on computer systems in security
play

On Computer Systems (In)Security Vinod Ganapathy - PowerPoint PPT Presentation

Apr 10, 2024 •421 likes •953 views

On Computer Systems (In)Security Vinod Ganapathy vg@csa.iisc.ernet.in Associate Professor/CSA/IISc My goal today To convince you that: 1. Computer systems are difficult to secure Vinod Ganapathy - CSA Undergraduate Symposium 2 My goal

  1. On Computer Systems (In)Security Vinod Ganapathy vg@csa.iisc.ernet.in Associate Professor/CSA/IISc

  2. My goal today To convince you that: 1. Computer systems are difficult to secure Vinod Ganapathy - CSA Undergraduate Symposium 2

  3. My goal today To convince you that: 1. Computer systems are difficult to secure 2. Computer systems security is a fruitful research area Vinod Ganapathy - CSA Undergraduate Symposium 3

  4. My goal today To convince you that: 1. Computer systems are difficult to secure 2. Computer systems security is a fruitful research area 3. You need to apply to the CSA/IISc Ph.D. program and work on these problems  Vinod Ganapathy - CSA Undergraduate Symposium 4

  5. Vinod Ganapathy - CSA Undergraduate Symposium 5

  6. There a “There are no solutions, only p roblems.” re no solutions, only problems Vinod Ganapathy - CSA Undergraduate Symposium 6

  7. Layered computer system design Modern computer systems are built using layers of abstraction Hardware CPU Memory I/O devices Vinod Ganapathy - CSA Undergraduate Symposium 7

  8. Layered computer system design Modern computer systems are built using layers of abstraction IDT … Syscalls Operating Kernel Process System Code List Hardware CPU Memory I/O devices Vinod Ganapathy - CSA Undergraduate Symposium 8

  9. Layered computer system design Modern computer systems are built using layers of abstraction gcc … Utilities & ls , ps , & libc Libraries bash utilities IDT … Syscalls Operating Kernel Process System Code List Hardware CPU Memory I/O devices Vinod Ganapathy - CSA Undergraduate Symposium 9

  10. Layered computer system design Modern computer systems are built using layers of abstraction … User User app app gcc … Utilities & ls , ps , & libc Libraries bash utilities IDT … Syscalls Operating Kernel Process System Code List Hardware CPU Memory I/O devices Vinod Ganapathy - CSA Undergraduate Symposium 10

  11. Fundamental principle in security The lower you go, the more control you have … Least User User control app app gcc … Utilities & ls , ps , & libc Libraries bash utilities IDT … Syscalls Operating Kernel Process System Code List Hardware Most CPU Memory I/O devices control Vinod Ganapathy - CSA Undergraduate Symposium 11

  12. Example: Malware detection User app Utilities & Libraries Operating System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 12

  13. Example: Malware detection User Malware app detector Utilities & Libraries Operating System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 13

  14. Example: Malware detection User Malware Trusted app detector Layer … Utilities & TCB cat ps ls Libraries Operating System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 14

  15. But utilities may be compromised! User Malware app detector Utilities & cat ps ls Libraries Operating System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 15

  16. But utilities may be compromised! Show me 1 file contents User Malware 1 app detector Utilities & cat ps ls Libraries Operating System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 16

  17. But utilities may be compromised! Show me 1 file contents 2 Fake, benign content User Malware 2 app detector Utilities & cat ps ls Libraries Operating System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 17

  18. Solution: Query the OS Query with syscall 1 User Malware app detector Utilities & 1 Libraries Operating System call API TCB System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 18

  19. Solution: Query the OS Query with syscall 1 2 OS reads file User Malware app detector Utilities & 2 Libraries Operating System call API TCB System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 19

  20. Solution: Query the OS Query with syscall 1 2 OS reads file Returns true 3 User Malware file content app detector Utilities & 3 Libraries Operating System call API TCB System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 20

  21. OS detects malicious utilities too cat file A Read file B diff vs ? A B User Malware app detector Utilities & A cat B Libraries Operating System call API TCB System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 21

  22. What if the OS is malicious? User Malware app detector Utilities & Libraries Operating System call API System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 22

  23. Rootkit = Malware that infects OS Rootkits hide malware from detectors  Long-term stealth … Malware detector Utilities & Libraries Operating System call API System Hardware Vinod Ganapathy - CSA Undergraduate Symposium 23

  24. How does an OS get infected? • Exploits of kernel vulnerabilities : – Injecting malicious code by exploiting a memory error in the kernel • Privilege escalation attacks : – Exploit a root process and use resulting administrative privileges to update the kernel • Social engineering attacks : – Trick user into installing fake kernel updates • Defeated via signature verification of kernel updates • Trivial to perform prior to the Windows Vista OS Vinod Ganapathy - CSA Undergraduate Symposium 24

  25. How prevalent are rootkits? • 2010 Microsoft report : 7% of all infections from client machines due to rootkits [1] • 2016 HummingBad Android rootkit: [2] – Up to 85 million Android devices infected? – Earns malware authors $300,000 each week through fraudulent mobile advertisements • Used in many high-profile incidents: – Torpig and Storm botnets – Sony BMG (2005), Greek wiretapping (2004/5) [1] Microsoft Malware Protection Center , “ Some Observations on Rootkits, ” January 2010, https://blogs.technet.microsoft.com/mmpc/2010/01/07/some-observations-on-rootkits [2] CheckPoint Software, “ From HummingBad to Worse, ” July 2016, http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf Vinod Ganapathy - CSA Undergraduate Symposium 25

  26. How can we detect rootkits? Ask for help from the layers below User Malware app detector Utilities & Libraries Operating System call API System TCB Hypervisor (a.k.a. Virtual Machine Monitor) Hardware Vinod Ganapathy - CSA Undergraduate Symposium 26

  27. How low can we go? User Malware app detector Utilities & Libraries Operating System [Bluepill, Subvert] Hypervisor Hardware TCB Vinod Ganapathy - CSA Undergraduate Symposium 27

  28. How low can we go? User Malware app detector Utilities & Libraries Operating System Hardware ??? [Stuxnet, Trojaned ICs] TCB Vinod Ganapathy - CSA Undergraduate Symposium 28

  29. Example 1: Linux Adore rootkit sys_open(...) { int main() ... { } open(…) ... sys_open return(0) } System call table User app OS kernel Vinod Ganapathy - CSA Undergraduate Symposium 29

  30. Example 1: Linux Adore rootkit sys_open(...) { int main() ... { } open(…) ... evil_open return(0) } evil_open(...) { malicious(); sys_open(...) System call table } User app OS kernel Vinod Ganapathy - CSA Undergraduate Symposium 30

  31. Example 1: Linux Adore rootkit Violated : Function pointer values in system call table should not change sys_open(...) { int main() ... { } open(…) ... evil_open return(0) } evil_open(...) { malicious(); sys_open(...) System call table } User app OS kernel Vinod Ganapathy - CSA Undergraduate Symposium 31

  32. Example 2: Windows Fu rootkit run-list: Used by the scheduler to select processes for execution Process A Process B Process C run_list run_list run_list next_task next_task next_task all-tasks: Used for process accounting Vinod Ganapathy - CSA Undergraduate Symposium 32

  33. Example 2: Windows Fu rootkit run-list: Used by the scheduler to select processes for execution Process A Process B Process C Hidden process run_list run_list run_list run_list next_task next_task next_task next_task all-tasks: Used for process accounting Vinod Ganapathy - CSA Undergraduate Symposium 33

  34. Example 2: Windows Fu rootkit Violated : run-list ⊆ all-tasks run-list: Used by the scheduler to select processes for execution Process A Process B Process C Hidden process run_list run_list run_list run_list next_task next_task next_task next_task all-tasks: Used for process accounting Vinod Ganapathy - CSA Undergraduate Symposium 34

  35. Next up? Rootkits on IoT devices! 35

  36. Example: Smart phone rootkits Snoop on private phone conversations Track user location using GPS Email sensitive documents to attacker Stealthily enable camera and microphone Exhaust the battery Enable world-wide DDoS attacks [October 2016] Vinod Ganapathy - CSA Undergraduate Symposium 36

  37. How can devices be misused? 1. Malicious end-users can leverage sensors to exfiltrate or infiltrate unauthorized data 2. Malicious apps on devices can achieve similar goals even if end-user is benign 37

  38. Government or corporate office • Problem : Sensitive documents and meetings can be ex-filtrated using the camera, microphone and storage media • Current solution : Physical security scans, device isolation Faraday cages 38

  39. Challenge : Bring your own device 39

Recommend

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Advanced Systems Security: Introduction to OS Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Introduction to OS Security Trent

770 views • 28 slides
Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Advanced Systems Security: Security-Enhanced Linux Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security-Enhanced Linux Trent

474 views • 26 slides
Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Linux Security Modules Trent

872 views • 30 slides
Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Advanced Systems Security: Hardware Security Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Hardware Security Trent Jaeger

703 views • 46 slides
CSE 544 Advanced Systems Security Trent Jaeger Systems and Internet Infrastructure Security

CSE 544 Advanced Systems Security Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CSE 544 Advanced Systems Security Trent Jaeger Systems and

651 views • 28 slides
Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Advanced Systems Security: Virtual Machine Systems Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Virtual Machine Systems Trent

783 views • 43 slides
Advanced Systems Security: Capability Systems Trent Jaeger Systems and Internet

Advanced Systems Security: Capability Systems Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Capability Systems Trent Jaeger

622 views • 36 slides
Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet

Advanced Systems Security Retrofitting for Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security

370 views • 33 slides
Advanced Systems Security: Security Kernels Trent Jaeger Systems and Internet Infrastructure

Advanced Systems Security: Security Kernels Trent Jaeger Systems and Internet Infrastructure

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Security Kernels Trent Jaeger

559 views • 35 slides
Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Principles Trent Jaeger Systems and

589 views • 23 slides
Advanced Systems Security: Multics Trent Jaeger Systems and Internet Infrastructure Security

Advanced Systems Security: Multics Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Multics Trent Jaeger Systems and

569 views • 33 slides
Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Advanced Systems Security: Principles Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Principles Trent Jaeger Systems and

420 views • 24 slides
Topics in Systems and Program Security Trent Jaeger Systems and Internet Infrastructure Security

Topics in Systems and Program Security Trent Jaeger Systems and Internet Infrastructure Security

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Topics in Systems and Program Security Trent Jaeger Systems

426 views • 20 slides
CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020 Previous Class Virus vs. Worm vs. Trojan Drive-by download Botnet Rootkit CSCE 790 Computer Systems Security 2 Trojan vs. Virus

302 views • 16 slides
Communication Systems Security Overview University of Freiburg Computer Science Computer

Communication Systems Security Overview University of Freiburg Computer Science Computer

Communication Systems Security Overview University of Freiburg Computer Science Computer Networks and Telematics Prof. Christian Schindelhauer Organization I. Data and voice communication in IP networks II. Security issues in

792 views • 25 slides
Evaluating Systems Chapter 22 Computer Security: Art and Science , 2 nd Edition Version 1.0

Evaluating Systems Chapter 22 Computer Security: Art and Science , 2 nd Edition Version 1.0

Evaluating Systems Chapter 22 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 22-1 Outline Goals of formal evaluation Trusted Computer Security Evaluation Criteria (TCSEC), 19831999 International Efforts and

1.32k views • 101 slides
Attacks Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and

Attacks Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Attacks Trent Jaeger Systems and Internet Infrastructure Security

534 views • 18 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
Computer and Network Security Trusted Operating Systems R. E. Newman Computer & Information

Computer and Network Security Trusted Operating Systems R. E. Newman Computer & Information

Computer and Network Security Trusted Operating Systems R. E. Newman Computer & Information Sciences & Engineering University Of Florida Gainesville, Florida 32611-6120 nemo@cise.ufl.edu Trusted Operating Systems (Pfleeger Ch. 7)

653 views • 29 slides
Advanced Systems Security: Control-Flow Integrity Trent Jaeger Systems and Internet

Advanced Systems Security: Control-Flow Integrity Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Control-Flow Integrity Trent

1.55k views • 36 slides
Advanced Systems Security: Attacks on SGX Trent Jaeger Systems and Internet Infrastructure

Advanced Systems Security: Attacks on SGX Trent Jaeger Systems and Internet Infrastructure

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Attacks on SGX Trent Jaeger

523 views • 19 slides
Security 2 CS 4410 Operating Systems [E. Birrell, A. Bracy, F. B. Schneider, E. Sirer, R. Van

Security 2 CS 4410 Operating Systems [E. Birrell, A. Bracy, F. B. Schneider, E. Sirer, R. Van

Security 2 CS 4410 Operating Systems [E. Birrell, A. Bracy, F. B. Schneider, E. Sirer, R. Van Renesse] References: Security Introduction and Access Control by Fred B. Schneider Security in Computer Systems Gold (Au) Standard for Security

610 views • 24 slides
CSCE 790 Computer Systems Security Introduction Professor Qiang Zeng Spring 2020 Story 1:

CSCE 790 Computer Systems Security Introduction Professor Qiang Zeng Spring 2020 Story 1:

CSCE 790 Computer Systems Security Introduction Professor Qiang Zeng Spring 2020 Story 1: Morris the first worm in history CSCE 790 Computer Systems Security 2 Story 2: Malware, Stuxnet , took down Irans nuclear facilities

344 views • 30 slides

More recommend