introduction to computer security
play

Introduction to Computer Security David Brumley dbrumley@cmu.edu - PowerPoint PPT Presentation

Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University Today: Overview Course Staff Trusting Trust Course Overview Example Applications Course Mechanics CMU CTF Team 2 You will find


  1. Introduction to Computer Security David Brumley dbrumley@cmu.edu Carnegie Mellon University

  2. Today: Overview • Course Staff • Trusting Trust • Course Overview • Example Applications • Course Mechanics • CMU CTF Team 2

  3. You will find at least one error on each set of slides. :) 3

  4. David Brumley • B.A. Math UNC 1998 • M.S. CS Stanford 2003 • Ph.D. CS CMU 2008 • Computer security officer, Stanford University, 1998-2002 • Assistant Professor, CMU, Jan 2009 4

  5. Current Research Thrusts • Automatic Exploit Generation – AEG and Mayhem • Scalable Malware Analysis – BitShred • Binary code analysis – Decompilation • Vetting whole systems 5

  6. Trusting Trust 6

  7. Do you trust his Software? Photo from http://culturadigitalbau.wikispaces.com/ file/view/thompson.c1997.102634882.lg.jpg/212982274/thompson.c1997.102634882.lg.jpg 7

  8. Ken Thompson Co-Creator of UNIX and C Turing Award: 1983 8

  9. FIX mak login.c Compiler 011001001111010 9

  10. FIX mak login.c Compiler ... if(program == “login”) add-login-backdoor(); 011001001111010 if(program == “compiler”) add-compiler-backdoor(); 10

  11. Ken Thompson Co-Creator of UNIX and C Turing Award: 1983 11

  12. Would you trust Mother Teresa’s software? 12

  13. Would you trust Mother Teresa’s software? 13

  14. Adi Shamir Len Adleman Ron Rivest Surely cryptographers code must be secure? Picture from http://www.usc.edu/dept/molecular-science/RSA-2003.htm 14

  15. Perfect Cryptography Exists! We’re no better off guessing what an encrypted message contains given the ciphertext. - Claude Shannon 15

  16. But implementations may still leak... message decrypt(ciphertext c, private_key k){ plaintext m; if(k == 1) m = time t 1 decryption ops; return m; if(k == 2) m = time t 2 decryption ops; return m; if(k == 3) m = time t 3 decryption ops; return m; .... } 16

  17. Isn’t this networking? Routers run an operating system , which hackers now target 17

  18. Even GPS systems run • Webservers • FTP servers • Network time daemons 18

  19. Security is many things 19

  20. This Class: Introduction to the Four Research Cornerstones of Security Software Security Network Security OS Security Cryptography 20

  21. Course Topics Control� Flow� Hijack Software� Security Execution� Safety Information� Flow Goals� of� Crypto Stream� Ciphers Cryptography Block� Ciphers Asymmetric� Crypto Authentication/Integrity Intro� to� Computer� Security Common� Defenses OS� Security Authorization Security� Architectures Web� Security Denial� of� Service Network� Security Protocols Intrusion� Detection Your job: become conversant in these topics 21

  22. Software Security 22

  23. Control Flow Hijacks shellcode (aka payload) padding &buf computation + control Allow attacker ability to run arbitrary code – Install malware – Steal secrets – Send spam 23

  24. 24

  25. 25

  26. 26

  27. Software Security • Recognize and exploit vulnerabilities – Format string – Buffer overflow – Gist of other control flow hijacks, e.g., heap overflow • Understand defenses in theory and practice – ASLR – DEP – Canaries – Know the limitations! 27

  28. Cryptography 28

  29. Everyday Cryptography • ATM’s • On-line banking • SSH • Kerberos

  30. Public Channel M Alice Bob Adversary Eve: A very clever person

  31. Public Channel M Alice Bob Adversary Eve: A very clever person Cryptography’s Goals: – Data Privacy – Data Integrity – Data Authenticity

  32. Public Channel M Alice Bob Adversary Eve: Cryptonium A very clever person Pipe

  33. Public Channel M Alice Bob Adversary Eve: Cryptonium A very clever person Pipe Cryptography’s Goals: – Privacy – Integrity – Authenticity

  34. 34

  35. Goals • Understand and believe you should never, ever invent your own algorithm • Basic construction • Basic pitfalls 35

  36. OS Security 36

  37. Requested Approved Operation Operation Reference Principal Object Monitor Source Guard Resource Authentication Authorization In security, we isolate reasoning about the guard 37

  38. Authentication Principles Reference� monitors Authorization Access� control� lists OS� Security Auditing Virtual� Machines Security� Architectures Software� Fault� Isolation 38

  39. OS Goals • Know Lampson’s “gold” standard – Authorization – Authentication – Audit • Know currently used security architectures 39

  40. Network Security 40

  41. XSS Stored� XSS Reflected� XSS SQL� Injection Defense Sanitization Stored� procedures Bots Denial� of� Service Attacks CDN Web� Security Basic� syntax Kerberos Comments Protocols Network� Security Probes BGP CSRF Stateful Attack Stateless Intrusion� Detection Defense Base� Rate Referer� Validation Custom� Header Token� validation 41

  42. XSS Stored� XSS Reflected� XSS SQL� Injection Defense Sanitization Stored� procedures Bots Denial� of� Service Attacks CDN Web� Security Basic� syntax Kerberos Comments Protocols Network� Security Probes BGP CSRF Stateful Attack Stateless Intrusion� Detection Defense Base� Rate Referer� Validation Custom� Header Token� validation 42

  43. XSS Stored� XSS Reflected� XSS SQL� Injection Defense Sanitization Stored� procedures Bots Denial� of� Service Attacks CDN Web� Security Basic� syntax Kerberos Comments Protocols Network� Security Probes BGP CSRF Stateful Attack Stateless Intrusion� Detection Defense Base� Rate Referer� Validation Custom� Header Token� validation 43

  44. Networking Goals • Understand the base rate fallacy and it’s application to IDS • Be able to recognize and perform basic web attacks • State what a DDoS is, and how CDN’s mitigate their effect 44

  45. Course Mechanics 45

  46. Basics • Pre-req: – Basic UNIX development (gcc, gdb, etc.) – 15-213 or similar is recommended • Read all papers before lecture – Read – Underline – Question – Review • Course website: http://www.ece.cmu.edu/~dbrumley/courses/18487-f13 46

  47. Workload • 3 homework assignments • 3 exams, keep highest 2 grades • The Coolest Bug day. 47

  48. The Coolest Bug • Describe a classic old bug, or a new zero-day • Provide an 5 minute tutorial on the bug. • Present to the class. • Class votes (via a limited number of tokens) on best. • Encourage finding your own zero-days. 48

  49. 1996 #1 Song: The Macarena Spice Girls Play Olympics Windows 95 Reigned 49

  50. Ping of Death! 50

  51. ICMP and IP Packets Max IP packet size = 65535 octets (2 16 – 1) (RFC 791) IP Packet 20 for 8 for 65507 for data typical header ICMP header (65535-20-8) To process ICMP, I need to handle up to 65507 octets 51 http://jobtrakr.com/2011/11/16/so-you-want-to-be-a-manager/

  52. ICMP and IP Packets Max IP packet size = 65535 octets (2 16 – 1) (RFC 791) IP Packet 20 for 8 for 65507 for data typical header ICMP header (65535-20-8) To process ICMP, I need to handle up to 65507 octets 52 http://jobtrakr.com/2011/11/16/so-you-want-to-be-a-manager/

  53. IP Fragmentation One 4000 byte packet ... length ID fragflag offset ... with Maximum 4000 x 0 0 Transmission Unit (MTU) of 1500 1480 octet data Gets fragmented in 3 packets ... length ID fragflag offset ... 1500 x 1 0 packet len < MTU ... length ID fragflag offset ... 1500 x 1 185 offset = 1480/8 ... length ID fragflag offset ... 1040 x 0 370 53

  54. ping of death Attacker Victim 2. Victim reassembles fragments into one big packet 3. Victim copies large packet, exceeds buffer bounds, crashes 54

  55. “A few ICMPv6 packets with router advertisements requests can cause a denial-of-service vulnerability reminiscent of the famous "Ping of Death". It’s a good illustration of how much we still do not know about the stability of IPv6. We continue to recommend turning off IPv6 on workstations if your network is not engineered for its use .” 55

  56. “A few ICMPv6 packets with router advertisements requests can cause a denial-of-service vulnerability reminiscent of the famous "Ping of Death". It’s a good illustration of how much we still do not know about the stability of IPv6. We continue to recommend turning off IPv6 on workstations if your network is not engineered for its use .” 56

  57. Basic Mechanics • Grading based on: – 3 homeworks (35%) – Highest 2 out of 3 tests (30% each) – Participation and coolest bug (5%) • No late days except under exceptional circumstances. • I guarantee at least the following: – 90-100%: A – 80-89%: B – 70-79%: C – 60-69%: D – < 59%: F 57

  58. • Obey the law • Do not be a nuisance • Don’t cheat, copy others work, let others copy, etc. 58

  59. One note My wife will have a baby boy sometime this semester. This may affect the course. Image credits: http://onyx-ii.com/srcstore/scripts/store/item.cfm?Item_Number=BE-STXLW-CD 59

  60. Capture the Flag 60

Recommend


More recommend