notes from prof. brun€¦ · 25.10.2012 · software security — ben ransford — cs621 fall...
TRANSCRIPT
![Page 1: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/1.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Notes from Prof. Brun
• Project plan due next Tuesday (email him if you have questions)
• Be ready to present project plans on Tuesday (10 minutes per group)
1
![Page 2: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/2.jpg)
CS621 Fall 2012
Software Security
![Page 3: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/3.jpg)
Software Security — Ben Ransford — CS621 Fall 2012 3
![Page 4: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/4.jpg)
Software Security — Ben Ransford — CS621 Fall 2012 3
![Page 5: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/5.jpg)
Software Security — Ben Ransford — CS621 Fall 2012 4
≈
Ross Anderson,Security Engineering
Saltzer & Kaashoek,P. of C. S. D.
![Page 6: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/6.jpg)
Software Security — Ben Ransford — CS621 Fall 2012 5
“Security engineering is about building systems to remain dependable in the face
of malice, error, or mischance.”
![Page 7: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/7.jpg)
Software Security — Ben Ransford — CS621 Fall 2012 6
Security =Policy + Mechanism + Assurance + Incentive
![Page 8: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/8.jpg)
Software Security — Ben Ransford — CS621 Fall 2012 6
Security =Policy + Mechanism + Assurance + Incentive
Insecurity ≈How can I break this system?
![Page 9: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/9.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Threat Modeling
7
• ... is your job in system design
• Think like an attacker
• Understand and prioritize incentives
• Imagine a realistic attacker
![Page 10: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/10.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Attack Surface
• Which parts of your system interface with other stuff?
• Network ports, I/O
• Command-line inputs
• Dependencies on other systems
8
![Page 11: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/11.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Attacker Incentives
• For each element of attack surface:
• What can a successful attacker gain?
• What’s it worth?
9
![Page 12: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/12.jpg)
Software Security — Ben Ransford — CS621 Fall 2012 10
![Page 13: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/13.jpg)
Software Security — Ben Ransford — CS621 Fall 2012 10
![Page 14: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/14.jpg)
Software Security — Ben Ransford — CS621 Fall 2012 10
![Page 15: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/15.jpg)
Software Security — Ben Ransford — CS621 Fall 2012 11
(Some) Kinds of Attackers
Value Example Attacker
Low Generic PC Script kiddie
Medium Personal bank account Phisher
High State nuclear program Another state
![Page 16: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/16.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Script Kiddies
12
• Largely unskilled; main resource = time
• Use pre-packaged exploits
• May wish to sell compromised resources (e.g., sell zombie PCs to botnet)
![Page 17: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/17.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Midrange “Hackers”
• Somewhat skilled; may have specific targets
• May be willing to use social engineering
• Motivations include fame, revenge, vandalism, $$$
13
![Page 18: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/18.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
High-End Hackers
• Deep understanding of target
• Write exploits
• These days, sell exploits for $$$$$
14
![Page 19: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/19.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
High-End Hackers
• Deep understanding of target
• Write exploits
• These days, sell exploits for $$$$$
14
![Page 20: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/20.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Even Higher-End Hackers
15
• E.g., state agencies (NSA, Mossad)
• Specific targets for espionage or sabotage
• Advanced persistent threats — get into target and stay there
![Page 21: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/21.jpg)
Software Security — Ben Ransford — CS621 Fall 2012 16
![Page 22: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/22.jpg)
Software Security — Ben Ransford — CS621 Fall 2012 17
CryptographyDo’s & don’ts
Note: cryptography != security
![Page 23: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/23.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Rule #1
18
Don’t design your own cipher!Use an existing one.
== Use AES.
![Page 24: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/24.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Don’t pull a Mifare
19
![Page 25: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/25.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Rule #2
20
Don’t rely on security through obscurity.Your system’s design will become known.
== Assume only the keys are secret.
X
![Page 26: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/26.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Rule #3
21
Don’t use randomness incorrectly or use predictable “randomess.”
Bad randomness makes attacks easy.
== Use TRNG or a good seeded PRNG
![Page 27: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/27.jpg)
Software Security — Ben Ransford — CS621 Fall 2012 22
Good PRNG
• Doesn’t repeat itself (long period)
• Does use sources of “random” bits
![Page 28: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/28.jpg)
Software Security — Ben Ransford — CS621 Fall 2012 22
Good PRNG
• Doesn’t repeat itself (long period)
• Does use sources of “random” bits
![Page 29: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/29.jpg)
Software Security — Ben Ransford — CS621 Fall 2012 23
Bad PRNG
Easy to guess secrets!
![Page 30: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/30.jpg)
Software Security — Ben Ransford — CS621 Fall 2012 23
Bad PRNG
Easy to guess secrets!
![Page 31: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/31.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Note: Multiple PRNGs
24
(demo of Linux /dev/urandom vs. /dev/random)
Don’t use urandom when you want random.
![Page 32: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/32.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Harping on Randomness
25
![Page 33: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/33.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Harping on Randomness
25
“We found that 5.57% of TLS hosts and 9.60% of SSH hosts share public keys in an apparently vulnerable
manner, due to either insufficient randomness during key generation or device default keys” (source: factorable.net)
![Page 34: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/34.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Debian OpenSSL disaster
26
(Don’t trust your tools blindly!)
![Page 35: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/35.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Greatest Hits(and how not to get hit)
27
please put on your C/C++ hats
![Page 36: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/36.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Buffer overflows(super common)
28
strcpy(dest, user_supplied_input);
![Page 37: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/37.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Use-after-free(somewhat common)
29
void f (p_t *p) { ...; free(p); }
f(my_pointer);*my_pointer = 0x1234;
![Page 38: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/38.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Double free(not all that common)
30
void f (p_t *p) { ...; free(p); }
f(my_pointer);free(my_pointer);
![Page 39: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/39.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Input validation
31
![Page 40: Notes from Prof. Brun€¦ · 25.10.2012 · Software Security — Ben Ransford — CS621 Fall 2012 Notes from Prof. Brun • Project plan due next Tuesday (email him if you have](https://reader033.vdocuments.mx/reader033/viewer/2022060608/605f54bc9d01185c85649a60/html5/thumbnails/40.jpg)
Software Security — Ben Ransford — CS621 Fall 2012
Cross-site scripting(super super super common)
32
Hello my name is <script>stealStuff();</script>