18487 course review vyas sekar carnegie mellon university
TRANSCRIPT
![Page 1: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/1.jpg)
18487 Course Review
Vyas SekarCarnegie Mellon University
![Page 2: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/2.jpg)
This Class: Introduction to the Four Research Cornerstones of Security
2
Software Security Network Security
OS Security Cryptography
![Page 3: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/3.jpg)
Software Security
3
![Page 4: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/4.jpg)
Control Flow Hijacks
4
shellcode (aka payload) padding &buf
computation + control
Allow attacker ability to run arbitrary code– Install malware– Steal secrets– Send spam
![Page 5: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/5.jpg)
5
![Page 6: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/6.jpg)
6
![Page 7: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/7.jpg)
7
![Page 8: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/8.jpg)
Cryptography
8
![Page 9: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/9.jpg)
9
Crypto Terminology
![Page 10: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/10.jpg)
Goals
• Understand and believe you should never, ever invent your own algorithm
• Basic construction
• Basic pitfalls
10
![Page 11: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/11.jpg)
Network and System Security
11
![Page 12: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/12.jpg)
Alice Bob
Public Channel
What is Network Security?
1. Providing a “reliable” channel If the network protocols have flaws, crypto may not save you
The Network, typically runs IP “protocol”
12
![Page 13: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/13.jpg)
E.g., Unauthorized origin ISP (prefix theft)
13
M
Destination Route
Google G←B
Destination Route
Google M
G CB
M’s route to G is better than B’s
![Page 14: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/14.jpg)
Takeaways on routing security• BGP was built on the assumption of cooperation
– Assumption does not apply anymore• Many routing misconfigurations, bugs, and even attacks (several per
day)
• Proposed fixes are many, but all have some limitations– TTL hacks, MD5 signatures– S-BGP
• Relies on a PKI• Potentially significant overhead
• Very hard to retrofit security in an existing model!
14
![Page 15: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/15.jpg)
Alice Bob
Public Channel
What is Network Security?
2. Providing an “available” channel Can Alice talk to Bob? Can Eve deny service to Alice/Bob?
The Network, typically runs IP “protocol”
15
![Page 16: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/16.jpg)
DoS: General definition
• DoS is not access or theft of information or services
• Instead, goal is to stop the service from operating
• Deny service to legitimate users
• Why?– Economic, political, personal etc ..
16
![Page 17: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/17.jpg)
Why is DDoS a hard problem
• Simple form of attack– No complex technique, just send a lot of traffic– Toolkits readily available
• Prey on the Internet’s strengths– Simplicity of processing in routers– Total reachability
• Attack machines readily available– Easy to find 10,000’s vulnerable machines of the Internet
• Attack can look like normal traffic– E.g., HTTP requests
• Lack of Internet enforcement tools– No traceability
• Lack of cooperation between targets– ISPs are competitive, and cooperation only at human timescales
• Effective solutions hard to deploy– We can’t change the core of the Internet easily
17
![Page 18: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/18.jpg)
TCP SYN Flood I: low rate (DoS bug)
18
C
SYNC1
SYNC2
SYNC3
SYNC4
SYNC5
S Single machine:
• SYN Packets withrandom source IPaddresses
• Fills up backlog queueon server
• No further connectionspossible
![Page 19: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/19.jpg)
• Internet telescope/backscatter measurement
• By monitoring unused portion of address space, possibility to see evidence of backscatter and infer type/number of DDoS attacks
• Does this work with botnet-based attacks?
Backscatter analysis
19
SYN, from IP = A
SYN-ACK, to IP = A
Network “telescope”, e.g., empty /8 network
(example: SYN flood)
Attacker
![Page 20: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/20.jpg)
20
DDoS Defense Taxonomy
• Location– Host vs network vs protocol
• Response timescale– Preventive vs Reactive
• Response action– E.g., filter, rate limit, multiply, bug fix/patch
![Page 21: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/21.jpg)
Alice Bob
Public Channel
What is Network Security?
3. Providing an “enforcement” for observing/mediating accessStop Eve’s malware from reaching Bob in the first placeObserve aggregated view of malicious intents
The Network, typically runs IP “protocol”
21
![Page 22: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/22.jpg)
22
Taxonomy• Approach: Policy vs Anomaly• Location: Network vs. Host• Action: Detect vs. Prevent• Semantics: IP vs TCP vs App
Type Example
Host, Rule, IDS Tripwire
Host, Rule, IPS Personal Firewall
Net, Rule, IDS Snort
Net, Rule, IPS Network firewall
Host, Anomaly, IDS System call monitoring
Net, Anomaly, IDS Working set of connections
Net, Anomaly, IPS
![Page 23: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/23.jpg)
23
Ω
I A
Think of the Bayesian detection rate as the set of intrusions raising an alert normalized by the set of all alerts. (vs. detection ratewhich normalizes on intrusions.)
Defn: Bayesian Detection rateCrux of IDS usefulness!
![Page 24: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/24.jpg)
24
Key things to remembers for firewall/IDS• Firewalls
– 3 types: Packet filtering, Stateful, and Application– Placement and DMZ
• IDS– Anomaly vs. policy-based detection
• How can we exploit for evasion?– E.g., fragmentation, TCP session reassembly, TTL
• How can we attack the defense infrastructure?– E.g., overload, algorithmic complexity
• Detection theory– Base rate fallacy
![Page 25: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/25.jpg)
Web Security
![Page 26: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/26.jpg)
26
“Injection flaws occur when an application sends untrusted data to an interpreter.”
--- OWASP
https://www.owasp.org/index.php/Top_10_2010-A4-Insecure_Direct_Object_References
Like Buffer Overflow and Format String Vulnerabilities, A result of
from the possibility of interpreting data as code
![Page 27: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/27.jpg)
27
“Cross site scripting (XSS) is the ability to get a website to display user-supplied content laced with malicious HTML/JavaScript”
![Page 28: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/28.jpg)
Cross Site Request Forgery (CSRF)
A CSRF attack causes the end user browser to execute unwanted actions on a web application in which it is currently authenticated.
28
![Page 29: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/29.jpg)
Clickjacking
29
Click for a FREE iPad!
Clickjacking occurs when a malicious site tricks the user into clicking on some element on the page unintentionally.
Slides modeled after presentation by Lin-Shung Huang at USENIX 2012.Paper: Lin-Shung Huang, Alex Moshchuk, Helen J. Wang, Stuart Schechter, and Collin Jackson. 2012. Clickjacking: attacks and defenses. In Proceedings of the 21st USENIX conference on Security symposium (Security'12). USENIX Association, Berkeley, CA, USA, 22-22.
![Page 30: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/30.jpg)
30
Key takeaways for web security• Different attack models
• Understand the differnet classes of attacks– Injection– XSS– CSRF– Clickjacking etc
• Proposed defenses– E.g., sanitization, secure tokens etc
![Page 31: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/31.jpg)
Designing Secure Systems
Vyas SekarCarnegie Mellon University
![Page 32: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/32.jpg)
32
Protection Mechanism
Control Transfer of InformationAmong Users of the Utility
![Page 33: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/33.jpg)
33
PrincipalReferenceMonitor
Object
RequestedOperation
ApprovedOperation
Source Guard Resource
Authentication Authorization
AuditAbstract Access Control Model
![Page 34: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/34.jpg)
34
Design Principles• Economy of mechanism a.k.a KISS /Low TCB• Fail-safe defaults• Complete mediation• Separation of privilege• Least privilege• Factor in users/acceptance/psychology• Work factor/economics• Detect if you cant prevent• Don’t rely on security by obscurity
![Page 35: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/35.jpg)
35
Key takeaways for system security• Know Lampson’s “gold” standard
– Authentication– Authorization– Audit
• Know types of authorization mechanisms
• Understand concept of TCB
• Internalize design principles for secure systems
![Page 36: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/36.jpg)
Key takeaways for mobile security• How is mobile security different?
– Ecosystem, hardware, software?
• How do popular systems work? – iOS vs Android
• What new threats arise?– Poor use of crypto, PII leakage
• Techniques to detect misuse– E.g., control and call graphs
36
![Page 37: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/37.jpg)
Exam 3
37
![Page 38: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/38.jpg)
38
Exam 3 Mechanics
• Same format as exams 1 and 2. In class, closed note, closed book, closed computer
• BRING A CALCULATOR (no cell phones, PDA’s, computers, etc.) Think of this as a hint.
• Topics: Anything from class
![Page 39: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/39.jpg)
The Most Important Things
Anything is fair game, but the below are things you absolutely must know
• Base Rate Fallacy• Web attacks• Authenticated encryption• Stack diagrams/buffer overflow/etc.• Questions from exam 1 and exam 2
(study what you missed)
39
![Page 40: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/40.jpg)
40
Questions?
![Page 41: 18487 Course Review Vyas Sekar Carnegie Mellon University](https://reader035.vdocuments.mx/reader035/viewer/2022062423/5697bfda1a28abf838cb02e8/html5/thumbnails/41.jpg)
END