cs 161 computer security
play

CS 161: Computer Security http://inst.eecs.berkeley.edu/~cs161/ - PowerPoint PPT Presentation

CS 161: Computer Security http://inst.eecs.berkeley.edu/~cs161/ January 16, 2017 ROOM FIRE CODE Prof. Raluca Ada Popa And a team of a talented TAs Head TAs: Keyhan and Won and talented readers Jianan Lu Kijung Kim Katharine Jiang Kate


  1. CS 161: Computer Security http://inst.eecs.berkeley.edu/~cs161/ January 16, 2017 ROOM FIRE CODE Prof. Raluca Ada Popa

  2. And a team of a talented TAs Head TAs: Keyhan and Won

  3. and talented readers Jianan Lu Kijung Kim Katharine Jiang Kate Xu Denis Li Audrey Ku Kevin Ma David Niu Billy Zhao Anusha Syed Riku Miyao

  4. What is Computer Security? Detects or prevents unwanted use of computer systems or data

  5. Why security?

  6. Why should you care? -to-day life Millions of compromised computers, millions of stolen passwords, stolen money

  7. It is important for our physical safety and safety of our possessions confidentiality of data/ privacy functionality

  8. Safety Adversaries can affect our safety by tampering with pacemakers, planes, cars

  9. Privacy/confidentiality Adversaries get access to medical, financial, personal user data, or sensitive corporate data 140 million records breached (containing SSN, names, credit cards) Pretty much any major company collecting user data has been hacked

  10. Can aff s economy Computer Science 161 Fall 2016 Popa and Weaver X

  11. Learn About Security Make a Difference

  12. Computer security is not only important but it is FUN! - You are playing a game: can you stop the attacker? - Beautiful blend of analytical thinking (math) and engineering (build systems)

  13. Computer security is varied It has room for many skills Big challenge: many of you Cryptography the expertise in Network security those areas Operating systems security Provides a Web security glimpse of these disciplines Database security Distributed systems security Tell us what concepts you Machine learning and security need more background in Security usability

  14. Logistics

  15. Course Structure Absorb material presented in lectures and section Lecture will be webcasted 3 course projects (24% total) Done individually or in small groups ~4 homeworks (16% total) Done individually Two midterms (30%) A comprehensive final exam (30%)

  16. Textbooks No required textbook. If you want extra reading: Optional : Introduction to Computer Security , Goodrich & Tamassia Optional : The Craft of System Security, Smith & Marchesini

  17. Class Policies Late homework: no credit Late project: -10% if < 24 hrs, -20% < 48 hrs, -40% < 72 hrs, no credit hrs Never read or share solutions, code, etc. with someone else, nor read past materials: work on your own (unless assignment states otherwise). If lecture materials available prior to lecture, use to answer questions during class Participate in Piazza Send course-related questions/comments, or ask in office hours. No scale.

  18. Ethics We will be looking for plagiarism, both manually and using advanced software; we can identify copy even if not exact, including from old material or submissions We will apply severe penalties including reporting to Student Conduct office

  19. THREAT MODELS

  20. Threat models Cannot protect against all possible attackers High-level goal is risk management Much of the effort concerns raising the bar and trading off resources How to prudently spend your time & money? Key notion of threat model: what you are defending against Determines which defenses are worthwhile

  21. Threats have evolved l Spam, pharmaceuticals, credit card theft, identity theft

  22. Threats have evolved Attackers have become more sophisticated; arms race between attackers and defenders fuels rapid innovation in malware but not all security is an arms race, there are definite solutions to certain settings Many attacks aim for profit and are facilitated by a well-

  23. Threats have evolved l Spam, pharmaceuticals, credit card theft, click fraud Government actors: Stuxnet, Flame, Aurora, Sony Private activism: Anonymous, Wikileaks

  24. Lesson To protect computer systems, you must know your enemy defenses that are good enough to stop the

  25. 2 CLASSICAL EXPLOITS

  26. Epic Hack: Internet worm The first Internet worm, Morris worm A grad student experimented (in the lab) with self-spreading malware It got out.

  27. Epic Hack: Internet worm The first Internet worm A grad student experimented (in the lab) with self-spreading malware It got out And took down the Internet

  28. Epic Hack: Internet worm The first Internet worm A grad student experimented (in the lab) with self-spreading malware It got out. And took down the Internet. There is a lesson here.

  29. Epic Hack: Sarah Palin Guy wants to mess with Tries logging into her Yahoo Mail

  30. Epic Hack: Sarah Palin

  31. Epic Hack: Sarah Palin

  32. Epic Hack: Sarah Palin

  33. Epic Hack: Sarah Palin

  34. Epic Hack: Sarah Palin

  35. Epic Hack: Sarah Palin

  36. Epic Hack: Sarah Palin Sentenced to 1 year in federal prison Lesson: your system is only as secure as the weakest link.

  37. Epic Hack: Sarah Palin Aftermath: in 2012, someone hacks Mitt

  38. Epic Hack: Sarah Palin Aftermath: in 2012, someone hacks Mitt Lesson: old attacks remain relevant

  39. Memory safety

  40. #2 #293 3 HRE RE- THR THR 850 50 19 1930 AL ALI CE CE SM SM I TH TH CO COACH CH SP SPECI CI AL L I NSTR NSTRUX: X: NO NONE

  41. #2 #293 3 HRE RE- THR THR 850 50 19 1930 AL ALI CE CE SM SM I THHH THHHHHH HHHHH HHHH HH HHACH CH SP SPECI CI AL L I NSTR NSTRUX: X: NO NONE How could Alice exploit this? Find a partner and talk it through.

  42. #2 #293 3 HRE RE- THR THR 850 50 19 1930 AL ALI CE CE SM SM I TH TH FI FI RST ST SP SPECI CI AL L I NSTR NSTRUX: X: NO NONE

  43. #2 #293 3 HRE RE- THR THR 850 50 19 1930 AL ALI CE CE SM SM I TH TH FI FI RST ST SP SPECI CI AL L I NSTR NSTRUX: X: GI GI VE PA PAX E EXTR TRA CHA CHAM PA PAGNE NE.

  44. char nam e[ 20] ; voi d vul ner abl e( ) { . . . get s( nam e) ; . . . }

  45. char nam e[ 20] ; char i nst r ux[ 80] = " none" ; voi d vul ner abl e( ) { . . . get s( nam e) ; . . . }

  46. Memory unsafe code char nam e[ 20] ; char i nst r ux[ 80] = " none" ; voi d vul ner abl e( ) { . . . get s( nam e) ; . . . } Reading data in name past 20 characters starts overlapping instrux because name and instrux are stored next to each other in memory

  47. char l i ne[ 512] ; char com m and[ ] = " / usr / bi n/ f i nger " ; voi d m ai n( ) { . . . get s( l i ne) ; . . . execv( com m and, . . . ) ; }

  48. char nam e[ 20] ; i nt ( * f npt r ) ( ) ; voi d vul ner abl e( ) { . . . get s( nam e) ; . . . }

  49. char nam e[ 20] ; i nt seat i nf i r st cl ass = 0; voi d vul ner abl e( ) { . . . get s( nam e) ; . . . }

  50. char nam e[ 20] ; i nt aut hent i cat ed = 0; voi d vul ner abl e( ) { . . . get s( nam e) ; . . . }

  51. Linux (32-bit) process memory layout -0xFFFFFFFF Reserved for Kernel -0xC0000000 user stack $esp shared libraries -0x40000000 brk run time heap static data segment Loaded from exec text segment -0x08048000 (program) -0x00000000 unused

  52. Stack Frame -0xC0000000 T o previous stack frame pointer user stack arguments Frame return address corresponding to function stack frame pointer invocation exception handlers shared T o the point at which -0x40000000 libraries this function was called local variables callee saved registers run time heap static data segment text segment -0x08048000 (program) unused -0x00000000

  53. Code Injection

  54. g() f() main() buf ret x ret ret 0xFFFF0000 Stack (return addresses and local variables) f ( ) { g( ) { i nt x; char buf [ 80] ; m ai n( ) { g( ) ; get s( buf ) ; f ( ) ; } } }

  55. g() f() main() buf ret x ret ret 0xFFFF0000 Stack (return addresses and local variables) f ( ) { g( ) { i nt x; char buf [ 80] ; m ai n( ) { g( ) ; get s( buf ) ; f ( ) ; } } }

  56. Basic Stack Exploit Overwriting the return address allows an attacker to redirect the flow of program control. Instead of crashing, this can allow arbitrary code to be executed. Example: attacker chooses malicious shellcode ), compiles to bytes, includes this in the input to the program so it will get stored in memory somewhere, then overwrites return address to point to it.

  57. voi d vul ner abl e( ) { char buf [ 64] ; . . . get s( buf ) ; . . . }

  58. voi d saf e( ) { char buf [ 64] ; . . . f get s( buf , 64, st di n) ; . . . }

  59. voi d saf er ( ) { char buf [ 64] ; . . . f get s( buf , si zeof buf , st di n) ; . . . }

  60. voi d vul ner abl e( i nt l en, char * dat a) { char buf [ 64] ; i f ( l en > 64) r et ur n; m em cpy( buf , dat a, l en) ; } m em cpy( voi d * dst , const voi d * sr c, si ze_t n) ; Attack: attacker supplies negative len, which becomes large value when cast to size_t

  61. Fix: voi d saf e( si ze_t l en, char * dat a) { char buf [ 64] ; i f ( l en > 64) r et ur n; m em cpy( buf , dat a, l en) ; }

Recommend


More recommend