Designing monitoring software against process suspension

You might be violating your company policies if you are trying any of these on your work PC. Please do not try it, this is only for educational purposes. Article only focuses on educating you to design your software for vulnerability. Read my blog disclaimer before continuing. disclaimer

Following diagram shows an example of typical monitoring software design.  This "i will watch your back" model is typically designed for running as windows service.

Here Process A will open the process handle of B and, B will open a process handle of A. Both of the process will wait on the process handle with win32 API for waitforsingleobject or multipleobject. In case A is killed, B will come out the wait state, checks if the handle is valid, if not it will start A. 

With this, they are they are designed to monitor each other. However this has following short comings.

1. If you kill them together, they might not have time to react.
2. You can kill them as process tree, if they are designed as parent and child.
3. In case you don't have permission to kill them - You can suspend them. Yes. you read it right.

Suspending a process

Suspending the process will leave the process handle valid. Suspending can be done in two ways 

1. Iterate through threads and suspend each of the threads
2. Use NtSuspendProcess undocumented API

Easiest way of testing the process suspension is using Process Explorer tool from sysinternals.

Right click on the process and chose suspend. This will take the process to sleep mode. So, of the monitoring app is looking at it, it wont find a thing. More ever, permission required for suspending a process is much lesser to killing it. OpenProcess can be called with option  PROCESS_SUSPEND_RESUME, with lesser access privilege. 

Suspended process is a bigger threat. 

For example, you cannot terminate Symantec anti virus. However, you can put it to sleep by suspending the process. Since it subscribes to some of the system events asynchronously for monitoring, suspended process will do no good here. Typical example is using Symantec  

to block USB storage devices. Most of the enterprises use this to allowing only approved devices to connect from USB, and block any unauthorized thumb drives. If the process is suspended,  USB insertion event will fall on to deaf ears and if the process just depends on the events and doesn't do any other checks like Symantec does, it will still allow USB to work even after resuming the process.

Suspending a this kind of monitoring service momentarily will go unnoticed during most of the checks. If you are monitoring remotely, or using a sibling process, use heartbeat based checks or some kind of time and salt based handshakes.

If you are testing a product, test the behavior for process suspension.

Disclaimer

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The views, ideas or other information conveyed in blog content are the authors and are not representative of the author's employer, clientele or affiliates. 

The owner of this blog will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.

Dollar value of a story $$$

“As a network administrator, i want the ability to update the timeout value in application configurations remotely through a management portal”

 

If this is a SaaS deployment and you feel that it has a good value add for the admin consumer, it looks like a good story. But if you have one enterprise application and you want to help your network admin by building this feature it might not be a good value for money.

 

How do you explain this to developer, without a closed door meeting?

If you are following agile, work as a team. Don't hide facts and numbers. One simple number that your team should be knowing is the cost of running one sprint. When i say cost, it the cost to company to manage X team members for Y days. Say your cost per sprint is $30K and your velocity is 30 points, it will be roughly 1000$ for a story point ( you may as well argue that it will not be so proportional, neither the story  points.)

 

Now look back at the story point one would give for the story mentioned, if team decides as 5 points -  its good 5K. Now decide, will you educate the system admin to do this manually or go back and write an application to do it for 5K?

 

Once the team understand the cost aspect, you don't really have to  explain about the ‘cost of poor quality’ to team.

Agile and Developer

If you are a developer working in an organization where everyone is talking about agile and only your project manager seems to be excited about it. Here are the things you need to do as a developer.

Before you go any further about TDD, BDD and all test driven approach, take a moment and think about what you could do adopt right away if your manager is talking about agile. No doubt that you need to write Unit tests, TDDs but before we need to understand what it is.

Agile manifesto says

“Individuals and interactions over processes and tools
Working software over comprehensive documentation
Customer collaboration over contract negotiation
Responding to change over following a plan”

Now from developer’s perspective lets look at the highlighted lines.

“Working Software over…”, says that you starts showing the working software and demo it often. But this requires that you to build something that can be demoed, not shown as a presentation or as a code. You could do this only if you have very small requirement and they are independent

Now, first part is easy. Product owner can breakdown the features. But second part is tougher one. This is where you need to pitch in. But verifying if the feature can be implemented with writing the code required only for this feature is your job. This is when you break down the story and suggest PO.

Lets take an example, where you need to show a webpage where based on the role you need to implement a feature say an admin action. If you have to implement this feature end to end you need following features ready

1. Login implemented
2. Role assignment implemented
3. Role to feature mapping done
4. New feature itself

say you implement this in the same order and say you take a sprint to implement each, then every demo what you are showing is what stake holder has seen elsewhere. Something like role and feature mapping might not even go beyond the code and unit test.

 

So what did stake holder get in first 3 sprints?

Close to nothing.

 

Now what if you implement the new feature(say showing some grid with all data) without any security implementation. During the demo you can show, how will data look. Is this the right presentation, can we do anything better and you are giving good time for your stake holders to sleep over it and come back with all possible related stories. Now during next demo, you show login and apply the effect of authentication to the feature built. 

 

Did we turn the world upside down in the name of Agile? But did we get right feedback and testing done soon? That’s the beginning!

Client side graphs

I came across many instances, where people jumped at some expensive client side libraries just by looking at the graphs. Here are some simple points you need to consider.

1. Generating graph on client side is not a rocket science. Now its more and more simple, no one plays around with DIVs to create bar chart anymore.
2. Most of the libraries use Canvas or SVGs for creating charts.
3. Flot library is the best library available under MIT license. I have used it and i totally recommend it. Binding or customization is super simple. I have created newer types of charts in very short time.
4. Use expensive libraries, only if you want swanky grids, edits and other UI features. Not just for graphs.
5. You can play around with events easily and create what ever you want, like making nasty sound on hovering on some point :)
6. For all short comings, you can find one more more plug-in. FlexiSlider is one of the great addin i found for handling touch.
7. Use a thumb rule based on the budget you have where you set a threshold for number of plug-in you will be cherry picking before switching to a commercial library.
8. Enjoy playing around with jQuery!

It’s about not to code

“You don't have to solve all problems through code – My Boss”

This was the quote from my conversations from one of our conversations. However i remember this every time i think of a solution for any problem that i deal with, while working on a software projects. Context has changed from the time he quoted this but i have followed same instruction many times.

This goes well with INVEST mnemonics associated with good User Story. I use the above quote for ‘Negotiating’ the scope of the user stories. As an architect, i have an advantage of having good understanding of the requirement as well as the system. This allows me to put forward options that are easier to implement at the same time solves the problem.  Couple of examples i want mention here, where i realized that i gained a lot.

1) I was working on a client-server application, which had an management portal for modifying some back end data. We had created an ASP.Net Dynamic data site for this. Now we had to restrict the access to this portal, only for admin users. Going by the standard implementation, we had to create roles, then associate users to roles and then give some UI where one can manage both. This would take quite a long time and we wanted this to be done for the first roll out. 

Here comes the negotiation part. We managed to convince the product owner that given 30 minutes notice, i will make anyone admin till next release. Overall, my product owner agreed to de-prioritize the story and moved it to next release. What i did there was used IIS feature to allow/deny access to a web application. As there were only 2-3 people who required admin access and possibility of it changes required was almost like once in a 6 month. 

   

So, We managed to deliver this feature for first release under an hour. And the rest of the user management part of the story moved back to the backlog. I don't see this feature ever getting the daylight.

TFS30063–You are not authorized to access

 

Recently I received this complaint from someone, who was trying to connect to TFS using TFS client API.

Here is the code that my friend was using

NetworkCredential networkCredential = new NetworkCredential("guruholla", "******", "MyDomain");

Uri uri = new Uri("http://mytfsserver:8080/tfs");

TeamFoundationServer teamFoundationServer =  new TeamFoundationServer(uri.AbsoluteUri, networkCredential);

Console.Write("Connecting to Team Foundation Server {0}...", uri.ToString());

teamFoundationServer.Authenticate();

Console.Read();

After which I realized that, he did not have access to the default collection in TFS and he had only access to one of the collection. Changing the URL to directly point to the collection helped.

Uri uri = new Uri("http://mytfsserver:8080/tfs/birdCollection");

Moral of the story: See if you have access to default collection.