I. INTRODUCTION

N today’s world of computer security and internet, widespread usage an enormous amount of information is carried out using either a wired or a wireless devices. Everything built to have its own mechanism of communication ranging from specification, requirement, and internal/external procedures of security measurements, limited to some values of mutual understanding so that a line of communication could exist in first place. But, human nothing can limit him or seize his imagination in dealing with everyday task or doing a new experiment. That’s why the most important and perilous factor in computer/internet security is the human integration with the technology [1]. While it is obvious to do whatever you want, a different approach could be taken to link this bridge from one point to another so that the gaps are filled one after the other.

The typical/normal user and the competent end user are those who have different perspectives about internet and computer technology in general. They do really appreciate the elegance of how things performed at the bits level but mostly precaution and analytical thinking is more conceivable and precise for the competent end user, because everything is computed with a reliable acquired knowledge about the subject under exploration. Noting that knowledge somehow is free to get but sometimes it could have a tendency to lead towards a negative outcome more so than a positive. Why, because there is no control or systematic realization of how things should take their course and that does refer to the obligation imposed by the information being researched or the validity and verification of the system itself.

Building an intelligent system such as a crawler for information acquiring is acceptable at some level but not appropriate all the time. The entropy of the collected data is constrained by the validity of the essential knowledge you have. At some point, this is acceptable but to avoid the complexity of the configuration needed to adjust things in the right direction would distract the typical user from achieving his goal in a simple way. So, a better approach would be to design a Probabilistic Mathematical Behavioral System (PMBS), in which the magnitude of the information required to meet ones’ expectations is proportional to the user’s fundamental knowledge in terms of time elapsed since the user started using the system and this to be determined stochastically. A hierarchal statefull evolution of epistemological chain distribution is tightly coupled with the pre-acquired and post-acquired information. Hence, the need for a set of scales to resolve this lemma is highly wanted for elaborative understanding of how the system works. Also, the dynamics of information plays a major role in the constitution and modeling of information environments, its life cycles and the conceptual nature of information and its dynamics and utilization [2].

From a security and privacy perspective, it’s extremely important to reason about the authenticity, properties, forms of interaction, internal developments, algorithmic processing, the series of various stages in form and functional activity through which information can pass [2], from its initial occurrence to its final utilization and possible disappearance.

Therefore, a proposal for an STA estimate could be clearly stated that when we go further in time, a shadow is drawn as a part of the environment parameters reflected on the system. We cannot create a shadow if the parameters are perfectly adhering to the ideal environment. Hence, similar to the information distribution process which takes place at a specific time and space a query for a procedural and descriptive epistemology is needed [3]. Therefore an elaborative understanding of the information processing awareness and a meticulous evaluation of how the system is doing once its running is vital.

Are people equal at information demystification or is it just a matter of time? As most of the theories suggest that exercising the knowledge you have would achieve a satisfactory level of collective thinking. But to put things where exactly it should be, a time factor has to be endowed in this relation as time is the ultimate factor of whether you did it right or wrong. All in all, almost everything is relative and depends on many static/dynamic causes, and that’s entail a lots of general/special cases to be stretched out.

The reason why most people ought to be extremely confident with the information they have is probably due to the short experience they have with huge amount of resources. They may consider things perfect or less than perfect but the problem lies in the implementation process where most of the security breaches do not manipulate the system itself but rather reversing or annihilating the techniques and the procedures used to help embed the core system and in this case a plethora of holes and worms are taking its place for a very devious and nefarious attack. Therefore, there is a huge fracture between the system components itself, e.g. software protection without taking into consideration the human layer attacks, where most of the programmers and system developers don’t mind the security properties which need to be thoroughly revised at the abstract and execution stage.

The reason behind this work basically refers to the ignored chaotic security implementations, where only a minute fraction of this problem has been addressed, without taking into consideration the two entities human and technology at the same time as an inseparable body from the security/privacy perspective. Having said that, the system is almost never intact, because the plausibility deniability [4] issue is always active. The possibility of obtaining any sort of knowledge should never be an absolute claim but rather to question the validity of these claims. Therefore, following a rigorous inquiry to realize the perceptual and conceptual reckoning behind such an implementation is highly imperative and protective in order to obtain valid settings based on powerful parameters.

The abstraction and the factual reasoning behind security, privacy …, are not easy to generalize or tie to some rules because each case study has its own world of quantum bits.

The paper will go through more robust infallible security domain coverage criteria especially by assuring that everything is relative and needs to be understood at the highest level of abstraction and not limited to one case. Finally, a very well established case study will be presented showing how elegant it is to put things in between so that a good/malicious code is taken an act upon program code execution without any notice during user interaction phase.

II. Don’t Think That You Know

Don’t think that you know, what you know is what you don’t know. Is this is a conceivable statement in computer security jargon or not? Whatever the path you choose to protect yourself from outside/inside intruders or whether you just trust the system, the percentage of indirect execution trails of the system you are working on are already preprogrammed following some predetermined functions. As whether the binary file is protected from tampering or it’s an open source code, a fully detailed analysis needs to be addressed in terms of privacy and security violations. Currently, there is no protection that is not possible to break or stealing confidential information; you still have enough time to own the internet [5].

Apart from this, Trust is weakness [6]. So technology is there and people are also there, hence gaining insight into the intrinsic interactions between people, technology, and the working environment in security systems is a main goal.

Note that the security implementation is not an easy process and it is harder than you think [8]. Verification and validation of the system are compulsory to avoid great divergent in the phase of designing the system.

Fig. 1 Cosmos universe of people technology interaction

The main idea behind Fig. 1 is that people and technology are inseparable entities, they must be fused together to form a solid architectural system of computer security.

Other problems reside not only in this model but also in the system itself such as the OS, especially with proprietary ones. As technology shapes our digital world a more serious steps needs to be taken for security and privacy reasons.

III. Nothing What It Seems

Is today security just an illusion covered by the complexity of security procedures and real time implementation? The global internal/external network is widely deployed, with the assumption that everything is ok based on the abundant of options to choose from to protect yourself. As Schneier said “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology”.

Following any security rules should go through heavy testing with a complete environmental simulation of where the system is going to be installed. Why, because there is no holistic solution or framework for every type of security completion. It all’s boils down to one statement as A. Einstein said: “The significant problems we face cannot be solved at the same level of thinking we were at when we created them”.

After all assuring a confidence level of security for the end user is a must as lots of additional packages are introduced as compulsory requirements; this is not an adequate solution to be deployed but rather a more general adaptive security infrastructure needs to be build from the bottom up. Almost every day, a proof of concept is released at the security websites showing how the latest protection is being cracked and completely assimilated. It seems the underground security breakers are more engaged in this battle with high level of professionalism shown in the conferences and private sessions (websites).

IV. People and People

The vulnerability is created by people and exploited by people. People have ethical and managerial responsibilities to consider the seriousness of their position in the security sphere. They are the fundamental stone in the security mega/nano structure. So, going from A to B requires a clear definition path and a proactive mechanism to control the whole scenario. Stating exactly what’s required from this group and that group is a must to have a mutual hierarchal system build upon a definite and flexible rules which grow and shrink in relation to the situation under inspection as shown in Fig. 2.

Fig. 2 People-people transparency path

V. A Short Self-Contained Questionnaire

We presented this work in fall 2007, at the University of Windsor as part of an assignment requirement for 60-564 course “Security and Privacy in the Internet”. Before starting the presentation, we distributed a questionnaire which contains these two questions: Q.1 There are only 10 types of people in the world: those who understand binary and those who don’t. Q.2 Don’t think that you know, what you know is what you don’t know. Each question has a multiple choice (A. I agree, B. I don’t agree, C. _____) where in C choice you can type whatever you want in case you are in doubt. And then we collected the questionnaire before the presentation starts. The result is as shown below in Fig. 3. Most of the participants were Master students in the Computer Science department (Total of 21 students).

Fig. 3 60-564 course Questionnaire

The first question is a mathematical joke, pun [9], and it proved to be meaningful in this questionnaire as well as the second question. Fig. 3 shows exactly the reverse results between question 1 and 2. This result emphasize that we should never take what we know for granted. We should always question the validity of the data even if it is exceedingly researched and examined, using our inductive, deductive reasoning and our common sense after all.

VI. In The Womb: Revamping Console Code Injection

This section shows a complete multifaceted case study by modifying the internal structure of the executable file using code injection technique. It also presents a constructive technique that renders the executable KGM regulations into self-representative deceptive coverage using code injection mechanism. Similar to what already has been done in the GUI application from complete resource hacking to code insertion, the same could be applied in Console mode using the correct API’s which are cautiously implemented in relation to other related factors (for more information about RCE, Code Injection you can refer to [10] [11] [12] [13]). A monitoring matrix of scattered random modifications should be traced to control these set of alterations so that a meta-transformer tool could be designed to handle it in automated manner as a final revised edition. The main purpose of this section is to demonstrate the validity of this approach following a case study in which an absolute phase modulation is applied. Further works has to be done to link it to a more elusive malicious scenario by injecting a specially crafted code for network communication using Winsock API’s.

First of all, a complete analysis of the targeted module will be started along with an effective disassembly phase to locate the functional assembly code which needs to be changed and linked to the cave area [14] [15] so that a hidden alternative path will be taking its course from the normal path (redirection step) to the injected assembly procedure.

A set of dispersed alterations to change the internal functionality of this console application will be presented in the subsequent analysis, by changing text strings, control flow, removing anti-debugging feature [16], adding a new code by invoking the required API’s dynamically so that the mutated version of the original console application will run under different versions and builds of windows XP.

Writing an automated tool (Full Modulator: MetaTranformer) in C++ to achieve this goal is done using a step by step procedural modification. Mainly, an alternative hexadecimal translation of all the modified and injected assembly instructions is included as a set of arrays in the source code, another approach would be to use an inline assembly buffers as mentioned in [17]. The steps taken in the modulator are as follows:

§ Check file size{1}

§ Check if file exist {2}

§ Calculate Original File CRC32 {3}

§ Backup File to be patched : Return bool {4}

§ Start Patching... {5}

o A newly mutated version is created at this stage to function differently{6}

§ Backup File to be patched : Return bool {7}

§ Another version is created to inline the following:

o Nag Remover {8}

o Special Protection Removed {9}

o Name Insertion {10}

Fig. 4 Meta Transformer procedures flow

Please note that this has been done through a lot of meticulous verification and validation to make it work perfectly so it’s not worthy to just follow these steps because it requires a lot of understanding in the field of RCE and API’s. A transformation phase from assembly code to hex is also implemented inside the C++ code.

The source code is not generic to handle another case study. This approach proves that most of today systems can’t withstand a simple phase of an RCE attack. A more sophisticated and advanced case study could also be developed in order to thwart many protection imposed by network administrators with an embedded stealth behavior. Even if checksumming-based software algorithm [18] is used to protect the binary file, defeating it is much easier than injecting a complete assembly code either linked dynamically or statically (using the free space or extend the section size).

As the software developers presenting more and more advanced plugins and frameworks for Internet browsers, the problem is still the same where the implementation is very weak to survive against a determined attack by a skilled hacker and professional expert.

Fig. 5.a shows the injected code to change the console application title upon dynamic execution as a redirection step of the original code flow. Fig. 5.b is another fully functional inlined assembly instruction which adds another layer of buried functional modifications. And the call to the ExitProcess API is also injected at the end of this self contained block so that the program will terminate successfully after finishing reading these instructions instead of taking the original application normal flow. Another set of scattered modifications are also implemented to make it more deceptive (a complete documentation is available inside the source code).

- - - - - -

004086C5 PUSH 004366F8

Fig. 5.a Inline Assembly Code for Console Title modification

004021B5 LEA ECX,DWORD PTR SS:[EBP-12C]

// Changed to:

004021B5 JMP 00425AF5

Fig. 5.b Inline Assembly Code for functional modification

This proof of concept is a clear demonstration of how STA and PMBS could be easily applied here by showing how the privacy issue is being violated as a result of evading the security defense wall.

VII. Conclusion And Future Work

This paper establishes a new dimension of computer security vision by providing the security aspect in terms of philosophical and conceptual analysis. It does not give an absolute approach for security problems as almost everything is relative and thus based on the case under assessment. It also shows the importance of the information being researched as a tool for further investigation.

Further work has to be done in the area of code injection technique especially employing a stealthy connection and tricky behavior to the culprit binary file. In addition to that a more detailed case study could be provided to make things easier to understand and less obstructive.

References

[1] G. Jose and S. Agata, “A Framework for Human Factors in Information Security”, WSEAS – Presented at the 2002 WSEAS Int. Conf. on Information Security, Rio de Janeiro, 2002.

[2] M. James, B. Terrell, CYBERPHILOSOPHY: The intersection of computing and philosophy. Blackwell Publishing Ltd., 2002.

[3] M. James, B. Terrell, The Digital Phoenix: How Computers are Changing Philosophy. Blackwell Publishing Ltd., 1998.

[4] Wikipedia. 29 December 2007. Plausible deniability [Online]. Available http://en.wikipedia.org/wiki/Plausible_deniability (accessed: Feb 2, 2008)

[5] Staniford S. Stuart, P. Vern, W. Nicholas, “How to Own the Internet in Your Spare Time”, Proceedings of the 11th USENIX Security Symposium Pages: 149 – 167, Publisher: USENIX Association, 2002.

[6] W. Thomas, “Security, Privacy, and Anonymity”, Vol. 11, Issue. 2 Crossroads, Pages: 5 - 5, Publisher: ACM, Winter 2004.

[7] F. Scott and S. Steve, “Omnivore: Risk Management through Bidirectional Transparency”, ACM 1-59593-076-0/05/05, 2005.

[8] V. John, M. Matt, “Security is Harder than You Think”, Vol. 2, Issue. 5 Queue, Pages: 60 - 65, Publisher: ACM, July/August 2004.

[9] Wikipedia. 29 January 2008. Mathematical joke [Online]. Available

http://en.wikipedia.org/wiki/Mathematical_joke (accessed: Feb 2, 2008)

[10] M. F. Mohammed, “RCE Profiling: Counterbalancing the Algo.this.Key” CBJ, CodeBreakers Journal, vol. 4, no. 1, January 2007. [Online]. Available http://www.codebreakers-journal.com

[11] M. F. Mohammed, “EAX-56 KGM Under Attack: A Thorough Examination of SCA” CBJ, CodeBreakers Journal, vol. 4, no. 1, 2007. [Online]. Available http://www.codebreakers-journal.com

[12] M. F. Mohammed, “Reverse Code Engineering: Emphasizing on Breaking Software Protection”, BS Dissertation, Dept. Comp. Eng., Lebanese International Univ., Saida, Majdelyoun, 2006.

[13] M. F. Mohammed [tHE mUTABLE], WTM Register Maker v2.0 case study, ARTeam ezine, vol. 1, issue. 2, pages 66-73, October 2006.

[14] B. Drew, The Beginners Guide to Codecaves, The Code Project [Online]. Available http://www.codeproject.com/KB/cpp/codecave.aspx, August 27, 2007. (accessed: Feb 2, 2008)

[15] Dracon, “Adding functions to any program using a DLL” CBJ, CodeBreakers Journal, vol. 1, no. 1, 2004. [Online]. Available http://www.codebreakers-journal.com

[16] G. Michael, T. Stephen, G. Anup “Software Protection through Anti-Debugging”, Security & Privacy Magazine, IEEE, Vol. 5, Issue. 3, Pages: 82 - 84, Publication Date: May-June 2007.

[17] Jason, Using assembly buffers in C++ without using hex-strings, A Reverse Engineer's Blog, [Online]. Available http://malwareanalysis.com/CommunityServer/blogs/geffner/archive/2006/02/10/9.aspx, February 10, 2006. (accessed: Feb 2, 2008)

[18] W. Glenn, O. P.C. van, S. Anil “A generic attack on checksumming-based software tamper resistance”, Proceedings of the 2005 IEEE Symposium on Security and Privacy, Pages: 127 - 138, Publication Date: 8-11 May 2005.