Consider the following example: suppose we have a database of the height of everyone in our class, and that the height of each individual is supposed to be kept a secret. Also, let's assume we have one basketball player in the class, and the height of the basketball player is key information for opposing teams. What if we were to allow the following two queries:
ah1 = select avg(height) from class; ah2 = select avg(height) from class where basketball_player = false;
Assuming we know the number of people in the class n and that there is only one basketball player in the class, we can determine the height of the basketball player:
basketball player height = n * ah1 - (n-1) * ah2
For ten years , the Greeks had lain siege to the city of Troy without success of getting into the city, or with getting Helen back. The layout and build of the city walls made the ancient metropolis impenetrable. After Achilles left the war, the Greeks' progress slowed to almost a dead stop. Troy was not going to be taken by sheer numbers.The Trojans, led by Hector, began to repel the Greeks. Eventually the Greeks were driven back to their own ships. Achilles rejoined the battle, and killed Hector to avenge a good friend's death. Greek morale shot through the roof!
The Greeks needed a war machine. The siege machines of the time weren't getting the Greeks anywhere. They needed something new. So the Greeks devised a plan and put it to work.
The Greeks built a giant, wooden horse with a hollow belly. A handful of armed Greeks climbed into the hollow opening, and sealed it up. Meanwhile, the rest of the Greek army piled into their ships and sailed away. Due to a convincing Greek spy , the Trojans came out of Troy to recive the huge horse as an offering of peace. The Trojans rejoiced at the thought of the Greek army running away like dogs!
The Trojans then decided to celebrate. By nightfall the whole city was in a drunken uproar. They celebrated far into the night. In the small hours of the morning, while everyone was drunk or asleep, the Greeks unsealed the belly of the horse, and climbed down from it. Silently, they killed the Trojan sentries at all the city gates. The gates were then opened to the bulk of the Greek army. In their drunkeness, the Trojans did not see the Greek fleet return to their shores.
Now, the Greeks were finally inside the city after ten years of useless battle. The Greeks finally had their chance at capturing victory. They slaughtered men and boys alike. The women, and girls were kept and later sold as slaves. By daylight, everyone in Troy was either dead, or in bondage.
In computer security, a Trojan horse is a program that appears innocuous, but has malicious code which executes when a user accepts and runs the program. An example would be Christmas greeting cards which are executable programs, which may hide malicious code.
Viruses
A virus is a piece of code which attaches itself to larger executable
programs. Often it operates by appending itself to the end of an
executable (e.g. Microsoft Word), and inserting a jump command at the
place where the program normally starts execution. The jump command will
cause the program to actually start execution at the virus code, and then
when the virus has finished executing, it will jump back to start
executing the real application.
+-----------------------+ / | jump to virus code | <--- entry point | | | <--- first real instruction original | | | code -+ | | | | | | | | | | | \ | | +-----------------------+ virus / | malicious code | code -+ | | \ | jump to original code | +-----------------------+
The primary purpose of a virus is to propagate itself, much like a biological virus. However, it may also contain malicious code. A virus may be introduced by a Trojan horse.
Worms
A worm is a program that also replicates itself, but instead of attaching
itself to existing programs, a worm operates on its own. It often
propagates by exploiting holes in network servers. This page http://world.std.com/~franl/worm.html
describes the first severe Internet-based worm. Many of the recent
"email viruses" are actually classified as worms, because they
propagate by emailing themselves to people in the infected user's address
book.
Virus detectors can work by scanning all the files on a hard drive at one time, or each time a program is run. It can place hooks into the operating system so that whenever an application is run, the virus detection software is invoked to check the program before it is run.
One problem with the signature-based approach is that sophisticated viruses may be polymorphic, and may change its instructions by randomly replacing instruction sequences with different sequences that have the same effect. Another way to identify viruses is to keep a database of hashes on each executable program, and each time a program is run or periodically, to check that the hash is the same. Programs such as tripwire implement this sort of policy.
bsy+cse127w02@cs.ucsd.edu, last updated
email bsy.