Presentation is loading. Please wait.

Presentation is loading. Please wait.

Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR.

Published byElizabeth Craig Modified over 9 years ago

Similar presentations

Presentation on theme: "Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR."— Presentation transcript:

1 Final Exam Review

2 Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR

3 Quiz Which one of the mitigations can be circumvented by the advanced version of stack overflow? A.Canary B. W^X C. ASLR 1.indirect jump 2.return into libc 3.ROP

4 Basic Cryptography Four primitives – Cryptographic hash – Symmetric encryption – Asymmetric encryption – Digital signature

5 Quiz Which property of cryptographic hash ensures that if password hash matches the one stored on the system, the password is the correct one? Which property of cryptographic hash ensures that the stored hash does not jeopardize the secrecy of passwords

6 Authentication Password-based authentication – How is authentication state stored – How is verification done – Attacks and mitigation

7 Quiz Adversary obtains authentication state from the system and conduct brute-force attacks. If the authentication state is salted, would the attack be more difficult than if it is not?

8 Authentication Protocol Challenge-response – Why need it? Example ones using the various cryptographic primitives – MAC – Encryption – Digital signature

9 Quiz Using symmetric encryption for authentication. Alice sends m to Bob, Bob encrypts m using shared key K and send it back to Alice, Alice decrypts it and send Bob the plaintext. Bob verifies that the plaintext is the same as m. – Can Alice authenticates to Bob using this?

10 UNIX Protection Basics File system protection Setuid

11 Quiz What is the security problem you can see? -rwsr-xrwx 1 simon fac 13589 Jul 30 20:08 getscore

12 Secure Operating System Mandatory Access Control – Complete Mediation: all security-sensitive ops – Tamperproof: untrusted processes cannot modify access enforcement system – Verifiable: small TCB

13 Concrete OS Examples SELinux – Only need to understand the basic protection concept. – Policy language not required Android – Basic security architecture – Security problems

14 Security Models Bell LaPadula (Secrecy) Biba (Integrity)

15 Trusted Infrastructure TPM – Root of trust for storage – Root of trust for reporting – Root of trust for measurement* Measured boot

16 DNS Security DNS poisoning problem – How the attack is carried out – Consequence of a successful attack DNSSEC – Basic concepts – How this will address the insecurity problem of DNS

Download ppt "Final Exam Review. Common Attack Techniques Stack overflow – Basic version – Advanced versions Mitigations – Canary – W^X page – ASLR."

Similar presentations

Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,

Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
L0. Introduction Rocky K. C. Chang, January 2013.

L0. Introduction Rocky K. C. Chang, January 2013.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.

Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies

Cryptographic Technologies
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Metadata Issues in a Cryptographic File System David Bindel IRAM/ISTORE/OceanStore Retreat.

Metadata Issues in a Cryptographic File System David Bindel IRAM/ISTORE/OceanStore Retreat.
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.

Similar presentations

Ads by Google