runtime security lab
play

Runtime Security Lab Michael Schwarz Friday 31 st August, 2018 Graz - PowerPoint PPT Presentation

Apr 07, 2024 •469 likes •1.19k views

Runtime Security Lab Michael Schwarz Friday 31 st August, 2018 Graz Security Week 2018 https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html www.tugraz.at Large IoT Incidents September 21, 2016 > 600 Gbps on Brian Krebs

  1. Runtime Security Lab Michael Schwarz Friday 31 st August, 2018 Graz Security Week 2018

  2. https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html

  3. www.tugraz.at Large IoT Incidents September 21, 2016 > 600 Gbps on Brian Krebs (security researcher) website (Mirai botnet) September 30, 2016 Mirai source code published October 21, 2016 ˜ 1 Tbps on DNS provider Dyn November 26, 2016 > 900 000 routers of Deutsche Telekom attacked and offline February, 2018 > 1.35 Tbps attack on GitHub 2 Michael Schwarz — Graz Security Week 2018

  5. www.tugraz.at Top 10 IoT Bugs 3 Michael Schwarz — Graz Security Week 2018

  6. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface Default usernames and passwords 4 Michael Schwarz — Graz Security Week 2018

  7. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface 2. Insufficient Authentication Weak passwords 4 Michael Schwarz — Graz Security Week 2018

  8. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface 2. Insufficient Authentication 3. Insecure Network Services Unnecessary ports open 4 Michael Schwarz — Graz Security Week 2018

  9. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface 2. Insufficient Authentication 3. Insecure Network Services 4. Lack of Transport Encryption SSL/TLS not available 4 Michael Schwarz — Graz Security Week 2018

  10. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface 2. Insufficient Authentication 3. Insecure Network Services 4. Lack of Transport Encryption 5. Privacy Concerns Collected information not properly protected 4 Michael Schwarz — Graz Security Week 2018

  11. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface 2. Insufficient Authentication 3. Insecure Network Services 4. Lack of Transport Encryption 5. Privacy Concerns 6. Insecure Cloud Interface Interfaces with security vulnerabilities 4 Michael Schwarz — Graz Security Week 2018

  12. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface 2. Insufficient Authentication 3. Insecure Network Services 4. Lack of Transport Encryption 5. Privacy Concerns 6. Insecure Cloud Interface 7. Insecure Mobile Interface No account lockout mechanisms 4 Michael Schwarz — Graz Security Week 2018

  13. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface 2. Insufficient Authentication 3. Insecure Network Services 4. Lack of Transport Encryption 5. Privacy Concerns 6. Insecure Cloud Interface 7. Insecure Mobile Interface Encryption is not available 8. Insufficient Security Configurability 4 Michael Schwarz — Graz Security Week 2018

  14. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface 2. Insufficient Authentication 3. Insecure Network Services 4. Lack of Transport Encryption 5. Privacy Concerns 6. Insecure Cloud Interface 7. Insecure Mobile Interface Updates are not signed 8. Insufficient Security Configurability 9. Insecure Software/Firmware 4 Michael Schwarz — Graz Security Week 2018

  15. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface 2. Insufficient Authentication 3. Insecure Network Services 4. Lack of Transport Encryption 5. Privacy Concerns 6. Insecure Cloud Interface 7. Insecure Mobile Interface Unnecessary external ports like USB 8. Insufficient Security Configurability 9. Insecure Software/Firmware 10. Poor Physical Security 4 Michael Schwarz — Graz Security Week 2018

  16. www.tugraz.at Summary The 90s called... 5 Michael Schwarz — Graz Security Week 2018

  17. www.tugraz.at Summary The 90s called... ...they want their bugs back! 5 Michael Schwarz — Graz Security Week 2018

  19. www.tugraz.at Infrastructure • There are 15 challenges 6 Michael Schwarz — Graz Security Week 2018

  20. www.tugraz.at Infrastructure • There are 15 challenges • Different difficulties (the more points, the harder) 6 Michael Schwarz — Graz Security Week 2018

  21. www.tugraz.at Infrastructure • There are 15 challenges • Different difficulties (the more points, the harder) • 4 different categories 6 Michael Schwarz — Graz Security Week 2018

  22. www.tugraz.at Infrastructure • There are 15 challenges • Different difficulties (the more points, the harder) • 4 different categories • Play on your own or as team 6 Michael Schwarz — Graz Security Week 2018

  23. https://ctf.attacking.systems

  24. www.tugraz.at Infrastructure • Capture-the-flag (CTF) style 7 Michael Schwarz — Graz Security Week 2018

  25. www.tugraz.at Infrastructure • Capture-the-flag (CTF) style • Every challenge has a hidden flag 7 Michael Schwarz — Graz Security Week 2018

  26. www.tugraz.at Infrastructure • Capture-the-flag (CTF) style • Every challenge has a hidden flag • Flags are usually in a text file flag.txt on the device 7 Michael Schwarz — Graz Security Week 2018

  27. www.tugraz.at Infrastructure • Capture-the-flag (CTF) style • Every challenge has a hidden flag • Flags are usually in a text file flag.txt on the device • A flag looks like {A_S4MPL3_FL4G!} 7 Michael Schwarz — Graz Security Week 2018

  28. www.tugraz.at Infrastructure • Capture-the-flag (CTF) style • Every challenge has a hidden flag • Flags are usually in a text file flag.txt on the device • A flag looks like {A_S4MPL3_FL4G!} • Goal is to get the flag and submit it to the CTF system 7 Michael Schwarz — Graz Security Week 2018

  29. www.tugraz.at Timeline • CTF runs until Friday, 3:00pm 8 Michael Schwarz — Graz Security Week 2018

  30. www.tugraz.at Timeline • CTF runs until Friday, 3:00pm • Last-minute questions from 2:00pm to 3:00pm 8 Michael Schwarz — Graz Security Week 2018

  31. www.tugraz.at Timeline • CTF runs until Friday, 3:00pm • Last-minute questions from 2:00pm to 3:00pm • Best player/team gets a price 8 Michael Schwarz — Graz Security Week 2018

  32. www.tugraz.at How to Start • Use your own computer or our provided Linux VM (on USB or from https://ctf.attacking.systems/res ) 9 Michael Schwarz — Graz Security Week 2018

  33. www.tugraz.at How to Start • Use your own computer or our provided Linux VM (on USB or from https://ctf.attacking.systems/res ) • Create or join a team in the CTF system: https://ctf.attacking.systems 9 Michael Schwarz — Graz Security Week 2018

  34. www.tugraz.at How to Start • Use your own computer or our provided Linux VM (on USB or from https://ctf.attacking.systems/res ) • Create or join a team in the CTF system: https://ctf.attacking.systems • Choose a hacklet, read the description, and download it 9 Michael Schwarz — Graz Security Week 2018

  35. www.tugraz.at How to Start • Use your own computer or our provided Linux VM (on USB or from https://ctf.attacking.systems/res ) • Create or join a team in the CTF system: https://ctf.attacking.systems • Choose a hacklet, read the description, and download it • Solve the hacklet by connecting to the hacklet 9 Michael Schwarz — Graz Security Week 2018

  36. www.tugraz.at How to Connect • Hacklets are accessible over the network 10 Michael Schwarz — Graz Security Week 2018

  37. www.tugraz.at How to Connect • Hacklets are accessible over the network • Every hacklet has a text interface on a specific port 10 Michael Schwarz — Graz Security Week 2018

  38. www.tugraz.at How to Connect • Hacklets are accessible over the network • Every hacklet has a text interface on a specific port • You can connect using any telnet-like program: PuTTY Terminal, netcat , telnet netcat , telnet 10 Michael Schwarz — Graz Security Week 2018

  39. www.tugraz.at How to Connect • Hacklets are accessible over the network • Every hacklet has a text interface on a specific port • You can connect using any telnet-like program: PuTTY Terminal, netcat , telnet netcat , telnet • For example on Linux/Mac in the shell: netcat hacklets2.attacking.systems 8000 10 Michael Schwarz — Graz Security Week 2018

  40. www.tugraz.at The Categories There are 4 categories: pwn ( ), forensics ( ), crypto ( ), misc ( ) 11 Michael Schwarz — Graz Security Week 2018

  41. www.tugraz.at The Categories There are 4 categories: pwn ( ), forensics ( ), crypto ( ), misc ( ) Vulnerable binaries which you have to exploit 11 Michael Schwarz — Graz Security Week 2018

  42. www.tugraz.at The Categories There are 4 categories: pwn ( ), forensics ( ), crypto ( ), misc ( ) Vulnerable binaries which you have to exploit Basically finding/reconstructing hidden/deleted stuff 11 Michael Schwarz — Graz Security Week 2018

  43. www.tugraz.at The Categories There are 4 categories: pwn ( ), forensics ( ), crypto ( ), misc ( ) Vulnerable binaries which you have to exploit Basically finding/reconstructing hidden/deleted stuff (Bad) Cryptography you have to break 11 Michael Schwarz — Graz Security Week 2018

  44. www.tugraz.at The Categories There are 4 categories: pwn ( ), forensics ( ), crypto ( ), misc ( ) Vulnerable binaries which you have to exploit Basically finding/reconstructing hidden/deleted stuff (Bad) Cryptography you have to break Random and fun hacklets which do not fit into any category (often no programming required) 11 Michael Schwarz — Graz Security Week 2018

  46. www.tugraz.at How to Start • Download the hacklet 12 Michael Schwarz — Graz Security Week 2018

Recommend

INJECTING SECURITY INTO WEB APPS AT RUNTIME AJIN ABRAHAM SECURITY ENGINEER #WHOAMI

INJECTING SECURITY INTO WEB APPS AT RUNTIME AJIN ABRAHAM SECURITY ENGINEER #WHOAMI

INJECTING SECURITY INTO WEB APPS AT RUNTIME AJIN ABRAHAM SECURITY ENGINEER #WHOAMI Security Engineering @ Research on Runtime Application Self Defence Authored MobSF, Xenotix and NodeJSScan Teach Security: opsecx.com

906 views • 55 slides
Managing Dependencies and Runtime Security ActiveState Deminar Managing Dependencies and

Managing Dependencies and Runtime Security ActiveState Deminar Managing Dependencies and

Managing Dependencies and Runtime Security ActiveState Deminar Managing Dependencies and Runtime Security About ActiveState Track-record: 97% of Fortune 1000, 20+ years open source Polyglot: 5 languages - Python, Perl, Tcl, Go, Ruby

727 views • 47 slides
Why secure the OS? Works directly on the hardware but can be adapted during runtime Operating

Why secure the OS? Works directly on the hardware but can be adapted during runtime Operating

Why secure the OS? Works directly on the hardware but can be adapted during runtime Operating System Security Data and process are directly visible Application security can be circumvented from lower layers = > good scope

103 views • 8 slides
Methods and tools for design time and runtime formal analysis of security protocols and web

Methods and tools for design time and runtime formal analysis of security protocols and web

Methods and tools for design time and runtime formal analysis of security protocols and web applications Marco Rocchetto REsearch Group in I nformation S ecurity Department of Computer Science University of Verona, Italy Verona, May 8, 2015

731 views • 62 slides
CSE484/CSE584 SECURE DESIGN PRINCIPLES, OS, AND RUNTIME SECURITY Dr. Benjamin Livshits Some of

CSE484/CSE584 SECURE DESIGN PRINCIPLES, OS, AND RUNTIME SECURITY Dr. Benjamin Livshits Some of

CSE484/CSE584 SECURE DESIGN PRINCIPLES, OS, AND RUNTIME SECURITY Dr. Benjamin Livshits Some of f the Common Principles Minimize attack Secure by surface area Default Principle of Fail-Safe Least Stance Privilege Secure the

975 views • 56 slides
Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and

Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and

Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and Jan-Christoph K uster Background, what Android is Developed by Android Inc. (acquired by Google in 2005) Open Handset Alliance (founded in 2007)

161 views • 15 slides
Runtime Considerations Were moving towards actually producing target code. This means we need

Runtime Considerations Were moving towards actually producing target code. This means we need

10/29/2012 Runtime Considerations Were moving towards actually producing target code. This means we need to consider the runtime actions of the program. CS 1622: Runtime support: Functions and local variable storage Activation

160 views • 4 slides
Runtime systems Runtime systems Functional program are very high-level: its not obvious how to

Runtime systems Runtime systems Functional program are very high-level: its not obvious how to

Runtime systems Runtime systems Functional program are very high-level: its not obvious how to Programmation Fonctionnelle Avance implement them. http://www-lipn.univ-paris13.fr/~saiu/teaching/PFA-2010 Complex library support at run time

220 views • 8 slides
Another approach to runtime checking Typical runtime checking is by duplicating entire CPU

Another approach to runtime checking Typical runtime checking is by duplicating entire CPU

Another approach to runtime checking Typical runtime checking is by duplicating entire CPU Expensive in power, area No protection from design errors Does not survive permanent faults Last time we saw an approach that leveraged

246 views • 7 slides
Architecture in Practice: Chrome Reid Holmes Chrome Online content is insecure and can

Architecture in Practice: Chrome Reid Holmes Chrome Online content is insecure and can

Material and some slide content from: Taylor et. al. http://queue.acm.org/detail.cfm?id=1556050 http://seclab.stanford.edu/websec/chromium/chromium-security-architecture.pdf OS-Level Sandbox OS/Runtime OS/Runtime Exploit Barriers Exploit

415 views • 3 slides
Horizon Runtime Efficient Event Scheduling in Runtime Efficient Event Scheduling in

Horizon Runtime Efficient Event Scheduling in Runtime Efficient Event Scheduling in

Horizon Runtime Efficient Event Scheduling in Runtime Efficient Event Scheduling in Multi-threaded Network Simulation Georg Kunz, Mirko Stoffers, James Gross, Klaus Wehrle Geo g u , o Sto e s, Ja es G oss, aus e e

937 views • 58 slides
Runtime Analysis November 28, 2011 Page 1 Systems and Internet Infrastructure Security Laboratory

Runtime Analysis November 28, 2011 Page 1 Systems and Internet Infrastructure Security Laboratory

Runtime Analysis November 28, 2011 Page 1 Systems and Internet Infrastructure Security Laboratory (SIIS) Analysis So Far Prove whether a property always holds May analysis Prove whether a property can hold Must analysis Key step:

441 views • 20 slides
Testing Concurrency Runtime via a Testing Concurrency Runtime via a Stochastic Stress Framework

Testing Concurrency Runtime via a Testing Concurrency Runtime via a Stochastic Stress Framework

Testing Concurrency Runtime via a Testing Concurrency Runtime via a Stochastic Stress Framework Stochastic Stress Framework Atilla Gunal Technical Computing Group Microsoft Agenda Agenda The Product Concurrency Runtime The

362 views • 21 slides
The good, the bad and the ugly: Experiences with developing a PGAS runtime on top of MPI-3 6th

The good, the bad and the ugly: Experiences with developing a PGAS runtime on top of MPI-3 6th

The good, the bad and the ugly: Experiences with developing a PGAS runtime on top of MPI-3 6th Workshop on Runtime and Operating Systems for the Many-core Era (ROME 2018) www.dash-project.org Karl Frlinger Ludwig-Maximilians-Universitt

450 views • 25 slides
Runtime systems Programmation Fonctionnelle Avance

Runtime systems Programmation Fonctionnelle Avance

Introduction and hardware architecture reminders Object representation and runtime typing Automatic memory management Runtime systems Programmation Fonctionnelle Avance http://www-lipn.univ-paris13.fr/~saiu/teaching/PFA-2010 Luca Saiu

1.26k views • 82 slides
MarQ : Monitoring At Runtime with QEA Giles Reger in collaboration with Helena Cuenca Cruz,

MarQ : Monitoring At Runtime with QEA Giles Reger in collaboration with Helena Cuenca Cruz,

Runtime Monitoring Quantified Event Automata Efficient monitoring Using MarQ MarQ : Monitoring At Runtime with QEA Giles Reger in collaboration with Helena Cuenca Cruz, David Rydeheard at University of Manchester, UK April 17th, 2015 Runtime

1.01k views • 97 slides
Task scheduling over Heterogeneous Multicore Machines: a Runtime Perspective Raymond Namyst

Task scheduling over Heterogeneous Multicore Machines: a Runtime Perspective Raymond Namyst

Task scheduling over Heterogeneous Multicore Machines: a Runtime Perspective Raymond Namyst Runtime group INRIA Bordeaux Research Center University of Bordeaux 1 France Runtime Systems for Petascale Computing Systems: a Pessimistic

370 views • 16 slides
Characteristics of Adapti tive Runtime Systems in HPC Laxmikant (Sanjay) Kale

Characteristics of Adapti tive Runtime Systems in HPC Laxmikant (Sanjay) Kale

Characteristics of Adapti tive Runtime Systems in HPC Laxmikant (Sanjay) Kale h3p://charm.cs.illinois.edu What runtime are we talking about? Java runtime: JVM + Java class library Implements JAVA API MPI

688 views • 48 slides
Smart-Web Powered by Blockchain & Elastos Runtime Chen Rong @ elastos.org October 11, 2017

Smart-Web Powered by Blockchain & Elastos Runtime Chen Rong @ elastos.org October 11, 2017

Smart-Web Powered by Blockchain & Elastos Runtime Chen Rong @ elastos.org October 11, 2017 IoT Challenges 1. Security and Safety 2. Embedded and Real-time 3. Distributed and Decentralized 4. Main Stream Programming 5. User

595 views • 21 slides
Runtime System COMP 524: Programming Languages Based in part on slides and notes by J. Erickson,

Runtime System COMP 524: Programming Languages Based in part on slides and notes by J. Erickson,

Runtime System COMP 524: Programming Languages Based in part on slides and notes by J. Erickson, S. Krishnan, B. Brandenburg, S. Olivier, A. Block, and others What is the Runtime System (RTS)? Language runtime environment. OS view : RTS

962 views • 69 slides
Spack in Shared Environment 2018 Scalable Tools Workshop LANL Programming and Runtime

Spack in Shared Environment 2018 Scalable Tools Workshop LANL Programming and Runtime

Slide 1 Spack in Shared Environment 2018 Scalable Tools Workshop LANL Programming and Runtime Environments Team Paul Ferrell (LA-UR-18-26078) Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA Slide 2 The

527 views • 16 slides
IT SECURITY INTRODUCTION OVERVIEW Device Connected Devices Connected Networks DEVICE

IT SECURITY INTRODUCTION OVERVIEW Device Connected Devices Connected Networks DEVICE

LECTURE IT SECURITY INTRODUCTION OVERVIEW Device Connected Devices Connected Networks DEVICE Program Runtime Attacks Wireless Security Side Channels CONNECTED DEVICES Thread Intelligence Secure Group Communication

1.04k views • 6 slides
Integration of Runtime Verification into Metamodeling F. Macias T. Scheffel M. Schmitz R. Wang

Integration of Runtime Verification into Metamodeling F. Macias T. Scheffel M. Schmitz R. Wang

Integration of Runtime Verification into Metamodeling F. Macias T. Scheffel M. Schmitz R. Wang M. Leucker A. Rutle V. Stolz 28th Nordic Workshop on Programming Theory (NWPT16), Denmark 1 / 23 Why Runtime Verification? DSML do not

1.43k views • 23 slides
Runtime Complexity CS 331: Data Structures and Algorithms Michael Lee <lee@iit.edu> So far,

Runtime Complexity CS 331: Data Structures and Algorithms Michael Lee <lee@iit.edu> So far,

Runtime Complexity CS 331: Data Structures and Algorithms Michael Lee <lee@iit.edu> So far, our runtime analysis has been based on empirical data i.e., runtimes obtained from actually running our algorithms This data is very sensitive

633 views • 49 slides

More recommend