Skip to content. | Skip to navigation

You are here: Home Products ensafe Technical Papers
Document Actions

Technical Papers

by admin last modified 2009-08-18 10:03

1. "Buffer Overflow Vulnerability in Windows RPC DCOM: Attack and Analysis Scenario" for IIT Kanpur Hackers' Workshop 2004

The Microsoft RPCSS Service is responsible for managing Remote Procedure Call (RPC) Messages and also by default enabled in many versions of Windows. There are Buffer Overflow and Denial of Service problems identified in the part of RPCSS that deals with the RPC messages for DCOM object activation requests that are sent from one machine to another. This vulnerability affects the DCOM interface with RPC, which listens on TCP/IP port 135. The flaw is a result of incorrect handling of malformed messages. Windows DCOM implementation doesn't carry out any length check, when handling a filename parameter. By passing the over-large parameter attackers can overwrite various heap structures resulting the Buffer Overflow and crash the RPCSS service (Denial of Service). The carefully crafted data then can run arbitrary code on the system with Location System privilege. After getting the system privilege, an attacker could then be able to perform any action on the system, including installing the Trojan, view, change or delete the valuable information stored in the system, or create a new account with full privileges.

2. "A Transparent End-to-End Security Solution", ICISS 2005, Kolkata, 19th - 21st Dec 2005

Looking through the past couple of decades in information security we can say that sophistication and advancements are not limited to information security solutions alone but also in parallel apply to cyber exploits and crimes which have grown both in number and in their capacity to create havoc in cyber space. Originated in the form of malicious code and unauthorized access, cyber security threats have come a long way, today posing threats to end systems and applications. This resulted in an exponential growth in end systems and application security threats. In this paper we present a new approach to address end-to-end security issues. This security solution is designed to be transparent to applications, offering flexibility to deploy any cryptographic algorithm and also providing features for efficient administration.

3. "A Transparent end System Authentication Mechanism based on Machine Signature Generated from Hardware and Software Parameters", - International Seminar on e-Security, Computer Society of India, Visakhapatnam, 24th - 26th Feb 2006

An end system is the most vulnerable point in today's cyber security infrastructure. Most of the reported incidents of security breaches were made through compromised end systems / desktops. Users can change end systems IP addresses, add or remove storage devices, network card etc. without informing the system administrator. In a large organization these kinds of authorized changes in a system gets unnoticed. If we are not able to detect and isolate the compromised system from accessing other network resources, a malicious insider can create havoc in the network. One solution to this problem is to compute signatures for all the desktops / end systems from the various hardware and software parameters of the desktops / end systems. These signatures have to be registered at a central authentication server. Every end system / desktop, which accesses a network service, will be forced for authentication, by comparing the dynamically calculated signature with the one stored at central authentication server. This signature would change if any of the hardware or software parameters used for generating the signature are changed. Any end system whose machine signature has changed should be isolated from the network by disabling the system from accessing critical network services.

C-DAC's End-System Authentication Solution can perform the machine authentication for each TCP based communication. This is implemented transparent to the applications and can be controlled through policies administered from the central server. Administrator can decide on the hardware and software parameters to be used for generating the signature through a policy, for each of the end system / desktop. This solution requires the end systems in a network to register on to the central authentication server. Policies can also be set by the administrator to control the usage of machine authentication, while accessing the various network services. Session which fails to authenticate would be terminated by the enforcement agent of the solution installed in each of the end systems. This solution prevents a compromised system from accessing critical services in a network.