BOOK
Using the Bootstrap Concept to Build an Adaptable and Compact Subversion Artifice
Lindsey Lack
$25.95
About this product:
This is a NAVAL POSTGRADUATE SCHOOL MONTEREY CA report procured by the Pentagon and made available for public release. It has been reproduced in the best form available to the Pentagon. It is not spiral-bound, but rather assembled with Velobinding in a soft, white linen cover. The Storming Media report number is A926714. The abstract provided by the Pentagon follows: The attack of choice for a professional attacker is system subversion: the insertion of a trap door that allows the attacker to bypass an operating system's protection controls. This attack provides significant capabilities and a low risk of detection. One potential design is a trap door that itself accepts new programming instructions. This allows an attacker to decide the capabilities of the artifice at the time of attack rather than prior to its insertion. Early tiger teams recognized the possibility of this design and compared it to the two-card bootstrap loader used in mainframes since both exhibit the characteristics of compactness and adaptability. This thesis demonstrates that it is relatively easy to create a bootstrapped trap door. The demonstrated artifice consists of 6 lines of C code that when inserted into the Windows XP opemting system accept additional arbitrary code from the anacker allowing subversion in any manner the attacker chooses. The threat from subversion is both extremely potent and eminently feasible. Popular risk mitigation strategies that rely on defense-in-depth are ineffective against subversion. This thesis focuses on how the use of the principles of layering, modularity, and information hiding can contribute to high-assurance development methodologies by increasing system comprehensibility.
