Analysis of Stuxnet Computer Virus

2951 words (12 pages) Essay in Computer Science

23/09/19 Computer Science Reference this

Disclaimer: This work has been submitted by a student. This is not an example of the work produced by our Essay Writing Service. You can view samples of our professional work here.

Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UK Essays.

Analysis of Stuxnet Computer Virus 

[Document subtitle] 

Table of Contents

Executive Summary:

1. Introduction/Background:

2. Stuxnet:

2.1 Access

2.2 identify

2.3 crypto

2.4 network security

3. Qualitative risk analysis

3.1What or which one

3.2 Analysis

3.3 Table

4. ESA

4.1 What is it

4.2 How many it helps

4.3 How it may help

4.4 Which one and why

5. What should we do

5.1 International arena

5.2 Charter 2(4)

5.3 Article 51

6Conclusion

6.1 Summary

6.2 Option

7. References:

Executive Summary:

In this report I will analysis greatly and evaluation on the topic which is about malicious computer worm where one of the most historical incidents happened in Iranian nuclear in 2010. In this incident the malicious called Stuxnet was used to control the Iranian nuclear program by reprogramming target programmable logic controllers. Analysing will be focused on Access control, Identify, Crypto and Network Security.

Stuxnet is a threat which controls the specific industrial system like power plant, factory assembly lines, amusement rides in Iran. Stuxnet was discovered in July 2010 and by this, 22 manufacturing sites were infected by this attack whereas Iran was infected in nuclear enrichment programme. The main goal of Stuxnet is to sabotage Iran’s nuclear program by reprogramming programmable logic controllers (PLCs) to control all the system by attackers.  In this report I will include Enterprise Security Architect to implement for the nuclear research programme.


1. Introduction/Background:

A malicious computer worm which was developed in 2010 was made together made by the Israel and US as a cyber weapon. The worm marked industrial control systems that is used as to control large scale industrial facilities like power plant, Dams, and other likely operations. Stuxnet is to sabotage Iran’s nuclear program by reprogramming programmable logic controllers (PLCs) to control all the system by attackers. Access control system, identity management, network security, enterprise security architecture and the UN charter law are discussed in this report. Stuxnet is a malicious computer worm which lets the attacker to take control of the system through PLC (programmable logic controllers) that is built in to the device. It is known that it is the first attack that allows the attacker to handle a real-world equipment, that makes it threat and dangerous.

2. Stuxnet:

Stuxnet was 1st known by the infosec community in 2010, be that as it may progress consequently most likely started in 2005. In spite of its one of a kind capacity to expand and its broad contamination rate, Stuxnet will exceptionally small or no harm to computers not concerned in nuclear enrichment. Once it defects a pc, it checks to decide on the off chance that that pc is associated to particular models of programmable logic controllers (PLCs) factory-made by Siemens. Generally, PLCs works how computers interact with and control mechanical device like uranium centrifuges. The worm at that point modifies the PLCs’ programming, driving to the centrifuges being spun as well rapidly and for as well long, harming or wrecking the fragile instrumentation inside the strategy. while this will be happening, the PLCs tell the controller pc that everything is working fine, making it troublesome to locate or analyse what is going on off-base till it’s as well late.

Computer security specialists characterize Stuxnet as one of the foremost complicated mechanical malevolent program created for a focused-on target to date which is presently known as “Zero-day”. Supposedly, a combined U.S.-Israeli cyber campaign against Iran codename “Olympic Diversion” the assault annihilated over a thousand of centrifuges at the Natanz Uranium improvement office. In a brief way of time, the targeted got to be open.

A past General about Central Intelligence(CIA) and-and Director National Security Agency (NSA) Michael V. Hayden suggested that Stuxnet is the “first attack regarding a foremost disposition within who a cyber-attack was old in imitation of impact physical destruction”. Obviously, the attack did now not ever disrupt Iran’s nuclear activity, enrichment was once recovered inside a year then again the issues escalated at some point of 2012 as Israel then the United States over America may launch airstrikes according to tackle the worsening problem. Nevertheless, Stuxnet’s certainly tested its technicalities among cyber weapons or not simply a erudition conversation inflicting much people in imitation of see Stuxnet so a harbinger yet also extra devastating assaults after come, pointing in accordance with an side about cybersecurity Revolution in Military Affairs (RMA).

Now that it Stuxnet is in that place between public, near argue, too the some states then the political existence are stimulated in imitation of acquire cyber capabilities, yet this acts increasingly more threaten the United States yet nasty advanced technical countries.

2.1 Access

This module is named Discretionary Access Control(DAC) namely a result regarding the control of access on based of discretion of the owner. The owner on the wish decide up to expectation topics choice get entry to the item. Also, care access administration is enforced in conformity with close operational systems as Windows, Linux, Macintosh. In these operating systems(OS),

if the file is created, the administrator will decide to give the privileges to the user so after that this operating system will make a decision to follow the privileges given by administrator.

The mandatory access control(MAC), is a system specifies which subject area can access specific information. The Mandatory access control model is based on security levels. And data objects are given a security range (secret, crown secret, confidential, etc.). The classification and clearance data are saved in the security system labels, that are leap to the specific subjects and objects. Headway is being matched to a subject with the classification of the object every time the system is making an access control decision. As an example, if a drug user has a credential of security clearance of secret and tried to request for a data object with a security classification of the top secret which is higher than secret, then the user will get denied access. This Mandatory Accession Mastery (MAC) is commonly used in environments where confidentiality is the topmost precedence, such as a military institution or a data centre.

 2.2 identify

Recognizable proof is a representation of particular individual or subject. In genuine world there are measures where reports are set to be as official ID by various substances relies upon the capacities or necessities. For instance, a driver’s permit is a distinguishing proof for a man to have the capacity to drive a vehicle, an identification for a man to have the capacity to movement globally. In digital world, people are typically utilizing numerous ID for various access or administrations inside a similar framework. For instance, in an organization a representative needs a system distinguishing proof to have the capacity to utilize a PC and utilize diverse login ID’s to get to database, arrange drives, projects and applications or even devices rely upon the level of limitations or the workers capacities.

Systems of mechanical production lines particularly the best mystery atomic offices like the Iran’s enhancement office are not associated with the web, making it harder to be penetrated by any sort of malware or infection. Stuxnet was physically introduced to the uranium enhancement office in Natanz, Iran, by a worker who’s transporting a contaminated USB Stick. Which tells that if the worker could utilize a USB stick in an extremely strict framework condition either the representative has an abnormal state qualification, or the framework does not realise an abnormal state of security confinements.

2.3 Crypto

Iranian PCs are being focused by malware that wipes whole disk, as indicated by a warning issued by that nation’s Computer Emergency Response Team Coordination Center.

Named Batchwiper, the malware methodically wipes any disk partitions clean with the letters D through, alongside any documents put away on the Windows work area of the client who is signed in when it’s executed, as indicated by security scientists who autonomously affirmed the discoveries. The reports come seven months after an examination concerning another wiper program focusing on the locale prompted the revelation of Flame, the exceptionally advanced secret activities malware supposedly composed by the US and Israel to keep an eye on Iran. Wiper, as the prior wiping program is known, shared a record naming tradition relatively indistinguishable to those utilized by the state-supported Stuxnet and Duqu tasks, a sign it might have been connected, security scientists said.

2.4 Network security 

A full comprehension of the Stuxnet-presented techniques is fundamental for surveying the dangers mechanical frameworks are looked with. Their basic innovations were not intended to be associated with the web and were planned without fitting security as a primary concern.

Likewise, alleviation systems that may function admirably in IT security – air holes, against malware advances or security patches – are much harder to convey in these kinds of situations. Everything that abandons us with a troubling end: the complexity of these ICS-focusing on dangers joined with the expertise level of their creators or potentially administrators remains in extraordinary diverge from the in-security level of a few zones of ICS foundation.

3. Qualitative risk analysis:

Risk analysis is a potential given to exploit the vulnerabilities of an asset to harm the organization. Qualitative risk analysis is a judgment in a subjective based on different data. Moreover, it is focused on topic which are in this report. Based om estimated values of successful probabilities and attack rate, I will give a quantification on the main possible physical destruction of the targeted company.

3.1 Analysis

Consequences

         Impact

Low  

Moderate

High

Access

Intrusion Detection System and also log messages can be easily detected.

Intrusion Detection system and log can be can detect under some circumstances.

Can’t detect or control.

Identify

Very less impact for administrators and users to get affected.

Can process but controls can’t be operated by users and an administrator, critical might get affected.

Critical processes and controls affect all user and administrator badly.

Crypto

Less skills needed

Moderate

High skills needed

Network Security

Can attacked by penetrating targeted device.to control device.

For some circumstances penetrating can be done.

No such penetrating can be done.

3.2 Table

Risk Calculator

Threat Source

Impact

Probability

Remote Access through USB to install malware

Access

40%

Identify

20%

Crypto

20%

Network Security

30%

In above table access has high probability because attacker was success installing malware by using USB stick which was caused by the one of employee in the organization.

4. ESA:

Executing security design is regularly a confounding procedure in undertakings. Generally, security engineering comprises of some preventive, analyst and uplifting controls that are executed to ensure the attempt framework and applications. A few undertakings are completing a superior occupation with security design by including order controls, including arrangements and systems. Numerous data security experts with a conventional outlook see security engineering as simply having security arrangements, controls, instruments and observing. The present hazard variables and dangers are not the equivalent, nor as basic as they used to be. New developing advances and potential outcomes, e.g., the Internet of Things, change a considerable measure about how organizations work, what their center is and their objectives. It is critical for all security experts to comprehend business goals and attempt to help them by actualizing appropriate controls that can be basically defended for partners and connected to the business chance. Endeavor structures, for example, Sherwood Applied Business Security Architecture (SABSA), COBIT and The Open Group Architecture Framework (TOGAF), can help accomplish this objective of adjusting security needs with business needs. I would like to choose Sherwood Applied Business Security Architecture (SABSA) which is briefly describe below.

4.1 SABSA (Sherwood Applied Business Security Architecture)

SABSA is a business-driven security system for enterprises that depends on risk and openings related with it. SABSA does not offer a particular control and depends on others, for example, the International Organization for Standardization (ISO) or COBIT forms. It is simply a procedure to guarantee business arrangement. The SABSA approach has six layers (five horizontals and one vertical). Each layer has an alternate reason and view. The relevant layer is at the best and incorporates business prerequisites and objectives. The second layer is the reasonable layer. Figure below demonstrates the six layers of this structure.

The SABSA procedure gives rules to coating engineering and business value. It additionally addresses basic requirements for more projecting coordination among security and undertaking engineering inside associations. Associations’ with SABSA can report a risk and reward balance utilizing a scope of systems, models, techniques and procedures to oversee hazard and measure execution. SABSA’s structure is adaptable and versatile and appropriate to any industry part. Moreover, SABSA can be incorporated to other hazard benchmarks, for example, ITIL, TOGAF and C4ISTAR to make and consolidated consistence system.

SABSA gives enterprise for operational risk administration engineering that can be totally customized to a particular plan of action.

5. What should we do

5.1 International arena 

5.2 Charter 2(4)

5.3 Article 51

In the discussion any applicable inquiries are to be put to the observers and specialists under the conditions set around the Court in the standards of strategy mentioned in Article 30.

As per the Tallinn manual Rule 1 Sovereignty “No state may guarantee power over the internet” anyway the rule gives an express a privilege to control instrastructure and cyber implementations inside its territory. With the Stuxnet occurrence in Natanz enrichment office the Iranians have every one of the rights to work individually without getting interrupted by different states as there they didn’t disregard neither disrupt any standards and law in the internet however the item that is being delivered by the office made the Israeli and United States moved against the Iran’s’ enrichments office.

In addition, Rule 1 segment 4 says that a Sovereignty implies that a state may have a full access and control to its region without limits as long as far as possible by the settlement and standard international law is being followed except for the self-defence in agreement to the approved or commanded by the United Nations Security Council. As said in administer 1 area 6 if a cyber state task is coordinated against a cyber activity that is situated in an alternate state it will be a violation of power and can be sort as an equipped attack that can trigger the privilege of self-protection in which the Iranians can do to counter to United states and Israel. Irian’s did not do any counters rather in simply a question of a year or 2 they increment the creation of uranium 232 and extend the Natanz office.

7. References:

  • https://www.semanticscholar.org/paper/Modeling-the-Stuxnet-attack-with-BDMP%3A-Towards-more-Kriaa-Bouissou/8606a5b6451103265c63481bde961f4c44084ddf/figure/1

Cite This Work

To export a reference to this article please select a referencing stye below:

Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.

Related Services

View all

DMCA / Removal Request

If you are the original writer of this essay and no longer wish to have the essay published on the UK Essays website then please: