Nelson Shaw Design Project

From CSSEMediaWiki
Revision as of 00:12, 17 August 2010 by Nelson Shaw (Talk | contribs)
Jump to: navigation, search

Contents

Trojan Project

As part of the COSC429 Information Warfare course, development of a Trojan module is required.

Background

The software should have command and remote modules, which are connected together via sockets. Functionality such as screen capture, key log capture and remote file browsing is required. Due to the complete assignment spec not being available, more functionality will be added later. The command module will be running on the attackers computer, while the remote module will be running on the targeted computer. Bypassing security and installing the remote component onto the targeted computer is not required. It is assumed that the remote module can be installed by a 3rd party and will be constantly running. Therefore, the focus of this design is providing the functionality required and ensuring secure communication.

Design Study

A current log of work spent on the project can be found here Design Project Log

Functionality

Basic

  • Remote command channel
  • Implant registration with server
  • Screen capture
  • Keyboard capture
  • Target File browse
  • File upload/download

Advanced Features

  • Cryptographic channel protection
  • Implant hiding
  • Targer user list
  • List of active processes
  • Extract web history
  • Extract email
  • Audit log

Requirements

  1. Secure - Components and communication of software should be secure and unable to modify
  2. Maintainability - Easy to add new functionality (e.g. Multiple remote modules)
  3. Extensible - Add additional software components easily (e.g. Software to deliver remote module onto target system)

Constraints

Remote and control module communication, processing speed and associated overhead costs.

Initial Design

This is my current UML diagram -- a work in progress. I think I have the basic structure, but obviously there are a few class attributes and functions missing.

InfoWarfare2.png

Description of Classes

ControlUnit ControlUnit is the main class of the control module. An observer pattern is used with the GUI and Controller. It contains a list of data objects which can then be displayed by the GUI. The data objects have a specified type e.g. Picture, Text, ... and so it will be up to the GUI to organise how to display them. Therefore any knowledge of the task from which the data came is unnecessary. The ControlUnit class will also have the appropriate update functions to enable an observer pattern.


Communicator Communicator is used to set up a connection between the control and remote modules. The type of encryption can be set, by passing an EncryptionStandard object. Both the ControlUnit and Remote objects create instances of the Communicator object. The main way the remote and control units will communicate, is by serializing and sending Task objects. Once an object is serialized it is then encrypted and sent. When received it is first decrypted and then de-serialized.

Serializer The serializer class is used to serialize task objects and return them as a byte array. It is also used to de-serialize objects.

EncryptionStandard The use of EncryptionStandard with the various subclasses allows the program to be extended to incorporate various encryption types. For the current implementation, it is expected that "Unsecured" and "RSA" Encryption Standards will be implemented. But in future it is possible to add say, AES encryption. By using the Strategy pattern, each subclass overrides the EncryptionStandard's functions such as encrypt and decrypt.

Task By using the strategy pattern for the Task class, it allows easy modification to add new functionality to the program. Currently, Screenshot and Keylog functionality is provided, but it should be relatively simple to add more. Once a task is performed by the remote program, data is added to the task which is then sent back to the control unit. The data class can be one of various types.

Data Data is a class that carries information produced on the Remote host from performing a Task. It has a type attribute which describes the type of data it is, as well as a text heading.

Design Critique

Displaying of the data by a list of Data objects in ControlUnit is perhaps not optimal? The GUI still has to know about the Data types that are possible, but is this an inevitable coupling?

Design patterns/ideas/principles used

Strategy is used in the Task and EncryptionStandard class design. In both classes, different types of tasks and encryption standards perform various functions differently. Because of this, strategy was used to create subclasses with functions that override that of it's super class.

Open Closed Principle The open closed principle states that the design should be open for extension but closed to modification. Taking the example of Tasks, a new task subclass can be easily added (extension), without the Task object itself being changed (no modification). In saying this, modification will be required in relation to the GUI providing the option to select this new task, but this is an inevitable problem.

Singleton Only one communicator object can exist in each program??

Observer The design pattern used linking the ControlUnit class with the GUI is an Observer pattern. The GUI will look at the list of data objects and display them according to their type.

Separation of concerns The classes are created to capture a single abstraction in each class.


Design Improvements

Possible improvements.

Thanks to User: James Ashford for the project page template.

Personal tools