Threat Modeling for Hostile Client Systems Avni Rambhia.

Slides:



Advertisements
Similar presentations
Chapter 14 – Authentication Applications
Advertisements

The World of Access Controls
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.
Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.
Bridging the gap between software developers and auditors.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.
Digital Signatures and Hash Functions. Digital Signatures.
Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
August 1, 2006 XP Security. August 1, 2006 Comparing XP and Security Goals XP GOALS User stories No BDUF Refactoring Continuous integration Simplicity.
August 1, 2006 Software Security. August 1, 2006 Essential Facts Software Security != Security Features –Cryptography will not make you secure. –Application.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Computer Security and Penetration Testing
Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Digital Signature Technologies & Applications Ed Jensen Fall 2013.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Secure Software Development Chris Herrick 01/29/2007.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Storage Security and Management: Security Framework
A Security Review Process for Existing Software Applications
Software Assurance Session 15 INFM 603. Bug hunting vs. vulnerability spotting Bugs are your code not behaving as you designed it. Many can be found by.
Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.
Evoting using collaborative clustering Justin Gray Osama Khaleel Joey LaConte Frank Watson.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
G53SEC 1 Reference Monitors Enforcement of Access Control.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
CSCE 548 Integer Overflows Format String Problem.
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
DIGITAL SIGNATURE.
Electronic signature Validity Model 1. Shell model Certificate 1 Certificate 2 Certificate 3 Signed document Generate valid signature validCheck invalidCheck.
Operating Systems Security
Public Key Encryption, Secure WWW Transactions & Digital Signatures.
What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling  OCTAVE Risk/Threat.
CSSE 492 Software Dependability Seattle University Computer Science & Software Engineering Winter 2007 Prof. Roshanak Roshandel.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Tamper Resistant Software: An Implementation By David Aucsmith, IAL In Information Hiding Workshop, RJ Anderson (ed), LNCS, 1174, pp , “Integrity.
Network Security Celia Li Computer Science and Engineering York University.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Module 7: Designing Security for Accounts and Services.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Threat Modeling: Employing the 5 Ws Security Series, December 13, 2013 Jeff Minelli Penn State ITS
Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.
Lecture 14 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Compilers and Security
Manuel Brugnoli, Elisa Heymann UAB
Security Outline Encryption Algorithms Authentication Protocols
Message Digest Cryptographic checksum One-way function Relevance
Presentation transcript:

Threat Modeling for Hostile Client Systems Avni Rambhia

Outline Goals of threat modeling Quick overview of generic threat modeling Quirks of a hostile user system Threat modeling for hostile user systems Interactive threat model for PKI signature verification Summary Questions and discussion

What is threat modeling? Discover and document threats to a system or application –Threat = system is compromised in a certain way Fake transaction is created Determine severity of each threat –Severity = measure of danger if the threat were successfully executed. 20,000 dollar car shipped to different address Determine vulnerabilities or mitigations for each threat path –Threat path = way in which threat is executed Session number can be guessed and fake cookie created

Conventional Threat Modeling Create a threat model –APIs or entry points (trusted/untrusted) –Data flows –Assets Determine the severity of each threat Decompose application to discover vulnerabilities Document external dependencies and assumptions

VERIFIERVERIFIER PKI-based Authentication System Quick and Dirty overview Random Challenge = n Certificate + signed n Verify Certificate Verify Signed n Authentication success or failure REQUESTERREQUESTER

Conventional Threat Modeling VERIFIERVERIFIER REQUESTERREQUESTER Random Challenge = n Certificate + signed n Verify Certificate Verify Signed n Authentication success or failure Repeated or predictable n MIMMIM MIMMIM Buffer overflow Integer overflow Private key discovered using known plaintext

Hostile User Threat Modeling What is hostile user scenario? –Administrator of system has reason to attack the system to subvert it. virus running in kernel or with admin privilege user of multimedia management system More effective to threat model based on –Assumptions –Assets

Some assumptions in PKI Verifier Root public key used to verify the certificate is correct Local time used to check certificate expiry is correct Cryptography functions correctly perform operations and correctly report results Authentication does not succeed unless certificate and signature are correctly verified

Some assets in Verifier Challenge –Random number generator Certificate verification –Root public key (certificate chain) –System clock –Cryptography routines (signature verification)

Hostile Threat Modeling - Verifier VERIFIERVERIFIER Verify Certificate Verify Signed n Random Challenge = n Certificate + signed n success or failure Replace random no. generator Change code to not call random no. fn. Bypass verification routines Tamper clock Replace public key! Replace hash calculation function Tamper (hash == hash) condition to if (1) Replace hash calculation function

You have the threats. What next? Determine severity/risk of each threat –Relative to the security requirements of the system (penny sale auditing v/s NSA auditing) –DREAD (conventional) Damage Potential, Reproducibility, Exploitability, Affected Users, Discoverability –FACE (For hostile user systems) Feasibility, Asset value, Collateral Damage, Execution Difficulty –In general, don’t consider will-do mitigations while calculating risks.

Mitigating Risk For all threats with unacceptable risk, determine mitigations Some mitigations for hostile user systems: –Obfuscation/Fragilization –Integrity verification –In-lining critical functions –Server-based security –Stack checking –Privileged execution (more useful for safety against virus)

Summary Hostile user threat modeling has a much larger threat surface than conventional threat modeling Asset and Assumption based investigation is best approach for hostile user systems Systems needing resistance to hostile users have unique mitigation needs Breach of crypto algorithms is the least of your worries for such systems

Key Takeaway Design of hostile user systems is challenging. Whenever you design a system, identify all portions which must be resistant against hostile users, and ensure that your design can achieve the requisite level of security

Resources/Contact Avni Rambhia, Principal, Security Matters – Conventional Threat Modeling resources –Writing Secure Code, Second Edition Mike Howard, Dave LeBlanc (MS Press) –Threat Modeling Frank Swiderski, Window Snyder (MS Press)

Questions/Discussion