Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security CS 2110 28 November, 2017.

Published byIlene Chase Modified over 6 years ago

Similar presentations

Presentation on theme: "Computer Security CS 2110 28 November, 2017."— Presentation transcript:

1 Computer Security CS November, 2017

2 Announcements Course evals are available. Fill them in by 3pm tomorrow to receive an extra 1% towards your final grade. Recitations this week will be on a variety of topics, you can attend whichever one you want: Tu 12:20 Bard 140 Regular Expressions We 12:20 Debugging Hollister 368 Kooky Data Structures Olin 218 Dynamic Program. Olin 216 Sound We 1:25 Version Control Upson 216 Coding Interviews Optionals Tu 1:25 Hollister 206 Java 9 We 2:30 TBA Hollister 312 Dynamic Programming Phillips 407 Tu 2:30 Hollister 110 We 7:30 Upson 142 Olin 165 Collections Tu 3:35 Distributed Computing

3 Computer Science

4 Computer Security

5 Computer Security Security is about making sure that computers behave correctly A secure system should: Do what it is supposed to do Not do anything else

6 What might go wrong public class ObjectStore { private Object[] objects; public ObjectStore(int len){ objects = new Object[len]; } public Object read(int i){ return objects[i]; public void store(int i, Object o){ objects[i]= o;

7 OpenSSL struct { HeartbeatMessageType type; uint16 payload_length;
opaque payload[HeartbeatMessage.payload_length]; opaque padding[padding_length]; } HeartbeatMessage;

8 Heartbleed

9 What might go wrong public class ObjectStore { private Object[] objects; public ObjectStore(int len){ objects = new Object[len]; } public Object read(int i){ return objects[i]; public void store(int i, Object o){ objects[i]= o;

10 Memory Stack Heap ObjectStore OS = new ObjectStore(10); ...
12 o Ret ptr Stack ptr o objects[i]= o; exploit code Heap Statics Code 0x

11 Skype Vulnerability May 2017
Microsoft Skype v7.2, v7.3.5 & v7.3.6 on Windows XP, 7, 8, or 10 exploits vulnerability in copy function; carefully constructed cat photo will trigger overflow, overwrite return pointer, and allow arbitrary code execution

12 What might go wrong Thread 2 Thread 1 Initially, i = 0
tmp = load i; Load 0 from memory Load 0 from memory tmp = load i; tmp = tmp + 1; store tmp to i; Store 1 to memory tmp = tmp + 1; store tmp to i; Store 1 to memory time

13 Copy-on-write (COW) Common resource optimization
When someone copies a file, it doesn't really get copies If/when someone modifies the "copy" the original file gets copied and modified

14 Privilege Escalation October 2016
privilege escalation vulnerability discovered in Linux A bug in the copy-on-write (COW) mechanism allowed any installed application to gain root level access. At a high level, the exploit works by opening a root-owned executable as read-only and memory mapping it into the user-level process’s address space. The user-level process then runs two threads: one of which repeatedly uses madvise() to tell the kernel it doesn’t intend to use that memory and one of which repeatedly overwrites some of its own memory that’s mapped to the root-owned executable. A race condition bug results in writes updating the mapping copy instead of writing to a private copy; these changes are subsequently committed by the kernel to storage. This technique can be exploited to alter a root-owned setuid binary so that it, for example, spawns a root-owned shell, allowing the user-level process to operate with root privileges.

15 So how do we fix this? Testing Bug finding tools White-hat hacking

16

17 So how do we fix this?

18 Security by Design Build secure, trustworthy computer systems/applications/etc. Define what the system is supposed to do Make sure it does that (and only that)

19 How do we specify what systems are and are not supposed to do?

20 Example: Data Privacy Lots of data: by one estimate, 2.5 exabytes of data are produced every day This data has lots of potential uses the problem: what happens with the data isn’t always what you want => user’s don’t consent, legal restrictions

21 What is Privacy? discuss Warren/Brandeis (right to be left alone)
Privacy as confidentiality Nissenbaum (contextual integrity)

22 Use-Based Privacy Privacy viewed as restrictions on uses [Cate02]
Captures modern privacy goals express restrictions in presence of necessary sharing Medical Data Social Network Data Then need a language for privacy policies, then need to express security goals in language

23 Policy Language [{"curr":"1", "states":{"1":{"name":"s1-1", "permissions":{"aggregate":true}, "transitions":{"aggregate":"s2-1"}, "defaultPermission":false}, "2":{"name":"s2-1", "permissions":{"fulfill":true}, "transitions":{}, "defaultPermission":true}}}, {"curr":"2", "states":{"1":{"name":"s1-2", "permissions":{"aggregate":true}, "transitions":{"aggregate":"s2-2"}, "defaultPermission":false}, "2":{"name":"s2-2", "permissions":{"fulfill":true}, "transitions":{}, "defaultPermission":true}}}] aggregate fulfill aggregate

24 How do we make systems secure?

25 Threat Models

26 Threat Models

27 Example: Threat Model for Data Privacy
DS In our context, adversaries are service providers. adversarial accountable

28 Approaches to security
Axiomatic security You trust someone else to get it right

29 Approaches to security
Axiomatic security You trust someone else to get it right Constructive security E.g., compiler checks, automated proofs

30 Approaches to security
Axiomatic security You trust someone else to get it right Constructive security E.g., compiler checks, automated proofs Synthetic security Modify the code to add checks (e.g., monitoring) Code Monitor Code

31 Approaches to security
Axiomatic security You trust someone else to get it right Constructive security E.g., compiler checks, automated proofs Synthetic security Modify the code to add checks (e.g., monitoring) Deterrence through accountability Make sure you'll notice if something goes wrong

32 Example: Data Privacy from SGX
Agent Authenticator Data Source Data Store Policy Store data->pol Policy enforcement implemented by external monitor that runs on DHs monitor can send/receive values from DS monitor shares values with authorized programs co-located at DH auth decisions based on credentials unauthorized values are cryptographically sealed with associated policy to prevent authorized use monitor maintains taint for each program, automatically derives policies for derived values Data Handler Taints pid -> pol CredentialAuthent. Decision Engine Program Agent

33 Security [{"curr":"1", "states":{"1":{"name":"s1-1", "permissions":{"aggregate":true}, "transitions":{"aggregate":"s2-1"}, "defaultPermission":false}, "2":{"name":"s2-1", "permissions":{"fulfill":true}, "transitions":{}, "defaultPermission":true}}}]

Download ppt "Computer Security CS 2110 28 November, 2017."

Similar presentations

Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?

Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.

Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.
1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.
Introduction to Operating Systems CS-2301 B-term 20081 Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.

Introduction to Operating Systems CS-2301 B-term Introduction to Operating Systems CS-2301, System Programming for Non-majors (Slides include materials.
CSE 451: Operating Systems Section 1. Why are you here? 9/30/102.

CSE 451: Operating Systems Section 1. Why are you here? 9/30/102.
Concepts of Version Control A Technology-Independent View.

Concepts of Version Control A Technology-Independent View.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Processes CS 416: Operating Systems Design, Spring 2001 Department of Computer Science Rutgers University

Processes CS 416: Operating Systems Design, Spring 2001 Department of Computer Science Rutgers University
Lecture Topics: 11/3 Address spaces Memory protection Creating a process –NT style –Unix style.

Lecture Topics: 11/3 Address spaces Memory protection Creating a process –NT style –Unix style.
CS252: Systems Programming Ninghui Li Final Exam Review.

CS252: Systems Programming Ninghui Li Final Exam Review.
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.

Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Lecture 6: Buffer Overflow CS 436/636/736 Spring 2014 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)

Lecture 6: Buffer Overflow CS 436/636/736 Spring 2014 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)
Presentation of Singularity OS Seminar, winter 2005 by Jacob Munk-Stander November 23 rd, 2005.

Presentation of Singularity OS Seminar, winter 2005 by Jacob Munk-Stander November 23 rd, 2005.
CS 3204 Operating Systems Godmar Back Lecture 26.

CS 3204 Operating Systems Godmar Back Lecture 26.
Lecture 8: Buffer Overflow CS 436/636/736 Spring 2013 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)

Lecture 8: Buffer Overflow CS 436/636/736 Spring 2013 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)
Processes CS 6560: Operating Systems Design. 2 Von Neuman Model Both text (program) and data reside in memory Execution cycle Fetch instruction Decode.

Processes CS 6560: Operating Systems Design. 2 Von Neuman Model Both text (program) and data reside in memory Execution cycle Fetch instruction Decode.

Similar presentations

Ads by Google