CSC 386 – Computer Security Scott Heggen. Agenda Introduction to Software Security.

Slides:

Advertisements

Similar presentations

CSE331: Introduction to Networks and Security Lecture 30 Fall 2002.

Advertisements

Communications of the ACM (CACM), Vol. 32, No. 6, June 1989

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

Chapter 15 : Attacking Compiled Applications Alexis Kirat - International Student.

Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.

Data Representation Computer Organization &

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

Data Representation COE 205

Building Secure Software Chapter 9 Race Conditions.

Software Security. Secure Software  Software is secure if it can handle intentionally malformed input; the attacker picks.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

COMP1070/2002/lec3/H.Melikian COMP1070 Lecture #3 v Operating Systems v Describe briefly operating systems service v To describe character and graphical.

An Introduction Chapter Chapter 1 Introduction2 Computer Systems  Programmable machines  Hardware + Software (program) HardwareProgram.

Computers Organization & Assembly Language

G53SEC 1 Software Security Overflows, overruns and (some) confusions.

CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

BLENDED ATTACKS EXPLOITS, VULNERABILITIES AND BUFFER-OVERFLOW TECHNIQUES IN COMPUTER VIRUSES By: Eric Chien and Peter Szor Presented by: Jesus Morales.

Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.

IPC144 Introduction to Programming Using C Week 1 – Lesson 2

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

OSI and TCP/IP Models And Some Vulnerabilities AfNOG th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.

Lec 3: Data Representation Computer Organization & Assembly Language Programming.

1 Internet Browsing Vulnerabilities and Security ECE4112 Final Lab Ye Yan Frank Park Scott Kim Neil Joshi.

Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.

Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim

1 Application Security: Electronic Commerce and Chapter 9 Copyright 2003 Prentice-Hall.

The LC-3 – Chapter 7 COMP 2620 Dr. James Money COMP

Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.

Linux Security. Authors:- Advanced Linux Programming by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLC published by New Riders Publishing.

Overflow Examples 01/13/2012. ACKNOWLEDGEMENTS These slides where compiled from the Malware and Software Vulnerabilities class taught by Dr Cliff Zou.

BY FIOLA CARVALHO TE COMP. CONTENTS  Malicious Software-Definition  Malicious Programs Backdoor Logic Bomb Trojan Horse Mobile Code Multiple-Threat.

1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.

4061 Session 26 (4/19). Today Network security Sockets: building a server.

1 Figure 9-3: Webserver and E-Commerce Security Importance of Webservice and E-Commerce Security  Cost of disruptions  The cost of loss of reputation.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflow Analysis of Buffer Overflow Attacks.

Remote Access Usages. Remote Desktop Remote desktop technology makes it possible to view another computer's desktop on your computer. This means you can.

Sairajiv Burugapalli. This chapter covers three main categories of classic software vulnerability: Buffer overflows Integer vulnerabilities Format string.

Module: Software Engineering of Web Applications Chapter 3 (Cont.): user-input-validation testing of web applications 1.

David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 9: Designing Exceptionally.

Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

CS426Fall 2010/Lecture 141 Computer Security CS 426 Lecture 14 Software Vulnerabilities: Format String and Integer Overflow Vulnerabilities.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

Announcements Assignment 2 Out Today Quiz today - so I need to shut up at 4:25 1.

Software Security. Bugs Most software has bugs Some bugs cause security vulnerabilities Incorrect processing of security related data Incorrect processing.

Chapter 11 Software Security. Many vulnerabilities result from poor programming practices Consequence from insufficient checking and validation of data.

Company LOGO Security in Linux PhiHDN - VuongNQ. Contents Introduction 1 Fundamental Concepts 2 Security System Calls in Linux 3 Implementation of Security.

Lecture 14 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Security on the Internet Norman White ©2001. Security What is it? Confidentiality – Can my information be stolen? Integrity – Can it be changed? Availability.

Content Coverity Static Analysis Use cases of Coverity Examples

Shellcode COSC 480 Presentation Alison Buben.

Module: Software Engineering of Web Applications

Lec 3: Data Representation

Protecting Memory What is there to protect in memory?

Chap 20. Vulnerability Analysis

Protecting Memory What is there to protect in memory?

Module 30 (Unix/Linux Security Issues II)

Protecting Memory What is there to protect in memory?

Module 4 Remote Login.

NET 311 Information Security

MIT GSL 2018 week 1 | day 4 Introduction to Web Development II.

Security in Java Real or Decaf? cs205: engineering software

Operating System Security

CS5123 Software Validation and Quality Assurance

Outline Introduction Memory protection Buffer overflows

Race Condition Vulnerability

Presentation transcript:

CSC 386 – Computer Security Scott Heggen

Agenda Introduction to Software Security

Software Security What does it mean?

Security and Reliability Security deals with intentional attacks Reliability deals with accidental failures “It does not matter how many bugs there are, it matters how often they are triggered”.

Bad Stuff Malware Computer virus Worm Trojan horse Logic bomb

Abstraction When writing code, programmers use elementary concepts like character, variable, array, integer, data & program, address (resource locator), atomic transaction, … These concepts have abstract meanings. For example, integers are an infinite set with operations ‘add’, ‘multiply’, ‘less or equal’, … To execute a program, we need concrete implementations of these concepts.

Abstraction What’s the benefit?

Abstraction What’s the danger? Software security problems typically arise when the concrete implementation and the abstract intuition diverge. Address (location) Character Integer Variable (buffer overflows) Double-linked list Atomic transaction

Address (Location) An application wants to give users access only to files in directory C:/webfolder/kittens/. Attack: use../ a few times to step up to root directory first; e.g. get password file with an input of: /../../../../etc/passwd. Countermeasure: input validation, filter out../

Unicode Characters UTF-8 encoding of Unicode characters [RFC 2279] Multi-byte UTF-8 formats: a character has more than one representation Example: “/” formatbinaryhex 1 byte0xxx xxxx F 2 byte110x xxxx C0 10xx xxxx AF 3 byte1110 xxxx E0 10xx xxxx xx xxxx AF

Unicode Bug Microsoft IIS Server Attacker accesses server via a URL of: {IPaddress}/scripts/..%c0%af../winnt/system32/ Would get translated to: {IPaddress}/scripts/../../winnt/system32/ Which would access this directory on the server: C:\winnt\system32 IIS did not filter illegal Unicode representations using multi-byte UTF- 8 formats for single byte characters.

Unix rLogin Unix login command: login [[-p] [-h ] [[-f] ] -f option “forces” log in: user is not asked for password Unix rlogin command for remote login: rlogin [-l ] The rlogin daemon sends a login request for to Attack (some versions of Linux, AIX): % rlogin -l -froot Results in forced login as root at the designated machine % login -froot login –hmyserver –fheggens rlogin –lheggens myserver Local login Remote login

Unix rLogin Problem: Composition of two commands. Each command on its own is not vulnerable. However, rlogin does not check whether the “username” has special properties when passed to login.

Integer Error What will happen here? int i = 1; while (i > 0) { i = i * 2; }

Integer Math Unsigned 8-bit integers = 0 16  17 = 16 0 – 1 = 255 Signed 8-bit integers = /-1 = -1

Next Class Midterm Course Evaluation with Dr. Jadud Quiz 3: Software Security Basics (Wednesday) Read Chapter 10 Understand the 6 types of abstractions: Address (location) Character Integer Variable (buffer overflows) Double-linked list Atomic transaction