Backdoor, vulnerabilities, and Trojans (2)

Security Perspectives of security researchersTo understand the perspective of security researchers, we need to look at security from the perspective of encryption, but security from the perspective of computer systems, in fact, it is easier to understand the perspective of our security researchers. Shouldn't that be true? The computer system is a system that processes information and controls externally based on code logic control. Although the core assets are mainly based on information (the control system may not always be here), the information is only passive, calculation and control are the active bodies. In the information field, it security only focuses on information. I think encryption is at least the most secure, but I think it is the opposite, computer-based security is the core of it security. It is difficult to solve by the encryption system. In the computer system, information is a condition for participation, processing objects, and processing results. It is difficult for information to be encrypted in the Process of control and processing. Information must be kept confidential. attackers can gain control and naturally obtain information and tamper with the information flowing through the control process. Encryption ensures the security of information in storage, authentication, and transmission, but it is difficult to ensure the security of information in management and processing, looking at it from the information perspective of the mathematical encryption system without combining the control perspective of the computer system is a major cause for our current security system being so fragile.Security from the perspective of Computer ArchitectureThe general computer system we use now comes from Von nuoman. The key features of the Von noiman system are as follows) the commands to be executed and the data to be processed are compiled into programs and stored in the computer for automatic execution. (Data is mixed with control systems and commands, and data can affect commands and control) (3) The program accepts external input for calculation based on the logic set by the programmer's code, and output the results (the program behavior depends on the programmer's Coding Logic and the branch path selection driven by external input data)In the Von noiman system, we can see security-related features.1) commands are also data, and data can also be used as commands: Meaning commands can be tampered with by data (virus infection) external data can be implanted with commands (Trojan embedding, data zone execution, and program self-modification). 2) data and control systems and commands are mixed: this means that disorder in the data area may affect control and commands (the lack of check boundaries in data processing can lead to code execution security issues). 3) program behavior depends on the programmer's Coding Logic and the branch path selection driven by external input data: this means that the programmer can implement functions and logic based on his own subjective will (backdoor) it is also possible for the user to trigger a specific branch through data (backdoor and business logic vulnerabilities). Based on the basic architecture of the computer system under the Von noiman system, security Vulnerabilities, Trojans, and backdoors are hard to eradicate. Through vulnerabilities and backdoors, attackers can gain full control over code execution and program behavior. Through Trojans, attackers can gain long-term control over system behavior, and through business logic vulnerabilities, attackers can gain specific business objectives, encryption can only be used for partial relief, but cannot be fundamentally solved. Encryption protection is intended for information. Therefore, it is suitable for data storage, data transmission, and login authentication. However, encryption protection is not applicable to computer execution and control.Ø security from the Operating System PerspectiveAn operating system is a computer program that manages and controls computer hardware and software resources. An operating system is an interface between users and computers, and an interface between computer hardware and other software. The operating system uses the CPU architecture to implement permission hierarchy, which is generally divided into two layers: user layer and kernel layer. The user layer provides support for other software and users. The kernel layer is the core of the OS, hardware driver, and basic core tasks. There is no specific standard for the division of these permission entities, except that the OS itself is configured, it also comes from the authorization of Management permission users. The operating system implements a multi-user authentication, authorization, and access control system. This system is an important security measure in the computer infrastructure, which greatly enhances the security of the system. However, this system is based on the trust and control of user permissions and resources, it targets user entities that can be identified by the operating system, not program entities and external data provider entities. Authorization for program entities is determined by the user, but the program itself is a very complicated permission system. Its code logic comes from developers/vendors, the data-driven logic comes from external data providers (many applications also support executable scripts provided by external users, such as browsers), but once authorized, it indicates the user's credit, this requires users to endorse the credit of developers/vendors and external data providers that are completely uncontrollable. In fact, the user cannot identify whether all the logic branches of the Program meet their own security requirements, and whether the code and logic are secure enough to defend against attacks by external data providers, in fact, many users do not have clear security requirements. In this case, user authentication is used to authorize the program to prevent malicious attacks by the program and external data providers, it is basically zero. This is an essential factor for the current backdoor, Trojan, and vulnerability to easily bypass the permission mechanism.SummaryIn computer systems, program behaviors are essentially determined by code and external data. Code data can be mixed to determine the basis of backdoor (Code-triggered behavior) and vulnerability (data-triggered behavior. However, the OS authorization system based on user permissions cannot identify program behavior and user behavior authorization willingness. This is the origin of backdoor vulnerability Trojans being able to gain control through acl. Without these considerations, it personnel should be clear about the difference between the security we are talking about and the information security they traditionally understand, that is, data security. it may be difficult for them to look at security from our perspective. In fact, the same is true for traditional security. For example, all managers in the blind country are blind leaders (users) who must rely on close-fitting secretaries (hardware and software provided by manufacturers, essentially program code) and work implementers (external data providers) to read top-secret documents and handle relevant work. However, secretaries and work implementers cannot monitor and control what they do at other times, it is impossible to identify whether the current Secretary and the secretary came yesterday are the same person. Strong Encryption and good permission control over the senior manager cannot prevent security issues. Sadly, there are real security problems in the computer field. As mentioned above, many security researchers and IT Information practitioners often only think that, all security problems can be solved through identity authentication, information storage and transmission encryption, and control and management of the permissions of each blind sergeant. I was not even aware of the problems with the secretaries and staff on which all the blind officers were dependent. This discussion is not to deny the role of the encryption system, but to elaborate on the encryption system that focuses on data security and the existing security confrontation system that focuses on control security. The former already has theories and many applications and comes to the forefront of most attackers, but the latter is far ahead of us. Many of our senior security experts, information practitioners, and school teaching materials have many misunderstandings and deviations in understanding security, but they think they have a thorough understanding of security, we believe that encryption and permission control are not good methods and achievements to solve security problems, but the complexity and urgency of security.