csci 1650 software security and exploitation
play

CSCI 1650: Software Security and Exploitation Introduction - PowerPoint PPT Presentation

Jan 31, 2024 •48 likes •238 views

CSCI 1650: Software Security and Exploitation Introduction Vasileios (Vasilis) Kemerlis September 09, 2020 Department of Computer Science Brown University vpk@cs.brown.edu (Brown University) CSCI 1650 Fall 20 1 / 6 Course Overview (1/2)

  1. CSCI 1650: Software Security and Exploitation Introduction Vasileios (Vasilis) Kemerlis September 09, 2020 Department of Computer Science Brown University vpk@cs.brown.edu (Brown University) CSCI 1650 Fall ’20 1 / 6

  2. Course Overview (1/2) • BPF_SECCOMP, FORTIFY_SRC Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) • ... • Just-In-Time ROP (JIT-ROP) • Return-oriented prog. (ROP) • Return-to-libc ( ret2libc ) 2. Code reuse 1. Code injection Software Exploitation • ... • RELRO, BIND_NOW • Stack/Heap canaries • W^X, ASLR 2. Modern defenses • ... • Pointer errors • Format string bugs • Stack/Heap smashing 1. Prevalent software defects Software Security Control-fmow hijacking Memory unsafe code (written in C / C++ , asm , ...) 2 / 6 ▶ What is this course about?

  3. Course Overview (1/2) • BPF_SECCOMP, FORTIFY_SRC Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) • ... • Just-In-Time ROP (JIT-ROP) • Return-oriented prog. (ROP) • Return-to-libc ( ret2libc ) 2. Code reuse 1. Code injection Software Exploitation • ... • RELRO, BIND_NOW • Stack/Heap canaries • W^X, ASLR 2. Modern defenses • ... • Pointer errors • Format string bugs • Stack/Heap smashing 1. Prevalent software defects Control-fmow hijacking 2 / 6 ▶ What is this course about? ✘ Memory unsafe code (written in C / C++ , asm , ...) ▶ Software Security

  4. Course Overview (1/2) • BPF_SECCOMP, FORTIFY_SRC Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) • ... • Just-In-Time ROP (JIT-ROP) • Return-oriented prog. (ROP) • Return-to-libc ( ret2libc ) 2. Code reuse 1. Code injection • ... • RELRO, BIND_NOW • Stack/Heap canaries • W^X, ASLR 2. Modern defenses • ... • Pointer errors • Format string bugs • Stack/Heap smashing 1. Prevalent software defects 2 / 6 ▶ What is this course about? ✘ Memory unsafe code (written in C / C++ , asm , ...) ✘ Control-fmow hijacking ▶ Software Security ▶ Software Exploitation

  5. (plus objdump , readelf , ..., etc.) Course Overview (2/2) Using only gdb ! Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) (b) how exactly these attacks work (a) understand what sorts of attacks are possible • To protect software (against certain threats) you need to: Why are these useful? • Binary exploitation • Code “weaponization” • Exploit development Learn how to break software Ofgense argue about their efgectiveness protection mechanisms and Understand the boundaries of Defense 3 / 6 ▶ Why take this course?

  6. (plus objdump , readelf , ..., etc.) Course Overview (2/2) Using only gdb ! Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) (b) how exactly these attacks work (a) understand what sorts of attacks are possible • To protect software (against certain threats) you need to: Why are these useful? • Binary exploitation • Code “weaponization” • Exploit development argue about their efgectiveness protection mechanisms and Understand the boundaries of Defense 3 / 6 ▶ Why take this course? � Ofgense ✔ Learn how to break software

  7. Course Overview (2/2) (plus objdump , readelf , ..., etc.) Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) (b) how exactly these attacks work (a) understand what sorts of attacks are possible • To protect software (against certain threats) you need to: Why are these useful? • Binary exploitation • Code “weaponization” • Exploit development argue about their efgectiveness protection mechanisms and Understand the boundaries of Defense 3 / 6 ▶ Why take this course? � Ofgense ✔ Learn how to break software ✪ Using only gdb !

  8. Course Overview (2/2) (plus objdump , readelf , ..., etc.) Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) (b) how exactly these attacks work (a) understand what sorts of attacks are possible • To protect software (against certain threats) you need to: Why are these useful? • Binary exploitation • Code “weaponization” • Exploit development argue about their efgectiveness protection mechanisms and 3 / 6 ▶ Why take this course? � Defense � Ofgense ✔ Understand the boundaries of ✔ Learn how to break software ✪ Using only gdb !

  9. Course Overview (2/2) (plus objdump , readelf , ..., etc.) Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) (b) how exactly these attacks work (a) understand what sorts of attacks are possible • To protect software (against certain threats) you need to: • Binary exploitation • Code “weaponization” • Exploit development argue about their efgectiveness protection mechanisms and 3 / 6 ▶ Why take this course? � Defense � Ofgense ✔ Understand the boundaries of ✔ Learn how to break software ✪ Using only gdb ! ▶ Why are these useful?

  10. Prerequisites CSCI 0300 (Fundamentals of Computer Systems) • C/C++, x86 asm • Virtual memory • Linking and loading • Memory management Having taken the following courses is a plus, but not required: • CSCI 1660 (Computer Systems Security) • CSCI 2951E (Topics in Computer System Security) We will review (most of) the important concepts vpk@cs.brown.edu (Brown University) CSCI 1650 Fall ’20 4 / 6 ▶ CSCI 0330 (Introduction to Computer Systems) ▶ CSCI 1670 (Operating Systems)

  11. Prerequisites CSCI 0300 (Fundamentals of Computer Systems) • C/C++, x86 asm • Virtual memory • Linking and loading • Memory management • CSCI 1660 (Computer Systems Security) • CSCI 2951E (Topics in Computer System Security) We will review (most of) the important concepts vpk@cs.brown.edu (Brown University) CSCI 1650 Fall ’20 4 / 6 ▶ CSCI 0330 (Introduction to Computer Systems) ▶ CSCI 1670 (Operating Systems) ✔ Having taken the following courses is a plus, but not required:

  12. Prerequisites CSCI 0300 (Fundamentals of Computer Systems) • C/C++, x86 asm • Virtual memory • Linking and loading • Memory management • CSCI 1660 (Computer Systems Security) • CSCI 2951E (Topics in Computer System Security) vpk@cs.brown.edu (Brown University) CSCI 1650 Fall ’20 4 / 6 ▶ CSCI 0330 (Introduction to Computer Systems) ▶ CSCI 1670 (Operating Systems) ✔ Having taken the following courses is a plus, but not required: ✪ We will review (most of) the important concepts

  13. • Hacking: The Art of Exploitation, 2nd Edition. Jon Erickson. Logistics Check the website! Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) No Starch Press, 2008, ISBN 1593271441 Optional textbook: Lecture slides/code & assigned readings No required textbook Study material • Assignment descriptions • Readings • Lecture slides/code • Announcements • Piazza | cs1650tas@lists.brown.edu Meetings • https://cs.brown.edu/courses/csci1650/ Communication 0% Final 0% Midterm • 4x CTF-like write-ups 90% Assignments 10% (Piazza) Participation Grading • Asynchronous • Online 5 / 6

  14. • Hacking: The Art of Exploitation, 2nd Edition. Jon Erickson. Logistics Check the website! Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) No Starch Press, 2008, ISBN 1593271441 Optional textbook: Lecture slides/code & assigned readings No required textbook Study material • Assignment descriptions • Readings • Lecture slides/code • Announcements • Piazza | cs1650tas@lists.brown.edu • https://cs.brown.edu/courses/csci1650/ Communication 0% Final 0% Midterm • 4x CTF-like write-ups 90% Assignments 10% (Piazza) Participation Grading • Asynchronous • Online 5 / 6 � Meetings

  15. • Hacking: The Art of Exploitation, 2nd Edition. Jon Erickson. Logistics Check the website! Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) No Starch Press, 2008, ISBN 1593271441 Optional textbook: Lecture slides/code & assigned readings No required textbook Study material • Assignment descriptions • Readings • Lecture slides/code • Announcements • Piazza | cs1650tas@lists.brown.edu • https://cs.brown.edu/courses/csci1650/ 0% Final 0% Midterm • 4x CTF-like write-ups 90% Assignments 10% (Piazza) Participation Grading • Asynchronous • Online 5 / 6 � Meetings � Communication

  16. • Hacking: The Art of Exploitation, 2nd Edition. Jon Erickson. Logistics • Announcements Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) No Starch Press, 2008, ISBN 1593271441 Optional textbook: Lecture slides/code & assigned readings No required textbook Study material • Assignment descriptions • Readings • Lecture slides/code • Piazza | cs1650tas@lists.brown.edu • https://cs.brown.edu/courses/csci1650/ 90% • Online • Asynchronous Grading Participation 10% (Piazza) Assignments • 4x CTF-like write-ups Midterm 0% Final 0% 5 / 6 � Meetings � Communication ✪ Check the website!

  17. • Hacking: The Art of Exploitation, 2nd Edition. Jon Erickson. Logistics • Lecture slides/code Fall ’20 CSCI 1650 vpk@cs.brown.edu (Brown University) No Starch Press, 2008, ISBN 1593271441 Optional textbook: Lecture slides/code & assigned readings No required textbook Study material • Assignment descriptions • Readings • Announcements • Piazza | cs1650tas@lists.brown.edu • https://cs.brown.edu/courses/csci1650/ • 4x CTF-like write-ups • Asynchronous • Online 5 / 6 � Meetings � Communication ✪ Check the website! ▶ Grading ✔ Participation ➜ 10% (Piazza) ✔ Assignments ➜ 90% ✔ Midterm ➜ 0% ✔ Final ➜ 0%

Recommend

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software Engineering Spring 2012 What is the talk NOT about? Cryptography. Database security. Operating Systems security. Network security.

1.37k views • 121 slides
CS-527 Software Security Exploitation Asst. Prof. Mathias Payer Department of Computer Science

CS-527 Software Security Exploitation Asst. Prof. Mathias Payer Department of Computer Science

CS-527 Software Security Exploitation Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-SoftSec/ Spring 2017 Exploitation: Context/Disclaimer In this module

411 views • 37 slides
CS412 Software Security Attack Vectors Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Attack Vectors Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Attack Vectors Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Exploitation: Disclaimer This section introduces software exploitation We will discuss both basic and advanced exploitation

831 views • 48 slides
CS527 Software Security Attack Vectors Mathias Payer Purdue University, Spring 2018 Mathias

CS527 Software Security Attack Vectors Mathias Payer Purdue University, Spring 2018 Mathias

CS527 Software Security Attack Vectors Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Exploitation: Disclaimer This section focuses software exploitation We will discuss both basic and advanced

860 views • 49 slides
Outline More secure design principles Software engineering for security CSci 5271 Introduction

Outline More secure design principles Software engineering for security CSci 5271 Introduction

Outline More secure design principles Software engineering for security CSci 5271 Introduction to Computer Security Secure use of the OS Defensive programming and design, contd Announcements intermission Stephen McCamant Bernsteins

535 views • 8 slides
them all A story of cross-software ownage, shared codebases and advanced exploitation. Mateusz

them all A story of cross-software ownage, shared codebases and advanced exploitation. Mateusz

One font vulnerability to rule them all A story of cross-software ownage, shared codebases and advanced exploitation. Mateusz j00ru Jurczyk REcon 2015, Montreal PS> whoami Project Zero @ Google Low-level security researcher

2.33k views • 187 slides
Outline Security risk and management Some terminology CSci 5271 Introduction to Computer

Outline Security risk and management Some terminology CSci 5271 Introduction to Computer

Outline Security risk and management Some terminology CSci 5271 Introduction to Computer Security Logistics intermission Day 2: Intro to Software and OS Security Example security failures Stephen McCamant University of Minnesota, Computer

608 views • 8 slides
Outline Security risk and management Some terminology CSci 5271 Introduction to Computer

Outline Security risk and management Some terminology CSci 5271 Introduction to Computer

Outline Security risk and management Some terminology CSci 5271 Introduction to Computer Security Logistics intermission Day 2: Intro to Software and OS Security Example security failures Stephen McCamant University of Minnesota, Computer

395 views • 7 slides
Dienstag 30. Nov. 10 [] All Your Baseband Are over-the-air exploitation of memory corruptions in

Dienstag 30. Nov. 10 [] All Your Baseband Are over-the-air exploitation of memory corruptions in

Dienstag 30. Nov. 10 [] All Your Baseband Are over-the-air exploitation of memory corruptions in GSM software Ralf-Philipp Weinmann Laboratory for Algorithmics, Cryptology & Computer Security University of Luxembourg

901 views • 46 slides
CSCI 2951U: Topics in Software Security Introduction Vasileios (Vasilis) Kemerlis January 27,

CSCI 2951U: Topics in Software Security Introduction Vasileios (Vasilis) Kemerlis January 27,

CSCI 2951U: Topics in Software Security Introduction Vasileios (Vasilis) Kemerlis January 27, 2020 Department of Computer Science Brown University vpk@cs.brown.edu (Brown University) CSCI 2951U Spring 20 1 / 8 Course Overview (1/2)

739 views • 20 slides
Modern Game Console Exploitation Eric DeBusschere, Mike McCambridge March 26, 2012 Console

Modern Game Console Exploitation Eric DeBusschere, Mike McCambridge March 26, 2012 Console

Modern Game Console Exploitation Eric DeBusschere, Mike McCambridge March 26, 2012 Console Security Overview Most modern consoles acheive complete software security by only running signed code, encrypting memory, and utilizing firmware updates

588 views • 37 slides
Outline OS security: protection and isolation CSci 5271 OS security: authentication

Outline OS security: protection and isolation CSci 5271 OS security: authentication

Outline OS security: protection and isolation CSci 5271 OS security: authentication Introduction to Computer Security Announcements intermission Day 9: OS security basics Stephen McCamant Basics of access control University of Minnesota,

269 views • 8 slides
deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

Software and Web Security deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security vulnerabilities esp in systems accessible via a network part 1 security problems in machine code, compiled from C(++)

1.35k views • 67 slides
Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

1 Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software is the main source of security vulnerabilities esp in systems accessible via a network i t ibl i t k part 1 part 1 security problems

672 views • 65 slides
Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL

Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL

Outline The web from a security perspective CSci 5271 Introduction to Computer Security SQL injection Web security, part 1 Announcements intermission Stephen McCamant University of Minnesota, Computer Science & Engineering Web

522 views • 5 slides
CSCI 2132 Software Development Lecture 14: Software Development Life Cycle Instructor: Vlado

CSCI 2132 Software Development Lecture 14: Software Development Life Cycle Instructor: Vlado

CSCI 2132 Software Development Lecture 14: Software Development Life Cycle Instructor: Vlado Keselj Faculty of Computer Science Dalhousie University 5-Oct-2018 (14) CSCI 2132 1 Previous Lecture (Fire Alarm) Integer and

621 views • 18 slides
CSCI 2132 Software Development Lecture 16: Multidimensional Arrays Instructor: Vlado Keselj

CSCI 2132 Software Development Lecture 16: Multidimensional Arrays Instructor: Vlado Keselj

CSCI 2132 Software Development Lecture 16: Multidimensional Arrays Instructor: Vlado Keselj Faculty of Computer Science Dalhousie University 12-Oct-2018 (16) CSCI 2132 1 Previous Lecture Software testing Software debugging, gdb

197 views • 15 slides
Outline Saltzer & Schroeders principles (contd) CSci 5271 More secure design

Outline Saltzer & Schroeders principles (contd) CSci 5271 More secure design

Outline Saltzer & Schroeders principles (contd) CSci 5271 More secure design principles Introduction to Computer Security Software engineering for security Defensive programming 2 (combined lecture) Announcements intermission

632 views • 9 slides
Outline SSL/TLS (leftovers) The web from a security perspective CSci 5271 Introduction to

Outline SSL/TLS (leftovers) The web from a security perspective CSci 5271 Introduction to

Outline SSL/TLS (leftovers) The web from a security perspective CSci 5271 Introduction to Computer Security Announcements intermission Day 18: Web security, part 1 SQL injection Stephen McCamant Web authentication failures University of

670 views • 10 slides
Outline Saltzer & Schroeders principles CSci 5271 More secure design principles

Outline Saltzer & Schroeders principles CSci 5271 More secure design principles

Outline Saltzer & Schroeders principles CSci 5271 More secure design principles Introduction to Computer Security Day 7: Defensive programming and design, part 1 Software engineering for security Stephen McCamant Announcements

355 views • 7 slides
Outline Saltzer & Schroeders principles CSci 5271 Announcements intermission

Outline Saltzer & Schroeders principles CSci 5271 Announcements intermission

Outline Saltzer & Schroeders principles CSci 5271 Announcements intermission Introduction to Computer Security Day 7: Defensive programming and design, More secure design principles part 1 Software engineering for security Stephen

571 views • 9 slides
CSCI-UA.9480 Introduction to Computer Security Session 4.1 Browser Security Model Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 4.1 Browser Security Model Prof. Nadim

CSCI-UA.9480 Introduction to Computer Security Session 4.1 Browser Security Model Prof. Nadim Kobeissi Defining 4.1a Browser Security Goals Also before we start: Practical Assignment 2 is now online . 2 CSCI-UA.9480: Introduction to

520 views • 28 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 25: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science & Engineering

419 views • 4 slides
Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements

Outline Usability and security CSci 5271 Introduction to Computer Security Announcements intermission Day 24: Usability and security Stephen McCamant Usable security example areas University of Minnesota, Computer Science & Engineering

219 views • 5 slides

More recommend