Outline Starting synchronous lecture recording CSci 4271W More perspectives on threat modeling Development of Secure Software Systems Threat modeling: printer manager Day 7: More Threat Modeling Stephen McCamant Logistics update, incl. project 1 University of Minnesota, Computer Science & Engineering Attacks and shellcode followup Recording from today Outline Starting synchronous lecture recording By multiple requests, I will record my synchronous More perspectives on threat modeling lectures starting today Threat modeling: printer manager No recording of break-outs and discussions Logistics update, incl. project 1 For best privacy, ask questions by chat Attacks and shellcode followup Software-oriented modeling Asset-oriented modeling Think about threats based on what assets are This is what we’ve concentrated on until now targeted / must be protected And it will still be the biggest focus Useful from two perspectives: Think about attacks based on where they show up in Predict attacker behavior based on goals the software Prioritize defense based on potential losses Benefit: easy to connect to software-level Can put other modeling in context, but doesn’t mitigations and fixes directly give you threats Kinds of assets Attacker-oriented modeling Think about threats based on the attacker carrying them out Three overlapping categories: Predict attacker behavior based on characteristics Things attackers want for themselves Prioritize defense based on likelihood of attack Things you want to protect Limitation: it can be hard to understand attacker Stepping stones to the above motivations and strategies Be careful about negative claims
Kinds of attackers (Intel TARA) Kinds of attackers (cont’d) Competitor Terrorist Internal spy Data miner Anarchist Government spy Radical activist Irrational individual Thief Disgruntled employee Cyber vandal Gov’t cyber warrior Vendor Sensationalist Corrupt gov’t official Reckless employee Civil activist Legal adversary Information partner Outline Setting: shared lab with printer Starting synchronous lecture recording Imagine a scenario similar to CSE Labs More perspectives on threat modeling Computer labs used by many people, with administrators Target for modeling: software system used to Threat modeling: printer manager manage printing Logistics update, incl. project 1 Similar to real system, but use your imagination for unknown details Attacks and shellcode followup Example functionality Things to model Queue of jobs waiting to print Draw architecture with data flows and trust Can cancel own jobs, admins can cancel any boundaries Automatically converting documents to format List assets and attackers needed by printer What are the threats a system must block? Quota of how much you can print Outline Project 1 code now available Starting synchronous lecture recording BCImgView source code and binary to attack are now posted More perspectives on threat modeling On the public course web site, Assignments page Threat modeling: printer manager About 1000 lines of code, including comments Remember, not all equally relevant to security Logistics update, incl. project 1 Also available: sample normal images Attacks and shellcode followup
About project 1 vulnerabilities Complete instructions coming soon Coming soon: more details on format and logistics of The code has at least four intentional vulnerabilities your submission that are known to be exploitable In upcoming lectures: advice about technical writing For full credit in auditing and attack, you will need to in security get at least three of these First due date still Friday, October 9th (week from Coincidentally, BCImgView supports three image Friday) formats Recommend starting right away In lab: return of BCLPR Preferred followup venue: Piazza Tomorrow’s lab will again use the buggy BCLPR Best place for discussing and asking questions about program labs and lecture exercises after the fact in Piazza Move on from auditing to attacking Suggestion: 24 hour delay before public spoilers Instructions posted by late tonight Most effective if both students and staff are in the And you can already review the auditing code example discussion Outline Reminder: what is shellcode Starting synchronous lecture recording Machine code that does the attacker’s desired More perspectives on threat modeling behavior Threat modeling: printer manager Just a few instructions, not a complete program Logistics update, incl. project 1 Usually represented as sequence of bytes in hex Attacks and shellcode followup Reminder: basic attack sequence Overflow example hands-on Make the program do an unsafe memory operation Use control to manipulate contol-flow choice Steps of overflow-from-file example E.g.: return address, function pointer Make the target of control be shellcode
Side-effects example A second example with a new wrinkle
Recommend
More recommend
