Cybersecurity Threats
On an application level, a malicious party can perform a code injection attack, wherein they leverage the inadequate memory checks present in the system (Kumar et al., 2022). Kumar et al. states that it can lead to a specific process executing a harmful instruction inserted by an attacker because the control will eventually move towards the return address where an attacker has injected a malicious code through their input. This is caused by design flaws that allow inputs to contain a return address that points to a stack location. One way of preventing this is through sandboxing—a way to isolate programs for security and testing reasons (Felice, 2024). Because sandboxing is an effective approach to protecting the program’s surrounding environment, it is ubiquitous in the field of software development and cybersecurity.
On an operating system level, attacks can emerge from operating system vulnerabilities. According to Granot (2024), this vulnerability comes from the weaknesses of operating systems which gives an opening for attackers to undermine the system’s security, integrity, or functionality. Their sources, in particular, vary from design errors to the insufficient security features. Its importance should be underscored considering that it can introduce minor disturbances, operation disruptions, and data breaches. One way to mitigate its risks is through OS hardening—an approach that reinforces the security of operating systems like Windows and Linux (Kroder, 2024). Identified vulnerabilities are dealt with using special OS hardening techniques like firewall configuration, access control, and data encryption.
On a network level, attackers can threaten the network’s security by disguising as another device (commonly referred to as spoofing) to nullify network functionality, propagate malware, or circumvent access controls (AlSabeh et al., 2022). They do this in order to launch an attack like a Distributed Denial-of-Service (DDoS) attack, in which they swamp a targeted network with a flood of user traffic (Srivastava, 2022). One way of strengthening network security, however, is through network encryption. This is an effective measure that allows the maintenance of data privacy and the installation of anti-hacking mechanisms to the network (Pierson, 1998). This is usually done physically through a discrete unit (a network encryptor), separate from other network components so that tamper resistance and detection mechanisms are ensured. Furthermore, it also allows it to be easily changeable when the network evolves.
On a physical level, attackers can threaten hardware security through hardware-based attacks. This is a relatively new field of study since, for a long time, people assumed that hardware is invulnerable against attacks; however, reports in the past thirty years have disproved this misconception (Bhunia and Tehranipoor, 2019). Bhunia and Tehranipoor used hardware trojans, the term referring to the malicious modification of Integrated Circuits (ICs), as an example of a hardware-based attack. One approach to safeguard hardware is by utilizing Full Disk Encryption (FDE), in which the data of a hard drive used to boot a computer is completely encrypted (Johnson, 2020). This guarantees that the data in a computer can only be accessed when a successful authentication occurs.
References
- AlSabeh, A., Khoury, J., Kfoury, E., Crichigno, J., & Bou-Harb, E. (2022). A survey on security applications of P4 programmable switches and a STRIDE-based vulnerability assessment. Computer Networks, 207, 108800. https://doi.org/10.1016/j.comnet.2022.108800
- Bhunia, S., & Tehranipoor, M. (2019). Introduction to Hardware Security. In Hardware Security (pp. 1–20). Elsevier. https://doi.org/10.1016/B978-0-12-812477-2.00006-X
- Felice, S. (2024, December 20). What is Sandbox? BrowserStack. https://browserstack.wpengine.com/guide/what-is-sandbox/
- Granot, L. (2024, September 18). Operating System Vulnerabilities: Understanding and Mitigating the Risk. Sternum IoT. https://sternumiot.com/iot-blog/operating-system-vulnerabilities-understanding-and-mitigating-the-risk/
- Johnson, L. (2020). Security component fundamentals for assessment. In Security Controls Evaluation, Testing, and Assessment Handbook (pp. 471–536). Elsevier. https://doi.org/10.1016/B978-0-12-818427-1.00011-2
- Kroder, J. (2024, February 28). What does “OS hardening” mean? Why is this IT security measure so important? FB Pro GmbH. https://www.fb-pro.com/os-hardening-meaning-measures/
- Kumar, S., Moolchandani, D., & Sarangi, S. R. (2022). Hardware-assisted mechanisms to enforce control flow integrity: A comprehensive survey. Journal of Systems Architecture, 130, 102644. https://doi.org/10.1016/j.sysarc.2022.102644
- Pierson, C. (1998). Network encryption. Information Security Technical Report, 2(4), 62–65. https://doi.org/10.1016/S1363-4127(97)80794-7
- Srivastava, S. (2022, June 29). DDoS Attack Explained: What It Is and How to Prevent It. GlobalSign. https://www.globalsign.com/en/blog/what-ddos-attack-and-how-prevent-it