Wrapup CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger
Final • The final is on – Thursday, May 3, 2:30 in 101 Althouse • Be late at your own peril (We may lock the door at 2:40) • You will have the full time to take the test, but no more • Coverage: – Anything we talked about in class … – or appeared in the readings – Mainly topics since mid-term • Types of questions – Constructive (here is scenario, design X and explain it) – Philosophical (why does Z argue that …) – Explanatory (what is the key tradeoff between A and B …) CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 2
Prior Topics • Terminology – Any term defined in the early lectures • Crypto Algorithms – Diffie-Hellman and RSA • Crypto protocols – Public key – Secret key – Integrity, Authenticity, Secrecy • Authentication – Kerberos, SSH, SSL, IPsec • Program Security – Buffer and other overflows, name resolution attacks • Access Control – Protection v Security, Mandatory Protection System, Reference Monitor CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 3
Topics Since Midterm • Capabilities and Sandboxes • Network Security • Web Security • Intrusion Detection • Stuxnet • MAC systems • Return-oriented programming • Virtual machine systems • Trusted Computing • Wireless Security CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 4
Capabilities • Problems – Confused deputy • Considerations – Chroot – Sandboxing and TOCTTOU – Capability definition – Crypto capabilities – Forgery – Confine access using capabilities – Usability CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 5
Network Security • Problems – Network protocol vulnerabilities, network access, secure communication at IP level (IPsec), worms, bots • Considerations – Basis for the various vulnerabilities – Firewall rule specification – IPsec principles – Worm propagation – Botnets and command & control CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 6
Web Security • Problems – Secure communication (SSL/TLS), cookie, server vulnerabilities, client vulnerabilities, client defenses • Considerations – SSL protocol tasks and results – Secure cookie design – Dynamic content processing – Javascript, applets, ... – Client security architectures CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 7
Intrusion Detection • Anomaly and misuse detection • Network and host IDS • Positives/Negatives • Bayes’ Rate Fallacy CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 8
Modern Attacks • Problems – Stuxnet and Return-oriented programming • Considerations – Stuxnet threats – Limitations that made these threats viable – Relationship between overflows and ROP – ROP execution model – Gadgets CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 9
MAC Systems VM Systems • MAC systems – how does SELinux confine root processes? – how does SELinux prevent access to setuid programs? – why used for confining network facing daemons? • VM systems – virtualization types – tasks for securing VM computation (VAX VMM) – IOMMU CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 10
Trusted Computing • Extend – TPM hash chain operation over PCRs • Quote/Attest – Sign PCR using challenge-response protocol CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 11
Wireless Security • Attacks on wireless – radio channel • Attacks on WEP • NIST recommendations – Why? CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 12
The state of security … • … issues are in public consciousness – Press coverage is increasing … – Losses mounting … (billions and billions) – Affect increasing …… (ATMs, commerce) • What are we doing? “… sound and fury signifying nothing …” - W. Shakespeare (well, its not quite that bad) CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 13
The problems … • What is the root cause? – Security is not a key goal … – … and it never has been … … so , we need to figure out how to change the way we do engineering (and science) … … to make computers secure. • Far too much misunderstanding about basic security and the use of technology • This is also true physical security CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 14
The current solutions … • Make better software – “we mean it” - B. Gates (2002) – “no really …” - B. Gates (2003) – “Linux is bad too …” - B. Gates (2005) – “it’s in longhorn ...” - B. Gates (2006) • CERT/SANS-based problem/event tracking – Experts tracking vulnerabilities – Patch system improving • Destructive research – Back-pressure on product developers – Arms-race with bad guys • Problem: reactive, rather than proactive CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 15
The real solutions … • Fix the economic incentive equation … – Eventually, MS/Sun/Apple/*** will be in enough pain that they change the way they make software • Education – Things will get better when people understand when how to use technology • Fix engineering practices – Design for security • Apply technology – What we have been talking about CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 16
The bottom line • The Web/Internet and new technologies are being limited by their ability to address security and privacy concerns … • … it is incumbent in us as scientists to meet these challenges. – Evangelize importance of security … – Provide sound technologies … – Define better practices … CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 17
Thank You!!! tjaeger@cse.psu.edu CSE443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page 18
Recommend
More recommend
