Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Coding Faculty Workshop, April 14-15, Orlando, FL 1 SEED: A Suite of Instructional Laboratories for Computer SEcurity EDucation Wenliang (Kevin)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Coding Faculty Workshop, April 14-15, Orlando, FL 1 SEED: A Suite of Instructional Laboratories for Computer SEcurity EDucation Wenliang (Kevin)"— Presentation transcript:

1 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 1 SEED: A Suite of Instructional Laboratories for Computer SEcurity EDucation Wenliang (Kevin) Du Department of Electrical Engineering & Computer Science Syracuse University Email: wedu@ecs.syr.eduwedu@ecs.syr.edu URL: http://www.cis.syr.edu/~wedu/seed/

2 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 2 Objectives Improve experiential learning in computer security education Develop effective security-related labs (or course projects) Targeting both security and non-security courses.

3 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 3 Overview Philosophies behind our approach Lab environment The design of SEED labs Overview of the labs (about 20) Discussions

4 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 4 About SEED Project Funded by the NSF CCLI Program Phase I ($75K) was funded in 2002 Phase II ($450K) was funded in 2007 Four universities are main partners. Several more universities are using. Web page for all the developed labs http://www.cis.syr.edu/~wedu/seed/

5 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 5 Philosophy #1 Computer security education should focus on both the fundamental security principles and security-practice skills. Principles: A wide spectrum. Skills: designing, programming, testing, analyzing, innovating, and applying. Focused and comprehensive labs

6 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 6 Philosophy #2 Computer security education should be integrated into many other courses, including Operating Systems, Networking, Computer Architecture, Compilers, Software Engineering, etc.

7 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 7 A Generic Environment Use for most of the labs: Learning a new environment is not easy Not too expensive: Most schools do not have budget for this

8 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 8 Finding a System A system that can be used to demonstrate a variety of security principles. Interesting: can motivate students Meaningful: not a toy Manageable: doesn’t take months to understand What can be more comprehensive than operating systems?

9 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 9 A Unified Lab Environment Labs MinixLinux Virtual Machine (e.g. vmware ) Host OS (Windows, Linux, etc.)

10 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 10 Cost of Environment Software cost vmware is free for academic use Minix and Linux are open-source and free Hardware cost Use student’s personal computer: At least 1.5GB RAM, the more the better Use a general computer lab Administrator: install vmware Students: buy a portable hard drive (> 6 G)

11 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 11 Laboratories Three types of labs Design/Implementation Labs Exploration Labs Vulnerability/Attack Labs They cover different sets of skills The time needed for these labs varies (1 week to 6 weeks)

12 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 12 Design/Implementation Labs Design/Implementation Labs Minix Virtual Machine (e.g. vmware ) Objectives: to build and integrate security mechanisms in systems, and to apply security principles in system building.

13 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 13 Design Labs Students’ Tasks Existing Components Capability Access Control List Sandbox Encrypted File System Properties of this design: Focused on targeted principles Each lab takes 2-6 weeks Difficulties can be adjusted RBAC MAC IPSecFirewallIDS Minix OS System Randomization

14 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 14 Lab Development Learning objectives The principles covered by each lab Simplification of the system Multi-year project  Few weeks Self-contained Not over-simplified Reduce non-security critical tasks Simplification Develop supporting materials

15 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 15 Exploration Labs Exploration Labs MinixLinux Virtual Machine (e.g. vmware ) Objectives: to explore how security mechanisms work, and to apply security principles in evaluating those mechanisms.

16 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 16 Exploration Labs Minix/Linux OS Security Component Other Components Guided Tour: Small experiments Guided activities Interact with security components Observe Explain the observations “tour” Set-UID PAM: Pluggable Authentication Module Reference Monitor All the design labs can be transformed to exploration labs Intel 80x86 Protection Mode SYN Cookie

17 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 17 Vulnerability/Attack Labs Vulnerability/Attack Labs MinixLinux Virtual Machine (e.g. vmware ) Objectives: to learn from mistakes, to see how a flaw leads to security breaches, to carry out real attacks in the lab environment, and to apply security principles in defense.

18 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 18 Vulnerability/Attack Labs Linux/Minix OS User Space Kernel Space Real-World Vulnerabilities Fault Injection Students’ Tasks: 1.Find out those vulnerabilities 2.Exploit the vulnerabilities 3.Fix the vulnerabilities 4. Design countermeasures

19 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 19 Vulnerability Laboratories Buffer-overflow Lab Return-to-libc Attack Lab Race-condition Lab Format-string Lab Sandbox (chroot) Lab Attack Lab on TCP/IP Attack Lab on DNS (Pharming Attacks) Cross-Site Scripting Lab SQL injection attack Lab Set-UID vulnerability Lab Lab on various OS kernel vulnerabilities

20 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 20 Our 2nd Philosophy Computer security education should be integrated into many other courses, including Operating Systems, Networking, Computer Architecture, Compilers, Software Engineering, etc.

21 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 21 Examples for Operating Systems File Systems Encrypted File System (EFS) Lab Access Control Capability Lab RBAC (Role-Based Access Control) Lab: demo Memory Management Memory Randomization Lab Privilege Escalation Set-UID Lab Privilege Restriction Chroot Sandboxing Lab Set-RandomUID Sandboxing Lab

22 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 22 OS (continued) Enhancing OS to protect against attacks on vulnerable programs. Buffer-overflow Lab: demo Format-string Lab Race condition Lab Sandbox Lab

23 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 23 Networking TCP/IP Protocols: TCP/IP attack Labs (e.g. SYN flooding, TCP RST attacks, TCP session hijacking, Port scanning) SYN-Cookie Labs (defend against DOS attacks) DNS Protocol Pharming Attacks Labs IP Routing: IPSec/VPN Labs Firewall Labs

24 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 24 For Other Courses Computer Architecture 80386 Protection Mode Lab Compilers Return-to-libc lab (how stack works) Software Engineering Capability, RBAC labs (requirement analysis, design architecture, testing)

25 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 25 Web Programming Hardening systems to defeat attacks on web applications. SQL Injection XSS

26 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 26 Evaluation Survey-based evaluation Anonymous survey after each lab Group interview (by a specialist) each semester Student feedbacks Interview experiences Job experiences Peer reviews Publications Interviews

27 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 27 Experience Developed 20 Labs during the last 6 years Used in 3 courses at Syracuse University One senior-level and two graduate-level Also used by several other universities Including non-secure courses. The results are very encouraging Evaluation results can be found in our published papers and web sites.

28 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 28 Discussion Topics Ideas of labs for various courses Dissemination We need to get others to use the labs, how? Reach out to our own community. A barrier: interested  use

29 Secure Coding Faculty Workshop, April 14-15, Orlando, FL 29 Initiative: Open-source Library of Labs Hosting and Coordinating Organizers and Industry/NSF sponsors Contributing mechanisms Portal or repository Categorization mechanisms By courses, topics, principles, difficulties, book chapters Feedback mechanism Anonymous comments, endorsements by employers # of downloads Discussion Forums

Download ppt "Secure Coding Faculty Workshop, April 14-15, Orlando, FL 1 SEED: A Suite of Instructional Laboratories for Computer SEcurity EDucation Wenliang (Kevin)"

Similar presentations

3/10/07ACM SIGCSE'071 SEED: A Suite of Instructional Laboratories for Computer SEcurity EDucation Wenliang (Kevin) Du Zhouxuan Teng & Ronghua Wang Department.

3/10/07ACM SIGCSE'071 SEED: A Suite of Instructional Laboratories for Computer SEcurity EDucation Wenliang (Kevin) Du Zhouxuan Teng & Ronghua Wang Department.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
GIS Career Awareness Learning Modules Development, Use, and Assessment April 16, 2007, San Diego San Diego State University National Visiting Committee.

GIS Career Awareness Learning Modules Development, Use, and Assessment April 16, 2007, San Diego San Diego State University National Visiting Committee.
Web Server Administration

Web Server Administration
Using Virtualization to Teach Linux System Administration in Online Courses Jim Owens Community College of Vermont May 8, 2007.

Using Virtualization to Teach Linux System Administration in Online Courses Jim Owens Community College of Vermont May 8, 2007.
Developing Web-based GIS CAREER awareness modules for high school students Paper Session : Developing Resources Ming-Hsiang (Ming) Tsou, Ph.D. Associate.

Developing Web-based GIS CAREER awareness modules for high school students Paper Session : Developing Resources Ming-Hsiang (Ming) Tsou, Ph.D. Associate.
CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: 509-359-6908 Office.

CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: Office.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.

Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
1 An Application-Oriented Approach for Computer Security Education Xiao Qin Department of Computer Science and Software Engineering Auburn University Email:

1 An Application-Oriented Approach for Computer Security Education Xiao Qin Department of Computer Science and Software Engineering Auburn University
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
 An Overview of IE 4382/5382 Cybersecurity for Information Systems Susan D. Urban, Ph.D Department of Industrial Engineering Texas Tech University Lubbock,

 An Overview of IE 4382/5382 Cybersecurity for Information Systems Susan D. Urban, Ph.D Department of Industrial Engineering Texas Tech University Lubbock,
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Herb Brown Appalachian State University. State of Networking Instruction  Many programs are adding networking instruction  Networking instruction is.

Herb Brown Appalachian State University. State of Networking Instruction  Many programs are adding networking instruction  Networking instruction is.
Lixin Tao, Li-Chiou Chen & Chienting Lin Pace University

Lixin Tao, Li-Chiou Chen & Chienting Lin Pace University
Maintaining a Microsoft SQL Server 2008 Database SQLServer-Training.com.

Maintaining a Microsoft SQL Server 2008 Database SQLServer-Training.com.
Brad Baker CS526 May 7 th, 2008 5/7/2008 1. 1. Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.

Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.

Similar presentations

Ads by Google