defenses principles
play

Defenses & Principles CS 161: Computer Security Prof. David - PowerPoint PPT Presentation

Sep 03, 2022 •178 likes •608 views

Software Security: Defenses & Principles CS 161: Computer Security Prof. David Wagner January 25, 2016 Announcements Discussion sections start this week Set up your class account, join Piazza Homework 1 out later today, due next

  1. Software Security: Defenses & Principles CS 161: Computer Security Prof. David Wagner January 25, 2016

  2. Announcements • Discussion sections start this week • Set up your class account, join Piazza • Homework 1 out later today, due next Monday

  3. Why does software have vulnerabilities? • Programmers are humans. And humans make mistakes. – Use tools • Programmers often aren’t security-aware. – Learn about common types of security flaws. • Programming languages aren’t designed well for security. – Use better languages (Java, Python, … ).

  4. Why does software have vulnerabilities? • Programmers are humans. And humans make mistakes. – Use tools • Programmers often aren’t security-aware. – Learn about common types of security flaws. • Programming languages aren’t designed well for security. – Use better languages (Java, Python, … ).

  5. Why does software have vulnerabilities? • Programmers are humans. And humans make mistakes. – Use tools. • Programmers often aren’t security-aware. – Learn about common types of security flaws. • Programming languages aren’t designed well for security. – Use better languages (Java, Python, … ).

  6. Testing for Software Security Issues • What makes testing a program for security problems difficult? – We need to test for the absence of something • Security is a negative property! – “ nothing bad happens, even in really unusual circumstances ” – Normal inputs rarely stress security-vulnerable code • How can we test more thoroughly? – Random inputs ( fuzz testing ) – Mutation – Spec-driven • How do we tell when we ’ ve found a problem? – Crash or other deviant behavior • How do we tell that we ’ ve tested enough? – Hard: but code-coverage tools can help

  7. Testing for Software Security Issues • What makes testing a program for security problems difficult? – We need to test for the absence of something • Security is a negative property! – “ nothing bad happens, even in really unusual circumstances ” – Normal inputs rarely stress security-vulnerable code • How can we test more thoroughly? – Random inputs ( fuzz testing ) – Mutation – Spec-driven • How do we tell when we ’ ve found a problem? – Crash or other deviant behavior • How do we tell that we ’ ve tested enough? – Hard: but code-coverage tools can help

  8. Testing for Software Security Issues • What makes testing a program for security problems difficult? – We need to test for the absence of something • Security is a negative property! – “ nothing bad happens, even in really unusual circumstances ” – Normal inputs rarely stress security-vulnerable code • How can we test more thoroughly? – Random inputs ( fuzz testing ) – Mutation – Spec-driven • How do we tell when we’ve found a problem? – Crash or other deviant behavior; now enable expensive checks

  9. Working Towards Secure Systems • Along with securing individual components, we need to keep them up to date … • What’s hard about patching ? – Can require restarting production systems – Can break crucial functionality – Management burden: • It never stops (the “ patch treadmill ” ) …

  11. Working Towards Secure Systems • Along with securing individual components, need to keep them up to date … • What’s hard about patching ? – Can require restarting production systems – Can break crucial functionality – Management burden: • It never stops (the “ patch treadmill ” ) … • … and can be difficult to track just what’s needed where • Other (complementary) approaches? – Vulnerability scanning: probe your systems/networks for known flaws – Penetration testing ( “ pen-testing ” ): pay someone to break into your systems … • … provided they take excellent notes about how they did it!

  13. Reasoning About Safety • How can we have confidence that our code executes in a safe (and correct, ideally) fashion? • Approach: build up confidence on a function-by-function / module-by-module basis • Modularity provides boundaries for our reasoning: – Preconditions: what must hold for function to operate correctly – Postconditions: what holds after function completes • These basically describe a contract for using the module • Notions also apply to individual statements (what must hold for correctness; what holds after execution) – Stmt #1’s postcondition should logically imply Stmt #2’s precondition – Invariants: conditions that always hold at a given point in a function

  14. int deref(int *p) { return *p; } Precondition ?

  15. /* requires: p != NULL (and p a valid pointer) */ int deref(int *p) { return *p; } Precondition : what needs to hold for function to operate correctly

  16. void *mymalloc(size_t n) { void *p = malloc(n); if (!p) { perror("malloc"); exit(1); } return p; } Postcondition ?

  17. /* ensures: retval != NULL (and a valid pointer) */ void *mymalloc(size_t n) { void *p = malloc(n); if (!p) { perror("malloc"); exit(1); } return p; } Postcondition : what the function promises will hold upon its return

  18. int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) total += a[i]; return total; } Precondition ?

  19. int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires (3) Propagate requirement up to beginning of function

  20. int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access? (2) Write down precondition it requires (3) Propagate requirement up to beginning of function

  21. int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires (3) Propagate requirement up to beginning of function

  22. int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) /* ?? */ total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires? (3) Propagate requirement up to beginning of function

  23. int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) /* requires: a != NULL && 0 <= i && i < size(a) */ total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires (3) Propagate requirement up to beginning of function

  24. int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) /* requires: a != NULL && 0 <= i && i < size(a) */ total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires (3) Propagate requirement up to beginning of function?

  25. int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) /* requires: a != NULL && 0 <= i && i < size(a) */ total += a[i]; return total; } Let’s simplify, given that a never changes.

  26. /* requires: a != NULL */ int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) /* requires: 0 <= i && i < size(a) */ total += a[i]; return total; }

  27. /* requires: a != NULL */ int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) /* requires: 0 <= i && i < size(a) */ total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires (3) Propagate requirement up to beginning of function?

  28. /* requires: a != NULL */ int sum(int a[], size_t n) { ? int total = 0; for (size_t i=0; i<n; i++) /* requires: 0 <= i && i < size(a) */ total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires (3) Propagate requirement up to beginning of function?

  29. /* requires: a != NULL */ int sum(int a[], size_t n) { ✓ int total = 0; for (size_t i=0; i<n; i++) /* requires: 0 <= i && i < size(a) */ total += a[i]; return total; } General correctness proof strategy for memory safety: (1) Identify each point of memory access (2) Write down precondition it requires (3) Propagate requirement up to beginning of function?

  30. /* requires: a != NULL */ int sum(int a[], size_t n) { ✓ int total = 0; for (size_t i=0; i<n; i++) /* requires: 0 <= i && i < size(a) */ total += a[i]; return total; } The 0 <= i part is clear, so let’s focus for now on the rest.

  31. /* requires: a != NULL */ int sum(int a[], size_t n) { int total = 0; for (size_t i=0; i<n; i++) /* requires: i < size(a) */ total += a[i]; return total; }

Recommend

Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed, Antonio Lupher, Paul Pearce &amp; Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ January 29, 2013 Testing

964 views • 50 slides
Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses &amp; Principles CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed &amp; Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ January 25, 2011 Testing for Software Security Issues

444 views • 42 slides
Preference Defenses: New Value Ordinary Preference Defenses: New Value, Ordinary Course and

Preference Defenses: New Value Ordinary Preference Defenses: New Value, Ordinary Course and

Presenting a live 90 minute webinar with interactive Q&amp;A Preference Defenses: New Value Ordinary Preference Defenses: New Value, Ordinary Course and Contemporaneous Exchange Managing the Audit Process, Mitigating Regulatory Sanctions, and

893 views • 52 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything

This time We will continue By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything youve always wanted to know about gdb but were too afraid to ask Overflow defenses Other memory

1.23k views • 95 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything

This time We will continue By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Everything youve always wanted to know about gdb but were too afraid to ask Overflow defenses Other memory

1.49k views • 117 slides
Principles Principles Principles Principles of a well of a well of a well of a well- - -

Principles Principles Principles Principles of a well of a well of a well of a well- - -

High quality independent research into competition policy and regulation Principles Principles Principles Principles of a well of a well of a well of a well- - - -functioning functioning functioning functioning retail energy retail

495 views • 7 slides
Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1

Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1

Advanced Man-at-the-end Attacks and Defenses Bjorn De Sutter ISSISP 2018 Canberra 1 Lecture Overview 1. Advanced MATE attacks models tools &amp; techniques 2. Protected code comprehension processes 3. Advanced MATE defenses 4.

1.79k views • 114 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Finish overflow

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Finish overflow

Last time We continued By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Finish overflow attacks &amp; other vulnerabilities Overflow defenses Everything youve always wanted to know about

2.41k views • 197 slides
Internet Outbreaks: Internet Outbreaks: Epidemiology and Defenses Epidemiology and Defenses

Internet Outbreaks: Internet Outbreaks: Epidemiology and Defenses Epidemiology and Defenses

Internet Outbreaks: Internet Outbreaks: Epidemiology and Defenses Epidemiology and Defenses Stefan Savage Stefan Savage Collaborative Center for Internet Epidemiology and Defenses Collaborative Center for Internet Epidemiology and Defenses

760 views • 58 slides
Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU Leuven COSIC Seminar - 23rd October 2017, Leuven Introduction Contents of this presentation: - PETS17: Website Fingerprinting Defenses at

658 views • 44 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Buffer overflow

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Buffer overflow

Last time We finished up By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Buffer overflow defenses (and workarounds) Format string vulnerabilities Integer overflow vulnerabilities This time

1.29k views • 80 slides
ROP is S(ll Dangerous: Breaking Modern Defenses David Wagner

ROP is S(ll Dangerous: Breaking Modern Defenses David Wagner

ROP is S(ll Dangerous: Breaking Modern Defenses David Wagner Nicholas Carlini Return Oriented Programming Basic ROP Mo(va(ons DEP Data

712 views • 11 slides
Attacks and Defenses Dr. Falko Strenzke fstrenzke@cryptosource.de cryptosource Cryptography.

Attacks and Defenses Dr. Falko Strenzke fstrenzke@cryptosource.de cryptosource Cryptography.

Attacks and Defenses Dr. Falko Strenzke fstrenzke@cryptosource.de cryptosource Cryptography. Security. Falko Strenzke 2020 For evaluation purposes only Please do not distribute August 4, 2020 Dr. Falko Strenzke Attacks and Defenses For

531 views • 30 slides
Other defenses Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other defenses Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity

Other defenses Threat model (beyond TLS) TLS = confidentiality, integrity, authenticity Metadata leaks Resource starvation Topic Virtual Private Networks (VPNs) Run as closed networks on Internet Use IPSEC to secure

605 views • 38 slides
Defense mechanisms How do we stop this from happening? sws1 1 Defenses Different strategies:

Defense mechanisms How do we stop this from happening? sws1 1 Defenses Different strategies:

Defense mechanisms How do we stop this from happening? sws1 1 Defenses Different strategies: Prevention Detection Reaction Ideally, youd like to prevent problems, but typically you cannot, so you have to make it

419 views • 17 slides
When the Dike Breaks: Dissecting DNS Defenses During DDoS Giovane C. M. Moura 1 , 2 , John

When the Dike Breaks: Dissecting DNS Defenses During DDoS Giovane C. M. Moura 1 , 2 , John

When the Dike Breaks: Dissecting DNS Defenses During DDoS Giovane C. M. Moura 1 , 2 , John Heidemann 3 , Moritz Mller 1 , 4 , Ricardo de O. Schmidt 5 , Marco Davids 1 RIPE 77, Amsterdam, The Netherlands 2018-10-15 1 SIDN Labs, 2 TU Delft, 3

648 views • 38 slides
Clickjacking: Attacks and Defenses University of Cyprus Department of ComputerScience Advanced

Clickjacking: Attacks and Defenses University of Cyprus Department of ComputerScience Advanced

Clickjacking: Attacks and Defenses University of Cyprus Department of ComputerScience Advanced Security Topics Name: Soteris Constantinou Instructor: Dr. Elias Athanasopoulos Authors: Lin-Shung Huang, Alex Moshchuk, Helen J. Wang, Stuart

1.65k views • 81 slides
Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide

Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide

Clickjacking Credit: paper (Clickjacking: Attacks and Defenses Huang et al.) and most slide content (Vern Paxson) Misleading users Browser assumes that clicks and keystrokes = clear indication of what the user wants to do Constitutes

567 views • 24 slides
Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a

Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a

Buffer Overflows and Defenses CS 419: Computer Security Lecture 10 and 11 Buffer Overflow a very common attack mechanism from 1988 Morris Worm to Code Red, Slammer, Sasser and many others prevention techniques known still of major concern

873 views • 53 slides
15-780 Graduate Artificial Intelligence: Adversarial attacks and provable defenses J. Zico

15-780 Graduate Artificial Intelligence: Adversarial attacks and provable defenses J. Zico

15-780 Graduate Artificial Intelligence: Adversarial attacks and provable defenses J. Zico Kolter (this lecture) and Ariel Procaccia Carnegie Mellon University Spring 2018 Portions base upon joint work with Eric Wong 1 Outline Adverarial

710 views • 39 slides
Efficient Defenses Against Adversarial Examples for Deep Neural Networks Valentina Zantedeschi

Efficient Defenses Against Adversarial Examples for Deep Neural Networks Valentina Zantedeschi

Efficient Defenses Against Adversarial Examples for Deep Neural Networks Valentina Zantedeschi Irina Nicolae Ambrish Rawat @vzantedesc @ririnicolae @ambrishrawat Jean Monnet University IBM Research AI GreHack #5 November 17, 2017

483 views • 37 slides
Buffer Overflow Attacks &amp; Defenses Slides are borrowed from Franziska Roesner @UW and Dawn

Buffer Overflow Attacks &amp; Defenses Slides are borrowed from Franziska Roesner @UW and Dawn

Buffer Overflow Attacks &amp; Defenses Slides are borrowed from Franziska Roesner @UW and Dawn Song @Berkeley Linux (32-bit) process memory layout -0xFFFFFFFF Reserved for Kernal -0xC0000000 user stack %esp shared libraries -0x40000000

994 views • 85 slides
Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer

Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer

Open Source Enclave Workshop 2019 Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer Science &amp; Engineering The Ohio State University Userland TEEs on Commodity Processors Application VM VM

154 views • 14 slides
Ensemble Adversarial Training A1acks and Defenses Cybersecurity With The Best October 15 th 2017

Ensemble Adversarial Training A1acks and Defenses Cybersecurity With The Best October 15 th 2017

Ensemble Adversarial Training A1acks and Defenses Cybersecurity With The Best October 15 th 2017 Florian Tramr Stanford Joint work with Alexey Kurakin (Google Brain) Nicolas Papernot (PSU) Dan Boneh (Stanford) Patrick McDaniel (PSU)

723 views • 24 slides

More recommend