itemize}
\vspace{0.5CM}
\begin{center}
{\bf 2.3 EXAMPLE 1 OF A TYPICAL BUFFER OF ATTACK}
\end{center}
\begin{verbatim}
#include <stdio.h>
void Hack()
{
printf("Opps! You have been Hacked!!!!\n");
}
int main()
{
char buffer[30];
printf("Enter some text:\n");
scanf("%s", buffer);
printf("You entered: %s\n", buffer);
return 0;
}
\end{verbatim}
\vspace{0.5CM}
Buffer Overflow as explained by Dhaval Kapil on this website https://dhavalkapil.com/
blogs/Buffer-Overflow-Exploit/ was the main source of information to explain and execute this Buffer Overflow attack.
\vspace{0.2CM}
The code below explains a simple steps to identify vulnerability, attack the vulnerability and basic buffer over flow attack. The vulnerability in this code is the return address and so we will modify it and execute it as well.
\vspace{0.2CM}
In the code, there is a Hack method, that prints a simple message to boost your ego about the attack. In that method, an actual attack can be initialized, you can install a program, you can shut the system down, you can pop-up the terminal or cmd to instantiate a new function, start or halt a process. You get the point, you can do any thing in that method. The vulnerability in the code can also cause the program to crash or corrupt and this can easily be done in stack/heaps where a memory space is dedicated to a particular input at a given time.
\vspace{0.5CM}
The main method executes the code: checks the buffer size which was assigned, The input is supposed to be random character (or whatever you choose) within the buffer size, first, to test the code and ensure that it works. Then, you can try breaking the code and overflowing the memory of the buffer.
\vspace{0.2CM}
It is very important to use the -fno-stack-protector when running the code to avoid the stack smashing error. This is not applied to all systems. MAC, Linux Ubuntu and Linux Mint works differently in this case. Using Mint, it is safer to used that command to ensure that the code compiles correctly and if you dont use that, you can not tell when the code is having a smash error and when it is a segmentation fault or buffer overflow.
\begin{figure}[ht!]
\caption{Execution Error -Stack Smashing Detection}
\centering
\includegraphics[width=1.2\textwidth]{RunninCode.png}
\end{figure}
\begin{verbatim}
To compile, run and execute the code above follow the steps on the screenshot.
Note: The name of the c code is BufferOverflow.c and the output file is buff.
\end{verbatim}
\begin{figure}[ht!]
\caption{Compiling, Running and Executing the Code}
\centering
\includegraphics[width=1.3\textwidth]{objdump.png}
\end{figure}
\begin{verbatim}
To get the assembly language code from your terminal " objdump -d ./filename
\end{verbatim}
\begin{figure}[ht!]
\caption{Assembly Language explanation of the code: OBJDUMP}
\centering
\includegraphics[width=1.1\textwidth]{ObjDumpHackFUntion.png}
\end{figure}
These are very important to note:
\begin{itemize}
\item The address of Hack Function is 004005ed in hex
\end{itemize}
\begin{itemize}
\item Since our machine is little endian (Little-endian format reverses this order: the sequence addresses/sends/stores the least significant byte first (lowest address) and the most significant byte last (highest address)), we need to reverse the order of the types. You need to find out if your machine is little-endian or big endian. In this case it is going to be "ed 05 40 00". The location of the dump from the disassembly always happen to be the same all the time.
\end{itemize}
\begin{itemize}
\item To execute the code in python, type in this command on your terminal window
\begin{verbatim}
python -c 'print "a"*32 + "\xed\x05\x40\x00"' | .\baby
\end{verbatim}
\end{itemize}
\begin{figure}[ht!]
\caption{Final Results}
\centering
\includegraphics[width=1.3 \textwidth]{final.png}
\end{figure}
Now the final screen shot explains the result of the entire process. In that screen shot the buffer has been overflown and the address return address has been modified. The hack function was not called, which is easily rectifiable but the 32 characters of "a" was printed and a " set of unknown characters at the end" which exceeds the buffer size and gives room to execute any other command.
\vspace{0.2CM}
I tried running this code in a MAC terminal and the results are different, the hack method object dump register worked but in case your computer is just like mine, you can run the code without the HACK method.
\begin{figure}[ht!]
\caption{Remove Hack Method-Final Results}
\centering
\includegraphics[width=0.8 \textwidth]{segment.png}
\end{figure}
\vspace{0.2CM}
\textbf{Segmentation Error} occurs when a program is attempting to access a memory location that is not allocated or allowed because it is either below or in this case above the buffer size. You can also see that the memory was access and the error occurred after the memory location has already been access.
\vspace{0.2CM}
In this case, i reduced the buffer size to 5 and removed the hack method and when I ran the code I was able to print 5 character and even more. Note: size of buffer is 5 bytes and not 5 characters, so the number of characters allowed is 2 to the power of 5 which is 32 and this applies to all the memory size cases in the entirely of this paper.
\vspace{0.1CM}
When I tried typing in 10 characters and even 31 characters it took it in without grumbling but when I type in 33 characters and above, it brought up the segmentation error.
\vspace{0.5CM}
\begin{center}
{\bf 2.4 EXAMPLE 2 OF A TYPICAL BUFFER OF ATTACK}
\end{center}
This is a simpler and much easier example of buffer overflow attacks.
\vspace{0.5CM}
\begin{verbatim}
#include <stdio.h>
#include <string.h>
void Hack (void)
{
char buf[5]; //Buffer size is 5 and the number of characters expected is 2^5 = 32
gets(buf); // warning: the `gets' function is dangerous and should not be used.
printf("%s\n", buf); //prints the password and buff size
}
int main(void)
{
printf("Enter the password\n");
Hack(); //calls the hack method
printf("Great, That is within the Buffer size\n");
return 0;
}
\end{verbatim}
You are expected to enter a password to a nonexistent account lol. Type in a few characters within the buffer size which in this case is 5.
\begin{center}
\bf 2.5 RESULTS: COMPILE AND RUN
\end{center}
\begin{verbatim}
biodoumoye@biodoumoye-HP-650-Notebook-PC ~/Desktop/Independent Study SUmmer 2018/Project Final $ gcc -fno-stack-protector BuffOverFlow.c
BuffOverFlow.c: In function ‘Hack’:
BuffOverFlow.c:7:11: warning: ‘gets’ is deprecated (declared at /usr/include/stdio.h:638) [-Wdeprecated-declarations]
gets(buf); // warning: the `gets' function is dangerous and should not be used.
^
/tmp/ccA4xaQj.o: In function `Hack':
BuffOverFlow.c:(.text+0x10): warning: the `gets' function is dangerous and should not be used.
biodoumoye@biodoumoye-HP-650-Notebook-PC ~/Desktop/Independent Study SUmmer 2018/Project Final $ ./a.out
Enter the password
HackHackHackHack
HackHackHackHack
Great, That is within the Buffer size
biodoumoye@biodoumoye-HP-650-Notebook-PC ~/Desktop/Independent Study SUmmer 2018/Project Final $ ./a.out
Enter the password
HacKHackHackHackHackHackHackHackHackHackHackHackHackHack
\end{verbatim}
You can see how the code compiles, runs and gets executed.
\begin{figure}[ht!]
\caption{Buffer Overflow attack Example 2-Final Results}
\centering
\includegraphics[width=0.9 \textwidth]{SuccessfullyRan.png}
\end{figure}
\begin{figure}[ht!]
\caption{Assembly Language Dump Example 2-Final Results}
\centering
\includegraphics[width=0.7 \textwidth]{assemblyLang.png}
\end{figure}
\begin{figure}[ht!]
\caption{Buffer address on Assembly language Example 2-Final Results}
\centering
\includegraphics[width=0.8 \textwidth]{assembly1.png}
\end{figure}
\vspace{0.5cm}
In the above picture, the highlighted is the location of the return address.
Here, a small junk of memory has been overwritten by a call to retq by using the eip
\begin{figure}[ht!]
\caption{Buffer Overflow attack (Assembly Language return address modification) Example 2-Final Results}
\centering
\includegraphics[width=0.8 \textwidth]{Oveflow.png}
\end{figure}
\vspace{0.2CM}
To avoid Buffer overflow, the following function use should be avoided and replaced with the example listed
\begin{verbatim}
\item gets() -> fgets() - read characters
\item strcpy() -> strncpy() - copy content of the buffer
\item strcat() -> strncat() - buffer concatenation
\item sprintf() -> snprintf()
\end{verbatim}
Note:
There are 3 reasons why the Hack method did not work and to ensure that yours works, you have to do the following:
\begin{itemize}
\item Find out if your system is a little endian or big endian system and this will let you know if you have to reverse the order of the return address
\item you can compile your code using the "-no-pie" flag to ensure that the wrong characters are omitted and then you can get the right return address and bypass errors
\item Be sure of the system processor you are using to run and compile your code, sometimes the buffer memory allocated might be more or less compared to the bit system and in my system, that was part of the issue.
\item Take note of the gcc version you are using, in some case you might need to downgrade or upgrade to a different version. I had 4.8 version and I upgraded to 6.0 version and I still had the same problem but when I downgraded to the 5.4 version, my code ran successfully and printed a space for extra characters -hence the buffer overflown
\end{itemize}
\begin{figure}[ht!]
\caption{Buffer address on Assembly language Example 2-Final Results}
\centering
\includegraphics[width=0.8 \textwidth]{see.png}
\end{figure}
\vspace{5CM}
\begin{center}
{\bf 3. BASIC INTEGER OVERFLOW}
\end{center}
Integer overflow bugs are also vulnerabilities that can be used to exploit a code to strike an attack, a crash a program or gain absolute access and control to the program or its function for easy manipulation.
This overflow attacks are usually done in C or C++ codes compiled binary, hence it us very important to take cognizance during code writing and compilation. practice makes you perfect in avoiding vulnerabilities.
\vspace{0.2CM}
Integer overflow is similar to buffer overflow in many ways except buffer over deals with memory allocation and integer overflow deals with data type( numeric) overflow.
Integers are whole numbers and does not include fractions. There is an overflow when an input can output fractions
\vspace{0.2CM}
In the code below, I will be using Process registers - this is a designated amount of storage space and allocation of data to that space on the processor. For instance, if the binary width of a register is 8bits, then the maximum size of data that can be stored is 2 to the power of 8 -1 = 255 and so on.
\begin{verbatim}
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int main (int argc, char **argv)
{
int val, i;
char *memory;
if (argc < 2)
exit(1);
val = atoi(argv[1]); // converts strings to integer
if (val > 0){
memory = malloc(val * sizeof(char *)); // Possible Overflows here
//checks if input value before memory allocation is greater than 0
//malloc(0) allocates memory with 0 that allows for overwriting segments of heap
if (memory == NULL)
{
printf(" Failure \n");
exit(2);
}
}
for (i =0; i<val; i++)
{
memory[i] = 'A'; // Prints A as many times as the user requests(5) hereby assigning memory size to be 5 * the size of the character *
printf("%c", memory[i] );
}
printf("\n");
return 0;
}
\end{verbatim}
Now with the above knowledge, the explanation of integer overflow should be a little bit more explicit. If we have 2 8bit unsigned integer values x and y. For x, the max is 8bits, 255, which is 0xFF in hex, and y is a 0x1, when x and y is added together, the result will be 0x100. In this case, there is an integer overflow because allocated binary register can only store 8bits which is 255 maximum value of data but it is overflown because it now has 256 values calculated. 0x100 is too large and hence, an integer overflow.
\vspace{0.2CM}
In C, the size of a computational result is truncated to a size that fits the process register width, meaning the maximum representation value is adjustable in the sense that the values wraps up during an overflow to result in a smaller value or a negative number.
The code is used to print this statement " A" as many times as the user signifies.
\begin{figure}[ht!]
\caption{Prints A 5 times}
\centering
\includegraphics[width=2\textwidth]{integer.png}
\end{figure}
\vspace{0.2CM}
In the above picture, the buffer memory now has a size of 5 and since in C, the computation of integer values are never over overflown because the buffer size us always added to one and the Unit\_maximum This means that
\begin{verbatim}
5(val) * sizeof(char*) which always result to zero. the buffer memory is now 5 * sizeof(char*).
\end{verbatim}
which always result to zero. the buffer memory is now 5 * sizeof(char*).
\vspace{0.2CM}
This code uses malloc(0) to assign the memory size to zero after checking if it is zero and then the memory can be overwritten.
The result of the arithmetic has a huge chance of overflowing.
\vspace{0.5CM}
Try this computation to proof overflow:
\vspace{0.1CM}
sizeof(char *) = 4
\vspace{0.1CM}
INT\_MAX = 4294967295
\vspace{0.1CM}
INT\_MAX + 1 = 4294967296
\vspace{0.1CM}
4294967296 / 4 = 1073741824
\vspace{0.1CM}
when 1073741824 is inputted, malloc(0) method is called and even if the value is greater than 0.
Now compile and run the code again using the input that most definitely will overflow-
\begin{figure}[ht!]
\caption{Prints A 1073741824 times}
\centering
\includegraphics[width=0.9\textwidth]{integers.png}
\end{figure}
\vspace{0.1CM}
You notice the val>0 check is omitted and malloc(0) did allocate memory to the segment on the heap and then the overwriting was done and A was printed 1073741824 times which should ordinarily not be accommodated in the memory space allocated. That is the overflow.
\vspace{0.2CM}
\begin{center}
{\bf 3.1 INTEGER OVERFLOW ATTACK EXAMPLE 2}
\end{center}
\begin{verbatim}
#include <stdio.h>
int main(int argc, char *argv[]){
char buffersize[8];
int i = atoi (argv[1]);
memcpy(buffersize, argv[2]);
printf("The number of characters and in bytes = %d = %d\n" ,i, i*sizeof(int) );
printf("The buffer is %s\n", buffersize );
}
\end{verbatim}
\begin{figure}[ht!]
\caption{Compile and Run: Negative Value}
\centering
\includegraphics[width=0.9\textwidth]{IntegerOver2.png}
\end{figure}
\begin{figure}[ht!]
\caption{Try a larger Number}
\centering
\includegraphics[width=0.9\textwidth]{HigerNumber.png}
\end{figure}
This is a much more simple and explicit code. The code defines the buffer and assigns a certain size to it and in this case 8, and defines an integer i that takes it's value as an argument, converting string input to integer. Then does a memory copy the buffer from the second argument into the buffer it's size which has already been declared and now the argument is returned with its size which is multiplied by 4 byte.
\vspace{0.5cm}
Now after running the program, you can see the result from the screen shot. We then tried a negative value and that resulted to a memory segmentation fault and that is because there is an overflow. This also happens in the second screen shot when we tried a higher value that is way higher than the buffer size, it also gave an error.
\vspace{0.5CM}
\begin{center}
{\bf 4. EXPLOITING FORMAT STRINGS VULNERABILITY}
\end{center}
When the input string data can be evaluated as a command, then a Format String attack has occurred. A format string is an ASCII string that contains text and format parameters. This parameters are mostly used by functions in a class of a program and mostly in C language. Some of the format strings shows locations, provides formatted input or output and so on.
\begin{verbatim}
printf is the most popular and widely used format string in c and it gives you a lot of leverage as to how the output will look or should be formatted or printed out. When printing you want to make the output look nicer, more understandable, well indented and readable, then this strings comes in like next line string "\n", \t for tab,getting a location on a drive on a path, then you will understand the need for those format strings.
\end{verbatim}
\vspace{0.5cm}
When a function has a number of arguments that must be parsed to it, an attacker can use that as a vulnerability to deceive the program and pass more than the needed arguments because sometimes there are no limits to the number of arguments that can be parsed.
\begin{verbatim}
#include<stdio.h>
int main(int argc, char** argv) {
char buffer[10];
strncpy(buffer, argv[1], 5);
printf(buffer);
return 0;
}
\end{verbatim}
Using the above C code for instance, there is one argument for the print format string but then an attacker can parse in more than one string and deceive the printf function into believing that it needed 5 arguments and then print function will not reject the request, it will print all 5 arguments on the stack.
\vspace{0.2cm}
If you are careful you can tell that the compiler grumbled when compiling and that should tell you that the software is not secured or safe and has some sort of vulnerability that can be exploited.
\begin{figure}[ht!]
\caption{Buffer Overflow attack (Assembly Language return address modification) Example 2-Format String- Printf formatted}
\centering
\includegraphics[width=0.8 \textwidth]{format.png}
\end{figure}
Any string can be formatted and that can cause a program or an application to behave a way that it was not designed to behave and that because an attacker has gained access to the code by formatting a string that was a oversight vulnerability on the part of the programmer.
List of strings that can easily be formatted includes the following but not limited to:
\begin{enumerate}
\item printf
\item writef
\item gets
\item scanf
\item fprint
\item vsnprintf
\item sprintf
\end{enumerate}
\vspace{30cm}
\begin{center}
{\bf SECTION II}
\vspace{2cm}
{\bf RESEARCH PAPERS: Memory Protections, Virtual Machines, Android Isolation and Confinement, Control Flow integrity, Runtime Enforcements and Digital Forensics}
\end{center}
\vspace{18cm}
\vspace{1cm}
\begin{center}
{\bf 5. \textbf{CONTROL-FLOW INTEGRITY, PRINCIPLES, IMPLEMENTATIONS AND APPLICATIONS}}
\end{center}
Computers as effective and efficient as they are and have made our lives and jobs easy, they are also subject to attacks. This attacks are usually to gain unauthorized accessed to confidential documents and locations, alter those information and make them inaccessible and unavailable for users or owners. The attack can come in a software application attack or via hardware attacks e.g. break ins. Most of the time, we invite this attacks by creating vulnerabilities that we know of or don't know about e.g. Buffer Overflow as discussed above, keeping certain data unsafe carelessly. are often subject to external attacks that aim to control software behavior.
\vspace{0.5cm}
The most dreaded part of computer sceince and computer security is the combination of this attacks and the challenges they bring. The enforcement of Control-Flow Integrity (CFI), that aims to meet these standards for trustworthiness. The paper introduces CFI enforcement, presents CFI and security. The CFI security policy dictates that software execution must follow a path of a Control-Flow Graph (CFG) determined ahead of time. The CFG in question can be defined by analysis; source code analysis, binary analysis, or execution profiling. For our experiments, we focus on CFGs that are derived by a static binary analysis. CFGs can also be defined by explicit security policies, for example written as security automata.
\vspace{0.5cm}
A security policy is of limited value without an attack model. CFI enforcement provides protection even against powerful adversaries that have full control over the entire data memory of the executing program. CFI enforcement is effective against a wide range of common attacks, since abnormal control-flow modification is an essential step in many exploits; independently of whether buffer overflows and other vulnerabilities are being exploited.
\begin{center}
{\bf 5.1 CONTROL-FLOW INTEGRITY}
\end{center}
Control Flow Integrity is a policy that restricts the execution flow of a program at runtime to a predetermined CFG by validating indirect control-flow transfers. On the machine level, indirect control-flow transfers may target any executable address of mapped memory, but in the source language (C, C++, or Objective-C) the targets are restricted to valid language constructs such as functions, methods and switch statement cases. Since the aforementioned languages rely on manual memory management, it is left to the programmer to ensure that non-control data accesses do not interfere with accesses to control data such that programs execute legitimate control flows. Absent any security policy, an attacker can therefore exploit memory corruption to redirect the control-flow to an arbitrary memory location, which is called control-flow hijacking.
\vspace{1cm}
CFI closes the gap between machine and source code semantics by restricting the allowed control-flow transfers to a smaller set of target locations. This smaller set is determined per indirect control-flow location. Most CFI mechanisms determine the set of valid targets for each indirect control-flow transfer by computing the CFG of the program.
Note that languages providing complete memory and type safety generally do not need to be protected by CFI. However, many of these “safe” languages rely on virtual machines and libraries written in C or C++ that will benefit from CFI protection.
The security guarantees of a CFI mechanism depend on the precision of the CFG it constructs. The CFG cannot be perfectly precise for non-trivial programs. Because the CFG is statically determined, there is always some over-approximation due to imprecision of the static analysis. An equivalence class is the set of valid targets for a given indirect control-flow transfer.
\begin{center}
{\bf \textbf{ 5.2 CLASSIFICATION OF CONTROL-FLOW TRANSFERS}}
\end{center}
Control-flow transfers can broadly be separated into two categories:
\begin{enumerate}
\item forward and
\item backward. Forward control-flow transfers are those that move control to a new location inside a
program. when a program returns control to a prior location, we call this a backward control-flow.
\end{enumerate}
A CPU’s instruction-set architecture (ISA) usually offers two forward control-flow transfer instructions: call and jump. Both of these are either direct or indirect, resulting in four different types of forward control-flow:
\textbf{Direct jump}: is a jump to a constant, statically determined target address. Most local control-flow, such as loops or if-then-else cascaded statements, uses direct jumps to manage control.
\textbf{Direct call}: is a call to a constant, statically determined target address. Static function calls, for example, use direct call instructions.
\textbf{Indirect jump}: is a jump to a computed, i.e., dynamically determined target address. Examples for indirect jumps are switch-case statements using a dispatch table, Procedure Linkage Tables (PLT), as well as the threaded code interpreter dispatch optimization [Bell 1973; Debaere and van Campenhout 1990; Kogge 1982].
\textbf{Indirect call}: is a call to a computed, i.e., dynamically determined target address. The following three examples are relevant in practice:
\vspace{0.5cm}
Function pointers are often used to emulate object-oriented method dispatch in classical record data structures or for passing callbacks to other functions. V-table dispatch is the preferred way to implement dynamic dispatch to C++ methods. A C++ object keeps a pointer to its v-table, a table containing pointers to all virtual methods of its dynamic type. A method call, therefore, requires
\begin{enumerate}
\item dereferencing the v-table pointer,
\item computing table index using the method offset determined by the object’s static type, and
\item an indirect call instruction to the table entry referenced in the previous step. In the presence of multiple inheritance, or multiple dispatch, dynamic dispatch is slightly more complicated.
\end{enumerate}
\begin{center}
{\bf \textbf{5.3 CFI AND SECURITY}}
\end{center}
Constraining control flow for security purposes is not new. For example, computer hardware has long been able to prevent execution of data memory, and the latest x86 processors support this feature.
At the software level, several existing mitigation techniques constrain control flow in some way, for example by checking stack integrity and validating functions returns by encrypting function pointers or even by interpreting software using the techniques of dynamic machine-code translation. The distinguishing features of CFI are its simplicity, its trustworthiness and amenability to formal analysis, its strong guarantees even in the presence of a powerful adversary with full control over data memory, and its deploying ability, efficiency, and scalability.
\vspace{0.5cm}
Like many language-based security techniques, but unlike certain systems for intrusion detection, CFI enforcement cannot be subverted or circumvented even though it applies to the inner workings of user-level programs.
\vspace{0.5cm}
The use of high-level programming languages has, for a long time, implied that only certain control flow javascript would be expected during software execution. Even so, at the machine-code level, relatively little effort has been spent on guaranteeing that control actually flows as expected. The absence of runtime control-flow guarantees has a pervasive impact on all software analysis, processing, and optimization—and it enables many of today’s exploits.
\vspace{0.2cm}
CFI instrumentation aims to change this situation by embedding within software executables both a control-flow policy to be enforced at runtime and the mechanism for that enforcement. Indeed, CFI can align low-level behavior with high-level intent, as specified in a CFG. In this respect, CFI is reminiscent of the use of typed low-level languages, such as TAL [Morrisett et al. 1999], and of efforts to bridge the gaps between high-level languages and actual behavior (e.g., [Abadi 1998; Kennedy 2005]).
\vspace{0.3cm}
CFI is simple, verifiable, and amenable to formal analysis, yielding strong guarantees even in the presence of a powerful adversary. Moreover, in-lined CFI enforcement is practical on modern processors, is compatible with most existing software, and has little performance overhead. Finally, CFI provides a useful foundation for the efficient enforcement of security policies.
\vspace{0.899cm}
\begin{center}
{\bf 6. \textbf{RUNTIME ENFORCEMENT}}
\end{center}
Runtime Enforcement is newly developed and important technique that is used mostly in the medical industry to ensure that a running system adheres to the given properties and policies according to a set standard. Enforcement monitors are used to input executions to output results that adheres to certain properties set.
So many research tools, devices and apparatus has failed especially medical devices such as chips and pacemakers. They have failed due to lack of adherence to certain embedded software instructions All those times of failure, there were so many changes there were made as regards certifications, designs, architectures and product models but then the failure of mandated instructions were not considered to be the result for the actual failure of the device.
Runtime enforcement is powerful technique to ensure that a running system respect some desired properties using an enforcement monitor and input execution( in the form of a sequence of events) is modified into an output sequence that complies to a property. An alternative to such passive runtime analysis is runtime enforcement.
\vspace{0.5cm}
Runtime enforcement is a technique aiming at ensuring that a (possibly incorrect) observation input to the (so-called)
monitor is transformed and output as a correct observation.
The research from the Runtime Enforcement of Cyber-Physical Systems done in July 2017 has come up with a framework that will make this devices adhere or not adhere to the instructions and specifications given and they are:
\begin{itemize}
\item They developed a bi-directional enforcement where the pacemaker is not only the concentration but also the heart and this can formalize the runtime enforcement problem of the cyber physical system
\item Discrete Times automata was used to express the needed policies
\item After all this procedures, they were able to ensure timing safety of the device
\end{itemize}
So many other researches were carried out by different research groups to ensure the safety of human used devices before it can be used on a human.
\vspace{0.5cm}
\begin{center}
\textbf{{\bf 7. MEMORY AND ADDRESS PROTECTION}
}\end{center}
The most obvious problem of multiprogramming is preventing one program from affecting the data and programs in the memory space of other users. Fortunately, protection can be built into the hardware mechanisms that control efficient use of memory, so solid protection can be provided at essentially no additional cost
The most obvious problem of multiprogramming is preventing one program from affecting the data and programs in the memory space of other users. Fortunately, protection can be built into the hardware mechanisms that control efficient use of memory, so solid protection can be provided at essentially no additional cost.
\begin {center}
\textbf{{\bf 7.1 FENCE}}
\end{center}
The simplest form of memory protection was introduced in single-user operating systems to prevent a faulty user program from destroying part of the resident portion of the operating system. As its name implies, a fence is a method to confine users to one side of a boundary.
\begin {center}
\textbf{{\bf 7.2 RELOCATION}}
\end{center}
If the operating system can be assumed to be of a fixed size, programmers can write their code assuming that the program begins at a constant address. This feature of the operating system makes it easy to determine the address of any object in the program. However, it also makes it essentially impossible to change the starting address if, for example, a new version of the operating system is larger or smaller than the old. If the size of the operating system is allowed to change, then programs must be written in a way that does not depend on placement at a specific location in memory.
Relocation is the process of taking a program written as if it began at address 0 and changing all addresses to reflect the actual address at which the program is located in memory. In many instances, this effort merely entails adding a constant relocation factor to each address of the program. That is, the relocation factor is the starting address of the memory assigned for the program.
Conveniently, the fence register can be used in this situation to provide an important extra benefit: The fence register can be a hardware relocation device. The contents of the fence register are added to each program address. This action both relocates the address and guarantees that no one can access a location lower than the fence address. (Addresses are treated as unsigned integers, so adding the value in the fence register to any number is guaranteed to produce a result at or above the fence address.) Special instructions can be added for the few times when a program legitimately intends to access a location of the operating system.
\begin {center}
\textbf{{\bf 7.2 BASE/BOUNDS REGISTER}}
\end{center}
A major advantage of an operating system with fence registers is the ability to relocate; this characteristic is especially important in a multiuser environment. With two or more users, none can know in advance where a program will be loaded for execution. The relocation register solves the problem by providing a base or starting address. All addresses inside a program are offsets from that base address. A variable fence register is generally known as a base register.
\vspace{0.2CM}
Fence registers provide a lower bound (a starting address) but not an upper one. An upper bound can be useful in knowing how much space is allotted and in checking for overflows into "forbidden" areas. To overcome this difficulty, a second register is often added, as shown in Figure 4-3. The second register, called a bounds register, is an upper address limit, in the same way that a base or fence register is a lower address limit. Each program address is forced to be above the base address because the contents of the base register are added to the address; each address is also checked to ensure that it is below the bounds address. In this way, a program's addresses are neatly confined to the space between the base and the bounds registers.
\begin {center}
\bf \textbf{7.3 {SEGMENTATION}}
\end{center}
We present two more approaches to protection, each of which can be implemented on top of a conventional machine structure, suggesting a better chance of acceptance. Although these approaches are ancient by computing standards that they were designed between 1965 and 1975they have been implemented on many machines since then. Furthermore, they offer important advantages in addressing, with memory protection being a delightful bonus.
\vspace{0.2CM}
The first of these two approaches, segmentation, involves the simple notion of dividing a program into separate pieces. Each piece has a logical unity, exhibiting a relationship among all of its code or data values. For example, a segment may be the code of a single procedure, the data of an array, or the collection of all local data values used by a particular module. Segmentation was developed as a feasible means to produce the effect of the equivalent of an unbounded number of base/bounds registers. In other words, segmentation allows a program to be divided into many pieces having different access rights.
\vspace{0.2CM}
Segmentation offers these security benefits:
\begin{enumerate}
\item Each address reference is checked for protection.
\item Many different classes of data items can be assigned different levels of protection.
\item Two or more users can share access to a segment, with potentially different access rights.
\item A user cannot generate an address or access to an unauthorized segment
Paging
\end{enumerate}
\vspace{0.2CM}
One alternative to segmentation is paging. The program is divided into equal-sized pieces called pages, and memory is divided into equal-sized units called page frames. (For implementation reasons, the page size is usually chosen to be a power of two between 512 and 4096 bytes.) As with segmentation, each address in a paging scheme is a two-part object, this time consisting of <page, offset>.
\vspace{0.5CM}
\begin{center}
{\bf \textbf{8.} \textbf{DIGITAL FORENSICS RESEARCH - THE NEXT 10 YEARS}}
\end{center}
Digital forensics is a branch of forensic science; it includes the recovery and investigation of materials found in digital devices, often in relation to computer crime. The term digital forensics was originally used as a synonym for computer forensics but has extended to cover investigation of all devices capable of storing digital data. The focus is on digital forensic research which includes aspects of digital forensics, limitations and problems related to digital forensics.
\vspace{0.2cm}
Digital forensics investigations have a variety of applications. The most common is to support or refute a hypothesis before criminal or civil courts. The private sector may also have the need for Forensics during internal corporate investigations or intrusion
\vspace{0.2cm}
The technical aspect of an investigation is divided into several sub-branches, relating to the type of digital devices involved; computer forensics, network forensics, forensic data analysis and mobile device forensics. The distinctive forensic procedure includes the seizure, forensic imaging and analysis of digital media and the production of a report into collected evidence.
\vspace{0.2cm}
\begin{center}
{\bf \textbf{8.1} \textbf{DIGITAL FORENSICS}}
\end{center}
Digital forensics is defined as the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitation or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations.The main focus of digital forensics investigations is to recover objective evidence of a criminal activity (termed actus reus in legal parlance).
\vspace{0.2cm}
\begin{center}
{\bf \textbf{8.2} \textbf{ASPECTS OF DIGITAL FORENSICS}}
\end{center}
\begin{enumerate}
\item \textbf{Attribution:}
In this aspect of digital forensics,Meta data and other logs can be used to attribute actions to an individual. For example, personal documents on a computer drive might identify its owner.
\vspace{0.2cm}
\item \textbf{Alibis and statements :}
Information provided by those involved can be cross checked with digital evidence.
\vspace{0.2cm}
\item \textbf{Intent:}
As well as finding objective evidence of a crime being committed, investigations can also be used to prove the intent (known by the legal term mens rea). For example, the Internet history of convicted killer Neil Entwistle included references to a site discussing How to kill people.
\vspace{0.2cm}
\item \textbf{Evaluation of source:}
File artifacts and meta-data can be used to identify the origin of a particular piece of data; for example, older versions of Microsoft Word embedded a Global Unique Identifier into files which identified the computer it had been created on. Proving whether a file was produced on the digital device being examined or obtained from elsewhere (e.g., the Internet) can be very important.
\vspace{0.2cm}
\item \textbf{Document Authentication:}
Related to "Evaluation of source," meta data associated with digital documents can be easily modified (for example, by changing the computer clock you can affect the creation date of a file). Document authentication relates to detecting and identifying falsification of such details.
\end{enumerate}
\vspace{0.5cm}
\begin{center}
\bf \textbf{ 8.3 LIMITATIONS OF DIGITAL FORENSIC RESEARCH}
\end{center}
A major limitation to a forensic investigation is the use of encryption; this interrupts initial examination where important evidence might be situated using keywords. Laws to induce individuals to reveal encryption keys are still relatively new and controversial.
\vspace{0.2cm}
The argument that digital forensic processes are hyper-formalized centers on the actuality that the evidentry principles recognized cannot be achieved under certain circumstances. Consider the evidentry principles of integrity and completeness. The digital forensic community has worked hard to get the judiciary to understand that the right way to respond and collect digital evidence does not alter the evidence in any way and obtains all the evidence.
\vspace{0.2cm}
The problem is that the changing technological landscape often demands a different approach – one where evidence will be altered (albeit minimally and in a deterministic manner) and where not all the evidence can be seized.
\vspace{0.2cm}
Modern digital crime scenes often involve multi-terabyte data stores, mission critical systems that cannot be taken off line for imaging, ubiquitous sources of volatile data, and enterprise-level and/or complex incidents in which the scope and location of digital evidence are difficult to ascertain.
Many organizational standards and guidelines are unsuccessful to address response and data acquisition in such circumstances; they often fail to facilitate proper decision-making in the aspect of unexpected digital circumstances; and they often present evidentiary principles as “rules,” allowing improvisation possibilities.
Digital forensic research has experienced many successes during the past decade. There is a wide recognition of the importance of digital evidence , and the digital forensic research community has made great steps in ensuring that science is emphasized in digital forensic science.Excellent work has been accomplished with respect to identifying, excavating and examining archaeological artifacts in the digital realm, particularly for ordinary computing platforms. However, strong efforts should be directed towards four key research themes and several individual research topics.
The four key themes are:
\begin{enumerate}
\item volume and scalability challenges,
\item intelligent analytical approaches,
\item digital forensics in and of non-standard computing environments,
\item forensic tool development.
In addition to these larger themes, pressing research topics include stenography detection and analysis, database forensics, live files system acquisition and analysis,memory analysis, and solid state storage acquisition and analysis.
\end{enumerate}
\vspace{0.2CM}
With roots in the personal computing revolution of the late 1970s and early 1980s, the discipline evolved in a haphazard manner during the 1990s, and it was not until the early 21st century that national policies emerged.Digital forensics is defined as the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitation or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations. The focus is on digital
\vspace{0.5CM}
\begin{center}
{\bf \textbf{8.4 {DIGITAL FORENSIC RESEARCH – THE FUTURE OF JUSTICE}}}
\end{center}
Digital forensics investigations have a variety of applications. The most common is to support or refute a hypothesis before criminal or civil courts. In the next 10 years, I see digital forensics being the ultimate strategy of finding evidence against criminals. Lets look at it this way, the world is now a globalized village, there is literally nothing you can do without social media, cloud computing or storage, emails, and let says a worst case scenario, you don't use computers , you definitely use cell phones and even if they are burner phones, they can be traced, deleted numbers can be found and finger prints can be verified.
\vspace{0.2cm}
As long as everyone embraces the technology growth, they can be in danger or set free or an accomplice even when they don't know it. You can commit a crime or solve a crime with the little gadgets you only use for you-tube videos for kids or just phone calls for grandma.
\vspace{0.2cm}
In the past and presently, there are digital forensic tools used to find out evidence of child pornography cases, credit card and social security theft, and so much more. Encase is a tool that assist a lot of digital forensic analyst to analyses a crime using a thumb drive, hard disk or what ever digital evidence provided even with "presumed deleted or wiped out memory", Encase is your guy. You need to be certified to use Encase and so are many other tools.
\vspace{0.2cm}
Forensic analyst today are expert witnesses in court and they have done a great job by putting a lot of criminals in jail and brining justice to victims in different ways. So I see digital forensics as the future of crime fighting, cyber crime and cyber death.
\begin{center}
\bf \textbf{9. {VIRTUAL MACHINES}}
\end{center}
\vspace{0.2cm}
A virtual machine is an emulation of an Operating system based on a particular OS and Computer architecture which is inversely a physical computer.
Virtual Machines they are operated like basic computers but the interface is different. They are operated by a combination of softwares and hardwares depending on the situation.
\vspace{0.2cm}
Virtual machines are installed on an already installed Operating system and then additional operating systems can be added as a machine to the VM.
\vspace{0.2cm}
This means that you can operate your host computer where the VM is installed and you can as well operate the VM concurrently. SO not override or restriction is placed on your home computer. They do not require additional hardware from the one already installed prior to the installation, it order words, it is not a machine of its own, it is a machine inside another machine.
\vspace{0.5cm}
VMs are substitutes for real machines, they are an additional interface for virtualization purposes now \textbf{what is virtualization}?
Virtualization is the use of excess machine capacity to create a logical, artificial environment that offers features, functions and capabilities beyond those offered by the underlying physical computing environment alone \textsuperscript{9} . The goals for virtualization is for easy computer access and usage and security.
In the old, regular PCs served the purpose of computerized needs but right now the need for visualization has increased and the need has encompassed all the different aspects of computing. Virtualization is needed to communicate with people and systems, interact with different operating systems, interaction with server, networks and desktops, management of computer security and so many more.
\begin{center}
\bf 9.1 VIRTUAL MACHINES AND ITS BENEFITS
\end{center}
\vspace{0.2cm}
The following types of processing virtualization is has been the most benefit of VM:
\begin{enumerate}
\item Parallel processing monitors: allows for easy execution of the same application by a number of computers
\item Workload management monitors: Allows for multiple instances of a single process or application to run in many computers at the same time
\item High availability/fail over/disaster recovery monitors: Allows for protection of the user during any kind of failure.
\item Memory virtualization or distributed cache memory : Allows for many devices and computers to share their internal memory to as many others as possible
\end{enumerate}
Virtual machines has also improved the use of systems, technology, reconfiguration of hardwares and softwares, networking and allows for monitoring, scaling, potability and other uses.
\vspace{0.2cm}
This paper seeks to introduce virtual machines and highlight its uses, approaches and security challenges.
There are many types of visualization techniques that can be employed on many levels from simple sandbox to full fledged streamlined managed access.
\vspace{0.2cm}
For system virtual machines, there are two major development approaches, full system visualization and para visualization. Because virtual machines can provide desirable features like software flexibility, better protection and definitely does not depend on a particular hardware, they are used in so many different research areas and have great potentials for great results.
\vspace{0.2cm}
These virtual machines provide users and administrators with great flexibility, allowing for the copying, saving, reading and modifying, sharing, migrating, and great easiness in manipulating files. Virtual machines were first developed by IBM in the 1960’s and were very popular in the 1970’s [1]. At that time, computer systems were large and expensive, so IBM invented the concept of virtual machines as a way of timesharing for mainframes, partitioning machine resources among different users.
\vspace{0.2cm}
A virtual machine is defined as a fully protected and isolated replica of the underlying physical machine’s hardware.
Virtual machines enhances resource sharing where the operating systems and programs running in the host OS appears to be running on their own physical computer. They may share the physical hardware of the machine, which may include processor(s), memory, disks, and networking hardware, which can be allocated during installation on configuration.
\vspace{0.2cm}
Another very important aspect of Virtual Machine is\textbf{data isolation}. Data isolation benefit is one of the key issues that distinguishes virtual computing or Virtual Machine's uniqueness from physical computing .
However, it is always beneficial to run certain activities on isolated systems. It is mainly due to the fact that if one application is infected with virus or malware attack, it might affect other parallel applications running in the virtual machines.
\vspace{0.5cm}
An earlier view on virtual machines was summarized by Robert Goldberg on virtual machine research of the 60’s and 70’s and he also summarized the principles to implement a virtual machine. As he said, the major purpose of virtual machines was to solve software transportability, debug OSes, and run test and diagnostic programs.
\vspace{0.2cm}
Since the architecture of the third generation computers cannot be virtualized directly, it has to be done by software maneuver, which is very difficult. Some researchers then proposed an approach to address this problem virtualizable architectures’ which directly support virtual machines, including Goldberg’s Hardware Virtualizer.
\begin{center}
\bf 9.2 VIRTUALIZATION
\end{center}
\begin{enumerate}
\item Full virtualization
It is a technique that target hardware is emulated in full by directly executing some instructions with the same hardware as the host and some through the Virtual machine monitor.This type of virtualization allows running unmodified guest operating systems on top of the existing native(host) operating system .
\vspace{0.5cm}
The advantage of this technique is that the guest operating (that runs on VMM) or the applications that are executed on the guest OS needs modification.
\vspace{0.5cm}
The main demerit of Full-virtualization requires one to provide the guest operating systems with an illusion of a complete virtual interface seen within a virtual machine behavior same as a standard PC/server interface.
\vspace{0.5cm}
\item Para-virtualization
This type of virtualization requires modifications to guest OS to avoid binary translation. Para-virtualization is limiting the enterprise organization to use this form of virtualization whereas native windows OS environment can’t use this form of virtualization because Microsoft usually does not allow modification of OS .
\vspace{0.2cm}
Device interaction in para-virtualization environment is very similar to the device interaction in full virtualization environment; the virtual devices in para-virtualized environment also entirely rely or depend on physical device drivers of the host Machine.
\vspace{0.2cm}
\item Hardware supported virtualization
This type of virtualization is offered from a big hardware companies such as Intel and AMD. In architecture point of view we can said that the virtualization layer below the operating system is termed as Virtual Machine Monitor (VMM) that provide flexibility to run multiple operating
Systems.
\vspace{0.5cm}
\item Resource virtualization
There are various approaches to perform resources virtualization some of them are
Computer cluster (Grid Computer) which used forhigh availability systems in these techniques is well known specially in an enterprise environment spicily in financial environment where multiple discreet computers combined to form large supercomputers with enormous resources.
Make a large resource pool consist of many individual components.
The third one is opposite the previous one which is partitioning a single resource into number of smaller resources can be accessed separately at the same time with others.
\vspace{0.5cm}
\end{enumerate}
\begin{center}
\bf 9.3 BENEFITS OF VIRTUALIZATION
\end{center}
\vspace{0.5cm}
\begin{enumerate}
\item \textbf{Real Estate Savings:} By doing Server consolidations that will cause to reduce the number of physical servers required in the data center and thus increase the throughput per sqft. Of the data center.
\vspace{0.2cm}
\item \textbf{Greener IT:} the energy requirement to power up the servers Power Consumption and cool the data center will go down.
\vspace{0.2cm}
\item \textbf{Ease of maintenance:} The effort required to maintain enterprise infrastructure will greatly reduce due to less number of servers.
\vspace{0.2cm}
\item \textbf{Mobility:} this benefits it is gives the environment more availability because the virtual image you can move it to any server in your organization.
\vspace{0.2cm}
\item \textbf{Disaster recovery:} with visualization it is easy to do a backup based on some backup software which make the life easy in case of disaster recovery.
\end{enumerate}
\vspace{0.5cm}
\begin{center}
\bf \textbf{9.4 SECURITY PROBLEMS IN VIRTUAL ENVIRONMENT}
\end{center}
As much as VM and VMM and its environ is very safe, there are also a few security problem that can be encountered and they include the following:
\begin{enumerate}
\item \textbf{Scaling}
The rapid scaling in virtual environments can tax the security systems of an organization. Rarely are all administrative tasks completely automated. Therefore, rapid and erratic growth might occur that can make worse management of virtual machines and multiply the impact of disastrous such as virus attacks.
\vspace{0.2cm}
\item \textbf{Software lifecycle}
In a virtual environment machine state is more akin to a tree: at any point the execution can fork off into N different branches, where multiple instances of a VM can exist at any point in this tree at a given time. For example, in case of any crash to the virtual OS rolling back a machine can re-expose patched vulnerabilities, reactivate vulnerable services, re-enable previously disabled accounts or passwords, use previously retired encryption keys, and change firewalls to expose vulnerabilities. It might introduce worms, viruses and other malicious code that had previously been removed.
\vspace{0.2cm}
\item \textbf{Diversity}
If the virtual machines in the environment does not have the same level of security patches update then this will creates a range of problems as one must try and maintain patches or other protection for a wide range of OS, and deal with the risk posed by having many un-patched machines on the network
\end{enumerate}
The concept of virtual machines is not new. In the 60’s, IBM first developed virtual machines to share machine resources among users. The virtual machine has always been an interesting research topic, and recently it draws more attention than ever. Virtual machines are the need of the day to reduce cost factor in computing environment, however, it is a big threat if taken incorrectly. Nonetheless, few threats pointed already discussed in detail in this paper, might be taken as benefits in certain conditions, however, the purpose here is to fully aware its users to take appropriate care while designing and implementing the virtual machine environment. We can also conclude that, any single virtualization technology is not enough to protect all security flaws. Hence, to come out with a good virtualization environment, careful selection of the virtualization environment is mandatory while keeping in view requirements and aims of the enterprise.At the same time, all the potential security concerns that put the virtual machines at threat should not be overlooked
\begin{center}
\bf
\end{center}
\begin{center}
{\bf Author contributions}
\end{center}
I solely wrote the entirety of this paper but the codes and research was based on the authors of the books, research papers, scholarly reviewed journals, some of the codes were gotten from websites cited below and some written by me and overall assessment by my instructor, Dr. Cueva Parra. Wanengimorte George Bokolo helped me do grammar check only.
\begin{center}
{\bf References}
\end{center}
\begin{enumerate}
\item Security in Computing, 4th Edition
ISBN: 0132390779
EAN: 2147483647Year: 2006
Pages: 171Authors: Charles P. Pfleeger, Shari Lawrence Pfleeger
\item Bauer, L., Ligatti, J., and Walker, D. 2005. Composing security policies with
polymer. In ACM Conference on Programming Language Design and Implementation (PLDI). Chicago, 305–314.
\item Bauer, L., Ligatti, J., and Walker, D. (2005)Composing security with polymer.
Chicago, Illinois,USA. June 12-15 2005. Retrieved 22 July 2018. http://www.ece.cmu.edu
\item De Clercq,R.,Verbauwhede, I.,Luven,K.(2017)A survey of hardware-based control
flow integrity(CFI).ACM comput.surv. 31st July 2017, p 1-27. Retrieved July 2018. http://arxiv.org
\item Virtualization: Much More Than Virtual Machines Old ideas of virtualization still hold, even in 2016 By Dan Kusnetzky January 4, 2016.
\item http://codearcana.com/posts/2013/05/02/introduction-to-format-string-exploits.html
\item Survey of Virtual Machine Research -- R. P. Goldberg, 1974
\item Carrier, B (2001). "Defining digital forensic examination and analysis tools". Digital Research Workshop II. Archived from the original on 15 October 2012. Retrieved 2 August 2010.
\item M Reith; C Carr; G Gunsch (2002). "An examination of digital forensic models". International ` Journal of Digital Evidence. Archived from the original on 15 October 2012. Retrieved 2 August 2010.
\item T. Abraham, R. Kling and O. de Vel, (2002) Investigative profile analysis with computer forensic log data using attribute generalization, Proceedings of the Fifteenth Australian Joint Conference on Artificial Intelligence.
\item K. Bailey and K. Curran (2003), An evaluation of image based steganography methods, International Journal of Digital Evidence, vol. 2(2).
\item N. Beebe and J. Clark, (2005), A hierarchical, objectives-based framework for the digital investigations process, Digital Investigation, vol. 2(2), pp. 147–167.
\item N. Beebe and J. Clark,(2005), Dealing with terabyte data sets in digital investigations, in Advances in Digital Forensics, M. Pollitt and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 3–16.
\item N. Beebe and J. Clark, (2007) Digital forensic text string searching: Improving information retrieval effectiveness by thematically clustering search results, Digital Investigation, vol. 4(S1), pp. 49 -54.
\item N. Beebe, S. Stacy and D. Stuckey, (2009) Digital forensic implications of ZFS, to appear in Digital Investigation.
N.Beebe, digital forensic research:The good, the bad and the Unaddressed
\item M.Abadi et al (2007) control flow integrity principles , implementations and applications. AMC Control Flow integrity Retrieved July 2018
\item David Cary. "Endian FAQ". Retrieved 2010-10-11, https://en.wikipedia.org/wiki/Endianness
\item Dhaval Kapil, Buffer Overflow Exploit, https://dhavalkapil.com/blogs/Buffer-Overflow-Exploit/ April 3rd, 2015
\item Splone UG , Integer Overflow Prevention in C, https://splone.com/blog/2015/3/11/integer-overflow-prevention-in-c/ 11 March, 2015
\item FLylib.com, Section 4.2. Memory and Address Protection, https://flylib.com/books/en/4.270.1.46/1/, 2008-2017
\item Alex Allain, Printf Format Strings, https://www.cprogramming.com/tutorial/printf-format-strings.html, 1997-2017
\item https://www.prepostseo.com/compare/136112740328d855f35d8701e2e091713bdae9e6fc483748720
\item https://www.safaribooksonline.com/library/view/security-in-computing/0130355488/0130355488-ch04lev1sec2.html : Copyright © 2018 Safari Books Online.
\item Saif El-Sherei, www.elsherei.com, https://www.exploit-db.com/docs/english/28477-linux-integer-overflow-and-underflow.pdf
\item Jmanico, Buffer Overflow, https://www.owasp.org/index.php/Buffer-overflow-attack, June 29, 2016
\item Srinivas Pinisetty, Yliès Falcone, Thierry Jéron, Hervé Marchand, Runtime Enforcement of Parametric Timed Properties with Practical Applications, https://www.sciencedirect.com/science/article/pii/S1474667015374371,
\end{enumerate}
\vspace{2cm}
Author: Bokolo, George Biodoumoye.
\end{document}